fidzu : Fedora

The storage role always allowed creating and managing different storage technologies like LVM, LUKS encryption or MD RAID, but one technology seemed to be missing for a long time, and surprisingly, it was the most basic one, the actual partitioning. Support for partition management was always something that was planned for the storage role, but it was never a high priority. From the start, the role could create partitions. When creating a more complex storage setup on an empty disk, for example creating a new LVM volume group or adding a new physical volume to an existing LVM setup, the role would always automatically create a single partition on the disk. But that was all the role could do, just one single partition spanning the entire disk.

The reason for this limitation was simple: creating multiple partitions is something usually reserved for the OS installation process, where users need to have separate partitions required by the bootloader, like /boot and /boot/efi. The more advanced "partitioning" is then delegated to a more complex storage technologies like LVM, which is where most of the changes are done in an existing system and where users will usually employ Ansible to make changes later.

But the requirement for more advanced partition management was always there, and since the 1.19 release, the role can now create and manage partitions in the Ansible way.

Partition Management with Storage Role

The usage of the role for partition management is simple and follows the same logic as the other storage technologies, with the management divided into two parts: managing the storage_pools, which in the case of partitions is the underlying disk (or to be more precise, the partition table), and the volumes, which are the partitions themselves. A simple playbook to create two partitions on a disk can look like this:

  roles:
    - name: linux-system-roles.storage
      storage_pools:
        - name: sdb
          type: partition
          disks: sdb
          volumes:
            - name: sdb1
              type: partition
              size: 1 GiB
              fs_type: ext4
            - name: sdb2
              type: partition
              size: 10 GiB
              fs_type: ext4

and the partitions it creates will look like this

NAME   MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS FSTYPE
sdb      8:16   0  20G  0 disk
├─sdb1   8:17   0   1G  0 part             ext4
└─sdb2   8:18   0  10G  0 part             ext4

Other filesystem-related properties (like mount_point or fs_label) can be specified, and these work in the same way as for any other volume type.

The only property that is specific to partitions is part_type, which allows you to choose a partition type when using the MBR/MSDOS partition table. Supported types are primary, logical and extended. If you don't specify the partition type, the role will create the first three partitions as primary and for the fourth one, add an extended partition and create it as a logical partition inside it. On GPT, which is used as the default partition table, the partition type is ignored.

Encrypted partitions can be created by adding the encryption: true option for the partition and setting the passphrase:

  roles:
    - name: linux-system-roles.storage
      storage_pools:
        - name: sdb
          type: partition
          disks: sdb
          volumes:
            - name: sdb1
              type: partition
              size: 1 GiB
              fs_type: ext4
              encryption: true
              encryption_password: "aaaaaaaaa"
            - name: sdb2
              type: partition
              size: 10 GiB
              fs_type: ext4
              encryption: true
              encryption_password: "aaaaaaaaa"

Don't forget that adding the encryption layer is a destructive operation - if you run the two playbooks above one after another, the filesystems created by the first one will be removed, and all data on them will be lost. Adding the LUKS encryption layer (so-called re-encryption) is currently not supported by the role.

Idempotency and Partition Numbers

One of the core principles of Ansible is idempotency, or the ability to re-run the same playbook, and if the system is in the state specified by the playbook, no changes will be made.

This is true for partitioning with the storage role as well. When running the playbook from our example above for the second time, the role will check the sdb disk and look for the two specified partitions. And if there are two partitions 1 and 10 GiB large, it won't do anything. This is how the role works in general, but with partitions, there is a new challenge: partitions don't have unique names and using partition numbers for idempotency can be tricky.

Did you know that partition numbers for logical partitions are not stable? If you have two logical partitions sdb5 and sdb6, removing the sdb5 partition will automatically re-number the sdb6 partition to sdb5.

Predicting the partition name is not always straightforward. For example, disks that end in a number (common with NVMe drives) require adding a p separator before the partition number (nvme0n1 becomes nvme0n1p1).

For these reasons, the role requires explicitly using the state: absent option to remove a partition, and partitions can be referred to by their numbers in the playbooks as well as their full names. So, for example, the following playbook will resize the sdb2 partition from our first example

  roles:
    - name: linux-system-roles.storage
      storage_pools:
        - name: sdb
          type: partition
          disks: sdb
          volumes:
            - name: 2
              type: partition
              size: 15 GiB
              fs_type: ext4

and the first partition won't be removed, because it is not explicitly mentioned as absent, only omitted in the playbook:

NAME   MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS FSTYPE
sdb      8:16   0  20G  0 disk
├─sdb1   8:17   0   1G  0 part             ext4
└─sdb2   8:18   0  15G  0 part             ext4

Feedback and Future Features

With this change, the storage role can now manage all basic storage technologies. We are of course not yet covering all the potential features, but we are always looking for more ideas from our users. If you have any features you'd like to see in the role, please don't hesitate and let us know.

15 Dec 2025 9:13am GMT

Motivation and Vision

The core motivation behind data analysis pipelines, and the focus of this article, is the need to establish a clear path from unprocessed data to actionable insights for contributor engagement and impact. The key question is "what are we trying to measure to ensure the continuity of community work?"

As a side note, my preparation for the ADSP (Advanced Data Analysis Semi-Professional) certification in Korea utilized RStudio Desktop, running on a Fedora Linux environment. I got hands-on with R's core statistical toolkit, leveraging base functions. Among these were summary()¹ and lm()² as the basis for fundamental hypothesis testing and regression analysis³. I became more intrigued by R's power after testing its data manipulation packages (especially the key package dplyr).

With this background in mind, the article focuses on the design of an analysis pipeline that fulfills three objectives:

• it leverages the power of DuckDB⁴ and S3 storage,
• it redefines the workflow,
• it ensures scalable data transformation and analysis capabilities

Establishing such a robust foundation is essential for producing reliable and validated metrics for the contributor community, which itself is subject to ongoing definition and validation.

Acknowledgement: I extend my sincere gratitude to Justin Wheeler for connecting me with the Fedora Data Working Group (FDWG), and to Michael Winters and K Naraian for their guidance, discussion, and support throughout the design and validation of this data analysis pipeline.

Scope and Tool Selection: Please note that this analysis pipeline represents a combination of tools and methods chosen from my perspective as a data analyst, particularly one with a background in the CRM (Customer Relationship Management) domain and consumer electronics industry. Therefore, other analysts or data engineers may utilize different combinations of technologies based on their own expertise or project requirements.

Why data analysts must engage with ELT⁵/ETL⁶

The role of the analyst is undergoing a fundamental transformation in 2025. We are moving beyond the traditional responsibility of performing statistical analysis and presenting visualization on pre-cleaned data. Today, the modern analyst must evolve into a "Data Ops(Operations)". This requires a holistic understanding of the data lifecycle and bridging the gap between business context and data engineering. This expansion mandates a familiarity with ELT/ETL processes to examine the quality and structure of the data source.

Moreover, data analysts must be adept at processing diverse data types such as semi-structured data (for example, schema-less JSON strings or variant) and understanding various data access methods such as leveraging the efficiency of in-situ processing over the constraints of in-memory loading of datasets.

RStudio: The Unified IDE for Hybrid R and Python workflows

My ADSP examination requirements motivated my initial deep dive into RStudio. However, it is worth highlighting its utility as a tool for any data professional. The most significant benefit of using RStudio is its seamless ability to leverage the best tools from both the R and Python language ecosystems. This eliminates the need for the analyst to switch environments which leads to dramatically higher operational efficiency. This unified approach streamlines the analysis lifecycle from code execution to final reporting.

Python for data engineering

Use Python's libraries like Pandas for efficient ETL/ELT operations, data manipulation on large datasets, and integrating with production environments or machine learning workflows (TensorFlow/PyTorch).

R for analysis and visualization

Utilize R's statistical packages and its superior data visualization capabilities (ggplot2, R Shiny) for data analysis modeling, beautiful reporting, and creating customized, publication-ready graphics.

RStudio Desktop: Installation Instructions⁷ for Fedora Linux

Install R base packages using the terminal and verify:

$ sudo dnf install R

$ R --version

Now, install RStudio from the Fedora COPR repository. Note that these COPR packages conflict with the binary package provided by Posit. Remove the existing Posit RStudio binary package if you installed it.

$ sudo dnf copr enable iucar/rstudio
$ sudo dnf install rstudio-desktop

Dependencies and dev tools are required so install them:

$ sudo dnf install @development-tools

$ sudo dnf install libxml2-devel openssl-devel curl-devel

Launch the RStudio. When the < prompt appears on the RStudio Console enter the following commands. Note that this prompt should appear in the bottom-left pane of the default layout.

Install the reticulate package and execute the function reticulate::py_install() to manage Python dependencies:

install.packages("reticulate")

reticulate::py_install(packages = c("duckdb", "pandas"))

Set the global options for all code chunks within the R Markdown Canvas:

knitr::opts_chunk$set(echo = TRUE, message = FALSE, warning = FALSE)

ragg is an indirect but critical dependency of core Tidyverse packages (such as ggplot2):

install.packages("ragg")

Install base packages for data manipulation:

install.packages("tidyverse")

DBI, tools for database interface, is an essential R package that provides a standardized, vendor-agnostic interface for connecting to and interacting with various database systems (both local and remote)

install.packages("DBI")

Install tools for Parquet files and S3 data lake access:

install.packages("arrow")

Install R Markdown for combining R code, and install Quarto for combining R/Python/SQL with its execution results, and explanatory text into reproducible data pipelines directly within the environment. The Quarto (.qmd) file runs code chunks in R, Python, and SQL in a single document.

install.packages(c("rmarkdown","quarto"))

Load packages for ELT and EDA:

library(tidyverse)

library(arrow)

Data architecture pipeline

The specific dataset chosen, Datanommer (Fedora Messaging Streams), aligns with the strategic objectives of the Fedora Data Working Group, where I contribute. The data is stored in the Bronze Data Layer where raw data from source systems is ingested and stored, as-is, for scalable data lake storage. The Bronze Layer allows for schema evolution without breaking downstream processes.

To provide the Working Group with transparent access and initial insight into this data, I have prepared a shared Initial Exploratory Data Analysis (EDA) Notebook. This notebook serves as the initial public view of the data quality and patterns, and it informed the subsequent architectural decisions for the scalable pipeline I am about to outline.

Given the complexity of the architecture, I will proceed with an outline of the core components, organized by their role in the ELT pipeline:

This restructured pipeline, leveraging the new Lakehouse architecture, unlocks several core benefits crucial for scaling contributor analysis and enabling future insights:

Elimination of Memory Constraints via In-Situ Processing

DuckDB acts as a high-performance analytical engine that enables In-Situ Processing. It queries data directly from storage (specifically the Parquet files) without requiring the entire dataset to be loaded into RAM. This not only solves the memory problem but also delivers rapid query execution and significantly lowers operational costs associated with large computational clusters hosted on the OpenShift/Fedora AWS infrastructure.

Future-Proofing

The shift to a Lakehouse model ensures the pipeline is ready for growth and evolving data complexity. Future integration of Apache Iceberg and Apache Polaris will provide schema evolution capabilities. This ensures the pipeline is fully future-proofed against changes in underlying data structures.

Streamlined ELT Workflow and Multi-Lingual Access

I have redefined the processing workflow from a bottlenecked ETL model to a resilient Extract-Load-Transform (ELT) pattern. Parquet files with the variant type store semi-structured data (like JSON/nested structures), loaded raw into S3, simplifies the ingestion stage. When using R, it is recommended to read Parquet files using the Apache Arrow library.

The parsed data is then accessible by multiple analytical platforms (R Shiny, Python, BI tools) without duplication or manual preparation. This multi-lingual access maximizes the utility of the clean data layer, supporting a growing number of analytical users and more complex queries necessary for defining long-term contributor metrics.

Initial EDA Notebook

The preliminary Exploratory Data Analysis (EDA) was conducted within the Jupyter Notebook format. This allowed broad compatibility with the existing execution and review environment of the Fedora Data Working Group.

The Initial EDA Notebook is documented to ensure complete reproducibility. This included all necessary steps for the Python library installation and environment setup. Any standard Python script containing ELT logic can be seamlessly run within RStudio's Python mode or "knitting⁸" an R Markdown document or rendering a Quarto file.

Conclusion

The establishment of this analysis pipeline represents a crucial step in transforming unprocessed Fedora data into actionable insights. By addressing the core challenges of scaling and in-memory processing through DuckDB, and enabling transparent analysis via the hybrid RStudio/Jupyter workflow, I have demonstrated viable methods for performing Exploratory Data Analysis (EDA) and Extract, Load, Transform (ELT) processes on vast community datasets. In conclusion, the purpose of this work is to foster deeper engagement across a broader community by analyzing data with a view that relates to the Fedora Project community.

I hope this pipeline will serve as the technical foundation that activates and focuses the community discussion around the specific variables and metrics needed to define and ensure the continuity of community contributions.

AI Assistance

The ideation, structural planning, and terminology refinement of the pipelines were assisted by Gemini and Figma.

Software version

RStudio Desktop 2025.05.1 Build 513 (Fedora COPR repository)

R version 4.5.2 (2025-10-31) / Python 3.14.0

Notes

1. summary(): When used on a data object (for example, DataFrame), it provides basic statistics (min, max, mean, median). When used on a fitted linear model object (lm), it delivers key diagnostic information like coefficient estimates and p-values. ︎
2. lm(): Stands for Linear Model. This is the core function for fitting linear regression models in R, allowing the user to examine and model the linear relationship between variables. ︎
3. Regression analysis examines which factors affect the other and which ones are irrelevant for statistical and business context. ︎
4. DuckDB is a column-oriented database architecture.
   - Direct Querying: It directly queries data from file formats such as Parquet, CSV, and JSON.
   - Local compute engine: It is widely used as a high-performance local compute engine for analytical workloads. It runs in-process, meaning it operates within your application (like a Python script or R session) without needing a separate server or cluster management.
   - Cloud Integration: It supports querying data stored in cloud storage services like AWS S3, GCS (Google Cloud Storage), and Azure Blob Storage.
   ︎
5. ELT (Extract, Load, Transform): In a modern data environment like a Lakehouse, ELT is preferred: data is first extracted from the source and loaded raw into the cloud data lake (S3), and then transformed in place by the processing engine like DuckDB. ︎
6. ETL (Extract, Transform, Load): transformations occur before loading the data into the final destination. ︎
7. Key Advantages of RStudio over Jupyter Notebook for Production Workflows;
   
   Even with its slightly more complex initial setup compared to Jupyter Notebooks, the advantages become significant when moving from exploration (Jupyter's strength) to reproducible, production-ready workflows (RStudio's strength).
   
   - Integrated Console, Source, Environment, and Files: RStudio offers a cohesive, four-pane layout that allows for seamless navigation between writing code, running commands, inspecting variables, and managing files/plots. Jupyter requires constant shifting between code cells and external tabs.
   - Superior Debugging Tools: RStudio includes a powerful, visual debugger that allows you to set breakpoints, step through code line-by-line, and inspect variable states directly in the environment pane. Jupyter's debugging is typically cell-based and less intuitive.
   - Native Project Management: RStudio Projects (.Rproj files) automatically manage the working directory and history. This makes it easy to switch between different analytical tasks without conflicts.
   - Integrated Environment Management (renv): RStudio integrates seamlessly with tools like renv (R Environment) to create isolated, reproducible R environments. This addresses dependency hell by ensuring the exact package versions used in development are used in production, which is crucial for data pipeline version control.
   - Quarto/R Markdown Integration: RStudio provides dedicated tools and buttons for easily compiling and rendering complex analytical documents (like your Quarto file) into HTML, PDF, or presentation slides.
   - Shiny Integration: RStudio is the native environment for developing Shiny web applications-interactive dashboards and tools that turn analysis into deployable products. Jupyter requires separate frameworks (like Dash or Streamlit) for similar deployment.
   - Focus on Scripting: RStudio's source editor is optimized for writing clean, structured R/Python scripts, which are preferred for building robust, scheduled pipeline components (like those managed by Airflow).
   - Code Chunk Execution (Quarto): Even when using Quarto, RStudio allows for superior navigation and execution of code chunks compared to the often sequential and state-dependent nature of Jupyter Notebook cells. ︎
8. knitr executes code in R Markdown (.Rmd) file by chunks or as a whole (typically by clicking the "Knit" button in RStudio or using rmarkdown::render() in R) ︎

15 Dec 2025 8:00am GMT

14 Dec 2025 3:48pm GMT

14 Dec 2025 8:16am GMT

Another busy week for me and Fedora infrastructure in general, and also the last working week of the year for me. I am out on vacation for the holidays and back 2026-01-12.

Of course I will be around and checking in for outages/urgent issues and working on things in the community that I find enjoyable.

( see: https://www.scrye.com/blogs/nirik/posts/2023/12/13/time-off-when-youre-paid-to-work-in-a-community/ )

13 Dec 2025 7:03pm GMT

Fedora 41 went End Of Life (EOL) on December 10, 2025. I have removed my Virtual Machines (VMs) for Fedora 41 and will be doing no further maintenance or builds for this release.

13 Dec 2025 2:46pm GMT

Your company just finished Series B. You have cash to spend. You have a great product with a Go stack that compiles to a single static binary.

Your engineering team spends 25% of their time securing that stack. You invest millions in infrastructure defense: Stateful firewalls, AI-augmented scanning, Red Teams, Blue Teams, and rigorous DevSecOps pipelines. You even partner with major cloud providers to ensure your supply chain is audited.

You are serious about security. You have built a fortress.

And then, to install your product, you tell enterprise customers to run this:

curl -fsSL https://my-really-cool-company.com/install.sh | sh

This single line undermines your entire security architecture.

12 Dec 2025 4:00pm GMT

Tengo rato pensando: "¿Qué más ahbrá en cunato a SSH y sus certificados, llaves y demás cosas?". El openssh tiene más que ofrecer, seguramente, que lo que usamos al día a día. Basta con echarte un clavado en los man pages del mismo y ver que así es.

La neta, son perros para manejar autenticación a escala, con expiración automática y políticas bien cabronas. En Fedora 43, con SELinux cuidándonos la espalda, es aún más seguro.

Esta guía completa es tu mapa (y el mío) para dominar los certificados SSH. Incluye comparaciones profundas, mejores prácticas de seguridad, tips de automatización y ejemplos extensos. Ya sea que estés asegurando un centro de datos o un laboratorio casero, esto te va a subir el nivel en cuanto a SSH se refiere.

ssh-keygen -t ed25519 -f ca_key -C "SSH CA para ejemplo.tld"

ssh-keygen -t rsa -b 8192 -f ca_key -C "SSH CA para ejemplo.tld"

ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -C "juan@ejemplo.tld"

ssh-keygen -s ca_key -I "juan@ejemplo.tld" -z 1 ~/.ssh/id_ed25519.pub

ssh-keygen -s ca_key -I "juan@ejemplo.tld" -n juan,respaldo -z 2 ~/.ssh/id_ed25519.pub

ssh-keygen -s ca_key -I "juan@ejemplo.tld" -n juan,respaldo -O no-port-forwarding -O no-agent-forwarding -z 3 ~/.ssh/id_ed25519.pub

ssh-keygen -s ca_key -I "juan@ejemplo.tld" -n juan,respaldo -O no-port-forwarding -O no-agent-forwarding -V +30d -z 4 ~/.ssh/id_ed25519.pub

ssh-keygen -s ca_key -I "respaldo@ejemplo.tld" -n respaldo -O force-command="/usr/bin/rsync --server --daemon" -V +1d -z 5 ~/.ssh/id_ed25519.pub

ssh-keygen -s ca_key.pub -D /usr/lib/opensc-pkcs11.so -I "juan@ejemplo.tld" -z 6 ~/.ssh/id_ed25519.pub

ssh-add ca_key
ssh-keygen -Us ca_key.pub -I "juan@ejemplo.tld" -z 7 ~/.ssh/id_ed25519.pub

12 Dec 2025 4:00pm GMT

12 Dec 2025 10:39am GMT

This article series takes a closer look at interesting projects that recently landed in Copr.

Copr is a build-system for anyone in the Fedora community. It hosts thousands of projects with a wide variety of purposes, targeting diverse groups of users. Some of them should never be installed by anyone, some are already transitioning into the official Fedora repositories, and others fall somewhere in between. Copr allows you to install third-party software not found in the standard Fedora repositories, try nightly versions of your dependencies, use patched builds of your favourite tools to support some non-standard use-cases, and experiment freely.

If you don't know how to enable a repository or if you are concerned about whether is it safe to use Copr, please consult the project documentation.

Vicinae

Vicinae is a fast application launcher written in C++/QT. Inspired by tool Raycast, it provides instant app and file search and clipboard history. It also includes built-in utilities such as a calculator and web search, along with support for extensions written in TypeScript. It is designed to be highly responsive and native for Wayland environment. Therefore, if you like keeping your hands on the keyboard or want a customizable, extensible launcher for your desktop, Vicinae may be worth trying.

Installation instructions

The repo currently provides vicinae for Fedora 42, 43, and Fedora Rawhide. To install it, use these commands:

sudo dnf copr enable scottames/vicinae
sudo dnf install vicinae

UZDoom

UZDoom is a modern DOOM source port that builds upon classic GZDoom engine, offering hardware-accelerated rendering, an updated scripting system, improved mod support, and high-quality audio playback. At the same time, it maintains compatibility with classic WAD files while making the experience smooth on current systems.

Whether you are playing the original episodes or diving into extensive mod packs, UZDoom offers a convenient way to enjoy them.

Installation instructions

The repo currently provides uzdoom for Fedora 42, 43, and Fedora Rawhide. To install it, use these commands:

sudo dnf copr enable nalika/uzdoom
sudo dnf install uzdoom

Plasma Panel Colorizer

Plasma Panel Colorizer is a widget for KDE Plasma that allows you to customize the panel's appearance. In addition, it offers options for background tinting, blur, custom opacity levels, shadows, floating panels, or themes that differ from the stock Plasma look. It also includes full blur support and is updated for Plasma 6, making it easy to adjust your panel exactly the way you want.

Installation instructions

The repo currently provides plasma-panel-colorizer for Fedora 42, 43, and Fedora Rawhide. To install it, use these commands:

sudo dnf copr enable peridot-augustus/plasma-panel-colorizer
sudo dnf install plasma-panel-colorizer

sfizz-ui

Sfizz-ui is the graphical interface for the sfizz sampler engine, which is an open-source player for SFZ instrument libraries. The UI provides an accessible way to load SFZ instruments, adjust parameters, and integrate the sampler into your workflow. It also includes plugin support such as LV2 and VST3, making it suitable for music creation in a Linux DAW environment.

For musicians, sound designers, or anyone using SFZ sample libraries, sfizz-ui offers a polished interface.

Installation instructions

The repo currently provides sfizz-ui for Fedora 41, 42, and 43. To install it, use these commands:

sudo dnf copr enable lexridge/sfizz-ui
sudo dnf install sfizz-ui

12 Dec 2025 8:00am GMT

11 Dec 2025 12:15pm GMT

10 Dec 2025 12:30pm GMT

LFX Insights is a handy platform from the Linux Foundation that provides a variety of data on open source projects. Among the statistics it reports is contributions outside of working hours. Some users reported errors with how this information is reported, which got me thinking about the value of this measure. The short version: there's very little value.

Why measure outside-of-working-hours contributions?

LFX Insights includes this measure as a signal of a project's sustainability. Projects that rely heavily on people making after hours contributions, the thinking goes, will have a harder time attracting and retaining contributors.

As a software consumer, you don't want your upstreams to suddenly disappear because that will present supply chain risks. It could mean vulnerabilities go unpatched. It could also mean that new features aren't added. Either way, this puts the onus on the project's users to carry the load.

As a project leader, you may be less concerned about whether or not a company downstream has to devote extra engineering time, but you probably do want your contributors to stick around anyway. Onboarding, mentoring, and growing contributors takes a lot of time and effort. You want to make sure people can stick around.

Why this measure fails

Despite the good intentions of measuring contributions outside working hours, the reality fails to deliver. There are some straightfoward reasons for this. Not everyone's working hours are the same. Not everyone's working hours are consistent. Some people use a different time zone on their computer. Not everyone's working days are the same. Holidays vary widely across countries and religions. People (hopefully) take time off.

Then there's the cultural mismatch. Linux Foundation projects are, to a first approximation, by companies for companies. The Linux Foundation is a 501(c)(6), not a charity, so it makes sense that it would view the world through a business lens. I don't fault them for that. LF project contributors are more likely to make contributions during the working day than contributors to a "hobbyist" project.

But that workday tendency doesn't necessarily mean people will stick around projects longer if the project is tied to their job. As the last few years have shown, tech sector layoffs can come for anyone at any time. If someone is only working on an open source project because it's part of their job, then when the job changes, they'll probably stop. People who work on an open source project for non-job reasons will likely stick around through job changes.

Thus one could argue that a project with a high degree of outside-working-hours contributions is more sustainable.

What to measure instead

If measuring contributions outside of working hours isn't helpful, what is? Focus on what you're worried about. Worried that everyone will disappear? Measure the activity over time. Worried that when a new vulnerability is discovered the lone maintainer will be backpacking through the Alps? Measure the spread of the contributions. Worried that the project doesn't have enough people to follow secure coding practices? Measure the security posture.

Of course, the best answer is to stop trying to measure sustainability and contribute to making the project more sustainable instead.

This post's featured photo by Joshua Olsen on Unsplash.

The post The do's and don'ts of measuring contributions "outside of working hours" appeared first on Duck Alignment Academy.

10 Dec 2025 12:00pm GMT

Generative AI systems are changing the way people interact with computers. MCP (model context protocol) is a way that enables LLMs to run commands and use tools to enable live, conversational interaction with systems. Using the new linux-mcp-server, let's walk through how you can talk with your Fedora system for understanding your system and getting help troubleshooting it!

Introduction

Large language models (LLMs) can be an invaluable tool when investigating an issue on a Linux system. However, this can involve a lot of copy/pasting of information from the Linux terminal into a web based interface to an LLM model.

The model context protocol (MCP) acts as a bridge, enabling LLMs to interact with external tools and data sources. The linux-mcp-server utilizes this protocol to give LLMs the ability to interact with a Fedora Linux system. Instead of you manually copying and pasting terminal output, the linux-mcp-server enables the LLM to directly query system information and log entries.

By enabling an LLM direct access to system information and logs, it is transformed into an active part of the investigation process when troubleshooting an issue. It empowers an LLM to directly query the system state, allowing it to help identify performance bottlenecks, and identify important log entries that might be missed by a manual review.

What is the model context protocol (MCP)?

Anthropic introduced MCP in November 2024 as an open standard for LLM tool use. This provides a way for LLMs to interact with outside systems and data sources.

Prior to MCP, there wasn't as strong a standard and ecosystem for LLM systems to call tools. LLMs were thus frequently limited to have only the information contained in their training. They were isolated from the outside world. For example, if you asked an LLM "what is the weather going to be next week", the LLM would respond with a message indicating that it doesn't know what the weather will be, as it doesn't have access to that information. MCP helps solve this problem by enabling a standardized way for an LLM to access an outside data source, such as the weather forecast.

At a high level, users can use an AI agent application, such as Goose (open source), or Claude Desktop, and specify which MCP servers they would like to use. The AI agent application informs the LLM that there are tools available via these MCP servers that can be used to help answer the requests from the user. The LLM model can then decide when to invoke these tools.

MCP is an open standard. You have the flexibility to use MCP servers, such as linux-mcp-server, with either open source-licensed LLM models, or hosted proprietary LLM models.

What is the linux-mcp-server?

The linux-mcp-server is a project started by Red Hat's RHEL Engineering team. It provides a number of tools that enable an LLM to query information from a Linux system, such as system info, service information and logs, process information, journald and other logs, network information, and storage and disk information. For a full list of the tools provided, refer to the project's Github page.

These tools, provided by linux-mcp-server, are focused on providing the LLM access to read-only information. In the future, we'll be exploring expanding past these read-only use cases.

The linux-mcp-server can be used to interact with the local Fedora Linux system that it is running on. It can also be used to interact with remote Fedora Linux systems over SSH. For example, if you have SSH key authentication setup with the remote systems, you could make a request to your AI agent application such as "Determine the current memory usage on the fedora1.example.com, fedora2.example.com, and fedora3.example.com servers".

Prerequisites

The main components needed are an AI agent application, access to LLM model inference, and the linux-mcp-server.

There are a number of options for the AI agent application, both open source and proprietary. An example of an open source AI agent is Goose, which provides an RPM that can be installed on Fedora.

There are several LLM model inference options, ranging from locally hosted open source models, to proprietary hosted LLM models. If hosting a model locally, you generally need to have GPU/accelerator hardware available. Open source tools that can be used to locally host LLM models include RamaLama, llama.cpp, and Ollama. There are a number of open source LLM models capable of tool calling. These include models such as gpt-oss-20b and Granite 4 small.

Once you've installed your preferred AI agent application, the next step is to install the linux-mcp-server and configure your AI agent application to use it. The linux-mcp-server Github page includes installation instructions, and configuration details for Goose and Claude Desktop.

Use cases for linux-mcp-server

Dear Fedora, why are you so slow today?

Has this happened to you? Time to hop on a call and give a demo. You're pumped. It's your go-time aaaaand… your system starts lagging. Folks on the call say your video is choppy or they can't understand you. OH NO.

You've got to assess what's up, quickly. Run `top`, check `dmesg`, check your network connection (read the man page for `netstat` because you can't remember the flag you want), check `journalctl`, cross-reference what you're seeing, then start killing processes, restarting services, reloading kernel modules willy-nilly based on hastily-crafted theories, see if it improves…

This is a case where you could actually ask the system to tell you why it's slow and give it the ability to do the analysis via linux-mcp-tools. The LLM you connect with won't just run the commands through the MCP server; it will understand what the numbers it gets means in context and be able to explain in human terms.

So let's start working with a relatively new laptop. It's a Thinkpad T14S with the AMD Ryzen AI Pro 7 ( Ryzen AI 360 chip.) Recently one of the wifi networks it must connect to regularly was upgraded. It now has issues with the network connection stability. So let's talk to Goose + gpt-oss:20b + linux-mcp-server about it. Here's the initial prompt I used:

My Wifi doesn't work very well. It cuts out after a few minutes. Help me fix it. Can you find the error messages in the system logs and diagnose the problem?

It responded with the following:

I'll help you diagnose your WiFi connectivity issues by examining the system logs for error messages related to your network interfaces and wireless connectivity. Let me start by gathering information about your system and checking the relevant logs.

It then made a series of tool calls, including Get System Information, Get Network Interfaces, Get Journal Logs, Get Hardware Information, Get Service Status service_name:NetworkManager, Get Service Status service_name:wpa_supplicant, Read Log File. The result was this analysis, which is the actual problem I was hoping it could find!

Not too bad an analysis and set of debugging steps! I'll follow up in the comments and let you know if the solution works.

Where'd my disk space go, Fedora?

Trawling through `du` on the command line, converting the numbers in your head, sorting them - it can be tedious. We even have graphical tools like `baobab`, but it takes time to load in the results and explore the data. And sometimes you might have questions it can't answer in terms of the risk of deleting a specific directory, or the age of a specific file. It's easier to be sloppy and just let the disk fill up. But there comes a time where that is no longer an option.

You can ask the system using the linux-mcp-server to analyze your disk usage, give you a hitlist of the top space-eating places on the file system, and give you advice with a risk analysis of how to clean it up.

Here's my prompt:

I need help analyzing disk usage on my system. Can you:

1. Show me the current disk usage across all filesystems using get_disk_usage
2. Use list_directories_by_size to show me the 10 largest directories (this will help identify where disk space is being consumed)
3. Check if there are any large log files consuming space using get_journal_logs or read_log_file
4. Review running processes with list_processes to see if any are consuming excessive resources or creating temporary files

After gathering this information, help me identify potential space-saving opportunities and assess the safety of cleaning up specific directories. Please don't only examine top-level directories. I want you to go deep if needed to find out where the largest files are!

I ran this prompt on my Fedora 42 system using linux-mcp-server with Goose connected to locally-served gpt-oss:20b, and here's the output I got:

gio trash --empty

podman system prune -a   # or docker system prune -a

pnpm store prune         # if pnpm is installed

pip cache purge          # for Python

virtualenv --clean       # optional

du -h --max-depth=1 ~/duffy/.local/share/containers

Upgrade planning

So you may have noticed a little detail above - the system is a Fedora 42 system… and Fedora 43's been out a month now! So, time to upgrade.

This example shows where we have some tools missing from the set provided in the linux-mcp-server. We're including it for two reasons:

• So you can see how this works manually
  You can see that even when specific tools you might not need are available in the MCP server, you can have the response give you instructions on commands to run on your own, and copy/paste the command output back into your chat to get analysis alongside the data the system is able to pull via the MCP tool calls;
• To encourage you to submit additional tools to our project!
  We would love your additions to the project! Here's where to get started: https://github.com/rhel-lightspeed/linux-mcp-server/blob/main/docs/CONTRIBUTING.md

Here's the prompt I started with, with the same Goose + gpt-oss:20b + linux-mcp-server combination:

You are a Linux system administrator assistant analyzing a Fedora system for upgrade readiness.

TASK: Examine this Fedora 42 system and provide a comprehensive upgrade readiness report for Fedora 43.

ANALYSIS CHECKLIST:
1. Check current Fedora version: cat /etc/fedora-release
2. Review system updates status: dnf check-update
3. Identify third-party repositories: dnf repolist
4. List installed packages from non-Fedora repos: dnf list installed | grep -v @fedora
5. Check for broken dependencies: dnf check
6. Review disk space on root partition: df -h /
7. Check for unsupported or deprecated packages
8. Identify custom kernel modules: lsmod | grep -v "^Module"
9. Review SELinux status: sestatus
10. Check for pending system updates: dnf upgrade --refresh --assumeno

REPORT FORMAT:

# Fedora 43 Upgrade Readiness Report

## Current System Status
- Fedora version: [version]
- Kernel: [kernel version]
- Updates status: [current/outdated]

## Potential Issues
[List blocking issues with HIGH/MEDIUM/LOW severity]

## Third-Party Software
[List non-Fedora packages that may need attention]

## Recommendations
[Specific pre-upgrade steps needed]

## Overall Readiness: [READY/NEEDS ATTENTION/NOT READY]
Run the necessary commands and provide this analysis. Be specific about any issues found and give actionable recommendations.

Now, right away the model came back to me to complain it doesn't have access to `dnf`, `cat`, etc. And that's expected here. What it did was give me a list of homework to run for it to complete the analysis… for example, `dnf check-update` and `cat /etc/fedora-release`. I had a little back and forth in Goose with the model where it would ask me to run a command and I'd copy the output into the context. This resulted, finally, in the following report:

sudo dnf check

sudo dnf repolist

dnf list installed | grep -v @fedora

Give it a try, let us know what you think!

You can see from these few examples that tool calling with LLMs is a valuable tool for troubleshooting Linux systems. We could use your help building this and making it awesome! How can you help?

• Give it a try, let us know what you think, file any bugs you find, and let us know what tools are missing that you could use! You can respond in the comments here, file a bug, or chat with us on Fedora matrix.
• We're primarily working with Goose as our client, but if you have another preferred client and want to help us support it better, we'd love to work with you!
• Get involved in the linux-mcp-project generally, we'd love to see your PRs!
• Let us know what you'd like to see in the future. What workflows would you like to see supported? How do you see this making your Fedora or overall Linux experience better? What larger workflows do you see this plugging into?

Join us upstream at https://github.com/rhel-lightspeed/linux-mcp-server! And come chat with us in the Fedora AI/ML SIG chat room on Matrix!

10 Dec 2025 8:00am GMT

10 Dec 2025 7:00am GMT

10 Dec 2025 5:00am GMT