Submitted by DistroWatch has reviewed Fedora 8. They conclude: “Overall, I truly believe that Fedora 8 is by far the best Fedora release to date (and I’ve tried every one of them). From the look and feel of the system, to the out-of-the-box configuration during installation, I couldn’t be happier with a cutting edge release. As I mentioned before, the biggest aspects of a successful distribution for me are suspend/hibernate, correct screen resolution and the the ability to change the screen resolution in a GUI if it didn’t configure it correctly the first time, system stability, and overall look and feel of a distribution. For me, Fedora 8 has excelled in all categories when I evaluate and review a system and I hope that Fedora continues to release versions that are put together as good as Fedora 8 has been.”
thanks for sharing
his comment about security was interesting, I wonder what the Ubuntu and Mandriva fans here will say about it:-
“Overall, I feel that Fedora has the best security features enabled by default with Mandriva coming in close with their recent 2008 release. It still concerns me when distributions, such as Ubuntu, still ship without a firewall or even a security framework such as SELinux, or AppArmor installed by default.”
Edited 2007-11-12 22:03
“Overall, I feel that Fedora has the best security features enabled by default with Mandriva coming in close with their recent 2008 release. It still concerns me when distributions, such as Ubuntu, still ship without a firewall or even a security framework such as SELinux, or AppArmor installed by default.”
Seems to me that having security options installed/turned on by default would go a long ways towards protecting the end user. Yes, most GNU/Linux users are smart enough to go looking at how security is set up, but not everyone is.
Doesn’t Ubuntu come with Apparmor these days?
Yes, it should be installed and enabled by default.
When you install it is enabled, you can disable it and it prompts you and asks you if you are sure if you want to turn it off…
You are right. Ubuntu ships with AppArmour protecting daemons like cups from Gutsy (7.10) onwards.
Having used SELinux for several years now, I must admit that a good distribution should ship something like SELinux (Fedora and derivates) or Apparmor (Mandriva/SUSE). But as good as these technologies are, they do have a weak point. E.g. setting SELinux to enforcing mode will cause you more headaches than you ever thought of because many things refuse(d) to work at all with the default settings. The trick is to run it in permissive mode and adjust your policy (a lengthy procedure!). But then, this is really only for experts. Newcomers to Linux (and many veteran users) will give up on the configuring imho.
That said: SELinux and Apparmor are great for server setups and the like, but the average user will (my opinion) hardly ever use those tools on his/her desktop machine.
PS: Yeah, Fedora 8 is very good but – my opinion – Mandriva has created the “best distribution” this time.
Fedora comes with the handy security applet(not sure the actual name for it) that pops up and tells you that something isn’t running because of selinux and gives you a suggestion as to what command to run to create a new policy.
Yeah, but that one only works in permissive mode, not enforced mode.
Yeah, but that one only works in permissive mode, not enforced mode.
you sure about that? In Fedora 7 I’m running enforcing mode and it gives me suggestions for creating a new policy. Not sure yet how it works in F8 though. Haven’t had a chance to use it much yet.
I’m not sure where he got the idea that setroubleshoot (that’s the name of the system) only works in permissive mode. It works in permissive and enforcing on Fedora 8 and RHEL 5.
“””
“””
Ah. The “works for me” school of QA. 😉
Possibly he was joking about the number of things that get erroneously snared by the current targeted policies. Possibly his setroubleshoot was snared. There have been a few things that have been broken by SELinux on systems I support that others swear up and down work just fine on theirs.
Edited 2007-11-13 01:54
Yes, you’re talking about the SETroubleshooter. It has a shiny little gui that pops up and will give you a synopsis of the problem and a command to run that fixes it. Kudos to redhat for writing it. It also goes well with polgengui for people new to SELinux
In case of my usb printers and scanners, the troubleshooter worked only in permissive mode. When I used the enforced mode, i got no feedback at all. The hardware simply did not receive any commands on my fedora 7 and fedora 8 systems.
Bad luck?
Perhaps a dontaudit directive in action.
You should thing to file a bug in bugzilla.
Wokrs in enforced mode.
You can change SeLinux rules in enforced mode.
> E.g. setting SELinux to enforcing mode will cause you more headaches
By default SELinux is in enforcing mode with Fedora.
> will cause you more headaches than you ever thought of because many things refuse(d) to work at all with the default settings.
Are you sure ?
> The trick is to run it in permissive mode and adjust your policy (a lengthy procedure!).
Lengthy procedure !?!
Something like (for apache) :
grep httpd_t /var/log/audit/audit.log | audit2allow -m myhttpd; semodule -i myhttpd.pp
Is it a lengthy procedure ?
Fedora has many security features but SELinux needs configuring; boolean options need to be strictly configured by the user. Security policys need to be made for apps that fail to run with those settings (audit2allow).
Me too wonder why sendmail is running by default.
sendmail is enabled but does not accept connections by default. IIRC its only to send logfiles to your [email protected] e-mails via cron jobs and the like. Nobody can login from the net or anything.
I’m not positive about this cause i haven’t run Fedora 8 but it was this way with redhat and fedora in earlier releases.
Edited 2007-11-12 23:50
You’re right. However, I still question the pertinence of opting for sendmail instead of newer, better, safer MTAs like postfix. It’s a bit ironic to stick with this relic when Fedora ships with lots of cutting edge technologies. The first thing I do on any Fedora installation is installing postfix…
That said, Fedora 8 is quite a nice release. It’s the first that doesn’t really annoy me. Package dependencies could be saner, though. I wanted Eclipse for the CDT, but it asked for the JDT and 1001 dependencies I couldn’t care about.
The first objective is to chkconfig and turn off any unneeded services in any distro. SELinux is granular by design and it works exceptionally well, you can use system-config-selinuxlevel and check the boolean boxes to allow a process to run to file labeling, ports and so on. I have started working with SELinux and I have found it is not has complex as I once thought. The end user has to step out of their comfort level and use the nice graphical tools they have developed.
The ironic part is Microsoft is touting Windows Server 2008 with a new scripting language while Red Hat is polishing their graphical tools for very complex granular system controls…
I passed the RHCT last Friday and I have to take the RHCE in spring 2008 so I will become quite familiar with SELinux for sure…
The article didn’t mention anything about Pulse audio but I remember when Vista had implemented their version of it first and the fanboys were using it as one of their last salvos on their sinking product as something Linux didn’t have.
Ahem…next ?
Congrats to Team Fedora on a great looking release.
Pulseaduio is good but, don’t jump the gun yet. Its still in its infancy and eventhough there seems to be great things coming down the pipeline I would like to see pulse get geared towards more professional; goals at some point.
Fine release.
FC8 is going to stay on my workstation though.
I’ll install this on my other machine. Funny how changing your screen resolution via GUI is ‘cutting edge’ in Linux (X11). LOL Well I its been in there in the past but the old gui configurator was useless for me. Windows 3.1 had a better desktop gui screen resolution tool than *nix until now? I guess not but it seems that way.
LOL Well I its been in there in the past but the old gui configurator was useless for me. Windows 3.1 had a better desktop gui screen resolution tool than *nix until now? I guess not but it seems that way.
Well, Windows 3.1 had it simple (support for one monitor only). Look at the mess in XP. There is no single working point of setting up multiple monitors setup. Every card provides its own configuration panels to do that (which are also unusable in my case).
And the fact that you can define much wider range of setups makes it even more troublesome.
Just look at my current setup for example and tell me if you know how to make GUI to set it up.
Got 2×24″ monitors and TV55″. One monitor is constantly showing whole lot of information (so it has to be on always), other one is working desktop (dragging window from one monitor to another is not my preference). So when I work I like to work on my 24″ and for browsing etc. I like to do that from my TV (currently posting from it). So in my setup only one of those two is turned on, and second is on stand by. TV is 720p which makes it difficult to use spatial nautilus, so I let it auto change on TV to browse mode and spatial for monitor. Another thing is aspect ratio (had to fiddle with it because my TV doesn’t support full screen on VGA). Then so does whole lot of preferences that get switched from TV preference to monitor preference.
All this is possible with simple resolution switcher that is customized to my needs.
Now try setting this up with anything but xorg and more,… provide sane setup dialog for it.
btw. Fedora 8 really rocks. It is best Fedora release so far. Every Fedora had a lot of its quirks (I simply liked Fedora for political and religious reasons and because I’m used to RH, but this one I love), I have yet to find one in this release. Everything “just worked” on this machine and on my notebook.
Edited 2007-11-13 12:28
“Look at the mess in XP. There is no single working point of setting up multiple monitors setup. Every card provides its own configuration panels to do that (which are also unusable in my case).”
All aspects of multiple monitors under XP can be managed from the display control panel applet. Just click on the Settings tab. Everything you need to change can be accessed from there. Monitor placement, resolution, color depth can all be set from the main tab. Click on advanced and you can change refresh rates, DPI, Adapter settings and color settings. The control panel that comes with ATI/Nvidia cards is not needed. Nvidia’s even integrates with the Display applet. Those control panels are manly useful for proprietary 3d settings. All other functions can be managed using the Display control panel app.
Doesn’t sound like a mess to me.
Check things out before you
The control panel that comes with ATI/Nvidia cards is not needed. Nvidia’s even integrates with the Display applet. Those control panels are manly useful for proprietary 3d settings. All other functions can be managed using the Display control panel app.
All right and good, but after you have dialog as you said you have, it looks almost something like this.
http://www.frankmahler.de/mshame/ShameRecentgifs/dolphin.gif
Not really user friendly. Even having tabbed window popping new windows on advanced is utterly stupid.
Doesn’t sound like a mess to me.
Check things out before you
And you should read complete post before spewing non-sense.
I wasn’t talking about basic settings (what for do you think I described my setup?). You can’t even specify mirror in basic windows tabs. And other features windows don’t even support.
My post was doing 3 things.
1. Telling the difference why Windows 3.1 could have sane design
2. Inviting to a possible SANE design that would envelop all xorg functions. This is mostly the main reason for linux distros to lack display properties.
3. Describing my windows impossible setup to show the complexity of possibilities.
Fedora 8 is one of the few distros that just worked for me out of the box. Printing worked, sound, monitor detected, USB flash and external drives mounted. The only problem I had was with the resolution of the monitor. I ended up editing xorg.conf and added my resolution 1280 x 1024. I find the system snappy and stable. All the major applications I use each day like Open Office, Audacious, Thunar, Jpilot, Gedit, and Mozilla Seamonkey are running fine. The pulseaudio sound server is nice. I am getting used to controlling the volume of each application individually. Nice release.
Edited 2007-11-13 11:55
I use ATI video cards and I have never had any problems, the 3d effects work extremely well and from a standpoint of stability I have never had any major problems.
But like all of the distro’s they just keep maturing and the tools ‘graphical’ keep getting better and better.
SELinux should be enabled, also you should run visudo and add your userid so you do not have to use ‘root’ to perform basic admin functions. Certain cases root is needed and it is necessary. I will be putting all of the multi-media how-tos on my website, and setting up Java, DVD drives to downloading all of players ect in a simple easy to use cut/paste format. That is one of my projects I am going to undertake in my spare time when not studying for my RHCE, also setting up a server and so on.
The main reason I like Fedora is to me the file system layout just makes logical sense to me. I have used Caldera Linux, Mandrake, Red Hat 6,7,8,9 and all sorts of distro’s but always went back to Red Hat based stuff. Plus in the datacenter that is all we run is Red Hat RHEL 3,4 and now 5.1 on the newest servers.
Got 8 to work right away … except nvidia drivers.
Tried installing via yum and the livna repository, but on reboot, got an error message about the current kernel not supported.
Other than that, it worked fine. Scratching my head about nvidia drivers, though …
Strange, i installed the latest nvidia kernel module from the livna repo and had no issues or whatsoever.
Are you sure you installed the correct module version?