Several years ago, we organized two workshops focused on packaging software for Fedora. It was a success. Both workshops were full and several participants became package maintainers in Fedora. Packaging for Flatpak is becoming popular lately, so we decided to offer a workshop which is focused on flatpaking apps.
Two weeks ago, I had the pleasure to attend Flock 2017, the annual Fedora contributor conference. It moves between North America and Europe and after Krakow, Poland last year it took place in Hyannis, Massachussetts.
The conference started with the traditional keynote by Matthew Miller on the state of the Fedora Project. Matthew does a lot of data mining to create interesting statistics about how the project is doing. The keynote is an opportunity to share it with the public.
The Fedora user base is still growing as you can see on the chart of IP connections to Fedora update servers. Fedora 26 exceeded F25 just before Flock:
Here are also geologic eras of Fedora as Matthew calls them. As you can see there is still a decent number of very old, unsupported Fedora installations which are still alive:
It’s a pity that Matthew didn’t include the slide with ISO download shares of Fedora editions and spins. But last time he did Fedora Workstation amounted to ~80 % of all ISO downloads.
But by far the most popular part of the project is EPEL. Just look at its number of IP connections compared to all Fedora editions:
Which brings me to another interesting talk I attended and that was EPEL State of the Union by a Fedora Project veteran Stephen Smoogen. As a Fedora packager I also maintain a couple of packages for EPEL, so it was interesting to hear how this successful sub-project is doing.
There were not many desktop-related talks this year. No “Status of Fedora Workstation” any more. It was very modularization and infrastructure focused. One of a few desktop talks was “Set up your own Atomic Workstation” by Owen Taylor, who is experimenting with distributing and running Fedora Workstation as an atomic OS, and Patrick Uiterwijk, who has been running it on his machine for a year or so (had a similar talk last year). Wanna try it yourself? Check out https://pagure.io/workstation-ostree-config
Although I didn’t attend the talk about secondary architectures by Dan Horák, we ended up talking and I was very happy to learn that the secondary arch team is doing automated builds of Firefox Nightly to catch problems early. That’s great news for us because with every major release of Firefox secondary architectures consumes a lot of our time. I asked Dan if they could do the same with WebKitGTK+ because it’s a very similar case and it looks like they will!
Several months ago David Labský created a device called Fedorator as his bachelor thesis supervised by a Fedora contributor and Fedora badge champion Miro Hrončok. The device lets you create a bootable USB stick with a Fedora edition of your choice. It’s Raspberry Pi-based, it has a touchscreen. The design is open source and you can assemble it yourself. Two months ago I got an idea to get David to Flock, buy components and assemble a dozen of fedorators which Fedora ambassadors can take home to use at local events. The result of it was a session at Flock where participants indeed assembled a dozen of fedorators. I only provided the idea and connected David with the right people. It wouldn’t have been possible without help of Brian Exelbierd, Paul Frields and others who arranged a budget, bought components etc.
I also did have a session, but unfortunately it was a complete failure 😦 I coordinate the Fedora Workstation User’s Guide project whose goal is to produce a printed guidebook for new users. We’ve had a Czech version for the last two years and we just finished the English one. I wanted to work on content changes for the next release and help people start versions translated into their languages. Unfortunately my session was scheduled at 6pm on the last day when everyone was ready for dinner or was even leaving the conference. It also overlapped with the docs session which people who I knew had been interested attended.
In the end, not a single person showed up at my session which is my new personal record. I’ve done dozens of talks and sessions at conferences, but zero audience was a new experience.
Anyway, if you’d like to produce a handbook in your language to use at booths and to spread the word about Fedora, check the project on Pagure. As I said the 2017 release is out and will only receive bug fixes, the content is final and thus it’s safe to translate.
Although my session was not really a success I’m still glad I could attend the conference. I had several hallway conversations about the project and countless other interesting conversations, learned new things, caught up with Fedora friends.
Although I was still recovering from bronchitis and the English weather was not helping much, I really enjoyed this year’s GUADEC. Last 3 GUADECs suffered a bit from lower attendance, so it was great to see that the conference is bouncing back and the attendance is getting close to 300 again.
What I value the most about GUADEC are hallway conversations. A concrete outcome of it is that we’re currently working with Endless people on getting LibreOffice to Flathub. In the process of it we’d like to improve the LibreOffice flatpak, so that it will be a full replacement for the traditional version in packages: having Java available, having spell-checking dictionaries available etc.
I also spent quite a lot of time with the Engagement team because they’re trying to build local GNOME communities and also make improvements in their budgeting. This is something I spent several years working on in the Fedora Project and we have built robust systems for it there. The GNOME community can get an inspiration from it or even reuse it. That’s why I’d like to be active in the Engagement team at least a bit to help bring those things into life.
I noticed today that the official Fedora chat group on Telegram had passed the mark of 1000 users. I can’t believe how rapidly it has grown. I created the group for attendees of Flock 2015 and it was supposed to be a single-purpose thing. But after the event people were like “hey, let’s rename it to Fedora and keep it for general chat about Fedora”. Fast forward and we have 1000 users and a lot of other Fedora-related groups popped up.
It’s not an easy job to moderate such a large group. The number of admins has grown to 7 and there is even a separate private chat for communication among admins. Big kudos to Justin Flory who took the leadership here early after Flock and I’ve been mostly just enjoying the position of the group creator and honorable admin.
Fedora Project also has its official news channel on Telegram which is followed by almost 500 users. There are also at least 11 national chat groups, and for example the Russian one has over 300 users. There are also specialized groups (for ambassadors, for packagers,…).
Telegram recently raised the maximum number of users per (super)group to 10,000, so the Fedora community still has some room to grow 🙂
Recently I got Dell XPS 13 as my new work laptop and I use it with the TB16 dock. This dock doesn’t seem to fully work with Linux, only monitors work. But if you go to BIOS settings and set the Thunderbolt Security level to “No security”. Then suddenly almost everything is working.
However, it’s not an ideal solution, especially if you’re at least a bit paranoid. External Thunderbolt devices may connect to the machine via PCI-Express which means they can potencially read your system memory. That’s why Thunderbolt comes with a security system.
There are 4 security levels:
- none (legacy mode): no security, everything gets enabled.
- dponly: no PCIe tunneling, only USB and DisplayPort.
- user: ask the user if it is ok to connect the device.
- secure: as “user” but also create and use a random key that later can be used on subsequent connects of the same device to ensure its identity.
Intel is already working on a Linux implementation of TB security. But the user and secure levels need user’s action, so there will have to be some support for it in the desktop. I discussed that with designers and they don’t really like the idea of poping up dialogs asking users if they trust the device. “Do I trust this projector? I’m not really sure, but since I’m plugging it in, I guess I do”.
I also checked how it works in Windows 10. And it works exactly that way. I plugged in the dock and I got a bunch of dialogs asking about every single plugged-in device. The experience is pretty terrible. And I have to agree with the designers, I’m not sure how this improves security.
On the other hand, I don’t think it’s a good idea to leave the Thunderbolt port completely unprotected. There is one relevant use case: you leave your computer unattanded and even though you locked your screen, someone can access your system through an unsecured TB3 port.
I wonder if it could be solved by automatically switching to a “reject everything” mode once you lock your screen. You lock your screen, leave your computer, and any device plugged into the TB3 port would be rejected. Once you come back and unlock your screen, it’s your responsibility what you plug in and any plugged device would be accepted.
I wonder if there is any relevant use case which would not be covered well by this policy. Any ideas?
Fedora 26 is not out yet, but it’s already time to think about how to improve the Workstation edition of Fedora 27. One of the areas my team is focusing on is printing (the desktop side of it). For GNOME 3.24 and Fedora 26 Workstation we landed a new interface for the printing module in GNOME Control Center. It gives a much cleaner overview of printers that are set up on your system.
One thing that I think deserves an improvement is printer sharing. GNOME Control Center doesn’t allow you to easily share a printer with other devices over the network. I’ve heard users complain about it and the competition provides it (even though Windows do it very unintuitively). Sharing via IPP is a pretty low hanging fruit because that’s what CUPS already perfectly supports, you just need to expose it in the UI.
A common use case is sharing a printer with your mobile devices. iOS uses AirPrint which is an extension of the IPP, you just need to convince the device that it’s talking to an AirPrint server. To support Android devices, I think the best way is to use Google Cloud Print. We already support Google Cloud Print, but from the client side. I wonder if it’d be useful to support the server side as well. Google provides an open source server implementation, but it’s written in Go and unnecessarily advanced for our use cases, so writing our own implementation would probably be a better way to go. But I wonder if it’d be worth it. Do people use Google Cloud Print? If not, how do you print from your Android device?
Or are there any other things you think we should improve in printing (desktop-wise)?
Two weeks ago, I blogged about the fact that Netflix was blocking Chrome and Firefox with Fedora user agents although those browsers are now officially supported on Linux. The blogpost got a lot of publicity, almost 5000 hits, and I was even accused of creating clickbaits on reddit 🙂 But it led to the wanted result – solving the issue.
Someone pointed me to Paul Adolph from Netflix. He no longer works in the department which is responsible for user agent filtering, but was very helpful and forwarded the issue to responsible engineers. They never told me why they were blocking Fedora (and it turned out other distributions such as CentOS, Debian, openSUSE too), but promised to fix it within the next couple of weeks. I assume it was just some outdated user agent filter.
I tested it today and it seems to be fixed, both for Chrome and Firefox. And also not only for Fedora, but also for other distributions (I tested CentOS, Debian, and openSUSE). So now you can watch Netflix on Fedora without any user agent tweaking. Just keep in mind that for Firefox you need to install ffmpeg Firefox is using for media playback, Chrome should work out of the box.
I’d like to thank Netflix for resolving the situation pretty quickly.