Posts by AdamWill

I think you're operating with an excessively simplified definition of 'server'. Several things in Linux use the 'client/server' paradigm entirely within a single system. You can't just run around turning off everything with the word 'server' in its name or definition, please at least try and understand what it's for first. Just because something's a 'server' doesn't mean it's binding to a remotely-accessible port.

Re: Just started testing CentOS 7

You can still edit grub.cfg by hand in RHEL / Fedora; the scary warning telling you not to comes from upstream grub2, which expects the config file to be updated by grub(2)-mkconfig, which does indeed nerf manual changes. In RHEL/Fedora's system, though, the config file is updated (on new kernel installs and so on) by grubby, which does not nerf existing manual changes to the file.

The grub2 file does look a bit scary at first but a lot of it you can pretty much ignore, if you're just wanting to change kernel boot parameters and the like you can just find the appropriate lines and append the parameters you want, just like before.

Re: Why install when it's going to be obsolete in a few months?

Er, no. Believe it or not, not everything is about systemd. I was talking entirely literally about climate change. I stopped reading this site regularly back a few years ago when they'd post a new anti-climate-change wibble from Lewis Page every day - he's still at it, see http://www.theregister.co.uk/Author/93/ , though he seems to have slowed down a bit.

Re: @DrXym - No to gnome, no to systemd

The RHEL default desktop isn't a server GUI. It's a desktop GUI. People run RHEL on desktops; we have major customers running multiple thousands of seats on it. That's what the RHEL desktop is for.

Probably most people running RHEL as a server OS don't run a graphical desktop directly on the system at all; those who do usually run something pretty geeky and minimal, not GNOME. That's not what GNOME is for.

RH is working on 'server GUIs', but more in the line of webapps than graphical desktops running directly on the server machines. See, for e.g., Cockpit - http://cockpit-project.org/ , included in F21 Server - and the FreeIPA web UI - demo site at https://ipa.demo1.freeipa.org/ipa/ui/ .

Re: @AdamWill - As Gnome 3 requires systemd - NO THANKS

"If you guys were that great in changing the design of Secure Boot why didn't you change it to allow replacing the Microsoft public key ?"

Er. What?

The UEFI specification's Secure Boot definition does not make any requirements whatsoever regarding who should be the provider of the platform key, or any other key, or whether any keys at all should be provided in any particular firmware implementation.

The Microsoft labelling requirements explicitly require that the system owner be able to replace the Microsoft key. Look, they're right here: http://msdn.microsoft.com/en-us/library/windows/hardware/jj128256.aspx

"On non-ARM systems, the platform MUST implement the ability for a physically present user to select between two Secure Boot modes in firmware setup: "Custom" and "Standard". Custom Mode allows for more flexibility as specified in the following:

A.It shall be possible for a physically present user to use the Custom Mode firmware setup option to modify the contents of the Secure Boot signature databases and the PK. This may be implemented by simply providing the option to clear all Secure Boot databases (PK, KEK, db, dbx), which puts the system into setup mode.

B.If the user ends up deleting the PK then, upon exiting the Custom Mode firmware setup, the system is operating in Setup Mode with SecureBoot turned off."

"Let's not forget that by doing what you did you prevented the rest of the Linux community to stand up and fight"

What do you mean by 'doing what we did'? And how did that prevent anyone else who gave a crap from pulling their finger out and doing something useful?

Re: Lost me at 7.

"Those who like systemd should do a forensic exam of a failed system, do this using a linux that does not support systemd."

Why? What's the point of that entirely artificial restriction?

Re: Fedora is doing its best to drive me away

You can install any package set from the 'Server' network install image, it is really a generic network install image. The Product stuff is a first cut in F21, it's still being shaken out; this kind of quirk will be straightened out for F22/F23.

Re: F21 - Harder to install XFCE than it should be.....also PAE

You can use the Server network install image to deploy any package set. The generic DVD image is gone, though - something had to give, with the Product changes. Sorry about that.

Re: Why install when it's going to be obsolete in a few months?

Er, if anyone was paying me to do PR, they'd want their money back, I think. No-one's sending me anywhere to do PR, my job is QA. This I do on my own time, God knows why. I've been posting here since it was a useful tech news site and not some sort of weird climate change sceptic backwater, and long before I worked for RH....

Re: Why install when it's going to be obsolete in a few months?

If you'd rather use something with a long life cycle, that's entirely up to you, but it's kind of presumptive to assume you speak for everyone "who use our machines as a tool to get on with our actual work".

Fedora's life cycle is ~13 months (technically it's 'until one month after the next release but one comes out' - F19 goes EOL in a couple of weeks). That's not like RHEL, or anything, but many people find it perfectly viable for getting all sorts of 'actual work' done, and upgrades generally work well these days.

Re: No to gnome, no to systemd

They don't.

Re: No to gnome, no to systemd

"Nitpicking aside, answer my original questions about the necessity of a qr code lib and a http server for journald."

Simple: they aren't necessary. Fedora's systemd does not require an HTTP server:

[adamw@xps13 ~]$ cat /etc/fedora-release

Fedora release 21 (Twenty One)

[adamw@xps13 ~]$ rpm -q --requires systemd | grep http

[adamw@xps13 ~]$

Fedora's systemd is built against qrencode, but that's a Fedora choice:

[adamw@adam anaconda (master %)]$ cd ~/local/systemd/

[adamw@adam systemd (master %)]$ grep -R qrenc *

configure.ac:have_qrencode=no

configure.ac:AC_ARG_ENABLE(qrencode, AS_HELP_STRING([--disable-qrencode], [disable qrencode support]))

...

Build systemd with --disable-qrencode if you don't want it to have a qrencode dependency (or in fact just don't build it with --enable-qrencode , disabled is the default). The benefit is some convenience when setting up keys for Forward Secure Sealing of journal contents; see the --setup-keys argument in 'man journalctl' for details.

As for the HTTP server - again it's a compile time option, --enable-microhttpd to turn it on. Fedora does in fact build with it, but then splits it out into a subpackage so the core systemd does not depend on microhttpd. The subpackage is systemd-journal-gateway . As that name suggests, the feature it supports is allowing remote access to the journal; the thinking was that there's a handy protocol lying around for reading information over a network which everything and its dog supports, so why not just use that instead of inventing some new protocol for remote accessing journal data? See http://www.freedesktop.org/software/systemd/man/systemd-journal-gatewayd.service.html . Of course, even when the package is installed this is not enabled by default, and the package is not installed by default.

"Of course the broader question is why does so much of systemd, which is replacing the OS incrementaly, need to reside in user space?"

Erm. Why would you want to build it into kernel space?

"Why the single point of failure in PID1?"

There's *always* been a single point of failure in PID 1. That's sort of what PID 1 *is*. Note that much of systemd does not run as part of PID 1. systemd-journald, for instance, is pid 559 on my system as I write this. systemd-udevd is pid 606. systemd-logind (the daemon GNOME uses, for the 'GNOME requires systemd!' haters) is 871.

Re: As Gnome 3 requires systemd - NO THANKS

Actually, we're the guys who got the original Secure Boot implementation designs substantially changed to be less sucky. Without the RH representatives in those discussions, all systems with Windows 8.1 pre-loaded would likely be as locked down as an iPhone.

You're welcome.

Re: Fedora devs, please wake up!

What do you mean 'your GNOME 3'? Fedora doesn't write GNOME. GNOME writes GNOME. We just ship it. If you don't like it, use any one of the other dozen+ desktops we also ship.

You can still use yumex if you want something 'GUI-for-yum'-y. In fact, the old gnome-packagekit stuff still exists for now, but I don't know if Richard is going to maintain it any more.

Re: Do you actually SEARCH your files and programs?

"Do you really use search to find the programs you want to start, or the files you want to open? You don't use menus or browse?"

Yes. Typing 'start, xc, enter' - without even needing to look at the screen, as it's an entirely predictable interaction - is approximately sixty thousand times faster than going start, mouse or keyboard navigate up to 'internet' or 'chat' or some other weird category, mouse or keyboard navigate through a pokey list to the entry labelled xchat, click or hit enter.

I'm stuck in Xfce at the moment because GNOME 3 is not working (occupational hazard of being a QA guy and testing lots of marginal stuff), and hating it. I can't find anything in these ridiculous Windows 98 menus.

Re: All very nice ...

"The web is absolutely full of users bitching about these two items."

There are about three people in the world who both a) still have and b) are still, for some bizarre goddamn reason, attempting to use a G400, so no, no, it really isn't. It is always a valuable thing to get a realistic handle on how much everyone else actually cares about your Precious Snowflake Bug. The answer in your case is 'not at all'.

Have you asked Windows for a Windows 8 driver for it yet? How's that going?

(For those who don't remember, or weren't born, the G400 came out in 1999. It was moderately popular, for a year or two.)