Announcement

Collapse
No announcement yet.

Fedora 21 To Evaluate Remote Journal Logging, 64-bit ARM Emulation

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fedora 21 To Evaluate Remote Journal Logging, 64-bit ARM Emulation

    Phoronix: Fedora 21 To Evaluate Remote Journal Logging, 64-bit ARM Emulation

    Yesterday on Phoronix we covered 12 new feature proposals for Fedora 21 and following that story yesterday were a handful of new feature proposals for this next major Fedora release...

    http://www.phoronix.com/vr.php?view=MTY2NDk

  • #2
    So, because gnome hasn't designed the interface for firewalld the solution is to disable it until they do create one?
    Science!
    The firewalld interface isn't bad except fur one annoying thing: the tricky runtime/permanent modes. That should be made clearer. Other than that, guess what? Networking is just really complicated and trying to guess what's right and then not exposing the necessary manual configuration tools to fix it means that, like most gnome tools, it either just works or you have to dig into non-gui solutions (and for networking that can be, as I said, very complicated). That design pattern might be gnome's biggest weakness and lack of manpower is no excuse. This is really, simply, a design issue. They've no interest in exposing these things, regardless. If they're auto-detection doesn't work, file a bug, and in the meantime live with a broken system
    Sorry for the rant. I find myself becoming less generous towards gnome the more I hear about them.

    Comment


    • #3
      Originally posted by liam View Post
      So, because gnome hasn't designed the interface for firewalld the solution is to disable it until they do create one?
      Sorry for the rant. I find myself becoming less generous towards gnome the more I hear about them.
      None of the changes being discussed have much to do with the desktop environment. Enabling or disabling the firewall is a distro level decision and firewalld has no connection to any desktop environment.

      Comment


      • #4
        So, firewalld vs ufw. My understanding is ufw was developed first, and that firewalld has some NIH syndrome going on from the Red Hat camp, unless I'm missing some critical failing in ufw that prevented its extension with whatever features firewalld was lacking.

        I don't know who to be mad at here for the duplication and waste of developer effort, though, so someone enlighten me?

        Comment


        • #5
          Originally posted by zanny View Post
          So, firewalld vs ufw. My understanding is ufw was developed first, and that firewalld has some NIH syndrome going on from the Red Hat camp, unless I'm missing some critical failing in ufw that prevented its extension with whatever features firewalld was lacking.

          I don't know who to be mad at here for the duplication and waste of developer effort, though, so someone enlighten me?
          UFW is unmaintained last time I checked out Arch, and has been for awhile.

          As far as Firewalld... AFAIK, ufw had to stop and restart the firewall to load the new configuration, which could make it miss connections and just let everything go. Firewalld can load new configurations without restarting the iptables backend. Also it brings to the table new Firewall Zones which can let different networks have different configurations and trust/denial.

          Comment


          • #6
            So it is more Upstart and Systemd than Wayland and Mir. I've been using ufw on Arch for years, and I had to go check to make sure, but community/ufw is still up to date with upstream (0.33-3), so unless that isn't getting maintained (and I have a hard time buying Canonical not keeping its firewall up to date for Ubuntu) then it should still be doing its job. It is just a simplified interface to iptables anyway. I wonder if either of them is going to support nftables...

            I'll keep using ufw for now, though, because I just really like the kde firewall UI for it, makes rule modification really quick.

            Comment


            • #7
              Originally posted by zanny View Post
              So it is more Upstart and Systemd than Wayland and Mir. I've been using ufw on Arch for years, and I had to go check to make sure, but community/ufw is still up to date with upstream (0.33-3), so unless that isn't getting maintained (and I have a hard time buying Canonical not keeping its firewall up to date for Ubuntu) then it should still be doing its job. It is just a simplified interface to iptables anyway. I wonder if either of them is going to support nftables...

              I'll keep using ufw for now, though, because I just really like the kde firewall UI for it, makes rule modification really quick.
              Last released version was 0.33... 2 years ago[1]. There's been changes here and there since then[2], but nothing substantial and nothing saying its coming towards a new release.

              [1] https://launchpad.net/ufw
              [2] http://bazaar.launchpad.net/~jdstran...tart_revid=860

              How much its "maintained" is up for debate. Personally I've got a thing about using pretty much unmaintained system services, BUT not everyone is the same. So if you're happy using it, go right ahead. Just mentioning it since you brought it up.

              Comment


              • #8
                Originally posted by RahulSundaram View Post
                None of the changes being discussed have much to do with the desktop environment. Enabling or disabling the firewall is a distro level decision and firewalld has no connection to any desktop environment.
                I'm not entirely sure what "distro" means given f.N. The proposal I read was for Workstation (so, gnome). Currently we ship both the firewalld service AND gui called firewalld (which looks gtk based to my eye). What Mattias proposed was disabling the service and thus probably not installing the GUI by default.

                The current level of integration into the desktop and applications does not justify enabling the firewalld service by default. Additionally, the set of zones that we currently expose is excessive and not user-friendly. Therefore, we will disable the firewall service while we are working on a more user-friendly way to deal with network-related privacy issues.


                It will of course still be possible to enable the firewall manually.
                The concern is one of DESKTOP and app "integration". The concern is about "ease of use" and making sharing easy. It's very much about desktop environment and perceived notions of what that environment is supposed to do. Fit corporate users those zones are very handy. The problem is that the zones haven't been configured properly to allow for the behavior the owners of gnome desire. Disabling firewalld because of that would be like disabling selinux because packager x won't work with it on. The solution, in both cases, is to fix the relevant policies not disabling key services.

                Comment


                • #9
                  Originally posted by liam View Post
                  I'm not entirely sure what "distro" means given f.N. The proposal I read was for Workstation (so, gnome). Currently we ship both the firewalld service AND gui called firewalld (which looks gtk based to my eye). What Mattias proposed was disabling the service and thus probably not installing the GUI by default.
                  You haven't understood the proposal at all. It has nothing to do with not installing a GUI. firewalld is a system level firewall and doesn't require any kind of frontend. The proposal is about disabling the service by default.

                  firewalld can have any kind of graphical frontends but those frontends are not part of any desktop environment and is just a distro tool. disabling the service is a distro level decision (ie) Fedora workstation developers decide that. Not GNOME.

                  Comment


                  • #10
                    Originally posted by RahulSundaram View Post
                    You haven't understood the proposal at all. It has nothing to do with not installing a GUI. firewalld is a system level firewall and doesn't require any kind of frontend. The proposal is about disabling the service by default.

                    firewalld can have any kind of graphical frontends but those frontends are not part of any desktop environment and is just a distro tool. disabling the service is a distro level decision (ie) Fedora workstation developers decide that. Not GNOME.
                    Huh? I can't think of ways to make that proposal more clear:
                    The current level of integration into the desktop and applications does not justify enabling the firewalld service by default.
                    This clearly states that firewalld will be disabled by default because it lacks desktop integration. How can that have nothing to do with with the GUI?

                    Comment


                    • #11
                      Originally posted by Vim_User View Post
                      Huh? I can't think of ways to make that proposal more clear:This clearly states that firewalld will be disabled by default because it lacks desktop integration. How can that have nothing to do with with the GUI?
                      Who said it is not about integration? I am merely pointing out that it is not a GNOME decision but a Fedora decision and the implementation is not merely installing a GUI but disabling a system level service.

                      Comment


                      • #12
                        Originally posted by RahulSundaram View Post
                        You haven't understood the proposal at all.
                        Hmm, the proposal comes to disabling firewalld.service. I've already said as much. Here, I'll quote:

                        What Mattias proposed was disabling the service and thus probably not installing the GUI by default.
                        So, to claim I don't "understand the proposal at all" was either an attempt to discredit me or carelessly expressed hyperbole which was quite impolite, considering the phrasing.


                        It has nothing to do with not installing a GUI.

                        Originally posted by Mattias;
                        Additionally, the set of zones that we currently expose is excessive and not user-friendly.
                        To my knowledge, the zones are exposed through both the network manager GUI and firewalld gui (both installed by default, I believe). Implicitly this is addressing those GUIs. Even if not, it is addressing the USER EXPOSED zone manipulation. Please, explain how this has NOTHING to do with a GUI(i'm not sure what you mean by "installed" since firewalld/nm gui seems to be part of the default install, and has been for a few releases so this proposal).


                        firewalld is a system level firewall and doesn't require any kind of frontend. The proposal is about disabling the service by default.
                        I don't disagree. My original post was directed at the way the proposal was phrased. The implication being the GUI is too complicated (reference the Mattias quote above). The alternative interpretation would be that manually editing zones is too complicated (presumably through iptables).

                        firewalld can have any kind of graphical frontends but those frontends are not part of any desktop environment and is just a distro tool.
                        In principal it can have any kind of frontend (or nothing more than the text files describing the iptables rules) but in fact we have the one GUI which has been included by default for awhile now.
                        Regarding it being a distro tool, i'm afraid I don't see the point.

                        Comment


                        • #13
                          Originally posted by liam View Post

                          In principal it can have any kind of frontend (or nothing more than the text files describing the iptables rules) but in fact we have the one GUI which has been included by default for awhile now.
                          Regarding it being a distro tool, i'm afraid I don't see the point.
                          Yes, I do think you keep missing the point and I will make one last attempt. Even if there is only one frontend, it still has nothing to do with GNOME as a desktop environment. Anyone can write a frontend in GTK or a network manager plugin. You wrote

                          "So, because gnome hasn't designed the interface for firewalld the solution is to disable it until they do create one?"

                          "Sorry for the rant. I find myself becoming less generous towards gnome the more I hear about them."

                          I was replying to these sort of statements. The responsibility for the frontend is with the distribution developing the underlying tool (ie) Fedora. If they want to expose zones in a better way in the UI, they very well can. It is just a question of resources. It is not like Fedora doesn't drive a bunch of GNOME development ex: GNOME Software

                          Comment


                          • #14
                            Originally posted by RahulSundaram View Post
                            Yes, I do think you keep missing the point and I will make one last attempt. Even if there is only one frontend, it still has nothing to do with GNOME as a desktop environment. Anyone can write a frontend in GTK or a network manager plugin. You wrote

                            "So, because gnome hasn't designed the interface for firewalld the solution is to disable it until they do create one?"

                            "Sorry for the rant. I find myself becoming less generous towards gnome the more I hear about them."

                            I was replying to these sort of statements. The responsibility for the frontend is with the distribution developing the underlying tool (ie) Fedora. If they want to expose zones in a better way in the UI, they very well can. It is just a question of resources. It is not like Fedora doesn't drive a bunch of GNOME development ex: GNOME Software
                            OK, so it looks like you can't get past my rant. You seem to consistently misread (or ignore) sections of response and focus on earlier statements but without making it clear it is those statements you are concerned about. Nevertheless I'll address your points.

                            Even if there is only one frontend, it still has nothing to do with GNOME as a desktop environment.
                            I don't know how to parse that as saying anything other than the GUI isn't affiliated with the gnome project. That's a point I never argued, and I can only surmise you mentioned it because you are explaining why the gnome developers want to get rid of it.

                            For your last paragraph, again, I parse that as saying: this is a distro decision not a gnome one, which is true. But the workstation, and fedora desktop in general, is a gnome-lead project. Six of the twelve members on the board are gnome affiliated. I'm not willing to blind myself to these facts.

                            Comment


                            • #15
                              Originally posted by liam View Post
                              I don't know how to parse that as saying anything other than the GUI isn't affiliated with the gnome project. That's a point I never argued
                              So your rant against GNOME when the firewalld application (neither the service nor GUI has nothing to do with GNOME is pointless.

                              For your last paragraph, again, I parse that as saying: this is a distro decision not a gnome one, which is true. But the workstation, and fedora desktop in general, is a gnome-lead project. Six of the twelve members on the board are gnome affiliated. I'm not willing to blind myself to these facts.
                              Nonsense. You are just digging yourself further into a rathole. First of all, Fedora Board doesn't have twelve members. It has nine and none of them are really affliated with GNOME at all. Where are you getting your so called "facts" from?

                              https://fedoraproject.org/wiki/Board

                              It seems that you just want to rant about a desktop environment even when the news story has nothing to do with said desktop environment.

                              Comment

                              Working...
                              X