Most of my software development takes place on a Debian 7 “wheezy” running LXDE. It is stable and provides me with everything I need. I also keep a copy of Fedora on a different partition on my hard disk, the attraction being the latest versions of gcc and glibc. In this article I will take a look at the latest Fedora release.

Usually when installing Linux, my main concern is the RAM memory. In my work I need as much as I can get. One option would be to start with a regular server install, and add X11, LXDE and everything else on top of it. Building such a system from scratch is not exactly difficult. However, today I’m lazy, and I’ll go for a Fedora LXDE Spin install. I will remove after installation everything I don’t need.

The download page is here. The installer still has some problems, for example updating an existing partition tends to get it confused. First boot in the new system I open a terminal and run free command. It uses 220MB of memory, which is not so bad.

System cleanup

The procedure is simple, I look at ps aux output and remove or disable everything I don’t really need.

First one to go is Clipit. It is a clipboard manager that tracks your every key stroke. As you start the system, it tells you politely what it intends to do, and it advises you not to type passwords. I have no idea why would anybody run this on his computer in a post-Snowden world. So, I open a terminal, su and

# yum remove clipit

From here I move to the printing system. As I don’t have a printer, and I don’t intend to use one, I disable cupsd and avahi – removing them is not an option:

# systemctl disable avahi-daemon.service # systemctl stop avahi-daemon.service # systemctl disable cups.service # systemctl stop cups.service

The last services to be removed or disabled are audit (couldn’t care less), smartd (if my hard disk is to die, it will die anyway), and rcpbind (not using and not intending to use NFS).

# yum remove audit # yum remove smartmontools # systemctl disable rpcbind.service

Networking

Configuring networking on Linux used to be simple. You have a network interface, usually called eth0 (renamed to enp0s20 by Fedora 19), and you set an IP address manually or dynamically using DHCP.

For a manual setup, you would go in /etc/sysconfig/network-scripts/ifcfg-enp0s20 and add an IP address, a network mask, and a default gateway. Something like this:

... BOOTPROTO="static" IPADDR=192.168.254.19 NETMASK=255.255.255.0 GATEWAY=192.168.254.254 ...

Things are even simpler if you have a DHCP server running on your network:

... BOOTPROTO="dhcp" ...

If you are not using DHCP, you also have to specify the nameserver in /etc/resolv.conf

# cat /etc/resolv.conf nameserver 192.168.254.254

After you fill up the data and save the files, enable networking and you are done:

# systemctl enable network.service

Until sometime in 2004 when a new program called NetworkManager was invented, with the goal of allowing Linux users to deal more easily with modern networking needs. I am not sure if it is easier, what I can see however is it takes about 25MB of memory, CPU cycles, and slows down the bootup.

I am running a wired network, with a small DSL router in front of it, I don’t really need the NetworkManager complication. I remove it as

# yum remove NetworkManager

and set my interface for DHCP as explained above.

Firefox

Firefox is the next item on my agenda. In my opinion it should come configured by default for adblocking and anti-tracking. Instead, it comes with IcedTea-Web plugin, adding live support for all kind of Java security problems. I don’t feel good about it, so I remove it. Java will stay there for now, LibreOffice is also using it:

# yum remove icedtea-web

Fedora also installs by default a gxine plugin. It is supposed to deal with video and audio files, however Fedora does not support mp3, mpeg, nothing! Then, why put it in? It is no match for flash, why bother? People are already complaining about Firefox being a memory hog, why add more to that by automatically including useless plugins?

# yum remove gxine

There is another problem with Firefox as configured by Fedora. Check out the following wireshark trace:

Notice how every DNS request is sent twice, once for a regular IPv4 address (A record) and once for an IPv6 address (AAAA record). If you are using IPv4 exclusively like 99.9% of the globe, your DNS is already slow. Why slow it down further?

To disable IPv6 functionality type about:config into the address bar, followed by ipv6 into the search bar, and toggle network.dns.disableIPv6 to true.

Sound and fireworks

Everybody knows that no software development setup is complete without a music/video player with all the normal codecs you can expect a player to have. Don’t look for them in the regular Fedora repositories, there is a problem with not being free or something. Be aware however that Debian found a way to offer this kind of support out of the box without going outside the project. Until Fedora developers figure out how is done, use one of the external repositories such as rpmfusion. Also use a real player such as VideoLAN Client.

# yum localinstall --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-19.noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-19.noarch.rpm # yum install vlc

Adobe falsh plugin is installed as follows:

rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-x86_64-1.0-1.noarch.rpm rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux yum install flash-plugin nspluginwrapper

gcc 4.8.1

gcc 4.8.1 brings in support for AddressSanitizer and ThreadSanitizer. These are two tools developed by Google and ported recently to gcc.

AddressSanitizer is a fast memory error detector. It finds use-after-free, heap, stack, and global buffer overflow bugs in C/C++ programs. To use it, pass -fsanitize=address to gcc at compile time.

Example:

$ cat main.c #include int main() { int a[10]; a[15] = 7; return 0; } $ gcc -fsanitize=address main.c $ ./a.out ================================================================= ==11367== ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffb54b983c at pc 0x400775 bp 0x7fffb54b97d0 sp 0x7fffb54b97c8 WRITE of size 4 at 0x7fffb54b983c thread T0 #0 0x400774 (/home/netblue/work/fsanitize/a.out+0x400774) #1 0x3980421b74 (/usr/lib64/libc-2.17.so+0x21b74) #2 0x400638 (/home/netblue/work/fsanitize/a.out+0x400638) Address 0x7fffb54b983c is located at offset 92 in frame of T0's stack: This frame has 1 object(s): [32, 72) 'a' HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) Shadow bytes around the buggy address: 0x100076a8f2b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100076a8f2c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100076a8f2d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100076a8f2e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100076a8f2f0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 =>0x100076a8f300: 00 00 00 00 00 f4 f4[f4]f3 f3 f3 f3 00 00 00 00 0x100076a8f310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100076a8f320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100076a8f330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100076a8f340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100076a8f350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap righ redzone: fb Freed Heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==11367== ABORTING

AddressSanitizer has to be enabled also at link time, otherwise you get countless errors such as these:

/usr/include/QtCore/qstring.h:880: undefined reference to `__asan_report_load8' /home/netblue/work/testproj/trunk/src/qtmib/moc_pref_dialog.cpp:51: undefined reference to `__asan_report_store4' /home/netblue/work/testproj/trunk/src/qtmib/moc_pref_dialog.cpp:49: undefined reference to `__asan_report_load8'

The fix seems to be to link in libasan (add -lasan to your LDFLAGS). This is Address Sanitizer runtime library and you install it as

# yum install libasan

ThreadSanitizer is a a data race detector for C/C++. You enable it using -fsanitize=thread. An usage example you can find here,

Conclusion

I installed the LXDE spin, the bootup time was visibly higher than comparable Ubuntu or Debian setups, and it was running idle in 220MB of memory. After disabling a number of packages I don’t use, the bootup time improved dramatically, and the memory went down to 160MB.

I run Fedora from time to time for software development purposes, where it shines. This particular version is also an excellent preview of what is to come in the next RedHat Enterprise version. However, as a development desktop setup you would be better served by a long time support release such as Debian or Ubuntu.

Sorry for the long and painful review, just imagine however how painful would be for someone trying out Linux for the first time, after he was misdirected to Fedora. Packaging the latest gcc version and Clipit, will not make it a good and friendly desktop.