Fedora 19 LXDE Spin Cleanup

Most of my software development takes place on a Debian 7 “wheezy” running LXDE. It is stable and provides me with everything I need. I also keep a copy of Fedora on a different partition on my hard disk, the attraction being the latest versions of gcc and glibc. In this article I will take a look at the latest Fedora release.

Usually when installing Linux, my main concern is the RAM memory. In my work I need as much as I can get. One option would be to start with a regular server install, and add X11, LXDE and everything else on top of it. Building such a system from scratch is not exactly difficult. However, today I’m lazy, and I’ll go for a Fedora LXDE Spin install. I will remove after installation everything I don’t need.

The download page is here. The installer still has some problems, for example updating an existing partition tends to get it confused. First boot in the new system I open a terminal and run free command. It uses 220MB of memory, which is not so bad.

System cleanup

The procedure is simple, I look at ps aux output and remove or disable everything I don’t really need.

First one to go is Clipit. It is a clipboard manager that tracks your every key stroke. As you start the system, it tells you politely what it intends to do, and it advises you not to type passwords. I have no idea why would anybody run this on his computer in a post-Snowden world. So, I open a terminal, su and

# yum remove clipit

From here I move to the printing system. As I don’t have a printer, and I don’t intend to use one, I disable cupsd and avahi – removing them is not an option:

# systemctl disable avahi-daemon.service
# systemctl stop avahi-daemon.service
# systemctl disable cups.service
# systemctl stop cups.service

The last services to be removed or disabled are audit (couldn’t care less), smartd (if my hard disk is to die, it will die anyway), and rcpbind (not using and not intending to use NFS).

# yum remove audit
# yum remove smartmontools
# systemctl disable rpcbind.service

Networking

Configuring networking on Linux used to be simple. You have a network interface, usually called eth0 (renamed to enp0s20 by Fedora 19), and you set an IP address manually or dynamically using DHCP.

For a manual setup, you would go in /etc/sysconfig/network-scripts/ifcfg-enp0s20 and add an IP address, a network mask, and a default gateway. Something like this:

...
BOOTPROTO="static"
IPADDR=192.168.254.19
NETMASK=255.255.255.0
GATEWAY=192.168.254.254
...

Things are even simpler if you have a DHCP server running on your network:

...
BOOTPROTO="dhcp"
...

If you are not using DHCP, you also have to specify the nameserver in /etc/resolv.conf

# cat /etc/resolv.conf
nameserver 192.168.254.254

After you fill up the data and save the files, enable networking and you are done:

# systemctl enable network.service

Until sometime in 2004 when a new program called NetworkManager was invented, with the goal of allowing Linux users to deal more easily with modern networking needs. I am not sure if it is easier, what I can see however is it takes about 25MB of memory, CPU cycles, and slows down the bootup.

I am running a wired network, with a small DSL router in front of it, I don’t really need the NetworkManager complication. I remove it as

# yum remove NetworkManager

and set my interface for DHCP as explained above.

Firefox

Firefox is the next item on my agenda. In my opinion it should come configured by default for adblocking and anti-tracking. Instead, it comes with IcedTea-Web plugin, adding live support for all kind of Java security problems. I don’t feel good about it, so I remove it. Java will stay there for now, LibreOffice is also using it:

# yum remove icedtea-web

Fedora also installs by default a gxine plugin. It is supposed to deal with video and audio files, however Fedora does not support mp3, mpeg, nothing! Then, why put it in? It is no match for flash, why bother? People are already complaining about Firefox being a memory hog, why add more to that by automatically including useless plugins?

# yum remove gxine

There is another problem with Firefox as configured by Fedora. Check out the following wireshark trace:

IPv6 DNS requests from Firefox on Fedora 19

IPv6 DNS requests from Firefox on Fedora 19

Notice how every DNS request is sent twice, once for a regular IPv4 address (A record) and once for an IPv6 address (AAAA record). If you are using IPv4 exclusively like 99.9% of the globe, your DNS is already slow. Why slow it down further?

To disable IPv6 functionality type about:config into the address bar, followed by ipv6 into the search bar, and toggle network.dns.disableIPv6 to true.

Disable IPv6 in Firefox

Disable IPv6 in Firefox

Sound and fireworks

Everybody knows that no software development setup is complete without a music/video player with all the normal codecs you can expect a player to have. Don’t look for them in the regular Fedora repositories, there is a problem with not being free or something. Be aware however that Debian found a way to offer this kind of support out of the box without going outside the project. Until Fedora developers figure out how is done, use one of the external repositories such as rpmfusion. Also use a real player such as VideoLAN Client.

# yum localinstall --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-19.noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-19.noarch.rpm
# yum install vlc

Adobe falsh plugin is installed as follows:

rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-x86_64-1.0-1.noarch.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux
yum install flash-plugin nspluginwrapper
Fedora 19 LXDE desktop

Fedora 19 LXDE desktop

gcc 4.8.1

gcc 4.8.1 brings in support for AddressSanitizer and ThreadSanitizer. These are two tools developed by Google and ported recently to gcc.

AddressSanitizer is a fast memory error detector. It finds use-after-free, heap, stack, and global buffer overflow bugs in C/C++ programs. To use it, pass -fsanitize=address to gcc at compile time.

Example:

$ cat main.c
#include 

int main() {
	int a[10];
	a[15] = 7;
	return 0;
}
$ gcc -fsanitize=address main.c
$ ./a.out 
=================================================================
==11367== ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffb54b983c at pc 0x400775 bp 0x7fffb54b97d0 sp 0x7fffb54b97c8
WRITE of size 4 at 0x7fffb54b983c thread T0
    #0 0x400774 (/home/netblue/work/fsanitize/a.out+0x400774)
    #1 0x3980421b74 (/usr/lib64/libc-2.17.so+0x21b74)
    #2 0x400638 (/home/netblue/work/fsanitize/a.out+0x400638)
Address 0x7fffb54b983c is located at offset 92 in frame  of T0's stack:
  This frame has 1 object(s):
    [32, 72) 'a'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
Shadow bytes around the buggy address:
  0x100076a8f2b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100076a8f2c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100076a8f2d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100076a8f2e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100076a8f2f0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
=>0x100076a8f300: 00 00 00 00 00 f4 f4[f4]f3 f3 f3 f3 00 00 00 00
  0x100076a8f310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100076a8f320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100076a8f330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100076a8f340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100076a8f350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:     fa
  Heap righ redzone:     fb
  Freed Heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
==11367== ABORTING

AddressSanitizer has to be enabled also at link time, otherwise you get countless errors such as these:

/usr/include/QtCore/qstring.h:880: undefined reference to `__asan_report_load8'
/home/netblue/work/testproj/trunk/src/qtmib/moc_pref_dialog.cpp:51: undefined reference to `__asan_report_store4'
/home/netblue/work/testproj/trunk/src/qtmib/moc_pref_dialog.cpp:49: undefined reference to `__asan_report_load8'

The fix seems to be to link in libasan (add -lasan to your LDFLAGS). This is Address Sanitizer runtime library and you install it as

# yum install libasan

ThreadSanitizer is a a data race detector for C/C++. You enable it using -fsanitize=thread. An usage example you can find here,

Conclusion

I installed the LXDE spin, the bootup time was visibly higher than comparable Ubuntu or Debian setups, and it was running idle in 220MB of memory. After disabling a number of packages I don’t use, the bootup time improved dramatically, and the memory went down to 160MB.

I run Fedora from time to time for software development purposes, where it shines. This particular version is also an excellent preview of what is to come in the next RedHat Enterprise version. However, as a development desktop setup you would be better served by a long time support release such as Debian or Ubuntu.

Sorry for the long and painful review, just imagine however how painful would be for someone trying out Linux for the first time, after he was misdirected to Fedora. Packaging the latest gcc version and Clipit, will not make it a good and friendly desktop.

About these ads

6 thoughts on “Fedora 19 LXDE Spin Cleanup

  1. Pingback: Links 14/7/2013: Akademy 2013, GNOME 3.9.4 | Techrights

  2. Adam Williamson

    “Be aware however that Debian found a way to offer this kind of support out of the box without going outside the project. Until Fedora developers figure out how is done”

    It’s done by ‘being a non-profit based outside of the US’ (and having official non-free repositories, which Fedora refuses to do on principle).

    There are *two* issues with media codecs, which people invariably confuse. There is software freedom, which is a *copyright* question, and patent infringement, which is a *patent* question.

    Software can be non-free but not infringe any known patents; it can be free but infringe known patents; it can be free and not infringe any known patents; or it can be non-free and infringe patents. You have to keep all the possibilities in mind.

    Fedora *chooses* not to distribute non-free software: see https://fedoraproject.org/wiki/Foundations . We could quite easily choose to: we just don’t. This is not a question of ‘how’, simply a question of ‘whether’.

    Fedora is *obliged* not to distribute software that infringes patents: see https://fedoraproject.org/wiki/Software_Patents . Fedora is probably the most conservative major distro (along with RHEL itself) in terms of patents, for two simple reasons: Red Hat – a large company with a lot of money that is an extremely attractive target for litigation – sponsors it, and both Fedora and RH are legally based in the U.S.

    Combined, these make Fedora/RH easily the distribution most likely to be sued if someone wanted to make a fuss about a software patent. So Fedora has a policy of being extremely careful about patent violations.

    Debian actually has a similar policy – http://www.debian.org/legal/patent – but as they’re a non-profit with almost no money, which makes them an unattractive target for litigation, they can afford to be a bit less conservative about certain facets of evaluating whether a given bit of software is ‘patent encumbered’ or not. Other non-profit backed distros, especially smaller ones based outside the U.S., choose to be completely gung ho about distributing software which is _clearly_ encumbered by U.S. patents, relying on their lack of funds and location to protect them from litigation: there’s not much point spending millions of dollars suing a tiny distro with no money out of existence. But if Fedora tried it, RH would _certainly_ be on the hook in short order.

    To give some examples of the two different types of case: consider MP3 decoders. Fluendo distributes an MP3 decoder for which the MP3 patent holders have granted a patent license. However, its _copyright_ license is non-free. So Fedora chooses not to distribute that, although legally it could. Distributions with official non-free repositories may well include it. Compare, say, mpeg123. It is an MP3 decoder with a perfectly free _copyright_ license; it’s LGPL. But it does not have any kind of _patent_ license from the MP3 patent holders. From a _software freedom_ point of view, Fedora could perfectly well include mpeg123; from a _patent licensing_ point of view, the minute we tried it, we would have our pants sued off.

    (There’s also the wonderful issue of the U.S. DMCA and E.U. EUCD complicating the distribution of DRM decryption libraries such as libdvdcss, but I think I’ve gone on long enough for now).

    Reply
    1. netblue30 Post author

      > Fedora *chooses* not to distribute non-free software: see https://fedoraproject.org/wiki/Foundations . We could quite easily choose to: we just don’t. This is not a question of ‘how’, simply a question of ‘whether’.

      Yes, I understand that, and I applaud Fedora for what is trying to do.

      However, you guys have a lot of competition out there. Most of your competitors found a way around all the software patents, DMCA, litigation issues and whatnot, and in a way or another manage to distribute a desktop with a full audio/video working stack. Fedora is a distribution and it will be compared with other distros by how well it distributes software.

      Reply
  3. Pingback: Fedora 19 LXDE Spin Cleanup | Hallow Demon

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s