Follow

Fedora 31 entered final freeze, and looks like it will be a smooth release.

fedoraproject.org/wiki/Release

I've been testing rawhide on my laptop for a few months now, and it's been stable and usable for the entire time (though I'm using instead of Gnome).

If you had previously tried Fedora and got a bad experience, it's time for another look.

I think Fedora hits the sweet spot between shipping up-to-date software (like Arch) *and* being reasonably usable out of the box (like Ubuntu).

@codewiz Have you tried Silverblue? It looks promising but I usually end up hitting some container-related productivity-killing workflow issue and going back to regular Fedora.

@amdt @codewiz I tried it, and I had the same experience as you. I will try it again when it's officially released, because I really like the idea.

I personally run Qubes OS my workstation and one of my laptops. Silverblue would give me a lot of the benefits of Qubes while smoothing out some of the issues.

I agree with @codewiz that Fedora is really good these days. It's certainly a better choice than Ubuntu in my opinion.

@loke Yes, it’s very promising. I don’t have a lot of experience with containers and no Atomic/CoreOS experience, so I’m hoping for improvements to layering or for composing custom images to become easier.

@loke @codewiz I’ve been using Fedora since it was called Fedora Core and consistently found it to provide the best of what a GNU/Linux distribution can be. The only thing I prefer in Ubuntu (and Debian) is APT’s speed and the usability of its command-line interface.

@amdt @codewiz You could say that I've used Fedora for years too. Qubes OS is based on Fedora, and its primary Templates are also Fedora.

There is also a Debian template that I used for some applications that was a hassle to get to work properly in Fedora (my Spotify VM, for example).

But, almost all my Qubes OS vms run Fedora 30.

@amdt @loke but the gap has largely been closed by dnf and various improvements in the repo metadata...

I don't see much of a difference any more.

@amdt No, I've seen to many failed attempts to modularize Fedora.

What I would really want is effective sandboxing for desktop apps, so if there's a hole in my email client it can't be used to read my entire home directory and snoop my password as I type it into ssh.

flatpak has bubblewrap, but packagers get to choose the permissions and users don't get to see them... which makes it somewhat ineffective 🙂

@amdt
Until Linux desktops deliver an Android-like security model, I don't feel like installing 3rd-party blobs on my system.

And even after that, I'm still more comfortable installing an rpm from the Fedora repository, knowing that it's been built from signed sources in a secure build farm.

@codewiz Yes, I think those security and permissions models need to be improved before I install any software not packaged by Fedora. They’re working on their own Flatpak repository at the moment so I’ll be happy to use that over RPM packages for graphical, desktop applications.

@codewiz
If you need that level of security you should use QubesOS
@amdt

@codewiz I love fedora on my home server. It's similar enough to my work rhel servers but much newer software.

Even works well with my zfs setup.

@codewiz As someone who uses Qubes OS, I will try Fedora 31 as soon as it comes out. With Qubes, I don't even have to upgrade. I simply install a new template, and can set it up independently and then move my existing VM's over to it simply by switching template. If there is a problem I can simply change it back.

@loke I've been meaning to give it a try.

How well does it work in practice? Does it address 3D acceleration, fonts, clipboard, drag & drop, sound, removable media, and all the other little things that must work in a regular desktop?

@codewiz The short answer to that is: Yes to all except 3D acceleration. That's why I run it on my work computers, since I have no need for 3D acceleration there.

Everything else is handled very smoothly. There are shortcuts to do cut&paste between VM's (you don't want to have it automatic in order to avoid data leakage).

There is a dekstop menu that allows you to assign hardware (such as the microphone or USB devices) to individual VM's. By default, none of them are visible to the VM's.

@codewiz Fonts are handles by each VM, so typically you install all the fonts you need in the template so it's visible to all VM's.

Audio works out of the box. You Audio control is done from dom0, and from there each VM shows up as separate sources.

When you plug in a USB drive, the USB VM will see it and list it in a menu along with other hardware. You can them click on it, pick the partition you want to expose to the given VM. Then the VM will just see the filesystem.

@codewiz It takes a bit of dicipline to use it, but the power it gives you is really nice. The fact that you can fire up temporary VM's in seconds which are wiped as soon as the application exits is very nice. It's something no other system really gives you.

Silverblue tries to do something similar with their container stuff but it's much less smooth, and you have to manually manage the containers.

@loke The trouble with fonts in flatpak is that apps are linked to different versions of fontconfig, and they don't understand the system's font matching configuration if they're too old.

In practice this results in users asking why they can't see color emojis in an app installed via flatpak, or why another app doesn't use the same font size of the desktop.

@codewiz That's not an issue in Qubes, since each VM is isolated. Of course, that isolation also means that you can't access the files in another VM withotu explicitly copying them (unless you set of file sharing between them, but that's not recommended as it breaks isolation).

All of this is part of the security model of Qubes and why I said it takes some personal discipline to use it.

They do make it quite easy to copy files between VM's though. Both through UI and commands.

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!