Tag Archives: Fedora

I land back in Britain jetlagged, wake up from a brief sleep to find the news flooding my phone's news feed that the Linux distro, LinuxMint, had a bad day at the office. ISO images with backdoors and forum / website rooted and modified with some data potentially stolen.

The thing with LinuxMint is that it's a great project with high user figures, easy to run, it's the goto Linux for the user fed up with Windows and even I have a couple of Mint laptops. However, it's never been "security first and foremost" in the minds of the tiny release crew.

This post isn't going to attack the team behind Mint. Mint is a great project, it's default build does a lot of things right that other distros get wrong. In the default install it allows you to use whole of disk encryption and it also allows you to wipe the target disk and encrypt the user home directory which other distros do not by default. Thats a huge win for users. It's only let down by the default state of the build not defaulting to secure itself down using UFW or basic hardening out the box and a better state of repository awareness to ensure that a better security patching infrastructure isn't utilised. Anybody installing Mint who has a clue needs to spend 45 minutes post build tying it down, once achieved your workstation is pretty damn tight with one exception. That exception is underlying assured trust.

The packages for LinuxMint and other Ubuntu derived projects uses so much bleeding edge and community derived not sanitised code that it is very much a suck it and see approach, e.g you wouldn't deploy Mint in a commercial or workplace environment or anywhere where total data security was an issue. It's a lot more secure than Windows 10 so lets set that straight before we jump into the reasons why you shouldn't be using Mint now on an ongoing basis.

Mint, like many Linux distros before it is built on love. It's maintainer is an amazing guy who has put heart and soul into his project and worked miracles to get regular releases out the door. It's regularly hailed by my friend Stephen J Vaughn Nicholls as a great distribution. A great distribution for hobbyists. You can't compare say Fedora and Mint. Fedora is built on engineering and built by major engineering teams in the OSS community meeting at conferences worldwide (but still built on a tiny shoestring budget and goodwill). Mint relies on Ubuntu but ignores some of the basic security doctrines that Ubuntu has built in (e.g root user hardening) and also ignores some of the upstream patching conventions too.  Makes zero sense, but thats where we're at and you'd think in 2016 there would be more common sense approach to understanding user / sudo segregation and risk avoidance.

The issue with the rooting of the website was just daft. Reading the timeline on the website it looks to have been "handled quickly" and in good order but the damage to reputation may now already have been done. As a community project you never utterly control community gifted mirrors but you should have better controls over your portal and your storage of user data.

Already the finger pointing has started. I'm not sure it helps. One thing is for sure this is a bad day at the office for a project that has given a lot of home Linux users a first taste of Linux.  Mint is not a company with infinite resources and engineers, they're trying their best and marching on goodwill. Now is not the time to tar and feather now is the time to just nod your head and realise that it was a bad day at the office but it was a long time in the making.

Nothing wrong with being a hobbyist, thats where so much goodness in the community is derived.

If you want a Cinnamon flavoured workstation, install Fedora, install Fedy post install then install Cinnamon from the command line. Done. Secure and ready to go to work.

When you get a chance to sit down with Robyn Bergeron, current incumbent leader of the Fedora project you take it. Robyn and I have recorded before in February but this time we had some time on our hands without any pressure and decided to record a really amazing show talking:

Part one of the show synopsis

Fedora releases, rel 20 on the horizon - plans for the future
How the Community ethic is absolutely key to Fedora
How Fedora comes about and the need for transparency
Openstack and Cloud
Remembering Seth Vidal fondly

  Part one of the show you can listen to by clicking here 

Part two synopsis

We talk deep and dirty about community and playing nicely
The CentOS conundrum / how bad could perception be ?
How the board of Red Hat support and guide Fedora
Embedded Linux - Raspberry Pi etc etc
Splitting Fedora 21 - The Holy Trinity
Growing old gracefully in Open Source

  And part two of the show is now also available, click here to listen

These shows ARE longer than I usually broadcast but it's Christmas and genuinely you very rarely get to hear behind the scenes at a major Linux distribution and this is a real chance to get that opportunity.

peter

With the launch of Fedora 19 in the last two weeks we thought it was time to get a podcast out with Fedora team member Peter Robinson. It coincided with the third birthday party of OpenStack which we (Red Hat) co-sponsored at the BlueFin building this last Friday gone. Peter and I met up to do some work together Friday and then retired from the scorching heat of London South Bank to the sane 1960s concrete jungle that is London's National Theatre. It's a great place to chill in the heat but also to record (hint there in case anyones in London and wants somewhere free to record).

We talk Cloud, Fedora 19 ARM goodness, how Fedora is built and we talk about every aspect of FOSS within Fedora. We also pay tribute to Seth Vidal and this podcast is very much in his memory.

Come back next Wednesday for a new show.

Download the podcast here in MP3 format only

Today's podcast is with Robyn Bergeron who is of course the Community Project Leader of the Fedora Project, the erstwhile evergreen Linux distribution sponsored by Red Hat.

Last June Robyn and I were in Boston together and I meant to get her in front of one of my microphones to record a podcast but it was the last day of Red Hat Summit and people were packing up and getting ready to disappear all points east and west and it never happened.

So it was a given that the first opportunity I had to record something with her turned into a forty five minute recording I've cut down to about 25 minutes or so for this podcast.  We talk Fedora of course, releases, release criteria and etiquette, conventions and community, we talk OpenStack, we talk Aeolus and JBoss and all things technical that make up Fedora's capabilities as part of upstream RHEL.

Listen carefully and you may even hear John Mark Walker from Gluster.org muscle in on the recording. Do of course download and listen, or subscribe via iTunes, Stitcher Internet Radio, Podfeed or via the RSS using your client of choice.

Download the podcast here in MP3 format only