Guest post by Fedora version 21 has been launched. The Fedora project, which is sponsored by Red Hat, has taken a new approach with the new version of the Fedora Linux distribution. Fedora 21 has been split into three separate product offerings: Workstation, Cloud and Server. Each product shares a common base, allowing for software compatibility between the three branches. According to the release announcement, Fedora 21 ships with a number of new administration tools, a new graphical package manager and experimental support for running the GNOME desktop on a Wayland display server. More detailed information on Fedora’s latest release can be found in the project’s release notes.
Sooo, should we argue about systemd some more?
tbullock,
Do you realize that this is the 3rd article where you are the first person to start ranting about systemd?
No. Wayland would be a much more capturing topic.
I’ll have to give it a try. I like Fedora in general and its uncluttered version of GNOME 3. F20 was okay, but I felt it required a bit too much command-line for simple things where it shouldn’t have such as package management and service control.
Oh yes, before I forget. Systemd. Hell, on Fedora and other rh-based systems it even works. Imagine that.
I gave it an honest try, but so far Fedora 21 is pretty hopeless for me. The entire install process took place in squintyvision; the installer had some rough edges, and whenever I try to log out from the desktop it seems to hang on a black screen. I’m sure some of these issues are related to the fact that I’m using Fusion 7 instead of real hardware, but virtualization isn’t that uncommon now…
I’m also still not fond of the default desktop environment. Why does the launcher overlay the entire screen ala Windows 8? Why do I have to return to the full-screen overlay to get a minimized window back, and why isn’t there a way to minimize a window without a right click? Gnome 3 is just not for me.
Edit: apparently getting out of squintyvision requires a gsettings command, because it would be unreasonable to have actual settings in the Settings program: https://wiki.gnome.org/BrionVibber/HiDpiNotes
Alas, after applying this and rebooting (because of the aforementioned logout issue), I can’t log in anymore; I just get a black screen. Oh well.
Edited 2014-12-10 01:53 UTC
I also got the black screen. Strange..
As far as “squintyvison”, you mean tiny text? I’m guessing you have a Retina Mac?
It’s likely the included Linux vmware driver isn’t really Retina aware.
I’ve got VMWare Workstation 10 under Windows, and text is perfectly legible.
I got it too. Then I accidentally hit <ESC> and I got it all back.
VM under Fusion 7 on a non Retina 2012 15in MBP Perhaps this might have something to do with it…
I’ll try it on some actual hardware in a few days.
Just today I used fedup to upgrade my Fedora 20 small house server to 21. It was a headless install. All I had to do was wait until fedup finished and type reboot.
Then I had to wait for what seemed a half hour of package installs. The little server that could has an AMD E-350 and a pair of WD Red drives using btrfs. I guess that makes it a bit slow.
Afterward I had to relabel /usr/lib/cyrus-imapd/deliver so Exim could call it without SELinux getting snitty.
And I had about 10 configuration files to update. I used rpmconf for that. Nothing was a huge change though.
It seems to be going quite well at the moment. But as a server it doesn’t sleep, use graphics or sound or do much of anything buggy.
I used the fedup tool on by Asus x102b netbook and all went without issue. It took just over an hour to install / update packages which was expected as that netbook is not known for being at the cutting edge of performance.
Thus far I’ve upgraded ~10 machines with no issues. (We had to fix a couple of compile flags and minor code changes due to GCC and bison version changes).
I plan to migrate the rest of my Fedora server farm (~10 physical and ~20 VM) today.
Workstations and laptops will be slowly migrated next week.
Edited 2014-12-11 09:11 UTC
If you care at all about the security of your system DO NOT use the default Workstation: the settings in the firewall leave the ports >1024 wide open!!!
I am ashamed that Fedora is shipping such a firewall by default :'(
There is a very long discussion here: https://lists.fedoraproject.org/pipermail/devel/2014-December/205010…
PS: all the other Fedora Spins have sane firewall defaults
But… Fedora isn’t for the Linux Newbie now is it?
Aren’t they all supposed to be wrapped in 5,000 layers of onion, sorry cotton-wool because they are using Ubuntu?
{5000 layer of Onion is an album by ‘The Incredible String Band’ released about the same time as Sgt Pepper in 1967}
You do realize that not blocking a port does not mean that it’s open right ?
In order for a port to be open, some program/service on your computer will have to listen to that port for incoming connections, now for the programs/services which ship with the Fedora system, they are blocked by default as they reside <1024.
So the only way your computer is suddenly open is if you install and run programs/services which opens a port >1024 and listens for incoming connections.
Now presumely, if you install a program/service which opens a port to allow for incoming connections, you did so because you wanted said functionality, so the default to not block that is perfectly sane to me as it is something the user explicitly installs and runs, as opposed to the services enabled by default in the core system.
I know that, sorry for the bad wording but the firewall is still not blocking any incoming connection on ports above 1024 which is losing the point of having the firewall in the first place
There, exactly there is the problem. You are assuming way too much and that is a bad security design.
We are sacrificing security for the sake of “convenience”
The security/convenience issue is always a balance, and there will always be people who believe any solution is too much/little either way.
In this case, the choice to allow >1024 by default seems like an interesting compromise. On almost every home network, there’s an extra layer of protection between your PC and the ‘big bad’ internet, a router. Dynamic NAT routers are actually a pretty good protection against unsolicited inbound traffic (not perfect). The <1024 ports are typically ones that host more sensitive services too, so having a firewall just for those is still a significant benefit.
Think about the use cases:
If you have someone who knows about such things, and cares, then locking down those ports is trivial for them.
If someone doesn’t know much about configuring linux, but just wants their DLNA/Script/Web server to work, then either they just give up and whine that linux is shit (because user feedback on blocked packets is, by necessity, nonexistent), or they google enough to disable the firewall entirely, and are left properly unprotected.
I think its a very misguided notion that a user wants *all* of the functionality of an application that they use. Such as a game that comes with single and multiplayer functionality. A user may only want single player, and never want multiplayer. If that port is in the allowed range, they are now vulnerable to any attack on that unwanted functionality by default in fedora workstation.
Any real security expert will tell you that leaving ports open as a convenience is poor security design. I have the feeling that the Gnome 3 people made this decision, trying to cater to the newbie….
I don’t agree with those “real security experts”
First off, if you want security, you had better understand what each thing running on the system does. And you definitely need to know what’s running. So you know what’s running and you know what it does and you know what ports are open. If the admin can identify each open port and the software running that port and knows its purpose then he doesn’t need a firewall on the machine too.
Second, most client firewalls in the name of convenience automatically open ports for applications. They will sometimes notify the user, but include no details about why the port is opening and the users are conditioned to just click Yes anyway. So the firewall with automatic port opening is meaningless.
Third, if some software has a vulnerability and allows an attack that manages to do a root escalation, a local firewall won’t even slow that down. A rootkit either generates packets directly on the interface or opens holes for itself in the firewall.
The only real firewall security is provided by a locked down external firewall.
I tried installing this and didn’t get further than its useless installer. It doesn’t have a straightforward partitioner which tells you which partitions are present and lets you resize them (like OpenSUSE and Ubuntu do). Rather it groups partitions according to which OS they’re part of, and then offers no obvious way of selecting partitions and marking them for mounting, reformatting or both. And when you start, it takes ages to just scan for partitions and the system time. This distro has gone to the dogs since version 17, especially the installer. They need to go back to the old Anaconda and work from there.