GNOME, Linux

ThunderBolt Security Levels and Linux desktop

Recently I got Dell XPS 13 as my new work laptop and I use it with the TB16 dock. This dock doesn’t seem to fully work with Linux, only monitors work. But if you go to BIOS settings and set the Thunderbolt Security level to “No security”. Then suddenly almost everything is working.

However, it’s not an ideal solution, especially if you’re at least a bit paranoid. External Thunderbolt devices may connect to the machine via PCI-Express which means they can potencially read your system memory. That’s why Thunderbolt comes with a security system.

There are 4 security levels:

  • none (legacy mode): no security, everything gets enabled.
  • dponly: no PCIe tunneling, only USB and DisplayPort.
  • user: ask the user if it is ok to connect the device.
  • secure: as “user” but also create and use a random key that later can be used on subsequent connects of the same device to ensure its identity.

Intel is already working on a Linux implementation of TB security. But the user and secure levels need user’s action, so there will have to be some support for it in the desktop. I discussed that with designers and they don’t really like the idea of poping up dialogs asking users if they trust the device. “Do I trust this projector? I’m not really sure, but since I’m plugging it in, I guess I do”.

I also checked how it works in Windows 10. And it works exactly that way. I plugged in the dock and I got a bunch of dialogs asking about every single plugged-in device. The experience is pretty terrible. And I have to agree with the designers, I’m not sure how this improves security.

On the other hand, I don’t think it’s a good idea to leave the Thunderbolt port completely unprotected. There is one relevant use case: you leave your computer unattanded and even though you locked your screen, someone can access your system through an unsecured TB3 port.

I wonder if it could be solved by automatically switching to a “reject everything” mode once you lock your screen. You lock your screen, leave your computer, and any device plugged into the TB3 port would be rejected. Once you come back and unlock your screen, it’s your responsibility what you plug in and any plugged device would be accepted.

I wonder if there is any relevant use case which would not be covered well by this policy. Any ideas?

Fedora, GNOME, Linux

Nextcloud & Linux Desktop

I’ve used different services for my personal agenda and I always valued if they could well integrate into my Fedora Workstation. Some did it well, some at least provided a desktop app, some only had a web client. That’s fine for many people, but not for me. Call me old-school, but I still prefer using desktop applications and especially those who look and behave natively.

Last summer, I decided to install Nextcloud on my VPS. Originally I was planning to replace Dropbox with it, but then I found out I could actually use it for many other things, for all my personal agenda. Shortly after that I realized that I’d found what I was always looking for in terms of integration into my desktop. Nextcloud apps use standard protocols and formats and integrate very well with the desktop apps I use.


Nextcloud/ownCloud is supported by GNOME Online Accounts, so I log in to my server and automagically get this:

Files – my Nextcloud appears in Nautilus as a remote disk. I like that it doesn’t work like the official desktop client of Nextcloud or Dropbox and doesn’t sync files to the local drive. If you work with small files and documents remotely, you can hardly notice lags and they don’t consume space on your hard drive. If I want to work with large files (e.g. video) or offline, I just download them.

Documents – documents that are stored on your Nextcloud server appear among documents in GNOME Documents. The app makes an abstraction layer over different file sources and the user can work with documents no matter where they come from. A nice thing, but I’m a bit conservative in this and prefer working with files and Nautilus.

Contacts – the Nextcloud app for contacts uses CardDAV, so after a login in GOA your contact list appears in all applications that are using the evolution-data-server backend. In my case it’s Evolution and GNOME Contacts. Evolution is still my daily driver at work while I use the specialized apps at home.

Calendars – the calendar app for Nextcloud uses CalDAV, so after a login in GOA you get the same automagic like with contacts, your calendars appear in all apps that are using evolution-data-server. Again in my case it’s Evolution and GNOME Calendar.

Tasks – CalDAV is also used for tasks in Nextcloud, so if you enable calendars in GOA, your task lists will also appear in Evolution or GNOME Todo.


Notes – the same applies to notes, you will also be able to automagically access them in Evolution or GNOME Bijiben.

News – the only thing I had to set up separately is a news reader. I use FeedReader which (among other services) supports Nextcloud/ownCloud, too. So I could replace Feedly with it and get a native client as a bonus.


What’s really great is that except for the RSS reader everything is set up with one login. I’m done with Feedly, Evernote, Wunderlist and all those services that each require another login and generally have poor desktop integration. Now I can use Nextcloud, have all my data under control and get great and super-easy-to-setup integration into my desktop.

I can imagine even more areas where Nextcloud can improve my desktop experience. For instance, it’d be great if my desktop user settings could be synced via Nextcloud or I could back them up there and then restore them on my new machine. Or it’d be great if the desktop keyring could work with Passman and sync your passwords.

BTW integration into my Android phone is equally important to me and Nextcloud doesn’t fail me there either although setting it up was not as easy as in my Fedora Workstation. I needed to install CalDAV-Sync and CardDAV-Sync apps (DAVdroid which is officially recommended by Nextcloud never worked for me, a while back it didn’t want to sync my contact list at all, now it does, but doesn’t import photos). Then my contacts and calendars were synced to the default apps. For tasks I use OpenTasks. For RSS ownCloud/Nextcloud Reader and for notes MyOwnNotes. To access files Nextcloud provides their own app.

And if I’m not around my PC or phone, I can always access all the services via the web interface which is pretty nice, too. So all in all I’ve been really satisfied with Nextcloud and am really happy how dynamically it’s developing.

Fedora, GNOME, Linux, Red Hat

GNOME 3.22/KDE Plasma 5.8 release party in Brno

Last Thursday, we organized a regular Linux Desktop Meetup in Brno and because two major desktop environments had had their releases recently we also added a release party to celebrate them.

The meetup itself took place in the Red Hat Lab at FIT BUT (venue of GUADEC 2013) and it consisted of 4 talks. I spoke on new things in GNOME 3.22, our KDE developer Jan Grulich spoke on new things in Plasma 5.8, then Oliver Gutierrez spoke on Fleet Commander and the last talk was given by Lucie Karmova who is using Fedora as a desktop in a public organization and shared her experiences with the Linux desktop.


After the talks, we moved to the nearby Velorex restaurant to celebrate the releases. The whole event attracted around 25 visitors which is definitely above the average attendance of our meetups. Let’s see if we can get the same number of people to the meetup next month.

Last, but not least I’d like to thank the Desktop QA team of Red hat for sponsoring the food and drinks at the release party.


GNOME, LibreOffice, Linux

First Brno Linux Desktop Meetup

The desktop engineering team in the Red Hat office in Brno is quite large, we’ve got over 20 developers working on various desktop projects here, but there is no active community outside Red Hat. We’re also approached by students who are interested and would like to get started, but don’t know where and we’d like to have an event to which we can invite them, talk to them about it more in detail, and help them with things beginners struggle with.

That’s why we’ve decided to start Linux Desktop Meetups. They should take place every first Thursday in a month in Red Hat Lab at the Faculty of Information Technologies of Brno University of Technology.

What will be on the agenda? It will be driven by the participants. We hope to have a couple of short, practical presentations, the rest will be discussions, helping others etc.

If you happen to live in Brno and are interested in the Linux desktop, come and join us at 18:00 on May 5th!

Fedora, GNOME, Linux, Red Hat

Most popular email clients among Fedora users

In the desktop team of Red Hat, I’m responsible for development and Fedora/RHEL maintenance of apps which also include email clients Thunderbird and Evolution. It’s quite useful for me to have a rough idea what email clients Fedora users use. So I went ahead and asked them on Google Plus and Facebook and here are the results:



email-clients-fbThe results from Google+ are probably much more representative because they come from a much larger number of users. Facebook doesn’t support polls, so users had to answer in comments which resulted in much fewer votes. Polls in G+ only support 5 options, so if someone wanted to vote for a different client than web, Thunderbird, Evolution, Geary, or Kmail, they needed to write it in comments as well. It might have disadvantaged other clients a bit.

Web – this includes all web clients, vast majority of it is Gmail which seems to be by far the most popular email service among Fedora users. On Google+, web got almost 40% which is not a number that surprises me a lot. A fairly large portion of users doesn’t use desktop email clients any more, but it’s also not big enough to say that desktop clients are obsoleted. 2/3 of users still use desktop clients to access their mail.

Thunderbird – the most popular among desktop clients, it’s a solid email client with many years of development, and many users value its support for various platforms, so that they can use it on other OSes, too. The most mentioned weakness was (in)ability to be a good groupware client (calendaring, Exchange support,…). Some lost faith in Thunderbird after Mozilla announced it wanted to spin off its umbrella which many understood (probably wrongly) as killing it.

Evolution – the second most popular client is the default client of GNOME – Evolution. Clearly the most appraised feature of Evolution is its groupware nature and support of Exchange, it’s probably the only Linux client that reasonably supports Exchange. On the other hand, it lags behind Thunderbird in IMAP support and it’s Linux only. Like Thunderbird, it doesn’t have a big developer force behind it any more. Red Hat is currently the only one who invests in Evolution, unfortunately.

Geary – it’s the biggest surprise to me. Considering its author – Yorba Foundation – ceased to exist at the beginning of the year and Geary has been dead for months, it’s still pretty popular. It’s a modern client with really good support of Gmail, but if Thunderbird and Evolution don’t seem to face big future, chances that Geary will be further developed are currently minimal.

Kmail – another surprise to me, I thought the default client of KDE would be more popular, it may be caused by the fact that Fedora is primarily a GNOME distro, but it may also be caused by the fact that users have lost faith in it after many ups and downs in development after KDE 4.0.

Mutt – I expected Mutt to be in TOP6. A CLI client will never win popularity contests, but it has a fair amount of loyal users. Another CLI client Alpine only received less than half of votes.

Among other mentioned clients were Claws Mail, Sylpheed, Mu4e, Nylas N1, Lotus Notes, Pine, Zimbra, Seamonkey… but they each got fewer than 10 votes.

Linux desktop clients are not dead, they’re still used by majority of users, but none of the traditional ones has a larger community of contributors and very active development which brings poses questions about their future. It will be interesting to watch new approaches to desktop clients such as Nylas N1 which moves IMAP client to the server and provides just a really thin desktop client.

Fedora, GNOME, Linux

What Desktop Environments Are Czech Fedora Users Using in 2013?

Last year, I published stats of what desktop environments Czech Fedora users are using. The data came from a survey which was done by the most popular Czech Linux magazine They did the survey again this year and made all the data available. By running queries on this data, you can actually do interesting statistics. But first the most important outcome of the survey: popularities of Linux distributions among Czech desktop users:

2013: Ubuntu 58.1%, Debian 26.8%, Fedora 16.9%, Mint 16.3%, Arch 10.1%, openSUSE 9.7%, Gentoo 6.9%, RHEL 3.8%, Mageia 2.5%, Slackware 2.3%, Mandriva 2.2%, Sabayon 1.4%, PCLinuxOS 0.8%, SLED 0.4%, others 7.1%

Last year (2012): Ubuntu 53%, Debian 17%, Fedora 12%, Mint 10%, Arch 9.5%, opensuse 9.5%, Gentoo 6.7%, Mandriva 1.8%,…


As you can see, Fedora remains the third most popular distribution after Ubuntu and Debian. The first four distributions have gained, but partly only optically because users could choose more distributions and apparently they were a bit more “promiscuous” than in the last year. For example, Ubuntu got 58.1% which is more than the last year, but it’s just 35% of the sum of all shares while it was 44% last year. DEB vs RPM is 101.2% vs 36.5% which is a better ratio than the last year’s: 80 vs 22.4%.

And now to the desktop stats. Popularity of desktop environments among Fedora users has always been a hot topic. We don’t really track what packages users are using, so no one really knows. The data from the survey surely don’t reflect the reality 100%. The survey was done among Czech users and doesn’t cover users “who don’t care” (like our moms, dads, grandparents who use Linux, but don’t read any Linux magazines or participate in surveys). On the other hand, users “who care” are interesting the most to us and 4745 users participated which is a large statistical sample. The stats from the last year can be found here. Unfortunately, they’re not very comparable with this year’s numbers because this year users could choose more than one desktop, last year they couldn’t.

fedora-desktops-2013The chart above shows popularities among all Fedora users including those who indicated that they were using other distributions, too. That’s why Unity has a significant share although it’s not even available for Fedora. It’s interesting to compare it with answers that come from users who use just Fedora, not any other distribution (die hards 🙂 ). They were approx. 1/3 of all Fedora users.

desktop-fedora-ubuntuLike last year, I compared it with Ubuntu numbers (also users who only use Ubuntu). As you can see, GNOME 3 stands out even more and achieve a number that is close to the share from the last year when users could only choose one desktop. KDE 4 is around 25%. Xfce has apparently gained some share among both broader and core Fedora user base. GNOME 2/MATE still has its user base, somewhere below 10% (similar to the last year’s numbers). LXDE has also gained a bit, but it’s apparently much more popular on Ubuntu than on Fedora. As you can see, Unity got completely filtered out which makes sense because if it’s not available for Fedora it can be hardly used by Fedora-only users. Cinnamon is also significantly more popular among users who use Fedora just as one of their distributions. Apparently, who wants Cinnamon, goes for Linux Mint because it doesn’t have a large share among Ubuntu users as well (BTW it has a 59% share among Mint-only users).

I will bring some more stats when I find time again. For example how Fedora market share changes with the age of users or their experience.