AI’s latest escapade into software piracy has left Microsoft scrambling, but let’s be honest; why even go through the hassle? If people are looking at not paying for an operating system, they don’t need to look far when alternatives like openSUSE exist?
With Linux distributions like openSUSE, there are no activation codes, no shady workarounds, no costs; just a fully functional, open and freely available operating system so users don’t have to break the law to break free from Windows’ licensing fees.
The Financial Benefits of Moving to Linux
Millions of computer users face a financial decision as they prepare for the end support for Windows 10 in October 2025; upgrade their operating systems at a cost depending on the users location, purchase new hardware with an OS installed or explore alternatives. Or, as Copilot seems to suggest, they could just ask an AI how to pirate Windows; because nothing says “secure computing” like taking legal advice from a chatbot.
For those feeling the pinch of rising costs due to stagflation, Linux distributions, particularly openSUSE’s Leap and Tumbleweed, offer a compelling, cost-effective alternative.
With no licensing fees, extended hardware compatibility and an abundance of software applications, Linux operating systems provide a compelling solution to reduce expenses while maintaining productivity, security and extending hardware lifespans to reduce electronic waste.
As part of our Upgrade to Freedom! campaign, this write-up focuses on the financial benefits of switching to openSUSE or another Linux operating system.
No Licensing Fees
One of the most immediate savings people notice when switching to Linux is the elimination of licensing fees. Licensing fees for some commercial operating systems can cost more than $100 USD per device. Enterprise solutions often incur additional costs for maintenance and upgrades.
Instead, people can save that money by going to get.opensuse.org and downloading an operating system without needing any codes or paying any money.
This zero-cost licensing model translates to significant savings to individual users, small businesses and large enterprises.
Investing in Linux is investing in one’s knowledge; it’s an investment into freedom. People get a professional-grade operating system without recurring costs using openSUSE.
Extend the Life of Your Hardware
Newer versions of Windows may require specific hardware features like TPM 2.0 and Secure Boot. For many older devices, this could render these devices incompatible and force users to purchase new machines.
The cost of a new laptop can run $350 USD or more, which is a substantial expense in a struggling economy. For a business, multiple devices could come at a hefty cost.
By contrast, openSUSE is optimized to run efficiently on a wide range of hardware, which includes older machines. Leap provides long-term stability, while Tumbleweed offers the news software updates to ensure devices remain relevant and functional for years to come. Members of the openSUSE community can also recommend using distributions like Slowroll, Aeon and Kalpa.
By switching to Linux, users may extend the life of their existing hardware and avoid contributing to any unnecessary e-waste; a cost that is much more precious than financial savings.
Apps and Open-Source Software
The financial benefits of Linux extends well beyond the operating system itself. The distributions provide access to a vast library of free, open-source applications that can replace costly proprietary software.
Creative Tools: GIMP and Inkscape provide robust alternatives to graphic design and image editing software, which can cost upwards of $600 per year for subscriptions.
Development Tools: Developers can access free Integrated Development Environments like Visual Studio Code, JetBrains’ IntelliJ IDEA Community Edition and Eclipse.
For users who require specific Windows applications, tools like Wine, Bottles and Proton can help run those programs on Linux, which eliminates the need for additional software purchases.
Linux systems are renowned for stability and security along with the reduction of time and money spent on IT support and maintenance.
Set up tools like YaST and advances with Agama provide intuitive ways to manage systems, updates, configurations and software installations, which can make it easy for non-technical users.
For businesses, the cost savings of switching to Linux can be immense. Companies running Windows often incur costs for server licenses and client access licenses (CALs). By moving to open-source solutions like openSUSE and its enterprise-focused sibling, SUSE Linux Enterprise, businesses can significantly reduce their IT expenses.
Small and medium-sized businesses can save thousands of dollars annually by adopting Linux. It’s not just about the initial savings but an ongoing reduction to operational costs.
As Windows 10 nears its expiration date, users and businesses have a choice: switch to openSUSE for a free, reliable solution; or start asking AI for sketchy workarounds and hope for the best.
This month delivered multiple snapshots and a wide range of updates plus a major default change highlighted in mid-February and a major version update of the Mesa 3D Graphic Library. GIMP 3.0.0~RC3 appears close to being final with GTK 3.24.48 integration. KDE Plasma 6.3 enhances fractional scaling, introduces a refined zoom effect, and overhauls drawing tablet settings. Meanwhile, KDE Gear 24.12.2 refines usability, gdb 15.2 improves debugging efficiency and fwupd enhances firmware update handling. Other notable updates include postgresql 17.3, Ruby 3.4.2, and critical security fixes in OpenSSL 3.4.1.
As always, be sure to roll back using snapper if any issues arise.
Mesa 25.0: This release introduces Vulkan 1.4 support on radv/gfx8+, along with multiple new Vulkan extensions for panvk, including VK_KHR_dedicated_allocation, VK_KHR_global_priority, VK_KHR_multiview, VK_KHR_shader_float16_int8, VK_EXT_image_robustness, and more. Initial GFX12 (RDNA4) support is also added for radv. Performance optimizations were made for radv, anv, and panvk, improving stability across different applications. Additional fixes improve Wayland and X11 compatibility, correct video decoding issues, and resolve memory leaks affecting various games and workloads.
GIMP 3.0.0~RC3: The latest RC finalizes GTK 3.24.48 integration, resolves crashes in Wayland and improves Right-To-Left text rendering. Image graph enhancements prevent unnecessary bit-depth conversions, which preserves detail in non-destructive edits. Thread-safe projection fixes eliminate crashes from multi-threading conflicts. The Script-Fu Application Programming Interface introduces a new named-argument syntax to make scripts more flexible and readable. Official AppImage distribution ensures a clean, upstream-supported package for Linux users. GEGL optimizations refine filters and floating-point operations. With only a few remaining bug fixes, GIMP 3.0 is nearly ready for release.
KDE Plasma 6.3: KDE Plasma 6.3 refines fractional scaling in Window Manager and Wayland Compositor KWin to provide sharper visuals and align elements to the pixel grid. The zoom effect provides a pixel-perfect magnification with a grid overlay that can be useful for designers. The Drawing Tablet settings receive a major overhaul with stylus pressure curve adjustments and better calibration. The system monitor improves CPU tracking while using fewer resources; its Info Center now displays GPU details and battery cycle counts. App store Discover enhances security by highlighting permission changes in sandboxed apps, and the Weather widget adds Deutscher Wetterdienst as a data source. Usability tweaks include touchpad auto-disable for mouse users, a reorganized launcher menu, and a refined kickoff behavior that switches categories only on click. Customization options expand with panel cloning, scriptable opacity adjustments, and flexible launcher icons.
gdb 15.2: This major version update improves startup performance with background DWARF reading and refines debugging features, including new commands for missing debug handlers and thread management. GDB now generates sparse core files, provides better error messaging, and supports configurable timeouts for inferior function calls. Changes in GDBserver simplify debugging options, and new Python API functions enhance scripting capabilities. The update also deprecates MPX-related commands and refines existing commands for clarity and consistency.
fwupd: This update introduces new features such as fwupdtool efiboot-hive for setting the nmbl cmdline, improved inhibition reason handling in fwupdmgr, and USB-provided hidraw support for DS-20 descriptors. Bug fixes include proper dbx deployment on MSI hardware, Lenovo version parsing corrections, improved Logitech HID++ detection, and performance optimizations. Additionally, support has been added for HPE Gen10/Gen10+ devices using Redfish, along with better handling of future Huddly devices and more reliable Logitech Rallybar updates.
KDE Frameworks 6.11.0: KDE Frameworks 6.11.0 improves Baloo’s database handling by propagating failure reasons and reducing manual management of m_env. Breeze Icons introduces a 12x12 version of the open-link icon and updates close icons to black X symbols. KConfig now reads defaults from the Windows registry and improves nested group value handling. Kirigami refines SwipeListItem’s keyboard navigation and fixes deep nesting in ActionsMenu. KIO addresses symlink path resolution in file properties and enhances file dialog undo behavior. KTextEditor improves bookmark cycling and refines theme config margins. KSVG enhances render cache thread safety, and KWallet removes unused functions for a leaner codebase.
KDE Gear 24.12.2: KDE’s Dolphin improves icon scaling and overlay handling, while Kdenlive fixes crashes, enhances effect stacking and improves rendering progress visibility. KMail and Kontact streamline account management, preventing duplicate entries when deleting accounts. KTrip and KWeather clean up unused strings for a smoother mobile experience. Kate ensures proper selection handling and fixes search match exports. Okular prevents hangs in forms with numerous choice fields and correctly responds to palette changes.
postgresql 17.3: This update addresses various security fixes and performance improvements. A key security fix strengthens encoding validation in PQescapeString and related functions to prevent potential SQL injection risks. Connection privilege checks and limits are now properly enforced for parallel workers. Several bug fixes improve database stability, including preventing catalog corruption during vacuum operations, fixing race conditions in parallel queries, and resolving unexpected transaction errors. Other enhancements include improved handling of SQL/JSON deparsing, better collation consistency in UNION queries, and optimizations for VACUUM and indexing.
Ruby 3.4.2: Key fixes for this package address segmentation faults in ripper, stack consistency errors in -ne, and unexpected behavior in Array#sum and Numeric subclasses. Parsing issues in prism and parse.y have been resolved, including recursion depth inconsistencies and handling of unnamed forwarding variables. Other fixes include improved compatibility with GNU Compiler Collection 15, corrections for Module#autoload? performance, TCPSocket error handling, and ensuring encoding consistency in ENV.inspect. Additionally, a TLS fix for ARM64 has been backported, and various syntax inconsistencies have been addressed.
wireplumber 0.5.8: This update introduces support for handling UCM SplitPCM nodes in the Advanced Linux Sound Architecture monitor and improves PipeWire channel remapping via loopbacks. New functions enable marking WpSpaDevice child objects as pending, which enhances the handling of asynchronously created loopback nodes. ALSA node name deduplication has been improved, which prevents unnecessary .2, .3 suffixes. Fixes include resolving duplicate Bluetooth SCO (HSP/HFP) sources in UIs, correcting stream-restore behavior for device loopback nodes, and addressing issues in wp_lua_log_topic_copy(). Additionally, test scripts have been updated for improved object identification consistency.
python-cryptography 44.0.0: This major pypi update drops support for LibreSSL < 3.9 and deprecates Python 3.7, which will be removed in a future release. Linux wheels are now compiled with OpenSSL 3.4.0. The update enforces RFC 5280 rules preventing empty extended key usage extensions, allows timestamp extraction for MultiFernet, and relaxes Authority Key Identifier requirements on root CA certificates. Support for Argon2id KDF is added when using OpenSSL 3.2.0+, along with support for the Admissions certificate extension. Additionally, PKCS7 decryption, including S/MIME 3.2, is now supported via new decryption functions.
python-pyOpenSSL 25.0.0: This major pypi update removes deprecated APIs, including CRL, Revoked, dump_crl, and load_crl, and transitions users to cryptography.x509 for CRL functionality. The sign and verify functions have been removed in favor of cryptography.hazmat.primitives.asymmetric signature APIs. Deprecated features include OpenSSL.rand (use os.urandom() instead), X509Extension, and elliptic curve functions. Future deprecations are planned for X509 and PKey objects, with users encouraged to migrate to cryptography.x509.Certificate and cryptography private keys. The update also introduces an as_cryptography argument for get_certificate and related functions, allowing cryptography.x509.Certificate objects to be returned.
Key Package Updates
Kernel Source 6.13.4, 6.13.3, 6.13.2: These updates includes various fixes and improvements across multiple subsystems. It addresses issues in Btrfs, including a lockdep splat fix and better handling of transaction aborts. Security improvements address x86 SRSO mitigation for missing IBPB on VM-Exit, HID device handling fixes for winwing and thrustmaster, and multiple pinctrl bug fixes. The updates also refined DRM and AMD display components, improving HDMI, DSC passthrough, and backlight quirks. Additional fixes improve schedulers, IRQ handling, logging, and filesystem stability. Various DRM bridge, panel, and connector updates enhance ELD handling and synchronization. Other enhancements improve safesetid policy checks, WiFi drivers, and device-specific optimizations.
curl 8.12.1: This update includes various security fixes, such as resolving password leaks between hosts, HSTS cache entry overwrites and an eventfd double-close vulnerability. Enhancements include support for PKCS#11 keys, QUIC 0RTT with GnuTLS, improved HTTP authentication tracking, and extended error handling for connection reuse. Notable bug fixes address TLS upgrade issues, DNS resolution improvements, HTTP retry handling, and performance optimizations across multiple protocols.
selinux-policy 20250211: This update sets SELinux as the default Linux Security Module (LSM) for all new installations. While AppArmor remains available, SELinux will be in enforcing mode by default on fresh installs, including the minimalVM variant. SELinux updates will continue refining the implementation in the coming weeks.
sdbootutil: This update introduces improvements to PCR 15 measurements, including a validator service and predictive capabilities for crypttab changes. The update also refines cryptographic device ordering when using FIDO2 keys and removes the .conf suffix from grubenv. Additional fixes ensure proper generator behavior when /etc/crypttab is missing and improve logging output for PCR validation.
GStreamer 1.24.12: This update resolves shader compilation failures in d3d12 and corrects framerate handling in decklinkvideosink. The gst-libav module now avoids crashes in audio encoders with insufficiently aligned input data and restores compatibility with FFmpeg 4.2. Other fixes include improved seeking and duration handling in oggdemux, PTS wraparound detection in tsdemux, and race condition fixes in vtdec on macOS. Enhancements were made to qtdemux for better matrix transformation and flipping support, while webrtc now prevents duplicate payload types when using RTX and multiple video codecs. Additional refinements were applied to wpe, x264enc, and win32-pluginoader, along with various memory leak and stability fixes.
XFSProgs 6.13.0: This update introduces significant improvements, including enhanced support for realtime volumes, quota handling, and metadata directories. The mkfs tool now allows recursive subvolume deletion and improved protofile parsing. xfs_repair adds support for quota inodes in metadata directories, while xfs_scrub accelerates phase 8 processing using histograms. Additional fixes address error reporting, device encoding, and concurrency improvements for realtime allocation groups. Various build, documentation, and tooling enhancements further refine the XFS ecosystem.
kdump 2.0.16: This update improves reliability with a fix for KDUMP_AUTO_RESIZE, addressing issues in crash dump resizing. The update also resolves a critical bonding configuration bug in dracut, which previously caused network failures in kdump initrd. The issue stemmed from improper parsing of bond device parameters, where MAC address colons led to errors. The fix ensures kdump correctly filters out problematic bond keys, preventing parsing failures.
CVE-2023-2861: Fixed a flaw in the 9p passthrough filesystem (9pfs) implementation that could allow a malicious client to escape the exported 9p tree by creating and opening a device file in the shared folder.
CVE-2024-11053: Fixed a credential leak when using .netrc files in combination with HTTP redirects.
CVE-2024-9681: Resolved an issue where HSTS subdomain entries could overwrite parent domain cache entries, potentially leading to incorrect HTTPS enforcement.
CVE-2025-0665: Addressed a double close vulnerability with eventfd, which could lead to undefined behavior or application crashes.
CVE-2024-12797: Fixed an issue where clients using RFC7250 Raw Public Keys (RPKs) might not detect server authentication failures, potentially exposing TLS/DTLS connections to man-in-the-middle attacks.
CVE-2024-13176: A timing side-channel vulnerability in ECDSA signature computations could allow attackers to recover private keys. This primarily affects the NIST P-521 curve and requires local access or a high-speed, low-latency network connection to exploit.
CVE-2024-9143: Fixed an out-of-bounds memory access issue in low-level GF(2^m) elliptic curve APIs, which could lead to memory corruption or crashes.
CVE-2025-1094: Fixed an SQL injection vulnerability in the psql interactive tool caused by improper neutralization of quoting syntax in certain functions.
CVE-2024-12133: Fixed inefficient handling of specific certificate data, which could allow an attacker to send a specially crafted certificate, causing a denial of service attack.
CVE-2025-24928: Fixed a stack-based buffer overflow in the xmlSnprintfElements function, which could be exploited during DTD validation of untrusted documents, leading to denial of service or code execution.
CVE-2024-56171: Resolved a use-after-free vulnerability in the xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables functions, potentially leading to arbitrary code execution when processing crafted XML documents or schemas.
CVE-2025-27113: Addressed a NULL pointer dereference in the xmlPatMatch function, which could cause application crashes when processing certain inputs.
CVE-2024-12243: Addressed a flaw where decoding certain DER-encoded certificates could cause excessive resource consumption, leading to denial-of-service conditions.
CVE-2025-0938: Fixed improper URL parsing in urllib.parse functions, which accepted invalid domain names with square brackets, potentially leading to security issues.
CVE-2025-24032: Fixed an issue where an attacker could create a token with a user’s public certificate and a known PIN, allowing unauthorized login without requiring the private key.
CVE-2025-24531: Addressed a potential authentication bypass in error situations when using smart cards for login.
CVE-2025-24528: Resolved a flaw where an authenticated attacker could cause kadmind to write beyond the end of the mapped region, leading to potential security risks.
Users are advised to update to the latest versions to mitigate these vulnerabilities.
Conclusion
KDE users will notice a more polished and efficient experience with the latest KDE Gear, Frameworks and Plasma updates. Beyond the visible improvements, Tumbleweed continues to strengthen its foundation with essential security patches for curl, mozjs128, grub2 and PostgreSQL, along with optimizations in XML processing through libxml2. These ongoing enhancements ensure Tumbleweed remains a dependable, high-performance open-source platform for developers and users alike.
Slowroll Arrivals
Please note that these updates also apply to Slowroll and arrive between an average of 5 to 10 days after being released in Tumbleweed snapshot. This monthly approach has been consistent for many months, ensuring stability and timely enhancements for users.
Contributing to openSUSE Tumbleweed
Stay updated with the latest snapshots by subscribing to the openSUSE Factory mailing list.
For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.
Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.
The PocketBeagle (PB) has an AM335x processor for the processing. I capture audio with ADC input in chunks with a sliding window — sampling rate was set based on processing speed (unoptimized w/ numpy calls) and responsiveness. Audio is processed with FFT -> power log spectrum -> log-frequency power spectrum to make the basis for the image. The image is then an opencv color mapping for each (pseudo-log) frequency bin’s power, and send to the PRU via /dev/mem so it can be displayed to the 64×32 LED matrix. The PRU is running a driver to display 8-bit color images, FPS somewhere in 20-30 range.
I chose a pocket beagle, partly because I’ve worked as an Apps Engineer at TI, partly b I have met the awesome Beagle folks several times, and partly bc I wanted to try running on an SoC with fast IO core + reasonable A-core running Linux. It’s worked out well, and the examples were definitely present enough out there to get me started on all aspects of the project. That said, it helps a lot to have worked professionally with such devices to heterogeneous SoCs running a mixture of HLOS/RTOS/No-OS (esp. including Linux) and have a signal processing / embedded systems background.
Version 1 details
First version of this project is complete as of 2024 EoY. I started sometime in 2023, but didn’t put much time into it / slowed down by silly roadblocks.
This v1 includes:
Custom cape (PCB that beagle board attaches to) that provides audio input and image output signalling to the matrix panel
Revisions needed to reduce analog noise, reduce pinout/external connection, etc.
PRU code that reads an image from shared memory, and manages output pins for the matrix such that we visualize an 8-bit, 32×64 pixel image.
Framerate is 20-30 FPS and looks about reasonably smooth and responsive, albeit a bit jittery.
Updated device tree overlay for setting ADC configuartion (20kS/s) (see dtb files in my repo)
Data arrives through IIO driver and read with sysfs
I noted that bb-overlay repo (origin of these DTS) has an ./install.sh that doesn’t work. I had to look in /boot/uEnv.txt to apply the DTBO file (name_overlays)
Sampling rate was chosen based on processing speed vs. responsiveness. I wanted 40 kS/s for 20 kHz bandwidth, but this just wasn’t feasible. As a result, I have some aliasing in the upper bands that I’ll need to resolve later.
A bunch of python code to do the audio capture, processing (FFTs and such), and image generation
I signal to the PRU by opening /dev/mem to access the whole memory space and write to PRU’s shared SRAM. Images too big for rpmsg anyway. In theory though (thx Jason K. for the tip), I can just alloc a chunk of DDR and access that between both cores — should be fast enough, but maybe still need double-buffer.
Buffer sizes, sampling rates, and processing code are tuned to be snappy — audio sync tests look visually acceptable (<200ms). Image processing at >30fps, unsure about display
I have some filtering to make the frequency bands look smoother in both space (pixels) and time (frames). Could spend lots of time tuning.
Add some power switches
Check signal levels on home audio system and see if I need to reduce / amplify voltage. Almost certainty the former per Klipsch RP-600m, but must measure at realistic listening level
The fact that this works with Python code and limited optimizations shows that AM335x is still a plenty beefy processor. I’m at ~70% utilization of the 1x A8. That said, I really want a new revision of pocket beagle with a more modern (probably TI) processor, so long as there’s a PRU. I’ll be keeping an eye out for a new PB iteration But This would probably also mean a few extra components on the PCB for ADC
There’s a main runner script that will turn off the PRU, rebuild firmware, start PRU, apply sysfs settings for ADC capture, and kick off the audio processing + image generation
I have plans for a v2, so expect an update in the future I’d like to add extra panels, clean up some audio ground noise, make the PCB more ‘user friendly’ (including enable line-out signal levels from AV receiver). If I can move to next generation of PB with higher powered SoC, I’d like to add more complex audio processing like beat detection
I have a bit of work to do as well for others who might like to implement / copy this project. Without replicating the PCB, hardware wiring is the ugliest part to get input ADC from audio and output 7x PRU pins and 6x GPIOs to the LED panel
Data breaches and cyber threats are becoming increasingly common and securing your personal and professional information has never been more critical.
Users transitioning from Windows to Linux through the Upgrade to Freedom campaign can use openSUSE’s tools to protect sensitive data, which include full disk encryption (FDE).
Full disk encryption during installation ensures maximum security. It safeguards all data on your hard drive by encrypting it and makes it unreadable without an decryption key. This level of protection is vital for preventing unauthorized access if your laptop or desktop is lost or stolen.
FDE with openSUSE is both user-friendly and powerful. The setup with advanced security features is easy.
For users seeking feature parity with Windows BitLocker, openSUSE offers Full Disk Encryption (FDE) secured by a TPM2 chip or a FIDO2 key. This advanced setup enhances security by storing encryption keys within the TPM, which ensures that only a trusted system configuration can unlock the disk. For a step-by-step guide on enabling this feature, read the Quickstart in Full Disk Encryption with TPM and YaST2 article.
Here’s a step-by-step guide to set up FDE on your system:
Step 1: Download and Boot openSUSE
Visit get.opensuse.org to download the latest version of openSUSE Leap or Tumbleweed.
Restart your computer and boot from the USB drive to begin the installation process.
Step 2: Configure Encryption During Installation
Once the installer starts, select your preferred language and keyboard layout.
In the partitioning setup, choose Guided Setup with Encrypted LVM.
Set a strong passphrase for encryption. This passphrase will be required every time the system boots. Use a mix of upper and lower case letters, numbers and special characters for optimal security.
Proceed with the installation as directed by the installer.
Step 3: Verify Encryption Settings
After installation is complete and the system restarts, you’ll be prompted to enter your encryption passphrase. Once entered, openSUSE tools will decrypt the disk and boot normally. To confirm encryption is active:
Open a terminal or console.
Run the command lsblk -f to verify that your disk is listed with the encryption type (e.g., crypto_LUKS).
The output might look something similar to the following:
While FDE protects your data, it does not prevent data loss from hardware failure or accidental deletion. Regularly back up your data to an encrypted external drive or a secure cloud service to ensure its safety.
Post-Installation Encryption
If you want to encrypt an existing partition after installation, visit the openSUSE wiki page about encryption.
Enhanced Security for Modern Challenges
Setting up full disk encryption on openSUSE not only protects your data but also aligns with the Upgrade to Freedom campaign’s mission of empowering users to maintain control over their hardware and privacy. By combining open-source software with good security practices, openSUSE ensures that users can confidently embrace a more secure digital future.
For additional guidance and community support, visit the openSUSE forums or join discussions at your local Linux user group.
Please be aware that some hardware configurations may require additional drivers or BIOS settings adjustments for full disk encryption to fully function properly. Check your device’s compatibility and update your firmware before proceeding.
The Reproducible-openSUSE (RBOS) project, which is a proof-of-concept fork of openSUSE, has reached a significant milestone after demonstrating a usable Linux distribution can be built with 100% bit-identical packages.
Reproducible builds ensure software can be rebuilt in an identical, bit-for-bit manner anywhere at any time using the same tools. This means that someone rebuilding the software from the same source code will get exactly the same results.
Why is this important? Because it’s a crucial aspect for supply-chain security.
This milestone for RBOS, led by openSUSE member Bernhard Wiedemann, advances software supply-chain security.
Reproducible builds allow us to confirm that the binaries used are correct, which ensures software has not been tampered with during the build process. By comparing identical outputs from different build environments, developers can detect issues such as accidental errors or malicious alterations. Without it, developers have to trust the build-process blindly or review binary-diffs manually, which is hard and time consuming.
In practice, reproducible-builds have found dozens of bug from race-conditions to compiling for incompatible CPUs with flags like via -march=native. Since Linux is a major component that operates the Internet, which is not only servers and routers but also client machines, improving security is vital.
The nice people at the nlnet foundation’s NGI0 Entrust fund sponsor open-source initiatives that improve the security of the internet. Wiedemann took on this 4-month-long project to create a fork of openSUSE that has 100% bit-reproducible packages. So far ring0 (aka bootstrap) and ring1 with 3,300 software packages have all successfully been patched and tested. Overall, the 16,000 source packages in openSUSE Factory have around 300 packages with issues left and information about this can be found in the following links:
Approximately 40 patches were needed and some more were completed before this project. Usually half of these patches are upstreamed.
With this, it is now possible to do a change in a toolchain package, rebuild everything and see exactly what changed as a result of the change.
RBOS does not receive security updates, so it is not recommended for productive use; it does however demonstrate how a full-bit-reproducible OS could be produced.
As patches make their way into openSUSE Factory, it should become easier to create a refresh in a year or two. Maybe it will become so little effort that each of the monthly Slowroll snapshots can be adapted into an RBOS-snapshot.
Ongoing work on a git-based OBS workflow could further support this effort, as tools like ‘git rebase’ can streamline and automate the process of integrating and updating patches.
“Users installing openSUSE Tumbleweed via the ISO image will see SELinux in enforcing mode as default option in the installer,” wrote SELinux Security Engineer Cathy Hu in the email announcement. “If the user prefers to use AppArmor instead of SELinux, they are able to change the selection to AppArmor manually in the installer.”
Tumbleweed has used AppArmor as its default LSM. This marks a shift in the default Mandatory Access Control (MAC) system for new installations as SELinux replaces AppArmor as the default choice. SELinux will be enabled in enforcing mode by default only for new installations. Existing installations will not be affected by the change and will retain the option to select AppArmor during installation if they prefer.
The switch to install SELinux by default is going through implementation and aligns with a decision to grow adoption of SELinux for both SUSE and openSUSE. It’s expected to increase security by confining more services by default.
SELinux is known for its rich security features and widespread use in enterprise environments.
The move is expected to bring tighter access controls to Tumbleweed. Users may encounter bugs or issues, but openQA tests for Tumbleweed have played a key role in identifying and resolving potential problems in the early adoption phase.
Contributors were encouraged to report any bugs that arise and can refer to the SELinux bug report guide for help.
There is no plan to change the kernel configuration yet, with the installer handling SELinux activation on new installations.
The community response to this change has been largely positive, though some users, particularly those who rely on highly customized AppArmor profiles, expressed concerns. AppArmor will continue to be supported and users can opt to install it manually if desired.
The change does not affect the Leap 15.x release. The first boot might take a little time. Expect updates for SELinux to roll out with fixes and tweeks over the next several weeks.
Developers of the openSUSE community continue their commitment toward improving legal compliance and software transparency with the release of the Cavil Legal Text dataset on Hugging Face.
This dataset is designed to enhance automated legal text classification, which reduces manual review efforts and improves accuracy in identifying legal snippets within software projects.
“Open sourcing the dataset is cooler than just open sourcing the weights to a model fine-tuned by us because everyone can use it to make their own versions based on whatever open weight model they want,” said Sebastian Riedel, one of the developers behind the project.
The Cavil Legal Text dataset supports Cavil, which is a system built to automate the extraction and classification of potential legal texts in software packages. By leveraging AI, Cavil minimizes false positives when detecting license information, copyright statements and compliance-related content; this ensures that legal experts can focus on critical cases rather than sorting through large amounts of irrelevant data.
With 150,000 labeled samples, the dataset is instrumental in training AI models to distinguish between legal and non-legal text with a high degree of accuracy. It enables legal review workflows by improving text classifications, pattern matching and reduces the dependency of human intervention.
Cavil consists of three key parts: a user-friendly web application with a REST API, a job queue for handling background tasks like pattern matching and analysis, and an AI-powered text classification server that continually improves its ability to recognize legal texts. All these components interact seamlessly through PostgreSQL and HTTP; this allows human experts and lawyers to efficiently validate software licenses at scale.
Currently, Cavil employs a Character-level Convolutional Neural Network (CNN) model in production due to its efficiency and compatibility with existing infrastructure. However, an alternative approach using fine-tuned LLMs is under exploration. The LLM-lawyer experiment suggests that large language models could provide more adaptable and context-aware classifications with less frequent retraining.
The dataset is licensed under GPL-2.0-or-later and is freely available on Hugging Face for researchers, developers, and compliance teams to explore and contribute. Open-source contributors can refine AI classification models, propose new legal text patterns, and support the ongoing improvement of automated legal compliance in software projects.
The promising new package management tool Myrlyn now includes a much-requested feature: repository configuration. Users can now easily manage their repos, adjust priorities, enable auto-refresh, and even add well-known community repositories like packman, openh264, libdvdcss, and NVIDIA; all with Myrlyn’s streamlined UI!
Key Features:
View repo details, including priority, auto-refresh status, and URL.
Modify repo settings directly from the interface.
Add custom repos with libzypp variables like $releasever.
Some users have been exclusively managing their systems with Myrlyn, which showcases its reliability. Myrlyn was developed during Hack Week 24 and is a standalone Qt-based package manager, free from YaST dependencies.
Ready to configure your repos? Head to Extras → Configure Repositories (Ctrl+Shift+O) and give it a spin!
Tumbleweed remains a strong example of a reliable rolling release as we step into 2025. This month delivered multiple snapshots and a wide range of updates! Two much anticipated major version updates arrived in snapshots this month; GIMP’s release candidate is giving users a good look into the 3.0 version and libvirt 11.0.0 improves virtualization performance, stability and flexibility. KDE Gear 24.12.1 improves app usability and KDE Plasma 6.2.5 brings some additional stability.
As always, be sure to roll back using snapper if any issues arise.
GIMP 3.0.0~RC2: This makes a major leap to version 3.0 with significant updates and fixes. The build process is streamlined with improved handling of fonts, such as replacing Bitstream Vera with Google Noto Sans and ensuring stability even when fonts are missing. The Python runtime dependencies and enhanced debugging support with libbacktrace ensure smoother builds and better issue resolution. Experimental features like the Lua plugin are now gated for optional use, and Fedora-imported patches improve system monitor profile defaults, external help browser support, and privacy settings. These updates modernize GIMP’s architecture and prepare it for the final 3.0 release.
KDE Gear 24.12.1: Notable updates in this release were made to Dolphin, which improved behavior on X11, fixed thumbnail updates on renaming, and ensured search box initialization fixes. With Itinerary, enhancements for trip group handling were made; there were also improvement made to weather forecasts and it was optimized for crash prevention. Kdenlive addressed timeline issues, fixed crashes, improved layout handling and restored effects presets. KMail improved search functionalities and KPublicTransport enhanced station name recognition.
KDE Plasma 6.2.5: The Discover app store fixes overlapping update descriptions text and kpipewire fixes issues when streaming fails to update. The plasma update also prevents crashes by adding a dummy clipboard. Some screencasting was resolved with KWin. PowerDevil resolves crashes in unloadAllActiveActions and Plasma Networkmanager reverts fixing an issue with the connection speed tab remaining visible after disconnecting.
Rsync 3.4.1: This update brings critical bug fixes and security enhancements. Key updates include improved handling of the -H flag, resolution of a use-after-free issue in rename logging, and removal of the dependency on alloca() in the bundled popt. Security fixes address multiple vulnerabilities such as CVE-2024-12747, which mitigates a race condition in handling symbolic links, as well as CVE-2024-12084 through CVE-2024-12088, tackling heap buffer overflows, information leaks, and directory traversal risks. The update also introduces protocol version 32 and refines developer tools for improved permissions handling.
libvirt 11.0.0: This major release adds VLAN tagging and trunking support for network interfaces on Linux host bridges and enables domains to use advanced tlbflush Hyper-V features. User-defined aliases for devices in domain XML and virtiofs read-only mode are now supported. Enhanced vGPU migration between mdev and SRIOV VF devices is also introduced. Key fixes address transient domain TPM profile crashes, disk image deletion with snapshots, and post-copy migration recovery errors, alongside improvements in domain XML formatting and CPU model support.
libcdio 2.2.0: The library now uses GNU/Linux’s new ioctl with kernel 5.16+ and incorporates GitHub CI checks for better development workflow. Additionally, the update ensures compatibility with widestring APIs and provides better pkg-config detection.
Amarok 3.2.1 & 3.2.2: Amarok introduces Qt6 and KF6 compatibility, enabling support for gpodder, last.fm, and the Wikipedia context applet. The collection can now be filtered by empty tags, and the context view applet for the current track is displayed by default. Key fixes address crashes during file transfers to MTP devices, Ampache logins, and collection filtering. Additional improvements include reduced MTP device query flooding, refined font size limitations in the context view, and enhanced compatibility across compiler and Qt6 versions. Amarok now depends on KDE Frameworks 5.108, marking a step toward modernized builds and better stability.
libxml2 2.13.5: New features include API additions for more reliable malloc failure reporting and context-specific error handlers, such as xmlCtxtSetErrorHandler. The update introduces the XML_PARSE_NO_XXE parser option, enhancing security by disabling external entity loading. Key bug fixes address regressions in xmlIO, xmlreader, and handling of parameter entities. Additionally, significant optimizations ensure better compatibility with modern systems, improved error handling, and support for new configurations. Deprecated features such as HTTP POST support and legacy FTP functionality are gradually being phased out, which reflects a shift toward streamlined and secure XML processing.
Key Package Updates
Kernel Source 6.12.8, 6.12.10 and 6.13.0: The rolling release was one of the first to update to the 6.13 kernel and notable changes for it include a PCI/DPC quirk for PIO log size adjustments on Intel Raptor Lake-P (bsc#1234623). The update also drops a mainline patch for Nouveau backlight control and includes refreshed configurations. Enhanced USB handling, better support for various arm platforms and multiple bug fixes for IIO devices arrived in a previous kernel update. Key changes address vulnerabilities, improve stability and refine hardware compatibility across various subsystems. Version 6.12.8 had enhancements to ALSA and Bluetooth subsystems to address issues like memory leaks and invalid parameter handling. Btrfs received fixes for race conditions and improvements to power supply drivers were made.
btrfs-progs 6.12: This update includes recursive subvolume deletion for accessible subvolumes and the --subvol option in mkfs to create subvolumes with specific properties (read-only, read-write, or default). Other notable improvements include hard link detection in the --rootdir option, refined verbosity in receive and more accurate handling of compressed extents in check. The release also addresses several bugs, such as false positive checksum reports and improper subvolume iteration in rescue clear-ino-cache.
Systemd 257.2: Key updates in this package include improvements to user@.service. Various patches, such as fixes for TPM2 utilities and initrd_prepare behavior, have been integrated upstream. While the testsuite now requires cloning the systemd repository due to upstream changes; efforts are underway to adapt the sub-package.
Mesa 24.3.3: Fixes in this release include resolving rendering issues in Portal 2 and Half-Life 2, addressing crashes in Artifact Classic, and correcting a regression that broke Wayland on RS480M GPUs. Additional updates fix prop disc rendering in X-Plane 12, improve H264/H265 VAAPI encoding on R6700XT with proper QP value handling, and resolve missing text in Age of Mythology Retold on Arc b580 GPUs.
HarfBuzz 10.2.0: Font handling improvements arrive in this package. Unicode Variation Selectors are now considered during “cmap” table subsetting, while malformed UTF-8 strings are better guarded in hb_cairo_glyphs_from_buffer(). Rendering and parsing see significant fixes, including corrected scaling for “COLR” v1 glyphs and locale-independent double number parsing in the hb-subset tool. New APIs enable advanced font table serialization, repacking, and font variation settings conversion.
Coreutils 9.6: This release addresses multiple bug fixes, such as correcting issues in cp, mv, ls and tail, improving reliability and compliance with POSIX standards. Enhancements include new features like CRC32b support in cksum, indexed arguments in printf, and POSIX:2024 string comparison in test. Performance improvements touch key utilities like wc, cksum and sort to ensure faster operations on modern systems.
PHP 8.3.16: This package delivers a wide range of bug fixes and stability improvements across core features and extensions. Enhancements include addressing issues in DatePeriod, SimpleXML and FFI, resolving memory leaks in components like LibXML and Sockets, and improving compliance with standards such as RFC 6890 for IP filtering. Key fixes span vulnerabilities like use-after-free (UAF) in DOM and Iconv, segmentation faults in Gettext and Phar, and overflow issues in Streams. Developers benefit from improved error handling, compatibility updates, and hardened security measures for critical functions like proc_open().
Flatpak 1.16.0: The latest version has new environment variables like FLATPAK_TTY_PROGRESS, FLATPAK_DATA_DIR, and FLATPAK_DOWNLOAD_TMPDIR offer greater flexibility for configuring runtime behavior, such as progress indicators and alternative directory paths. Notable bug fixes include improved handling of dangling symlinks, corrections to introspection annotations in libflatpak, and resolving regressions with Wayland socket handling. Other refinements ensure smoother operation and compatibility, including fixes for terminal progress indicators and the installation of missing test data.
Bug Fixes and Security Updates
Several key security vulnerabilities were addressed this month:
CVE-2024-50349: Fixed an issue where crafted URLs could inject ANSI escape sequences, potentially misleading users into sending credentials to malicious hosts.
CVE-2024-52006: Addressed incorrect handling of line endings in credential helpers, preventing credential exposure.
CVE-2020-6923: Fixed a memory buffer overflow vulnerability in HPLIP versions 3.20.8 and earlier, which could allow arbitrary code execution or denial of service.
CVE-2024-13176: A timing side-channel vulnerability in ECDSA signature computations could allow attackers to recover private keys.
Conclusion
KDE users will appreciate the refined experience offered by the latest KDE Gear and Plasma releases, with improved usability and bug fixes. Under the hood, Tumbleweed continues to receive critical updates, including security enhancements for Rsync and improved XML processing with libxml2. These updates, along with numerous others continue to make Tumbleweed a secure, stable and useful open-source platform.
Slowroll Arrivals
Please note that these updates also apply to Slowroll and arrive between an average of 5 to 10 days after being released in Tumbleweed snapshot. This monthly approach has been consistent for many months, ensuring stability and timely enhancements for users.
Contributing to openSUSE Tumbleweed
Stay updated with the latest snapshots by subscribing to the openSUSE Factory mailing list.
For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.
Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.
One of the design trade-offs when building the BeagleY-AI to conform to a Pi 5 form factor as well as it does was to place the tag-connect JTAG interface for the SoC between the two banks of USB 3.0 ports. As a result, the original retainer clips that come with TagConnect cables do not fit unless you shave down the clip PCB and even then, it’s hard to put in/remove.
To get around this, I’ve designed a simple to print 3D printable piece that serves the same purpose and provides a handy grabbing point so you an can easily insert/remove it.
Both PLA and PETG have been fine but I would avoid printing in something like ABS due to risk of it warping/shrinking and affecting the dimensional tolerance of the holes.
These prints come out perfectly on my Bambu X1C in both PETG and PLA as mentioned above, but you may need to play with scaling depending on the tolerances/calibration of your individual printer and filament.
Happy Printing and Debugging (with JTAG not the print) !
I’ve deployed BeaglePlay as a HomeAssistant controller for over a year and a half to run my connected devices. It acts as a rock stable Apple HomeKit bridge to my Matter and Zigbee enabled devices as well as some other more appliances but it deserved more than just laying bare on a shelf so I designed some snazzy cases to show it off and keep it safe! I hope others use these to improve it and design their own!
There are two versions for now:
A full enclosure with options for both enclosed antennas as well as external SMA, including options for multi-color printing and cutouts for all expansion ports including Mikrobus. https://www.printables.com/model/529256-beagleplay-case/
The conference is scheduled to take place June 26 to 28 in Nuremberg, Germany.
Until April 30, people can submit proposals for a talk or workshop to share insights and their expertise.
People have 97 days to submit a talk for the conference and are encouraged to submit talks based on the following length and topics:
Presentations can be submitted for the following length of time:
Lightning Talk (10 mins)
Short Talk (30 mins)
Virtual Talk (30 mins)
Long Talk (45 mins)
Workshop (1 hour)
The following tracks are listed for the conference:
Cloud and Containers
Community
Embedded Systems and Edge Computing
New Technologies
Open Source
openSUSE
Open Source for Business: Beyond Code into Sustainability Track
Volunteers who would like to help the with the organization of the conference are encouraged to email ddemaio@opensuse.org or attend a weekly community meetings.
Conferences need sponsors to support community driven events to keep events free and open to new contributing members. Companies can find sponsorship information or donate to the Geeko Foundation to assist with funds that will go toward the conference.
For more information about the candidates and the election, visit the project mailing list where candidates are answering questions and informing members of their platform.
Board members serve as guides for the community, handle key project functions, facilitate initiatives, organize meetings, and manage openSUSE domains and trademarks. They also uphold community standards, including overseeing complaints and ensuring compliance with the openSUSE Code of Conduct.
Per the Election Rules, only current members are eligible to run for board positions. New members joining during the membership drive can participate in voting but cannot stand as candidates.
The election is overseen by committee members Edwin Zakaria, and Ariez Vachha. Their responsibilities include finalizing the candidate list and ensuring a smooth election process.
Millions of gamers are facing a critical decision; upgrade their operating system, invest in new hardware or explore alternatives like Linux with the end of Windows 10 support in October next year.
The good news is that gaming on Linux has never been better, and openSUSE is a powerful and versatile platform for gamers to continue enjoying their favorite titles.
Linux gaming has evolved significantly over the past decade. Thanks to tools like Proton, Steam and Lutris, a large number of Windows-exclusive games are now playable on Linux. openSUSE is an excellent choice for gamers making the switch since it’s well known for its stability, flexibility and hardware support.
Why Choose openSUSE for Gaming?
openSUSE brings a unique combination of features that make it a desired Linux distribution for gamers:
Stability and Performance: openSUSE Leap provides a reliable environment for gaming, while Tumbleweed offers the latest software and drivers for cutting-edge performance.
Wide Hardware Support: Whether you’re using NVIDIA or AMD GPUs, openSUSE has excellent driver support.
Customizability: openSUSE allows you to easily tailor your system for gaming with access to tools and tweaks.
Distributions of openSUSE will breathe new life into your existing hardware, help you to avoid costly upgrades and keep gaming without interruption.
Setting Up Gaming on openSUSE
Step 1: Install Steam
Steam is the cornerstone of Linux gaming, providing access to thousands of native and Proton-supported games. Open the software center (Discover for KDE Plasma, GNOME Software for GNOME) or use the terminal.
Install Steam:sudo zypper install steam
Launch Steam, log in, and enable Steam Play:
Go to Settings > Steam Play.
Enable Steam Play for supported titles and Steam Play for all other titles.
Select the latest version of Proton.
Steam Play allows you to run many Windows games seamlessly on Linux.
Step 2: Install Lutris
Lutris is a game manager that simplifies the installation and configuration of games from sources like GOG, Epic Games, and even emulators.
Install Lutris via the terminal:
sudo zypper install lutris
Open Lutris and log in to your account.
Use Lutris’s library to install and manage your games. It provides pre-configured setups for many popular titles, making the process effortless.
Step 3: Configure Your GPU Drivers
Proper GPU drivers are essential for gaming performance.
For NVIDIA GPUs:
Add the NVIDIA repository:
sudo zypper addrepo --refresh https://download.nvidia.com/opensuse/tumbleweed NVIDIA
AMD GPUs work out of the box with open-source Mesa drivers. To ensure optimal performance, update your system:
sudo zypper dup
Check out the GPU Switching if you use multiple GPUs.
Step 4: Optimize Your System
Install MangoHud: Monitor FPS and system performance in games.
sudo zypper install mangohud
Use GameMode: Optimize system resources for gaming performance.
sudo zypper install gamemode
Popular Games on openSUSE
Many games have native Linux versions that run flawlessly on openSUSE:
Counter-Strike: Global Offensive
Dota 2
Sid Meier’s Civilization VI
Hades
Valheim
Proton, Steam’s compatibility layer, allows you to play many Windows games on Linux:
The Witcher 3: Wild Hunt
Cyberpunk 2077
Red Dead Redemption 2
Elden Ring
No Man’s Sky
Retro Gaming
For retro gaming enthusiasts, tools like RetroArch and Dolphin Emulator enable you to relive classic titles from consoles like the Nintendo 64, GameCube, and PlayStation.
Resources and Support
Need help? The Linux gaming community is active and ready to assist. Check out these resources:
Proton – Find information about how well your favorite games run on Linux.
Gaming on Linux, particularly with openSUSE, is no longer a compromise. Whether you’re playing AAA titles, indie games or retro classics, openSUSE offers the tools and performance you need to enjoy a seamless gaming experience.
Don’t wait until Windows 10 support ends; make the switch today and keep your gaming journey alive on openSUSE.
Upgrading to Windows 11 may require new hardware, which could add significant costs. Switching to openSUSE not only extends the life of your current hardware but also gives you access to a modern, secure gaming platform. By adopting openSUSE, you avoid contributing to e-waste caused by discarding perfectly functional machines and take advantage of a free, open-source operating system tailored for performance and reliability. This is part of a series on Upgrade to Freedom where we offer reasons to transition from Windows to Linux.
Millions of gamers are facing a critical decision; upgrade their operating system, invest in new hardware or explore alternatives like Linux with the end of Windows 10 support in October next year.
The good news is that gaming on Linux has never been better, and openSUSE is a powerful and versatile platform for gamers to continue enjoying their favorite titles.
Linux gaming has evolved significantly over the past decade. Thanks to tools like Proton, Steam and Lutris, a large number of Windows-exclusive games are now playable on Linux. openSUSE is an excellent choice for gamers making the switch since it’s well known for its stability, flexibility and hardware support.
Why Choose openSUSE for Gaming?
openSUSE brings a unique combination of features that make it a desired Linux distribution for gamers:
Stability and Performance: openSUSE Leap provides a reliable environment for gaming, while Tumbleweed offers the latest software and drivers for cutting-edge performance.
Wide Hardware Support: Whether you’re using NVIDIA or AMD GPUs, openSUSE has excellent driver support.
Customizability: openSUSE allows you to easily tailor your system for gaming with access to tools and tweaks.
Distributions of openSUSE will breathe new life into your existing hardware, help you to avoid costly upgrades and keep gaming without interruption.
Setting Up Gaming on openSUSE
Step 1: Install Steam
Steam is the cornerstone of Linux gaming, providing access to thousands of native and Proton-supported games. Open the software center (Discover for KDE Plasma, GNOME Software for GNOME) or use the terminal.
Install Steam:sudo zypper install steamLaunch Steam, log in, and enable Steam Play:
Go to Settings > Steam Play.
Enable Steam Play for supported titles and Steam Play for all other titles.
Select the latest version of Proton.
Steam Play allows you to run many Windows games seamlessly on Linux.
Step 2: Install Lutris
Lutris is a game manager that simplifies the installation and configuration of games from sources like GOG, Epic Games, and even emulators.
Install Lutris via the terminal:
sudo zypper install lutris
Open Lutris and log in to your account.
Use Lutris’s library to install and manage your games. It provides pre-configured setups for many popular titles, making the process effortless.
Step 3: Configure Your GPU Drivers
Proper GPU drivers are essential for gaming performance.
For NVIDIA GPUs:
Add the NVIDIA repository:
sudo zypper addrepo --refresh https://download.nvidia.com/opensuse/tumbleweed NVIDIA
For AMD GPUs:
AMD GPUs work out of the box with open-source Mesa drivers. To ensure optimal performance, update your system:
sudo zypper dup
Check out the GPU Switching if you use multiple GPUs.
Step 4: Optimize Your System
Install MangoHud: Monitor FPS and system performance in games.
sudo zypper install mangohud
Use GameMode: Optimize system resources for gaming performance.
sudo zypper install gamemode
Popular Games on openSUSE
Native Linux Games
Many games have native Linux versions that run flawlessly on openSUSE:
Counter-Strike: Global Offensive
Dota 2
Sid Meier’s Civilization VI
Hades
Valheim
Windows Games with Proton
Proton, Steam’s compatibility layer, allows you to play many Windows games on Linux:
The Witcher 3: Wild Hunt
Cyberpunk 2077
Red Dead Redemption 2
Elden Ring
No Man’s Sky
Retro Gaming
For retro gaming enthusiasts, tools like RetroArch and Dolphin Emulator enable you to relive classic titles from consoles like the Nintendo 64, GameCube, and PlayStation.
Resources and Support
Need help? The Linux gaming community is active and ready to assist. Check out these resources:
ProtonDB: protondb.com – Find information about how well your favorite games run on Linux.
Lutris Wiki: lutris.net – Guides and tips for setting up games.
openSUSE Forums: forums.opensuse.org – Connect with the community for support.
Gaming on Linux, particularly with openSUSE, is no longer a compromise. Whether you’re playing AAA titles, indie games or retro classics, openSUSE offers the tools and performance you need to enjoy a seamless gaming experience.
Don’t wait until Windows 10 support ends; make the switch today and keep your gaming journey alive on openSUSE.
Upgrading to Windows 11 may require new hardware, which could add significant costs. Switching to openSUSE not only extends the life of your current hardware but also gives you access to a modern, secure gaming platform. By adopting openSUSE, you avoid contributing to e-waste caused by discarding perfectly functional machines and take advantage of a free, open-source operating system tailored for performance and reliability.
This is part of a series on Upgrade to Freedom where we offer reasons to transition from Windows to Linux.
OpenVINO (Open Visual Inference and Neural Network Optimization) is one of the most crucial tools in the AI ecosystem, especially for applications requiring optimized performance for deep learning model inference. The 2024.6.0 release that arrived in Tumbleweed brings significant advancements in compatibility, optimizations and support for complex models, including those used in Generative AI, such as Large Language Models (LLMs).
The Importance of OpenVINO on openSUSE Linux
Seamless Hardware and Software Integration: OpenVINO provides native acceleration for Intel CPUs and GPUs while maintaining flexibility to support other platforms. When paired with openSUSE Linux’s optimized kernel and advanced library compatibility, OpenVINO reaches its full potential.
Generative AI in Open Source: In the era of Generative AI, tools like OpenVINO democratize access to cutting-edge technologies and allow developers of all levels to create advanced solutions directly on openSUSE without requiring expensive proprietary hardware.
Performance and Efficiency: OpenVINO significantly reduces inference times and resource usage, which is a critical feature for LLM-based applications processing large amounts of data in real-time.
Developer Simplicity: One of OpenVINO’s greatest advantages is its accessibility. It enables even beginner developers to build robust applications with minimal code while still offering flexibility and customization for advanced projects.
Building an LLM Application in 3 Lines of Code
With OpenVINO, creating an application using a generative language model is as simple as:
This simplicity highlights how OpenVINO allows seamless integration of Generative AI technologies into openSUSE Linux, combining optimization with ease of use.
Conclusion
The presence of OpenVINO on openSUSE Linux reinforces the role of open source in leading technological advancements in the AI era. It empowers businesses, independent developers and enthusiasts to build efficient, scalable and impactful applications. With tools like OpenVINO, openSUSE positions itself as a powerful platform for innovation in Generative AI.
With the release of LXQt 2.1, we are pleased to announce the availability of Wayland compatibility for LXQt within Tumbleweed.
This support is to be considered experimental at this point, and for most users, is likely not ready for daily driving.
LXQt, unlike many other desktop environments, does not provide its own Window Manager. Under X11, the openSUSE-LXQt team defaults to using Openbox as its Window Manager. This decision carries over from upstream to the new Wayland support; the initial release of lxqt-wayland-sessions supports the following Wayland Compositors:
At present, not all of LXQt’s built-in configuration tools work with all compositors, nor do all compositors support all features of LXQt components. Most notably:
lxqt-globalkeys does not work with Wayland, and setting keybinds must be done through each individual compositor’s configuration files.
lxqt-panel’s desktop switcher, and LXQt Power Manager’s settings for controlling displays are only compatible with KWin.
With the exception of KWin and labwc, configuration is done by editing the text configuration files of individual compositors. KWin can be configured through GUI tools, provided the relevant parts of KDE System Settings are installed. labwc offers labwc-tweaks, which allows certain configurations through a GUI, but it is not comprehensive.
The openSUSE-LXQt team is not currently making any recommendations as to a “default” Wayland compositor for LXQt since this support is still in active development, but we do make the following suggestions to help you decide. If you don’t know which compositor you would like to try, take the following considerations:
KWin provides the most complete Wayland session, workspace support, and with the right parts of Plasma installed, can be configured through the GUI rather than by editing text files.
labwc is roughly based on the idea of “Openbox for Wayland” and will feel more “at home” for existing LXQt users.
If you prefer Floating/Stacking desktops, Kwin, labwc, or Wayfire are your best current choices.
If you like tiling desktops, Hyprland, niri, river, or Sway may be to your liking.
If you like lots of desktop effects and “bling”, Kwin, Hyprland, or Wayfire are probably good places to start.
Slowroll’s snapshots mark the beginning of fresh updates with the initial updates now accessible on mirrors globally.
This month’s bump comes a day early to avoid interruptions caused by routine maintenance on critical infrastructure. Updates are rolling out and users get new Tumbleweed versions from the 20250101 snapshot.
Slowroll’s smart roll approach delivers a dependable foundation for users seeking a reliable system with essential security updates that avoid frequent changes seen in traditional rolling-release models. The balance makes it an excellent choice for those who want a balance of stability and access to modern software.
Updates for Slowroll arrive between an average of 5 to 10 days after being released in Tumbleweed. Users can read the latest monthly update for Tumbleweed to see what packages are arriving in Slowroll; recent updates include QEMU 9.2.0, which adds 3D acceleration for Vulkan apps and enhanced crypto support, and GPG 2.5.2, which features ECC+Kyber key generation and improved smart card handling.
While still marked as experimental (for lack of automated tests), Slowroll continues to evolve and offers users a dependable and innovative alternative in the openSUSE ecosystem.
Tumbleweed continues to exemplify a solid rolling release and December 2024 wraps up a year of several snapshots and large array of updates! KDE Gear 24.12 improves app usability, SQLite introduces innovative query features and snapshots brought critical patches across various packages for enhanced security.
These updates not only strengthen functionality but also set the stage for an exciting 2025.
As always, remember to roll back using snapper if any issues arise.
KDE Gear 24.12: This update delivers many enhancements across KDE’s diverse application suite. Dolphin now boasts better keyboard navigation, file sorting and a new mobile-optimized interface for Plasma Mobile. Document viewer Okular enhances its annotation, form-handling and digital signing capabilities, while Kdenlive introduces features like timeline item resizing and proxy generation improvements. Other apps like certificate manage Kleopatra and KDE Connect also see notable upgrades that includes improved cryptography tools and improved Bluetooth connectivity.
KDE Ships Frameworks 6.9.0: Key highlights include better accessibility, improved file handling and updated icon sets across various modules. Frameworks like Baloo and Kirigami received significant updates for test reliability and usability, while Breeze Icons introduced new symbolic versions for better UI consistency. The transition to Qt6 progresses with many components now optimized for compatibility, and new Python bindings extend functionality in multiple libraries. Other improvements address cryptographic handling, better integration with Flatpak, and fixes for platform-specific builds like Haiku.
sqlite 3.47.1 & 3.47.2: The 3.47.1 version fixes makefile DESTDIR handling, addresses issues with certain IN queries and resolves bugs from prior releases. The upgrade introduces arbitrary expressions for RAISE, enhanced query optimizations, improved group_concat behavior and new CLI features like median() and .www. Several query planner improvements boost performance, while SQLite now avoids “long double” usage for better compatibility. Additional enhancements include custom locale-aware FTS5 tokenizers, contentless FTS5 tables, and an experimental sqlite3_rsync tool. Compatibility for TCL9 is added, and JavaScript OPFS VFS issues are fixed. The 3.47.2 version resolves a text-to-floating-point conversion issue affecting specific numeric text values on x64 and i386 systems, introduced in version 3.47.0. Minor bug fixes are included, and the session extension is now enabled to support NodeJS 22.
Kernel-firmware 20241128: This introduces extensive updates that include the i915 Xe2LPD DMC v2.24, new Cirrus CS35L56 firmware for Dell laptops, and multiple amdgpu updates. It also adds new aliases for kernel 6.13-rc1 and enhances support for various AMD GPUs, iwlwifi and other devices.
gpg 2.5.2: This update introduces ECC+Kyber key generation, trustdb validation post-key import and improved handling of expired trusted keys. Enhancements include fixes for encryption issues, robust error handling for smart cards and performance boosts for certificate listings. Other updates refine ADSK key usage, address database race conditions and optimize directory creation during extraction.
curl 8.11.1: This release addresses a critical security issue involving netrc and redirect credential leaks. Improvements include fixes for cookie handling, enhanced trace timestamps and better error messaging for expired certificates. Updates also resolve issues with netrc parsing, libssh IPv6 handling and HTTP content decoding.
Key Package Updates
Kernel Source 6.12.6: The kernel introduces numerous improvements and fixes. Key updates include enhanced USB support, addresses issues in device suspension and improves audio compatibility for specific devices. Other notable fixes involve enhancements to scheduling, block storage, network protocols and RISC-V architecture. It also includes critical patches for BPF, IOMMU, and several drivers.
Flatpak 1.15.12: This fixes crashes during app installations by reverting to process IDs in cgroup names, introduces USB metadata parameters (--usb, --no-usb), enhances accessibility with --a11y-own-name, improves debugging with flatpak run -vv, adds KDE search completion support and includes build fixes, updated dependencies, and memory leak resolutions.
systemd 256.9 and 256.10: This 256.9 update clarifies $WATCHDOG_USEC usage for the shutdown binary and addresses SAS wide ports in udev-builtin-path_id. It reverts a commit causing regressions, disables EFI on non-compliant architectures, and removes /run/systemd when switching root. The 256.10 update includes fixes for VLAN ranges, improved WireGuard key error reporting and adjustments to systemctl for better user feedback.
LLVM 19.1.5 and 19.1.6: This minor update provides bug fixes and the llvm-do-not-install-static-libraries.patch was rebased to align with the update.
qemu 9.2.0: This update introduces 3D acceleration for Vulkan apps via virtio-gpu, enhanced crypto with SHA-384 support and QATzip migration compression. arm gains FEAT_EBF16 emulation, two-stage SMMU and CPU Security Extensions for xilinx-zynq-a9. RISC-V sees IOMMU support, extensions for control flow integrity and improved vector performance. x86 highlights include a new Nitro Enclave machine type and AVX10 KVM enhancements.
GStreamer 1.24.10: This update addresses more than 40 security vulnerabilities in components like MP4, Matroska and Ogg demuxers and includes fixes for avviddec assertions, appsink/appsrc, decodebin3, closed captioning and pipeline graph generation.
vim 9.1.0908: This update includes new file type recognitions, enhancements to documentation, better syntax support for various languages and numerous bug fixes across features like completion, file operations, and plugins. It also refreshes translations and improves runtime components like netrw and termdebug.
libzypp 17.35.15: This update updates to treat = as a safe character in URL query values, adds support for recognizing rpmdb.sqlite as a database file, fixes a typo and adjusts the FastCGI header.
gedit 48.1: This update removes plugins like External Tools, Snippets and Python Console. The package rewrites the Text Size plugin in C, and eliminates the background-pattern grid feature. Fixes include Wayland unmaximize bug and compilation warnings, alongside code refactoring and updated translations. The gedit-plugins-python-env.patch was dropped as obsolete.
AppStream 1.0.4: This release brings new features, including AS_BUNDLE_KIND_SYSUPDATE for system updates and dark theme support for Plasma and Pantheon. Improvements were made to memory size detection for Illumos, Solaris, and GNU/Hurd along with enhanced branding color exposure in Qt. Bug fixes address race conditions in GResource loading, timezone handling and legacy compatibility tags.
Bug Fixes and Security Updates
Several key security vulnerabilities were addressed this month:
CVE-2024-53920: On untrusted Emacs, Lisp code can trigger unsafe macro expansion, allowing arbitrary code execution.
Conclusion
December 2024 capped off the year with significant updates. Notable enhancements include QEMU’s improved virtualization features, systemd’s refined user feedback and hardware compatibility, and the kernel’s advancements in boosting device support and performance. Updates to Flatpak and AppStream further enhance the ecosystem, providing better app management and integration. As Tumbleweed users roll into 2025, they can count on a comfortable, secure open-source software experience. Happy tumbling!
Slowroll Arrivals
Please note that these updates also apply to Slowroll and arrive between an average of 5 to 10 days after being released in Tumbleweed snapshot. This monthly approach has been consistent for many months, ensuring stability and timely enhancements for users.
Contributing to openSUSE Tumbleweed
Stay updated with the latest snapshots by subscribing to the openSUSE Factory mailing list.
For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.
Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.
Members of the openSUSE Election Committee have provided an update regarding this year’s Board election. This election will fill three board seats. All eligible openSUSE members are encouraged to participate in shaping the future of the project.
The nomination process, originally scheduled for completion in December, has been extended due to an insufficient number of candidates. The updated timeline aims to provide more opportunities for members to engage in the process.
Revised Election Timeline
Jan. 3, 2025: Extension for nominations and applications for Board candidacy; membership drive begins
Jan. 18, 2025: Final candidate list announced; campaign begins; membership drive continues (new members can vote but not run)
Jan. 19, 2025: Voting opens
Feb. 2, 2025: Voting closes
Feb. 3, 2025: Election results announced
The three open seats are held by Douglas DeMaio, Neal Gompa, and Patrick Fitzgerald. Board members serve as guides for the community, handle key project functions, facilitate initiatives, organize meetings, and manage openSUSE domains and trademarks. They also uphold community standards, including overseeing complaints and ensuring compliance with the openSUSE Code of Conduct.
How to Participate
Any openSUSE member can stand for election by sending an email to project@lists.opensuse.org and election-officials@lists.opensuse.org. Members can also nominate others by contacting the Election Committee, who will confirm the nominee’s interest.
Eligibility Requirements
Per the Election Rules, only current members are eligible to run for board positions. New members joining during the membership drive can participate in voting but cannot stand as candidates.
The election is overseen by committee members Ish Sookun, Edwin Zakaria, and Ariez Vachha. Their responsibilities include finalizing the candidate list and ensuring a smooth election process.
Let’s work together to make this election a success and continue driving openSUSE forward into 2025!
Login
