Slashdot Mirror

Got it -- makes more sense now.

The solution is to retain .so.14, .so.15, etc. The interface to the KERNEL is consistent, so all you need is multiple environments.

This can be achieved by several means -- using LXC (linux containers) is a good choice.

You can also use chrpath to change rpath.

You can also just leave the various library versions. I generally don't do this. After a "while" (defined as several versions), I will gather the application (and attendant libraries) into /opt/... and modify rpath first. After a longer while, I will consider containers (coming from a Solaris background). Anyway, the idea is always to have the application and its environment in a functional form, and deal with both the applications and the library layers above the kernel as an entity.

As to the management of SELinux -- yes, it's a pain. It will require an investment into learning how and what to tag files. However, the same pain you are feeling in simply trying (for example) to get Apache to read from a directory other than /var/www even via symlink is also felt by the attacking program. So, it's a good thing to study up on. Pretty well all MAC systems will exhibit the same pain. The gain? A very limited attack surface.

To know when you have achieved the "Zen" of SELinux? It probably comes around the time when you can incant the spell needed to move /home to /export/home, and still have the system work without spewing everywhere.

Start at:

http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/

and note that, although the underlying MAC is stable, the "UI" is still being tweaked. This is genuinely hard stuff.

SELinux is manageable, but, it requires a philosophical understanding of what it is doing.

I agree that Linux/Unix isn't perfect. But it is universal, open, peer reviewed, and usable.

Looking forward to your list of undetected rootkits. Note that the Unix/Linux philosophy was to allow /boot, /usr, /bin, /sbin, /lib to be mounted read-only. Again, makes it rather difficult to install a root kit. I generally do something like that, and run tripwire (available in your repository). tripwire can be set up with a ruleset of files to CRC, and can detect tampering of any of those files. I generally run tripwire against a known-good off-machine set of CRCs on a weekly or monthly basis, and daily with a set that are on-machine.

Tripwire will email you reports on any suspicious changes (and, really, there shouldn't be any -- maybe a /etc/hosts change if anything).

Now, it is best if your machine can be booted via PXE as well as locally. A separate "clean" set of OS and application images can be maintained off-machine as well.

I watched a machine being rooted back in the Linux 2.0 days. Last time for me. Maybe I am being a bit paranoid, but a combination of these things basically solves the problem. I may get a web-site defacement, but that is about as far as an attack will go (unless its 0-day against SELinux, of course, but I will detect that in either a day, or a week).

"I was uneasy when I first noticed that Apple had taken ownership of CUPS, and in this case my experience is that that disquiet is justified."

  As a Gnu/Linux and Mac OS X user (with an ever growing tendency towards Linux and FOSS) I have been looking forward to this moment as well.

Now that Apple's decided to fork CUPS eventually, we don't have to be too interested in what their fork's fate will be in the future, do we?

Little Red Riding Hood will come to our rescue here
http://lists.fedoraproject.org/pipermail/devel/2012-January/161306.html

and so will
http://www.openprinting.org/

Fedora has implementations of just about every major desktop / WM, certainly including Xfce and LXDE. It's not GNOME or KDE-only.

Note that this is a Fedora Remix, which is a term with a specific meaning:

https://fedoraproject.org/wiki/Remix

Basically a 'remix' is a very liberal conception of 'based on Fedora' - it allows the inclusion of third-party packages, the modification of Fedora packages, and so on. Really, you can do whatever you like and call it a 'Fedora Remix'.

So in this case, they can certainly tweak things extensively to target a low-resource system. Note that Fedora has a very active ARM port and community, and we've had Fedora running on many low-resource ARM devices for quite some time. Fedora is not 'just' a resource-heavy desktop distro.

Please read what I wrote. I was specific - it gets rid of the 3.2 crudiness - I didn't say it gave anything more. You want applets, then it's up to you to install gnome-applets. They don't just magically jump out of the ether :-)

Subjective isn't it?
http://fedoraproject.org/en/using/life/robynbergeron.html

They also host a small interview about her.

Bergeron is well known in the community as she has most recently been the Fedora Program Manager

And a ton of other simultaneous jobs listed at:

http://fedoraproject.org/wiki/User:Rbergero

From the outside, I've never heard anything bad about her. So, good luck!

PackageKit works on just about any Linux distro, has a nice GNOME interface, and while it's not quite as pretty, it's just as useful as Apple's "App Store". I have very little experience with Steam so I can't comment on that.

Package managers have been Linux's killer feature for years. It's not surprising other OS's are finally starting to figure that out.

Fedora has preupgrade, which makes Fedora function like a rolling release distro. I've used it many times, and it worked great for me. And I believe that other distros have something similar. So I don't see that as any kind of major selling point for Arch.

Fedora has been able to do in-place upgrades for a long time, using preupgrade.

btrfs is tanatlizing for VMs because of the copy-on-write file behaviour (i.e. "cp --reflink a b" creates b instantly regardless of the size of a), but http://lists.fedoraproject.org/pipermail/devel/2011-July/154251.html is still an issue, as far as I'm aware. So storing VMs, where you access them with O_SYNC, just gets slower over time until it's unusable. I'm not quite brave enough to suggest that any of our customers use it, at least until there's a working fsck.

* HOWEVER: I actually DO use a "read-only" environs to combat rootkits (Recovery Console from the Windows install media & its LIST, & DISABLE commands (along with FIXMBR))...

you do realize I was being serious about that "typewriter" comment don't you.

You have used:
http://fedoraproject.org/wiki/FedoraLiveCD

Stay as close to a normal desktop install wrt. features

or something similar?

Who used Limewire, kazzaa, etc to download thier linux distros

http://torrent.fedoraproject.org/torrents/Fedora-16-x86_64-DVD.torrent

Yeah, downloading a GNU/Linux distribution using a P2P filesharing system is unheard of .

fedora seems to have about 4-5 mil based on their yum stats

WTF are you talking about? Fedora has about 35 million users according to their yum stats. You "only" misplaced about 30 million of their users! And Ubuntu claims about 15-18 million users. Fedora is the most popular distro, not Ubuntu.

Linux won't even boot on sun4u machines :(

Hasn't been updated in awhile, but https://fedoraproject.org/wiki/Architectures/SPARC I've also had gentoo and ubuntu running on ultra 5 workstations...

here is the quantification: fedora names

Since you haven't selected any specific distributions I've googled for guides and selected OpenSUSE, Ubuntu, Fedora. Seems like there are typically more steps involved in both building the kernel and installing it for these systems compared to FreeBSD. I didn't spend a lot of time googling examples, I searched for "%distro% installing custom kernel guide" and selected the most relevant results returned from the first page.

FreeBSD:
Pre-requisites is having the source installed. The easiest way to install the full source tree is to run sysinstall as root, and then choosing Configure, then Distributions, then src, and finally All. sysinstall is FreeBSD's terminal based installer.

Already have a kernel configured? Skip to step 4.
1 # cd /usr/src/sys/i386/conf
2 # cp GENERIC CUSTOMKERNEL //duplicate default generic kernel as a starting point
3 # ee CUSTOMKERNEL // load kernel file into easyedit (you could use vi, pico etc.) and modify kernel
4 # cd /usr/src
5 # make buildkernel KERNCONF=CUSTOMKERNEL
6 # make installkernel KERNCONF=CUSTOMKERNEL

so forget it.

So just install KDE already. KDE 4.x has been usable for years.

In any case, this is reason enough for me to start performing Fedora installs:
http://docs.fedoraproject.org/en-US/Fedora/16/html/Release_Notes/sect-Release_Notes-Changes_for_Sysadmin.html#id1439594
That means seamless user sharing between F16 and Debian-based distros.

Fedora torrents are located here.

It's about time Slashdot stops accepting 'blogspam' links, such as Phoronix, instead of attributing the actual source itself. Phoronix didn't solve this, a developer did.
A badly written Slash summary (and 'article') which just links twice to the same braindead Phoronix article (which itself is a several day old duplicate) is bad. Very bad.

Dredged from the bottom of Phoronix:
Mailing list post: http://lists.fedoraproject.org/pipermail/devel/2011-November/158976.html
Fedora 17 feature point: https://fedoraproject.org/wiki/Features/Gnome_shell_software_rendering

Personally, I have little doubt that the "anonymous reader" is Michael Larabel himself.

It's about time Slashdot stops accepting 'blogspam' links, such as Phoronix, instead of attributing the actual source itself. Phoronix didn't solve this, a developer did.
A badly written Slash summary (and 'article') which just links twice to the same braindead Phoronix article (which itself is a several day old duplicate) is bad. Very bad.

Dredged from the bottom of Phoronix:
Mailing list post: http://lists.fedoraproject.org/pipermail/devel/2011-November/158976.html
Fedora 17 feature point: https://fedoraproject.org/wiki/Features/Gnome_shell_software_rendering

Personally, I have little doubt that the "anonymous reader" is Michael Larabel himself.

Well, if you're going to be serious about this, then I'd guess that the "/bin" versus "/usr/bin" distinction might not mean much these days for a system with terabytes of disk space but maybe on small embedded systems it's valuable; e.g., a "standalone" boot using only the root filesystem. If so, then I think that maintaining the separation for all "*NIX" systems can be useful in a "I know where that is" type of way.

I disagree in three points:
1. Even these embadded systems have nowadays enough capacity for both / and /usr;
2. Symlinks, symlinks everywhere if one needs so badly that kilobytes, and
3. initramfs reading /etc/fstab and mounting /usr before the real init - that is the way Fedora is trying to do it, source: https://fedoraproject.org/wiki/Features/UsrMove

And for a class of commands that a typical "user" neither cares about nor would know what to do with,

There is no such thing as a typical user, different users need different things. And confusers will always find a way to mess everything, with or without bin vs. sbin distinction - "oops, I intended to write rm -f ./*, NOT rm -f /* !". Privileges stop them making the system unusable.

Finally, I definitely make use of "/usr/local/bin" and "/usr/local/sbin" as a very handy separation between "stuff that's part of the OS" and "stuff I put there myself". Usually via symlinks to stuff in /opt which I generally arrange via package-name directories.

If it's part of OS, why it's in /usr/local in first place? And users needing this distinction can always do a /random/custom/directory/bin and set syslinks in /usr/bin, or even set the path.

But really, for mindless stuff like this, I prefer to just leave a snarky comment :-)

It was not snarky. Its chromatic index was 3. :-D

Although this proposal sounds reasonable at first, actually implementing it is troublesome.

First, someone already has it working on their system so it's within the realm of possibility. The steps to do it. http://thread.gmane.org/gmane.linux.redhat.fedora.devel/155511/focus%3D155792

Linux systems have an expectation that the root directory / and the /usr directory may be on different filesystems; thus /bin is expected to come with / and be available at boot time, where /usr may not be.

They address that by saying "There is no way to reliably bring up a modern system with an empty /usr, there are two alternatives to fix it: copy /usr back to the rootfs or use an initramfs which can hide the split-off from the system." in https://fedoraproject.org/wiki/Features/UsrMove#Detailed_Description
They currently have to mount /usr early or bunches of things silently break. They mention in it in the mailing list thread.

For one thing, all of the filesystem recovery tools or anything else that would be required in an emergency at the command line would need to be built into the kernel initrd images, which could be done but which doesn't seem terribly reasonable.

Seems to me that's exactly what should be done. If / is corrupted then trusting your recovery tools on / seems like a bad idea.
http://fedoraproject.org/wiki/Dracut makes it easy enough to build custom initrd images.

Although this proposal sounds reasonable at first, actually implementing it is troublesome.

First, someone already has it working on their system so it's within the realm of possibility. The steps to do it. http://thread.gmane.org/gmane.linux.redhat.fedora.devel/155511/focus%3D155792

Linux systems have an expectation that the root directory / and the /usr directory may be on different filesystems; thus /bin is expected to come with / and be available at boot time, where /usr may not be.

They address that by saying "There is no way to reliably bring up a modern system with an empty /usr, there are two alternatives to fix it: copy /usr back to the rootfs or use an initramfs which can hide the split-off from the system." in https://fedoraproject.org/wiki/Features/UsrMove#Detailed_Description
They currently have to mount /usr early or bunches of things silently break. They mention in it in the mailing list thread.

For one thing, all of the filesystem recovery tools or anything else that would be required in an emergency at the command line would need to be built into the kernel initrd images, which could be done but which doesn't seem terribly reasonable.

Seems to me that's exactly what should be done. If / is corrupted then trusting your recovery tools on / seems like a bad idea.
http://fedoraproject.org/wiki/Dracut makes it easy enough to build custom initrd images.

Just a few actual facts to note here:

a) This is currently just a proposed feature for the next Fedora release. It's been discussed some on the Fedora devel list, but thats it. It's not yet been discussed by the Fedora Engineering Steering Comittee or even answered all the questions presented by the list. So, nothing is sure yet here, it's just a few folks proposing it at this time.

b) The feature page is at:
https://fedoraproject.org/wiki/Features/UsrMove
It had a lot more info and questions on it.

We will have to see how this plays out, it's way to early to tell, IMHO.

CentOS is fine if you just need an office file-server or print-server.
If you are running an e-commerce website, then you need to be PCI compliant and up-to-date with the latest security patches *QUICKLY*.
CentOS updates can be unpredictable as to when they will be released. Look at Wikipedia's "Delay" column for CentOS releases.
https://en.wikipedia.org/wiki/CentOS
Due to extremely slow 2011 updates and releases, I switched to an alternative OS out of fear a CentOS update might never arrive. It did release eventually.

Does your IT staff have the time and knowledge to create their own RPM files for updating CentOS, when the closed group of CentOS volunteers fail to deliver?
If not, I would suggest either pay for RHEL updates or use current free releases of Fedora, OpenSuse, Ubuntu LTS, or Debian instead.

Otherwise, it's just a compilation of others software, just like CentOS is.

No, that's not so. Red Hat does much more than simply repackage other people's software.

Have a look at Fedora.

Rene Engelhard , who is the principle maintainer of the OpenOffice.org/LibreOffice packages in Debian, is a member of LibreOffice’s Engineering Steering Committee. About the transition to LibreOffice, he said, "I am sure Debian and its users will benefit greatly from this transition; I expect not only an improved collaboration but also quicker development cycles." LibreOffice packages have already replaced OpenOffice packages in Unstable and Testing. There are backports for Debian 6.0 if you desire. When you upgrade to the next release, you will be migrated to LibreOffice. For more information see: http://debian.stevenrosenberg.net/index.php/2011/06/27/official-debian-announcement-on-the-move-from-openoffice-to-libreoffice/ http://ostatic.com/blog/debian-dumps-openoffice-for-libreoffice Red Hat is also a major contributor to LibreOffice: http://www.zdnet.com/blog/open-source/oracle-suse-red-hat-drive-70-of-libreoffice-development/9324 And it has the full support of Fedora: http://fedoraproject.org/wiki/Features/LibreOffice So, you are correct that not all Linux users have switched to LibreOffice. But it is true to say that all the Linux distributions have dropped OpenOffice.

There is some openstack rpm in Fedora ( see http://fedoraproject.org/wiki/OpenStack ), so they started to port.

If you wanna try out without waiting for official distribution releases like Ubuntu Linux 11.10 (with apt-get install gnome-shell) and Fedora 16 (full GNOME 3 desktop by default), try Fedora 16 Desktop Live CD nightly builds from here: http://alt.fedoraproject.org/pub/alt/nightly-composes/ (As currently available alpha is way behind in fixed bugs sense). Drop it on Flash USB and you are set. You can even install it on hard drive if you like what you see. Click on 'Desktop' Spin and use ISO file from Output.

MeeGo wasn't a downstream of RedHat.

Not Redhat, Fedora (Redhat is a downstream of Fedora). I got that idea from this but in context, perhaps what that's really saying is that it's a port of MeeGo onto Fedora.

I feel like i made linux from scratch every time i have a working installation that is 100% working with harddisks, dvd, colors, high res, 3d, sounds, and working keyboard + mouse!

I'm afraid that's what you get when you install Linux from here. Try getting it from here or here instead!

This is going to be a feature in Fedora 16 (it already works in earlier versions of Fedora, we're just polishing it). More screenshots.

You can also mount and modify virtual machines securely (including Windows VMs and VHDs), using libguestfs and guestmount.

Rich.

Pick the one you like: https://fedoraproject.org/en/get-fedora-options#desktops
And it's not like you're limited to these few either. No matter what distro, you can always set up a combination of window manager, dock/panel, apps etc. configured precisely the way you like.

Fedora documentation on RPM is fine (I didn't try the RHEL one). Just start from here: http://fedoraproject.org/wiki/How_to_create_an_RPM_package

If you want examples, use yumdownloader --source to get SRPMS for other packes, install the rpm on a dummy account ( "rpmbuilder" or something ) and the look at the SPECS files on the rpmbuild tree.

It's quite easy to package software for Fedora.

That's actually pretty interesting - As it says that about 50% of the users with the packages installed are using it.

Higher than I'd have imagined.

I very much doubt that 50% of Ubunto users actually use the so called cloud especially since the the report states 1 million users have subscribed. Basically that means only 2million people in the world are Ubunto users (what rubbish!). If you believe the shoddy reporting Journalists been saying for over 10 years, that is "Linux has only 1% of the PC market" then I suppose most ill informed people would believe that.

If you would like better statistics about PC Linux use try here . Simply put, there are between 10 and 20 million Fedora users world wide and I would assume there are between 3 and 6 Ubunto users for every Fedora user and I have not taken into account the other distros which could double or even triple that figure again. It must be noted that I am being extremely conservative in my figures which if you work it out results in active Linux PC usage between 50 and 100 million world wide which is much much more than the 1% we keep hearing from the media.

Getting back on topic for one million Ubunto users subscribing to the "cloud" I would assume only 1 in 40 would actually subscribe which is more in-line with what would be world wide usage of Ubunto. Stating 50% is definitely wrong. Of course with shoddy technical Journalism reporting today if you say something enough times then people will eventually believe you and this suits certain monopolies.

Fedora's considering btrfs.

Hell, IPv6 has been a standard for 15 years, and hardly anyone uses it.

But we can't deploy standards, only implementations.

Windows 7, OSX Lion, and Fedora 16 will all handle IPv6 properly. Previous versions all have certain problems that need workarounds, and it's probably not worthwhile for most users if there are corner cases to worry about. And if you're not on an expensive commercial Internet pipe, you can't even get IPv6, except in limited trial locations for the big ISP's.

When Windows 7 is where Windows XP is now, people will move over. But, hey, we've reached a real milestone where now it's all possible, so, yay 2011.

http://releases.ubuntu.com/11.04/ubuntu-11.04-desktop-amd64.iso.torrent http://torrent.fedoraproject.org/torrents/Fedora-15-x86_64-Live-KDE.torrent ... I could go on...

Have you read the license? Not GPL, Apache etc. Not really open source, although the source is available.

http://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt

I agree for single player. But for multiplayer, it becomes crowded when four players' mice keyboards are plugged into a PC, and the "Raw Input API" for reading multiple mice and keyboards is a bit more obscure than the traditional DirectInput API for reading four joystick.

What are you talking about? Get your own PC, man!

For party games, consoles are obviously better. Sitting 4 people at a single desk is also not terribly comfortable. Couches are more suitable for that. But then you're talking about a totally different kind of game experience, not terribly suited to hardcore RPGs like The Witcher.

I'd rather see a Mac and Linux port than a console port.

I agree here too in principle. But due to the state of graphics on Linux, that might not be easy. Case in point: Fedora recommends Intel

Only for ideological reasons, according to that link. No need for a gamer to care about that.

And how easily can a single binary package be used across multiple distributions, both RPM-based and Debian-based?

Who cares? Just install the game. There are a lot of games, big titles even (just not my favourites, unfortunately), available for PC, Mac and Linux. Seems to work fine.

I prefer a game that takes full advantage of the PC and mouse+keyboard.

I agree for single player. But for multiplayer, it becomes crowded when four players' mice keyboards are plugged into a PC, and the "Raw Input API" for reading multiple mice and keyboards is a bit more obscure than the traditional DirectInput API for reading four joystick.

I'd rather see a Mac and Linux port than a console port.

I agree here too in principle. But due to the state of graphics on Linux, that might not be easy. Case in point: Fedora recommends Intel, which is definitely not a gaming brand according to the chart at Tom's. And how easily can a single binary package be used across multiple distributions, both RPM-based and Debian-based?

There was already a yum plugin for this (yum-plugin-fs-shapshot) as far back as F13 as mentioned here: http://fedoraproject.org/wiki/Btrfs_in_Fedora_13

It will do an automatic btrfs snapshot of affected filesystems before every yum transaction so that you can go back to whatever point you want. Also, since it is partition dependent, you can rollback your system partition and not undo changes you may have made to your home directories if you have those on different partitions.

btrfs is quite powerful but I have found that the user/GUI tools have not come up to speed yet. I have been using btrfs from my F15 netbook and it seems to have caused no issues so far. However, enabling transparent compression and any tweaking has entailed editing /etc/fstab (never a thing to do lightly) and command lines.

Hopefully some of the GUI disk management tools will start to make available some of the capabilities of btrfs.

Regarding fsck, from: https://fedoraproject.org/wiki/Talk:Features/F16BtrfsDefaultFs#Recovery_strategy

fsck must work. It should be tested for a longer period to see if it's really working.

Would be nice if this speeds up the work on btrfs.fsck.

Surely there could be a better source for this than one blog post (I know, high UID so I must be new here.)

But linking to something like http://fedoraproject.org/wiki/Features/F16BtrfsDefaultFs or http://thread.gmane.org/gmane.linux.redhat.fedora.devel/149196/focus%3D149215 to lend a little authority might have been nice...

ISPs hosting mirrors? HAH!

We wish we had that. If we ever did, it stopped somewhere in the 90s. (USA)

http://mirrors.fedoraproject.org/publiclist/Fedora/15/

Scroll down to the US mirrors, you'll see plenty of ISPs hosting Fedora mirrors.

Looks like Fedora is going to move to 1000 with F16 http://lists.fedoraproject.org/pipermail/devel/2011-May/151663.html/

The direct download was quite slow for me. Torrent was faster for me. http://torrent.fedoraproject.org/

Try reading the original feature page:

http://fedoraproject.org/wiki/Features/DynamicFirewall

the main benefit of this is not for manual changes, really. See 'Benefit to Fedora'. Hell, just read the whole thing. It makes it quite clear.

This article is ignorant and misleading. The "new technology" is nothing to do with Linux, iptables rules are already dynamic, it's the Fedora management tooling that no longer wipes the entire set of rules and loads them afresh.

The truth is here: http://fedoraproject.org/wiki/Features/DynamicFirewall