LINUX Unplugged - 309: The Future is Open
Episode Date: July 10, 2019Open Source has taken over the world, as IBM's purchase of Red Hat closes. We reflect on this historic moment. Plus Mozilla's been labeled an Internet Villian, we deep dive into the tech behind all th...e controversy and how you can self-host secure DNS. Special Guests: Alex Kretzschmar, Brent Gervais, and Drew DeVore.
Transcript
Discussion (0)
I think you should see this.
It's just a kid.
This is a G chord.
He's learning, absorbing.
He's getting smarter every day.
Homo habilis was the first to use tools.
A player who makes a team great is more valuable than a great player.
Losing yourself in the group for the good of the group, that's teamwork.
It's happening fast.
We've always watched the stars. If you look at the sky, you can see the beginning of the group. That's teamwork. It's happening fast. We've always watched the stars.
If you look at the sky, you can see
the beginning of time.
Collecting data
is only the first step toward wisdom.
But sharing data is the first
step toward community.
Poetry. There's not much
glory in poetry. Only achievement.
Knowledge and education. What he learns, we all learn. What he knows, we all benefit from.
One little thing can solve an incredibly complex problem. Everything's about timing, kid.
This is business. Faster, better, cheaper. Constant improvement.
So, you want to fly, huh?
Wind speed, thrust. It's physics. an improvement so you want to fly huh wind speed thrust is physics
does he have a name his name His name is Chris. My name is Wes. It's a big day today, Wes. Huge!
Yeah, we'll get into some of that in the news.
Plus, Mozilla has been labeled a villain.
Villainy!
For supporting DNS over HTTPS.
We're going to talk about DNS today in a way that I hope is approachable to everyone and talk about some ways you can implement some of these own solutions
that can be very advantageous, have a lot of benefits, and we'll tell you also what the possible downsides are and what
has everybody so upset. Plus, we have some feedback, some great picks, but before we
get to any of that, we've got to say hello to everybody who's joining us today. Hello
to Cheese, Alex, Andrew. Guys, good to have you here.
Hey.
Hey.
Hello.
How's it going?
Hello. We have a panel of experts today, really. But as always,
we're like staffed by what I would consider to be a council of internet experts. Time appropriate
greetings, Mumble Room. Hello. You know, on the pre-show, we were talking about how great it is
that we have like a multi-year lug going now here. And we meet every single week.
It's so cool.
And then when you join our lug,
you get to be part of the conversation in a show that is...
All you have to do is show up,
and you're a co-host with us right here on air.
There's a few people that listen to the show,
and you can be part of that.
And there's also our chat room that goes along
while we do the show at irc.geekshed.net
pound jupiterbroadcasting.
And all of our live times
over at jupiterbroadcasting.com slash calendar.
I bring all of that up to point out that we won't be here live next week.
We will have an episode.
I'm super excited, though, Wes, because last night I made the plunge to switch to Evolution.
Wow, this is, you know...
Did you see this one coming?
No, because it's been months, and I thought you would kind of quietly forsaken desktop email on Linux.
Oh, for sure.
You just moved to mobile devices, and that's fine.
I'm a web email guy myself.
Oh, yeah, yeah.
Evolution.
Tell me about it.
I've been quietly struggling with MailSpring.
It's a decent, it's an electron-based mail application that ties in pretty good with Google Apps,
which is now I've got like a couple of Google Apps accounts.
Oh, so many, yeah.
And that's been nice.
But the other day I opened it up and it lost its entire config.
The JSON file just totally messed up.
You do not have a high tolerance for events like that, I would say.
And you have a few emails.
Yeah, so I message Wimpy and I'm like, okay, you and I, he understands my email plight.
Like he knows my struggle. I'm like, Wimpy, I know you were using, you and I, he understands my email plight. Like he knows my
struggle. I'm like, Wimpy, I know you were using MailSpring. This just happened to me. This line
no farther. The line must be drawn here. And then what are your email secrets? And he says, you know
what I'm doing? He says, a bit ago, I switched to Evolution. And I like it so much that we're moving Ubuntu Mate,
that direction, off of Thunderbird to Evolution.
And I'm like, Revolution?
I used that like...
Ages ago.
Maybe seven, eight, nine years ago.
I mean, it's been a really long time.
It was during the era of Exchange 5.5,
maybe the next revision up.
And I just hadn't gone back
and I'll tell you Wes
I installed it via Flatpak
and the setup to connect to a Google Apps account
felt very old school
like I had to put smtp.gmail.com
full details, no fancy little graphical icon
oh you've got a Google account, let me fill everything out for you
like everything else does now.
None of that.
But it does, once you set all that up, it's like, oh, this is a Google account.
Oh, well, let me import your calendars for you.
And it actually does that really, really well.
Once you just Google search, hey, what are your mail, you know, IMAP and SMTP stuff,
underneath all of it, Evolution knows it's talking to Google.
See, that's smart.
And Calendar's probably the next most important thing, right?
I am very happy with the results.
I plugged three of my large,
just as an example,
today, my Jupyter Broadcasting email account
has 14,000 unread emails in it.
I was going to say, yeah, you should explain.
You're working at a little bit of scale.
And I re-email every single day.
I try to keep on top of it.
And it's just like,
and Evolution just handled it. I had to download and stuff. I had to give it time. It's handling it a little bit. And I re-email every single day. I try to keep on top of it. And it's just like an evolution.
I had to download and stuff.
I had to give it time.
It's handling it like a champ.
How do you feel about the interface these days?
Not bad.
You know, I had to fix it.
I had to fix it.
What I discovered is Flatpaks won't use your system theme
unless you install...
On Flathub, there's like all the fairly well-known gnome themes oh so do you have
to go install it so you can kind of connect to that ecosystem exactly so i installed the like
the a flat pack for arc dark no oh well there you go and now all my gtk flat pack apps once i launched
them again all got arc dark so it worked out now i love the interface because it it's flat it's
modern it's working it's fast it it feels fast compared. So evolution used to feel
slow to me. Like evolution used to be what I considered to be a slow application. But my,
that baseline has changed with Electron, my friend. When you have a mail application that has
70,000 emails in it or something like that, like it really chugs. And you need, in my opinion,
you just need a native application. Wow, yeah, you're excited about
a native desktop
Linux application. I love it.
No, it's great. Honestly, I'm installing it from
Flathub right now.
Because why not? Especially,
I mean, it's flat-packed. That's
fantastic. It's easy to try.
And it's classic open source software.
Yeah, you do end up,
turn the enchantment points out, you do end up having to install a theme twice. Once, you do end up, Tertia and Chapman points out,
you do end up having to install a theme twice.
One is once, you know,
the actual system and one is a flatback.
That is a little weird, I suppose.
But today, today is the big day.
Like we've all been kind of holding our breath.
I think some of us kind of were thinking
maybe it wouldn't happen.
And there was a crack in the armor in Brazil
when the regulators did not approve the IBM and Red Hat acquisition.
Nervous little moment. But today, at least
everywhere else, including the United States, Red Hat's
acquisition by IBM has closed. They have tweeted out
this morning that Red Hat will remain independent and neutral to give customers
freedom. And they've
released a video of IBM and Red Hatters talking together to show their commonality.
So you just kind of just keep looking at me the whole time. And then we just kind of chit chat
back and forth about it. But I think that there is a lot of really great affinity between IBMers
and Red Hatters. Each one of our stories is different.
I think I was probably always destined to be an engineer.
And actually, initially I was very much into math, so I was really curious, like, how do
you go about building systems?
People like us, that when we see something, we want to take it apart and see how we're
from the inside.
Some of us got our start at an early age.
I mean, I don't really remember a time
where I wasn't interested in technology. And I actually learned how to read playing text parser
adventure games. My father rescued a Commodore PET from the garbage. Shortly thereafter, he
purchased this book for me, which was Beginning Basics. And I was like, this is it.
And the video continues on for a bit.
I'll have a link in the show notes if you want to watch the entire thing.
It's a cut of some fairly well-known Red Hatters
and some not-so-well-known IBMers talking about their common interests, I suppose.
Yeah, right.
You've got some distinct cultures working just a little bit closer together now.
The one message that has been so, so super clear,
it was crystal clear at Red Hat Summit.
It has been really clear since the communication.
They have doubled down in every possible meaning of the word
on the fact that IBM is going to remain independent.
So much so now that everyone in the world will be watching
to see if that actually is the case.
Yeah, right.
Yeah, IBM's kind of just saying, all right, keep doing what you're doing, Red Hat.
Make a whole bunch of money, and we have easy ways to work with you when we want
to resell your stuff. Oh, and by the way, OpenShift all the things. Of course.
OpenShift all the things. Do you have any thoughts on that, Alex? I know you have to trade carefully here, but do you have any thoughts
on OpenShift seems to be a key part of both IBM and Red Hat's future
strategy? It absolutely is.
The acquisition is all about the hybrid cloud and making OpenShift into the next realm.
So I'm cautiously optimistic.
I really hope that they maintain the culture that Red Hat currently has.
I love it.
I think it's great.
It's very open.
There are a lot of opinionated people working at Red Hat
and that's what makes the company what it is.
So leave it alone, leave it as it is
and I think they have a good chance of succeeding.
I hope so.
And I think, so OpenShift does seem to be like,
it's a pretty good strategy.
How do we encapsulate what OpenShift is
in a way for the audience that doesn't follow it
in like a really quick elevator pitch?
Pretend I don't want to buy anything.
It's an enterprise distro of Kubernetes.
Yeah, with surprise, surprise
rel sort of at the core of it.
When you think about it, Red Hat has this history of taking
open source components, contributing to them, building
on them, and then packaging it up for
real world applications.
Yeah, I mean it's Red Hat recognizing
the significant role that Kubernetes is playing
in the industry now, which is a trend we've been watching, but more on that later.
So here it is. It's done. It is complete. And now we just wait and see. I kind of take them
at their word from a overall global market strategy, where I'm watching very cautiously
is at the projects that make the Linux desktop so much better.
Things like Network Manager and Bolt
and a lot of the GNOME stack itself.
The things that feel a little far away from RHEL server boxes.
One point on GNOME, though,
is that RHEL ships with GNOME as the default desktop these days.
And then that includes Pulse and a bunch of other low-level system things.
So I don't think it's all that bad, necessarily.
That's my hope, is that because those things do play a part in RHEL, that they're safe.
And I suppose that'll be part of the test, too, right?
If they really do treat it as an independent agent, and Red Hat,
I mean, obviously they've been comfortable with that expense on their books. They're happy with
that contribution. It's kind of a test of, you know, that seems like something a legacy company
might like to look at the line item and be like, well, what's the value here? That's not how Red
Hat operates. That's why we like Red Hat. See if it keeps going. That'll be the area that I think
we watch the most. The industry will watch like a lot of their sales tactics and for layoffs and things like that.
I'm going to watch for contributions to projects
that don't seem like they necessarily immediately benefit the bottom line,
and Red Hat's at the center of a lot of that.
In fact, it's one of the stories I wish we told a little more here on the network,
but it is what it is, and so we'll be watching.
Do you think that this maybe frees up Red Hat to some degree to so that they don't have to worry about the money and they can kind of rely on IBM to guide them through the market saying that within two years, Red Hat plans to be
on the positive side of growth again after the acquisition and all this sort of stuff.
You know, I think maybe IBM's just kind of playing that part of it.
Maybe. Maybe. So there's some acquisitions where the acquisition is all cash. And there's some acquisitions where the purchasing
company borrows like almost 30 to 40% of the capital. That's the situation we find ourselves
in with the IBM and Red Hat acquisition. And so for that to pay off, when you consider the interest
rate on the money that they had to loan to buy Red Hat,
the back of the napkin comments, math like on Hacker News and whatnot,
suggested that interest rate alone, again, this is just what people say on the internet,
could be $700 million.
So there is a bit of a pressure to produce, to grow and continue to grow.
Red Hat's on that trajectory already.
So it's a safe bet that that's going to be what happens.
Yes, but even if kind of unspoken,
it's definitely sitting there.
But in the next two years,
Fuchsia could launch and disrupt the entire Linux market.
Stay tuned for the next episode of Fuchsia Unplugged.
Yeah, we'll have Fuchsia Today here
where we cover daily Fuchsia developments.
But, you know, something could come along
and disrupt the market, but it's very unlikely.
I think it's a safe bet that IBM's
making here, but they do need it to pay off.
I don't think, to answer your question
specifically, I don't think it means
they can coast and just afford to
spend money on things now. I think
it means they need to actually produce
to pay off. Right, this is not like some large company buying some small startup as a bet to see if it really
does well. This is a serious strategic move for IBM.
Quite literally, one of the, perhaps the largest software acquisition ever.
Does this mean that open source has won then?
Yeah, I think it means that open source technologies on cloud infrastructure and server infrastructure
and on the back end for developers has won,
and that's where the money is.
I mean, Microsoft made a ton of money
for a long time that way too.
What a wild, wild, wild, wild 2019.
We're going to do a special next week
that is a reflection on what all has happened in 2019 so
far and see if it was in line with where we thought things
are going. Because honestly, I mean, so much. We kind
of just need to take a little break and assess.
Otherwise, I'm going to not be able to keep
track of it for the end of the year. It's remarkable.
So we've had our
quote, research team on it
doing the research, but also the
team here on the show has just been like, well, let's
think about this ourselves here.
And we look back at 2019 already.
Holy crap.
Holy crap.
Well, this might not be on like anyone's list for major events, but it's still something
people are talking about.
Canonical's GitHub account was hacked this week.
Uh-oh.
It appears a hacker was essentially just creating empty repos, it looks like, like just scurrying around.
Nothing actually really got messed with, and of course, I think all of the actual jewels are on launchpad.
Yeah, that was the first statement I really was, don't worry, this isn't where we keep things, it's mostly just a mirror.
Didn't prevent certain pundits from claiming that Canonical needs to throw everything out and start all over again.
I can't believe the crap I see.
and start all over again.
I can't believe the crap I see.
It is a good time for a security review,
and before he found out about it,
Coder Radio host Michael Dominick was just pointing out to me
how important it is to have your two-factor auth set up
for things like this.
Yeah, what happens is some contributor
somewhere in the chain
might accidentally commit their credentials to something,
and then somebody sees it
because there's lots of scrapers to find that kind of stuff.
And it doesn't take, like, a nation state.
It doesn't take an expert.
It just takes somebody who can run a script
that finds and scrapes, and then they can log in.
That's all that happened here.
But Canonical did release a statement
saying that they can confirm that on 2019,
on 7-6 of 2019, there was a Canonical-owned account on GitHub
whose credentials were compromised and used to create repositories
and issues among other activities.
Canonical has removed the compromised account from the organization in GitHub
and is still investigating the extent of the breach,
but there's no indication that anything for the Ubuntu distribution
at all
has been affected by this
because, again,
infrastructure for that
is on Launchpad.
They plan to post
a public update
after the investigation
that was on July 6th.
Have you heard anything more?
No, not yet, but...
I haven't heard anything either.
We'll have to stay tuned for that.
Yeah, that was just
a couple of days ago.
A lot of people
talking about it, though.
Well, I mean,
it is big news,
and it's not an event you'll like to see,
even if this time, you know, the outcomes
were pretty good, comparatively.
Yeah. I guess
in this case, yay, Launchpad?
Yeah, I suppose so.
But, right, I mean, like, if it
did happen on GitHub, maybe that's a consequence of
them not really using it. You know, it's not their source
of truth, so they're less concerned about it.
But it's just a breach of good practice.
Yeah, my understanding of the nature of the breach
was it was a contributor who made an accident, a mistake.
And when you have a big organization,
that's just, it's a thing that can happen.
And perhaps a lack of two-factor here played a role, you know.
I'm sure they know that, though.
We don't need to tell them how to do it.
So let's talk about the Raspberry Pi,
because that also made big news recently.
And there has been some wonkiness
with the Raspberry Pi power source.
I got to say, Joe Rez, right here.
I don't know if you've heard of this guy.
Oh, yeah.
Joe Rezinton?
He's a fantastic podcaster, yeah.
Yeah, he's new.
What kind of upstart?
Yeah, I just tuned into his Late Night Linux podcast podcast yeah first time ever listened to it in my life and um he seems to be really on top of
this raspberry pi stuff yeah he also has this uh podcast called linux action news um what do they
like cover sort of relevant news stories in a quick and timely format it's it's not i can't
watch their faces talking to a large microphone on YouTube, so it's not for me. But my understanding is they recently reviewed the Raspberry Pi 4.
That's my understanding.
Got their hands on it and everything.
I came across it because he was one of these guys
who was bellyaching early on on Twitter
about the heat issues of the Raspberry Pi.
And then later on was bellyaching about the weird charger
and how you can't just use any old USB-C.
And I didn't know who this guy is.
He seemed like a real grouch.
So I started following him. And lo and behold, it appears that the Raspberry Pi
folks have admitted to a faulty USB-C design on the Raspberry Pi 4. And this Joe guy must have
called it. I just can't even with this. And maybe a fix will be inbound, but it may have to be a
hardware fix. This is being detailed by Tyler Ward. The Raspberry Pi 4 has a non-compliant
USB-C charging port and doesn't work with many chargers as it should. Thanks to the open nature
of the Raspberry Pi, Ward was able to discover that the Raspberry Pi didn't design its USB-C port
correctly. And as you know, Chris, USB-C, well, just a little bit complicated.
In this case, two CC pins on the USB-C port itself are supposed to each get their own 5.1 kilohm resistor.
The design this latest Pi used, well, they used their own custom design that, I mean, one upside was it allowed them to share a single resistor.
Oh, good. But this is not a compliant design and therefore breaks compatibility
with some of the more powerful USB-C chargers out there.
So there you are sitting with your Pi
and you've got this great, you know,
really nice, like, say, laptop charger
that I have for my laptop I'd like to be able to use.
Yeah, you can't.
Because whether your USB-C charger works with the Pi 4
has to do with whether it uses
what's known as an eMarked cable.
eMarked cables are fully featured USB-C cables with chips inside that negotiate power management,
accessory modes, data rates, and other communication specs.
So like this chip must detect something's not right and not supply the correct amount of power?
Yeah, right. So since the Pi 4 USB-C port is wired incorrectly,
these smart cables basically just say,
this is an audio adapter accessory.
That's what it gets classified as.
And then it just refuses to charge them because it says,
this is not standard. It's just not going to work.
So those are more expensive and they come with stuff like laptops.
That's where you're mostly going to see them.
Dang it. I mean, like USB-C was already complicated enough.
I really liked the words from benson leong
an engineer at google and the usbc guy yeah the usbc guy yeah exactly and he he titled this snarky
post over at medium how to design a proper usbc power sync hint not the way raspberry pi 4 did it
oh ouch instead of trying to come up with some clever circuit, hardware designers should simply copy the figure from the USB-C spec exactly.
Strong words.
Yeah, you know, this reminds me of the Nintendo Switch.
Also, it doesn't have a standard USB-C charging implementation and is a little wonky.
You've got to be careful when you plug USB-C into the Switch.
Well, as these reports started to pop around on the Internet,
Eben has admitted that, yep, it does appear that this is an issue,
and I like this quote.
How about this?
I expect this will be fixed in a future board revision.
I've already bought mine.
Lucky me.
But for now, users will need to apply one of the suggested workarounds.
It's, quote, surprising this didn't show up in our quite extensive field testing program.
Thanks, beta testers!
You screwed me!
They just used probably the cable that it came with, I guess, huh?
That must be it. You know, I wonder, so we were surprised
about this, right? We're all like, whoa,
a new Pi just dropped? Is this a sign
it was rushed? Or was this just
slow and they missed it?
Felt like they could customize, save some money,
be clever, and it backfired.
I think that's part of it.
Let's use USB-C because we can do our own implementation
and be clever.
By the way, that suggested workaround?
Just use their charger.
That's their suggested workaround.
So beware, if you buy a Pi 4,
make sure you get the right kind of charger for it.
And that's not that big of a deal.
Or wait for the next board revision, maybe.
Yeah, and maybe you'll get 8 gigs, too.
Although they say that was now a typo in the manual.
Typo.
Typo.
I accidentally typed in 8 gigabytes.
That was also not caught in their extensive copy editing.
I accidentally typed in 8 gigabytes, and the board accidentally supports up to 16 gigabytes
accidentally.
Yeah.
And I think eight gigabytes was on its own line underneath everything else too.
Well, all right, there you have it.
So I'll let you know when I get my Raspberry Pi 4, I'm going to, I'm going to, I think
I'm going to put Ubuntu Monte on there.
I don't know.
I should have Squimpy first, but I'm going to put Ubuntu Monte on there. I don't know. I should have Squimpy first.
But I'm going to give it a go as a desktop.
It seems actually like, I mean, this is going to be the best one yet for it, right?
As long as you can stand the heat.
Oh, yeah.
Well, I think in a month or two, there's going to be more than one or two third-party CPU coolers.
You know they're coming.
Oh, yeah.
With fans.
There'll be air ones.
And somebody ought to take a bet right now.
In the audience, somebody should get, like, a website set up with a pool.
You know there's going to be a water-cooling YouTube video for the Raspberry Pi 4.
It's just in a matter of days. So is it 30 days?
Is it 15 days?
Is it 5 days?
There's a bet to be had there.
Somebody could win some Dogecoin.
In the meantime, let's talk about a brand new version of
Firefox, which I'm all about.
I wouldn't normally mention an individual
release other than this one has
such a killer feature. It's such a
small thing, but I just wanted to let you all know about it.
It's now possible
to get dark mode in the reader view.
I was hoping this is what you were going to say.
I actually installed Firefox 68
right before we went live doing this show.
Try it out, this new dark mode, and it's fantastic.
Also, just props to Firefox for continuing to develop their fantastic reader mode,
which I think is the best of the lot.
One of the best things about using it on the desktop.
Also, you and I are both in agreement now that it renders pages faster than Chrome.
It is snappy.
I feel like the UI might be a little leggier than Chrome,
but I feel like the page rendering
is significantly faster.
I like that they added a feature where
you actually have to interact with a page before
they can prompt you for notifications, so it's not
just like right there already prompting
you for notifications, and you can
disable having that at all.
Wait a minute, that's in 68?
I believe so.
Shut up. That is great, wait a minute, that's in 68? I believe so.
Shut up.
That is great, Wes.
Oh, man, those notifications.
You know, I don't see it on this page, but.
You're right, I don't see it on this page either,
the one we have in the show notes.
But I'm going to look for that because between the cookie notification and the I want to send you notifications and oh, by the way,
can I have your location stuff?
And then they have some pop-up about their newsletter.
I'm about done with the web.
You know, I'd like your microphone so you can chat with a Jupyter Broadcasting representative
to find the right podcast for you.
Hey, we should probably implement that.
Let's do that real quick.
Yeah, so also just a side note, we've talked about this more extensively on Linux Action News,
including where this is going, but Firefox 69, the next release, will be the final version on Android that has extensions and add-on support.
Oh, that's a big change. on where Mozilla is taking that, which actually long-term is a good direction in Linux action news.
But I don't want to make the whole show about Firefox.
I am getting very excited about it, though.
I'm happy to say I've switched back.
I'm very happy with it.
I'm now using Firefox as my primary
and Chrome as my secondary, which was the opposite.
Yeah, kind of Chrome is, if I can get away with it,
just sort of the media one, you know?
I use it for the Chromecast stuff and sort of the media one, you know.
I use it for the Chromecast stuff and some of the DRM stuff maybe, right, if you have to.
Chromecast and just a couple of
other things that work better in Chrome
and that's pretty much it. But
all my day-to-day stuff is in
Firefox and I'm very happy with it. Very happy
with the sync, very happy with all of it.
And happy in the direction Mozilla is going in general
these days.
I'm cautiously optimistic they're going to take this services stuff
and turn it into a way to fund a good web browser
that has a positive impact on the web.
We'll see if that's the case.
I know, I almost just want to just sort of buy it for a while
for that reason alone and also get the benefit of trying it out.
I want them off the search sauce.
I don't want them hooked to that search sauce.
They're valuable and it'd be nice to have them be able to stick around
and know that they have secure funding.
Just a couple of things in the old housekeeping this week.
First of all, we have a link in the show notes.
You'll have to dig a little bit because it'll be a little bit down.
But we have a Google form to ask for you to submit,
I think it's what, four questions?
I'll pull it up right here because I didn't actually pull it think it's what, uh, four questions. I'll pull it up right here
because I didn't actually pull it up. Yeah. Four questions. One, well, one question. Yeah. Four
answers. Yeah. Oh, right. All right. So let me back up. So on the whole, Oh, cheesy. Did you
make these graphics too? I just saw this. I just saw this. That's a, that's beautiful. Um, so on
the Friday stream, we play who Wants to Be a Millionaire
and give away some games to people that are in the chat room.
That's one great reason to show up live.
And generally, we've just been doing typical trivia.
But we've decided to step it up and do Linux trivia
and open source and free software trivia.
Doing it right.
And in this game, you need a kind of like easy question,
medium question, and a hard question.
It's actually got a scale of like zero to four-ish.
That's the largest I've seen in the set.
I'm not sure what the maximum really is.
Yeah, yeah.
So you set a difficulty, but we have a form right now where you can ask a question that the contestant would then be asked.
And they provide us with the correct answer and then a few wrong answers that sound right enough that they could be it to make it challenging.
Am I making sense?
Absolutely.
Yeah, so we have the Linux Millionaire form.
We'll have linked in the show notes.
And essentially our ask here is,
we'd like to crowdsource some of these questions that we can ask,
and we could use these on live streams and all kinds of things,
to kind of quiz people, like Linux trivia, history stuff.
I like that we'll have this set up ready to go.
That's fantastic.
And we'll have a link in the show notes.
I feel like I'm doing a horrible job explaining it.
But I'm very excited about the potential.
It's Linux Who Wants to Be a Millionaire live on Fridays.
Yeah.
And we need your help.
Help us out.
You've got great Linux knowledge.
Get some stumpers in there,
because we want questions that would make even people who
have been using Linux a while think.
But do be aware of what difficulty you put, because we want the easy ones to be easy enough.
You've got to have some $100 questions.
What happened to poor cheese on this Friday episode?
I know.
We won't talk about that.
Don't even.
Cheesy.
Don't even give me stories.
Cheesy.
I did include a dime question, though.
We need some $1,000 questions and $100 questions,
but we also need like $32,000, $64,000.
You've been reading LWN for the past 10 years.
Yeah.
Yeah, there's some.
Yeah.
All right.
Would you say that Cheese had a hard dime of it on Friday?
No.
Nope.
Wouldn't say that, actually.
It was funny, even if it was wrong.
It was still funny.
All right.
All right, moving on.
Moving on.
Link in the show notes for that.
We have a bunch of updates to cover now.
Linux Academy is doing new positions.
They have new content launching,
so I encourage you to check out links in our show notes for that as well.
A new DevOps professional certification exam has just been updated
with a new emphasis on the developer tool suite.
If you don't know what that is either,
probably worth checking out the links in the show notes.
They have 28 job openings currently,
at least the last time I checked.
That is crazy.
A lot of those positions are remote,
full-time, full benefits.
Check that out.
Some of them are local too in town.
And then a couple more things
our study group understanding burnout went live on youtube a few days ago and it's really good
if this is something you're struggling with you guys know this is something i've struggled with
and do you work hard i mean are you a person who has a job well then you probably have struggled
with this i can tell you this. It sneaks up on you.
And there's some really good stuff.
Hayden? Is it Hayden?
I hate it when I get it wrong. Major Hayden.
Major Hayden from Red Hat. I got it wrong once
and now I'm like, it's like a dog that gets
scared by fireworks. I got it wrong once.
So Major Hayden joins L, and it's
Major Hayden from Red Hat. And it's really, really,
really good. And then, last but not least Red Hat, and it's really, really, really good.
And then, last but not least, if you need to learn up on AWS, on July 31st, we're kicking off another round of totally free study groups.
It's something we do kind of off-air with the community to help people learn up and pass the AWS Cloud Practitioner Exam.
That's coming up soon. Details at meetup.com slash jupiterbroadcasting.
Speaking of the job market, our friends over at System76 are also hiring.
Emma is looking for customer service techs to join her happiness team,
and she has details on her Twitter page.
I'm imagining they have a link, too, that you could probably check out. I assume you have to be able to tolerate pink at least a little bit.
But other than that, it seems like a fantastic place to work.
Yeah.
So check out Emma's
tweet. We have a link in the show notes. If you're in their area, go work. Emma would make an awesome
boss. Oh, yeah, she really would. That would be awesome. And let me tell you, that's a fun group
to work with, too. So that would be a great gig. If you want to get out there and do a little
customer service support in the greater Denver area, check out a link in the show notes for that. We're trying to get people hired. That's the thing we've been doing.
Like an employee discount, one of those sweet. Yeah, you do. Of course you do.
Yeah. Get some sweet Linux rigs too. You probably have to build it yourself though, I bet. Oh yeah.
That'd be fun. That would be killer. Something I hope we can do is get more and more people hired.
That's something I hope we can do. I feel like if
we could meet a few people and we hear a few stories
every now and then where people have got jobs through the network
and stuff like that. I love hearing that.
We'll have links to that as much as we can
in the show notes. And that is over where,
Wes? LinuxUnplugged.com
Slash
309? Well, I mean, they're all right there on the
front page. But yeah, we have easy URLs.
You just put the show number. This is 309.
Yep.
Links to all that stuff.
All right.
So this week, there has been a lot of news around Mozilla.
The ISPA labeled them as one of the 2019 internet villains, along with Article 13 and Wes's good friend, Donald Trump.
So, sorry Wes, this has caused an uproar of conversation.
We're going to skip the drama this week and talk about the technology.
Specifically, at the root of this conversation is DNS over HTTPS.
But we're going to broaden that up and talk about some other secure DNS solutions,
what the current issue is with DNS in general,
and why people are all upset,
and time providing some solutions
you can implement yourself to just control all of this
and not worry about different cloud-hosted solutions.
Is that a good summary of it?
Yeah, I think so.
Wow.
I think it's got some attention because
in the last segment of the show
we were talking about how we see Mozilla
as generally good actors for the internet at large.
So when you see someone calling them
a villain,
it's a little bit shocking.
But it does make sense because once you start digging into
this is a change to the way DNS
works, and change always
makes people mad.
And right now, ISPs in particular, and enterprise admins the world over,
they're usually the ones who are in charge of where your DNS goes.
This is essentially it.
So the core issue that the association has, the ISPA,
is that DNS over HTTPS will bypass ISP DNS servers,
which will then bypass filtering, which will put
children at risk, hence the villain
label, because filtering
equals child safety.
And I think there's been an added degree
of concern, let's say,
over this, because it's not
enabled by default anywhere, really.
It's kind of just being tested
out, and Cloudflare was one of the first organizations to really adopt it
and have publicly available servers to use.
And so Mozilla has been working with them
in the initial rollout of this technology.
So yes, by default, Cloudflare gets all your DNS
if you use the Doe technology.
Yeah, so Mozilla has been working on this.
Google has as well. We'll get to that in a
moment. And when Mozilla's implementation, I can't speak to Chrome's, but Mozilla's implementation
uses Cloudflare. So you turn this on and it uses Cloudflare DNS. So the most technically literate
counter argument against DNS over HTTPS has been that it enables centralization of DNS and it gives Cloudflare,
which people I would presume think is evil, more control and more information about what people
are doing online. So you go from dispersed DNS, where it's a bunch of different ISPs, aka Comcast, to its Cloudflare. And that is technically a valid argument and concern,
I should say. It's not technically valid, but it is a valid concern. We have to, and this is how
the conversation I feel like should proceed from here on, is we have to separate the implementation
from the technology. All things can be implemented poorly and be compromised.
Encryption can be implemented poorly and be compromised.
DNS over HTTPS can be implemented poorly and lead to monitoring.
So while that is a valid argument, Mozilla's implementation,
and others will vary, but Mozilla's implementation
allows you to specify your own DNS servers if you choose to.
It's just using Cloudflare by default.
And devil's advocate, just for a second, who else could they use?
Because if you turn this feature on, how many millions of DNS requests an hour all of a sudden does that provider receive?
Who else could handle that level of traffic and support this service?
Because it's not traditional DNS.
You're now taking these DNS requests over port 443 HTTPS.
Right.
Yeah, the flip side, right, is, yeah, Cloudflare's doing a lot of work.
They got that scale.
Spending real money to provide this service,
even if you don't trust why they might be doing it.
I do think it's kind of interesting,
and I think we should make sure we bring our friend Drew in on this,
because I know he has a lot of experience in this area.
You do as well.
I can appreciate the admin side of this too, right?
It is a big change to the way DNS works,
and there's a lot of techniques that people have learned
and are legitimate from just running an internal-only DNS server
or trying to do perhaps what you consider essential filtering. And those techniques
may have to change in this implementation. But the flip side is when we think of, you know,
maybe countries with governments we don't like, or censorship we don't agree with,
we want that power to be in the individual. The other part too is, this could happen all the time,
right? Like browsers can already make web requests. So this is really just a culture change.
It's not really a technology change. Yes, it's a new standard. Yes, interruptibility,
but it's not really giving the browser any more power in a strict sense.
I tend to like to think about this too, beyond the browser. Like this might be the first
implementation, but you could see a future where almost every application has its own DNS servers baked in that it's doing over HTTPS.
Telegram or WhatsApp would be fantastic candidates
because a government isn't likely going to shut down Cloudflare
because if they block Cloudflare, they're breaking the internet for their users.
So what are they going to do?
So if I were Telegram, I'd have a version in development right now that's already using this.
But, Drew, I'd like to hear your thoughts on this part.
The thing that drives me crazy as an old sysadmin is there's value in having every application on your network using a common DNS.
Yes.
So DNS is absolutely one of the most important functions of the Internet.
is absolutely one of the most important functions of the internet. It's the domain name service,
which will provide an IP address when you give it a host name. And that host name could be something local or it could be something on the internet. Google.com isn't really google.com.
It's a string of octets that you're going to string together to create a web address.
So you need DNS to do that.
Now, the flip side of that is most people are using their ISPs DNS by default.
You get a dynamic address when you connect via DHCP, and they tell you, okay, use this DNS address via DHCP. So if you want to use a different DNS
service, you do have to go in and manually make that change. Or if you're using static IP,
you're going to have to manually enter that DNS server anyways. So realistically, you can do a full network DNS service and not have to worry about doing it in a specific app or specific apps just by changing the DNS service that your router is handing out to all of your devices.
That is certainly a thing.
And I did want to point out, Cloudflare isn't the only game in town for this.
Google does support it, as does Clean Browsing, CZ.NIC, and Quad9.
They all have DNS over HTTPS support already.
Now, I haven't actually used those.
I've only tested the Cloudflare implementation.
But presumably, you could get those working if you trust them more than Cloudflare or Google.
Sure. And we'll talk about here in a moment some ways you could do it yourself on your LAN and maybe even set yourself up so that way you could use one of these technologies to say if you're on an airplane, get access to the internet without actually paying.
But we'll talk about that. That's a different technology. We'll get there in a moment.
Byte, you had a tech question at the top before we dig into all this.
Go ahead.
Yes.
So I went to a talk about someone who is very skilled with DNS,
and he told that using DNS over HTTPS causes that we need to be identified
to get our content.
that we need to be identified to get our content.
And with the HTTPS, there are a lot of flags that can identify us to get us anonymous.
So what I'm very curious about is
what kind of information is being sent
that is identifiable and what keeps us anonymous.
I actually think this is one of the technical arguments
for DNS over HTTPS.
There is a consideration here of it is more identifiable in some ways
because you have more information being negotiated at that layer.
That's true. I mean, I would say just go take a look right now.
There are kind of two competing, at least there are two common
sort of standards for how this is going and that's being resolved.
You can go take a look at their open specs.
So go see what kind of data is there.
And then one of the upsides, at least,
is the rest of it's just standard HTTPS.
So if you're not willing to connect to the site,
a lot of the big implementations
are going to be connecting to services
you're probably already connecting to.
If you trust them for regular web traffic,
you probably trust them for this.
So when you're dealing with identity,
you have the advantages and disadvantages of that.
The advantage for the user is that the identity of the DNS server
is also confirmed because it is HTTPS.
So there is some security you're also gaining
when you consider the fact that today, DNS is just plain text. And there's no
verification of the server that's responding to you. Yeah, right. Now, I suppose you could do
some things like if you really wanted to try to do some, you know, spoof your source address with
the dead simple UDP DNS, maybe there's some argument there. But you're right. The DNS most
of us are using right now is just totally plain text. It can be man-in-the-middle, it can be messed with, and it can certainly easily be logged.
Can you explain to me now, before we go any further, where DNSSEC fits in with all of this?
Because I thought that's where everything was going, but that was years ago and it hasn't gone anywhere.
I mean, I remember Windows 2000 shipped with DNSSEC support.
Well, DNSSEC added ways to be able to show that you weren't being man-in-the-middle,
but it didn't necessarily add all these privacy features.
And then there's also DNS Crypt, which came out of OpenDNS.
That is also supported by some of these not universal.
And then there's the simpler, arguably, some people consider it technically better,
just using DNS with TLS and not adding all the HTTP stuff to it.
And that works too.
That's on Android 9, for instance.
And a lot of these services support that as well.
I'd like to comment I saw,
you know, DNS over HTTPS,
it might not be technically the best
or even optimal thing,
but it seems to have legs
and it's good enough, right?
It's going to be easy for people to implement
because HTTP is the most used protocol ever, right?
We have libraries for it in every single language,
everywhere. kernel already supports it.
It's simple to interact with.
And it's not really
worse.
At the
sort of base of it, it's easier for developers.
And that is what will
make all of the difference.
I mean, they're the ones doing the things, right?
And it can be done at the application level. So Google can have their own verified, secure DNS servers that they use by default. And this is years down the road.
You know, every application, if they choose to, can have their known good DNS servers and use
those by default. It'll all be different. It'll be radically different depending on the implementation.
Like Mozilla has one of the best right now. Their early implementation in Firefox actually has considerations for like falling back to like your systems DNS to resolve certain names.
Like imagine the ramifications of this on an intranet.
Well, Firefox has been thinking about that.
So they've tried to build in some sort of considerations for like when you're trying to resolve local servers on your LAN.
It's like, okay, don't use DNS over HTTPS for this.
But again, that's software logic, and it's not going to be perfect,
and we're going to have to work these kinds of things out for a while.
And it is a funny, interesting case.
It just reminds us of the complexity.
Change was going to come, because DNS did kind of need a polishing.
It is maybe problematic for some admins,
but then again, you're right,
they're going to build in solutions.
So if you're out on the admin for your employees' boxes,
you can also just pre-configure it
so that Firefox is installed with your DNS servers.
So there is some advantages for just end users today.
Like, if there are reasons you might want to use DNS over HTTPS,
a lot of networks may block using your own DNS server,
but they're not blocking HTTPS traffic.
Yeah, right.
Or you're traveling abroad, for instance.
I've run into that.
And instead of having to go full on VPN
if you're using Firefox, right,
you would just tick this on
and suddenly all your sites work.
So we thought, since this is a pretty fun technology
that has a lot of possibilities.
And it's open source.
Let's divorce it from all of the drama and potential, you know,
oh, it could be implemented horribly, and let's do our own implementations.
So the crew went off and did different setups,
from running on a Raspberry Pi to running it up on servers and whatnot.
And, Drew, I know you had some success getting it running on a Raspberry Pi.
I think you ended up even using PiHole to do it?
I did.
on a Raspberry Pi. I think you ended up even using Pi-Hole to do it?
I did. So I took an old Raspberry Pi 2 B+, so, you know, not exactly a spring chicken here,
and I set it up in about an hour. It was easy and works really, really well, and it's fast. So, you know, first stand up the Pi and then what I needed to do was set up Pi
hole itself. And there are nice, easy instructions on the Pi hole website. We'll have those linked
in the show notes. Now, after Pi hole is stood up, then to really get this going with DNS over HTTPS,
you've got to set up a little daemon on your system that the piehole can pull
DNS information from and use that as its upstream DNS before serving it to your devices.
And doing this with Cloudflare D is astoundingly simple. You really just have to pull it down from
the internet, put it in your slash user slash local
slash bin, and then create a systemd service to launch it. That's it. Are you essentially seeding
your database with their information, but then future requests from that point forward are
responded locally on your box and Cloudflare is just completely unaware of it? Or is it more like a proxying situation? Right. So what you're alluding
to is when you have a DNS query, your query will go to whatever your DNS server is defined as.
And if the local or ISP DNS server does not have that information. It will forward that request to another DNS server to provide it.
That's how all of these domain names get distributed.
Somebody's got it somewhere.
We'll keep reaching until we find it is essentially how it works.
So you set up PyHole as your locally cached DNS.
And if it doesn't have an address, like say I've not gone to Slashdot before and I try to go to Slashdot, okay, PyHole doesn't have it cached.
So it reaches out to whatever you set its upstream DNS as to pull that address down before giving it to you.
And that's what that Cloudflare D is doing is it is acting as the upstream DNS provider. It essentially opens up a port on the
Raspberry Pi for the Pi hole service to query, which then runs all of these requests through
that HTTPS tunnel to pull down results. I see. So once the result has been cached,
from then on, your Pi hole is serving the results.
Yes, exactly.
And that's what's neat.
Like, whether you use, you know, the HTTPS version or just TLS or DNS Crypt,
if you think about it, a lot of people are, you know, running DNS mask or something similar, maybe just for the caching or you're using it to do DHCP or whatever else.
When you're doing plain DNS, right, you're still leaking that.
Your ISP can still see all of that.
If you just make this change, suddenly it's encrypted.
Now to stay on theme, Drew,
you don't actually have to run it on a Raspberry Pi either.
You could actually run PyHole in a container.
You could.
Now I haven't tested out getting Cloudflare D
running inside a container yet,
but there's no reason that you couldn't do that.
Or you could even run CloudFlare D on the bare metal
and have the Dockerized pie hole query that.
We'll have links in the show notes too.
So there's other, Facebook's got an implementation.
There's a couple different open source ones up on GitHub.
So there are a ton of proxies available
if you want to start playing with DNS over HTTPS.
I mean, I could almost see us setting one up as like,
let's do one for us just because...
I want it on my home network now too.
Yeah, and we have no agenda.
We don't care.
So that's really fascinating.
Now you gave it a go.
How did you experiment with it?
Yeah, I just set up one on a droplet
and then tried to connect my Firefox to it.
How did that work?
That worked pretty darn well.
The configs intent in Firefox is a little bit weird,
so you might have to futz with that a little bit.
I know I did, but once it was working, it seemed just fine.
It's a little clunky.
You do have to go to bout config and stuff.
I didn't notice a ton of change, but I was on a nice home connection.
So no real perceptible performance difference?
Yeah, it was just fine.
What kind of investment would you say it is time-wise
and steps to get it working on the droplet?
Is it packages? Is it a PPA?
I tried DNS Crypt Proxy.
Is it a container?
You know, I don't know.
Normally I try things in a container right away.
I didn't see one.
I just kind of ran it because, well, it's written in Go.
So they just had to run it.
That's probably what I would do.
I was curious about configuring Firefox, all right.
Yeah.
And I've already thrown the droplet away.
So it looks like, I mean, to my count,
we've got right now one, two, three,
or four different solutions now to try to secure DNS.
And nothing's really sticking.
I think this is, I mean, honestly,
Joe seems like it's going to have the most legs,
at least in the short term.
Yeah.
You know, if Mozilla really does it,
when we see it actually shipping in Chrome.
Well, so Doe, again, DNS over HTTPS,
isn't just a Mozilla thing.
It is also a Google thing.
And I think that's something worth considering.
On the mobile versions of Chrome right now,
they already support it.
Google is standing up servers,
and there is patches landing in Chromium to support this as well. You can turn it on now. They already support it. Google is standing up servers, and there is patches landing
in Chromium to support
this as well. You can turn it on now.
So it seems like they're
kind of behind it as well. And if you think about it,
it's a good business move for them
to help people bypass censorship.
Well, and you were talking about using it in the app, too.
So they have a JSON API. It's dns.google.
And you can just shoot JSON requests
at it, and it gives you DNS records, right?
DNS over JSON?
Yeah, that's right.
2019's just lost it.
It's just totally gone off the rails.
I can't believe that's just happened.
Also, it does look like Systemd Resolve D,
the Systemd DNS implementation.
It doesn't do HTTPS, but it does do DNS with TLS,
so you can get stuff there, too.
Alright, well, we have a whole
bunch of resources to point people to,
including client resources, stuff you can run
on the server, explanations
of the different DNS securing
solutions, and what's wrong,
and, of course, the guides to implementing
your own. We need to set something here at the studio.
We don't necessarily need HTTPS over DNS,
but we do need a good DNS solution here at the studio. We don't necessarily need HTTPS over DNS, but we do need a good DNS solution
here at the studio. So thinking about doing
PiHole in a container just for fun.
And PiHole's great. It's got a lovely little
UI. It's easy to set up. I like that it also
has just a script you can run. So you can run it in a container,
you can run it on a Pi, or just install
it on your distro. Jeez, you love you some little
PiHole, don't you? Yeah, yeah. I set it up.
I played around with it for a little bit.
I did notice that there are some issues if you are standing it up on a pie. Most routers nowadays
will let you set a custom DNS. However, if you do that and still have your router set up to do DHCP,
you could run into some problems like I did, where it's just extremely slow. And I think that's essentially because it's trying to find all the devices on the network and it can't.
I could be wrong there, though. I probably am.
Also, whenever you get going, ideally what you want to do is just go ahead and tick the box on your router,
turn off the DHCP server.
Pyhole has the DHCP servers built into it. Just
fire that up and then Bob's your uncle and boom, it's off and running. And after that I lit it up
and I had no problems. Um, also if you don't want to affect your entire network when you're testing
this, uh, you can just stand up the pie and then just point your network adapter at that DNS server.
So if you actually want to, um,hole that way, you can do that.
And maybe you won't get your wife so angry that you brought down the internet.
Just don't even use DHCP at all.
Yeah, just bypass that.
Now, one thing that I will bring up is I was talking to Cheese about the issues he was having.
And you've got a, it's a Nighthawk, right?
Yeah, it's a Netgear Nighthawk 7800, I believe is what it is.
What I was reading about that is it does not let you define
what the DHCP server in the Nighthawk will provide down to clients.
So you are having to set it as the router system-wide DNS server,
which is typically not recommended.
You want that to be something upstream, but then your DHCP clients get something else from them.
So I think that's where you're running into issues. If you do have a router where you can define the DNS server that DHCP hands out, then that's going to be a much better way. And then you don't
have to move your DHCP to the Pi hole itself. But you do now owe, you know, owe Drew some money.
He'll have your invoice arrive shortly. I'll get you some, I'll get you some brews.
Sounds good. Now, Alex, you've been rather quiet on the subject. Is this anything you've
messed around with using Pi hole or any of these kinds of shenanigans?
A little while ago, the guys over at Linux Server
did an ad blocker kind of challenge.
And we ended up running AdGuard Home,
a few of us out of a container.
And that worked pretty well.
Some of them experienced slowness with encrypted DNS.
I'm wondering, Cheese, whether that is the same symptoms that you had
or not. I don't know. Um, generally speaking though, it's really easy to set up one of these
ad blockers. Um, yeah, it's, it's really easy and it works across all of your devices. That's the,
one of the really cool things for me. Um, trying to install an ad blocker on Android, for example, without routing is a
tricky task. But if you are doing it at the router layer or something like that, then the network
level, you're able to stop ads before they even reach your device, which is super duper cool.
Sweet. Yeah, that's compelling to me. All right. Well, that's fun. So we have like a whole bunch of resources in there.
But one thing I'd kind of like to ask from the audience on this particular topic,
if you go over to linuxonplug.com contact, or you could just tweet me at Chris LAS.
Are you concerned about Cloudflare?
Like I get the concern sort of vibe from the community, and I feel it myself.
But I don't have an articulate reason.
Like, I can't just, I couldn't just sit here
and I can tell you why.
I would love to hear some, yeah, right?
And I hate to condemn them just because they're successful.
Like, I don't want to do that.
So I'd love to hear some thoughts on it,
linuxunplugged.com slash contact.
You know, maybe some comparison, some contrast.
Because as you say, say, there are limited solutions
for general providers.
Who's a better org to trust?
Who could handle that scale?
That's great. Include that, please.
But also remember, the implementation
is not the technology.
There are other providers, and you can roll your own.
That's the beauty of open source.
It doesn't have to be Cloudflare.
You can stand it up on a Raspberry Pi,
a DigitalOcean droplet,
anywhere you can possibly get access.
So it's a cool tech, and you can be in control of it.
It just depends on the implementation.
I've never installed GNU slash Linux.
All right, well, as we come in for a landing here,
so we're going to turn off the bathroom and turn on the seat buckle signs.
Wes, you've got to sit down now.
Always going for that mile high club.
We got some really good feedback that we need to incorporate right here in the studio, Wes. I'm telling you what, I think this is the way to go. It's about wandering windows in
XFCE and it comes in from Peter. He says, hi, Chris. He says, try installing Devil's Pie.
You use the terminal with XWinInfo to obtain the window stats like the size, its
PID, and then you can use Devil's Pi to write a profile about each important window, save
each one, and then make sure the Devil's Pi daemon runs on startup. To fine-tune the
adjustments positions, you can tweak each attributes of each window. You could disable
the daemon altogether if you don't want it, etc. But the idea is it solves your window sizing problems, positioning
and attribute
problems. Easy for me to say.
Ah, so you've solved the problem that
you created when we switched away from Plasma.
Yeah, yeah. The very thing
that KWin had built in that I love, the KWin
rules, that's what
Devil's Pie solves. Actually, this does look pretty
neat and it's broken out as a little
standalone application. We could totally use it. Also, by the way, there's a newer version called Devil's Pie 2. Actually, this does look pretty neat. It's broken out as a little standalone application. We could totally use it.
We could totally use it.
Also, by the way, there's a newer version called Devil's Pie 2,
which we'll have a link in the show notes.
It could be worth checking out.
Because he says here, he's got it really laid out.
He calls it his perfect tool,
and the project describes it even as crack.
They say it's crack once you get it just right.
You get all your windows just the way you want them on your desktop,
even their transparencies and everything,
and you set it once, and then you hit a button,
and it scripts it, and it lays them all out.
Maybe you're finally ready for a tiling window manager.
You stop it.
You stop it right now.
You stop it right now.
Actually, I'll tell you what.
The guys over at Choose, actually the guys and gal over at Choose Linux,
our very own Drew here on the show and Elle are now joining Joe Rez.
Have you heard of Joe Rez?
Oh, that guy.
Yeah, right.
He's sure popping up a lot.
I'm a fan of the Joe Rez podcast, but that's all I know about.
I've heard he's got a few other shows, and one of them is called Choose Linux.
New to me.
But I do know of Drew and Elle, and they are joining this new upstart
in podcasting to discuss an i3-based desktop this week. Is there anything we could tease,
Drew? Is there anything you could tease about that that wouldn't be given away? Because
that, I got to say, has got me kind of thinking about it.
Yeah, absolutely. So with the Devil's Pie thing, that's exactly what I was thinking is, well, you could just do this in i3.
And if you wanted i3 with desktop environment niceties, well, that's where Regolith comes in.
And we did a pretty deep dive, and I even contributed some issues to their GitHub after doing that challenge.
So it's a really cool project.
And tune in to find out more.
Also look at Rosa as well as this really cool game that Wimpy wrote in Bash.
So amazing.
It's so neat.
So that's all in the latest episode of Choose Linux.
Well, it might not be the latest as you're listening,
but it'll be sort of in the recent.
Go check that out as well.
I'd say just subscribe and then you'll get all the episodes.
Yeah, that is sound advice, Wes Payne.
Brilliant.
ChooseLinux.show for that,
and ChooseLinux.show slash 12 specifically for that one about Regolith,
which it does sound pretty cool, I got to admit.
If you'd like to give us your feedback, again,
that's LinuxUnplugged.com slash contact,
and give a big shout shout out to Linux Academy.
Go over to twitter.com slash linuxacademycom and say, hey, thanks for your support of Linux Unplugged and at Jupyter Signal.
We sure appreciate it.
Share them some love over there because it's their backing that makes these shows possible every single week to not only staff an entire team,
to make these shows ad-free as well. That's a huge deal. So give them some love.
Twitter.com slash LinuxAcademy.com. Thank them, because I'm very thankful.
Sure am.
Also, go check out all the great shows over on the network. JupiterBroadcasting.com. Tons of
great shows. User Air is one of my favorite shows of all time.
If you're not listening, you're missing something really special.
Check it out.
Now, I'll be off next Tuesday, but we'll but there's an outro.
Barely made it.
Barely made it.
Yeah.
So now, tomorrow, we all got to show up in our wizard robes.
We're going to have to burn some incense.
And we're going to have to really get zen to talk about what...
Don't sleep tonight.
You're going to need to just meditate.
Yeah.
We're going to need to talk about what has been't sleep tonight. You're going to need to just meditate. No, you're going to need to meditate. Yeah. We're going to need to talk
about what has been
a crazy 2019.
We are,
this is a little
behind-the-scenes info,
we're pre-recording
next week's episode,
taking the family
on a little trip.
And,
man, am I excited
about this episode.
I've been really enjoying
doing these specials.
We just started doing
these one-off specials
from time to time.
And I think they...
Keep it fresh. I don't know. I really like it. It-off specials from time to time. And I think they... Keep it fresh.
I don't know.
I really like it.
It's nice to deep dive.
Absolutely.
Well, I think that that's kind of what you would get from a lug, right?
You know, once you go sit down and there might be that topic one day and it's just DNS over
HTTPS or TLS or...
Yeah, it's true, right?
Sometimes there's a special guest or an interview and sometimes we focus on an in-depth topic.
Barbecued me some brats last night.
How were they?
Good.
Man, the JB Title thing still isn't working.
How come that's not working, Wes?
Wes!
So it's probably just that your browser has it cached,
because it was a 301.
Guys, what do I do?
You're using DNS over HTTP.
Oh, my God.
How amazing is it I'm having a DNS issue after this?
That's perfect.
I can tell you the IP address.
That is so great.
I got it.
I got it.
I opened up a private session, and you're right.
It's working just fine.
All right.
So we've got to go over to jbtitles.com and end boat.
Yeah, we did, funny enough, have a little laugh.
You know, if I was using our own DNS server, this wouldn't have happened.
That's right.
This wouldn't have happened.
Or it would have been cached and actually would have been a problem for all of us.
One of the two.
It is weird when you were talking about Cloudflare because I do kind of feel the same way.
It's very apprehensive about them.
Yeah, bro, but lava lamps.
Anything that's a centralization of power makes me nervous.
Yeah, that's what it is.
Well, so cheesy.
Who do you have your upstream set as?
Is it Google?
Can you play a little millionaire music as he answers this?
It's dime.dime.dime.dime.
We should confess.
Let's do a little confession.
Wes, do you know at home, is your upstream provider just your ISP?
No, it's almost never my ISP.
I kind of do like
Google's resolver. I find that they,
when I make DNS changes, theirs is the quickest.
I've tried Cloudflare's a little bit when they made that announcement.
I was curious to just play with it.
I don't know what mine is right now
off the top of my head, but probably one of them is the
8844 Google one.
I've looked, you know,
I've looked at other lists
and used a couple other providers in the past.
And I don't mind my local ISP.
I'm lucky to not have something like Comcast at home.
So that would probably realistically be fine.
Yeah.
I use a mix of OpenDNS and Comcast DNS.
And at home, I use my ISP's DNS
because it's a little rural local ISP.
I know the business folk.
What about you, Alex?
Who are you using for your DNS?
Cloudflare?
Oh my gosh.
What about you, Drew?
Who are you using for your upstream DNS?
Well, definitely not Comcast
because that's my ISP
and I'll be damned if I give them my request.
That's right.
I'm using Cloudflare over HTTPS right now.
You're keeping that set up, huh?
Yeah, why not?
I love True.
Absolutely, that's awesome.
But I have used Google in the past as well.
There is an app you can download that kind of benchmarks all the different name servers and all that from your system.
And I seem to recall that Cloudflare was the fastest, so why wouldn't I go with that?