Schaller: Fedora Workstation development update – AI edition

[Posted June 14, 2024 by jzb]

Christian Schaller writes about AI and GPU-related features that are in flight and planned for Fedora 41.

Milan Crha has been working together with Alan Day and Jakub Steiner to come up with a streamlined user experience in GNOME Software to let you install the binary NVIDIA driver and provide you with an integrated graphical user interface help to sign the kernel module for use with secure boot. This is a bit different than what we for instance are doing in RHEL, where we are working with NVIDIA to provide pre-signed kernel modules, but that is a lot harder to do in Fedora due to the rapidly updating kernel versions and which most Fedora users appreciate as a big plus. So instead what we are for opting in Fedora is as I said to make it simple for you to self-sign the kernel module for use with secure boot. We are currently looking at when we can make this feature available, but no later than Fedora Workstation 41 for sure.

Modal password generation is bad

Posted Jun 18, 2024 21:34 UTC (Tue) by riking (subscriber, #95706) [Link] (5 responses)

The screenshot in the MR asks for a newly created password in a full-screen modal dialog, which prevents the user from interacting with password managers except via a separate device. This is generally considered to be bad

Modal password generation is bad

Posted Jun 18, 2024 22:39 UTC (Tue) by mathstuf (subscriber, #69389) [Link] (1 responses)

I presume you mean this image?

https://gitlab.gnome.org/GNOME/gnome-software/uploads/514...

Even worse, this looks to be the *creation* of a passphrase[1]. One should always be able to interact with a password database before confirming that password (which should also have a confirmation box to help avoid typos wrecking a MOK passphrase).

[1] I also thought it was preferred to use "passphrase" to hint something better than "a word".

Modal password generation is bad

Posted Jun 19, 2024 4:08 UTC (Wed) by raven667 (subscriber, #5198) [Link]

The linked screen shot appears to me to just be cropped showing the gnome-software window, the dialog would be pinned and modal only for that application, not for the whole desktop, IIUC, so you could absolutely use a password manager to generate the new MOK key, although it does need to be something you can't use a password manager to input since you have to type it into the firmware in early boot according to the help text in the rest of the dialog.

Maybe I'm wrong, but this seems to just be a misunderstanding.

Modal password generation is bad

Posted Jun 19, 2024 10:47 UTC (Wed) by james (subscriber, #1325) [Link] (2 responses)

As I read it, you'll need the password during boot-up, before any password managers on the device can run.

If a user unthinkingly uses a generated password and relies on a password manager which only keeps the passwords on the same device, they could end up with a scenario where they can't boot the machine until they've booted the machine (or, at least, had to do some unwanted sysadminning). This is also generally considered to be bad.

Arguably, the dialogue box could do with some warnings to that effect (maybe triggered on copy or paste).

Modal password generation is bad

Posted Jun 20, 2024 13:13 UTC (Thu) by mathstuf (subscriber, #69389) [Link] (1 responses)

Then it indeed makes sense to not (easily) allow password managers. But a confirmation entry would still be warranted at least.

Modal password generation is bad

Posted Jun 20, 2024 20:29 UTC (Thu) by madscientist (subscriber, #16861) [Link]

Note that there was a big caveat to the previous post: and relies on a password manager which only keeps the passwords on the same device.

I find it extremely unlikely anyone will be silly enough to use a password manager to generate passwords, and still "only keep the passwords on [one] device". That's just... a complete disaster waiting to happen.