LINUX Unplugged - 365: There's a Hole in my Boot!
Episode Date: August 5, 2020We explain why BootHole is getting so much attention and break down the key issues. Then we review our favorite Linux-compatible headsets. Plus community news, feedback, and more. Special Guests: Drew... DeVore and Neal Gompa.
Transcript
Discussion (0)
This is CNN Breaking News.
We're learning this now in the Jupyter Broadcasting Studios.
Linux 5.8 is out.
Wes, you're on the scene right now reporting outside Linus Torvald's house.
What are you learning?
Oh my, Chris, we've got AMD GPU-trusted memory zoom, TMZ, support for encrypted video memory.
Also, some new user space patches for Mesa.
Wes, I can't believe you let me get away with that.
Hello, friends, and welcome into 365 of your weekly Linux talk show.
My name is Chris.
My name is Wes.
Wes, quite the show today.
Oh, my.
Not only are we going to make you an online audio pro with our
favorite headsets, but we're going to tell you why everybody's making a big deal out of Boothole,
some other community news, and your feedback, as well as some follow-up stuff from a couple
episodes ago. It's a well-rounded episode, and to help us sort through it all, Drew's joining us
here. Hello, Drew. Hello. Hello. I like that you brought your own chair today with all of those nice stickers and stuff on it.
This is a nice looking chair.
You should leave this here.
I just really wasn't feeling the chairs that you provide, man.
They're just not good enough for my butt.
I understand.
I understand.
I mean, we did make them out of just scraps and boxes, so I can appreciate that.
You know, the people that really got the best chairs,
that's our virtual lug time,
appropriate greetings,
mumble room.
Hello.
Aloha.
Howdy.
Hello,
everybody.
24 of you in there.
And we've been having a good pre-show hanging out on the live stream now for,
well,
we were actually like live for an hour and a half, but then we had a fantastic Comcast outage, which brought us down for a bit.
So we're limping along, making do, making possible.
Yeah, so there's stuff going on.
There's a lot going on.
Kernel 5.8 just landed.
Of course, everybody's already excited about what's going to be in 5.9.
5.9 will probably be what ends up in distributions like Fedora 33.
And there's supposedly some nice improvements for ButterFS in 5.9. So we'll leave links to that stuff in the show notes.
But let's follow up with some of the RSI feedback that we got on the show. I just want to do this
briefly. It won't become the RSI podcast, but I just wanted to say thank you. I heard from a lot
of you who are also either just now learning to deal with this or have some tips. I got lots of
gear suggestions. So I'll put a link to some of that in the show notes.
I expected a lot of you to just yell exercise, exercise, exercise at me,
but still I got a little bit of that and a lot of gear.
David Roni says, hey, Chris, sorry to hear you're battling repetitive stress injury,
and I'm wondering if you're still using a mouse and have you considered a trackball?
Now, he recommends one of them thumb trackballs, but I'll come back to that in a minute.
He says, I find that I need to take a break from time to time and also that I have to keep the trackball clean about every three days.
So consider that.
Best wishes.
I love Linux unplugged and self-hosted.
Well, thanks, David.
So David recommended the Logitech M570, which I actually have right here, M570 here in the studio.
And it's a thumb trackball.
And I don't know if that's universally considered the best route to go for RSI.
I think something more like the Kingston trackball.
Now, Wes, I don't know if you remember these.
I grew up with one of these.
My mom was a graphic artist since Photoshop 1.0,
and as soon as these big trackball mouse came out,
it's like the size of a pool ball, like from a playing pool, not like a swimming pool.
Yeah, much bigger than the thumb version here.
Huge, Wes.
It's huge.
Like, it takes your whole hand.
And so it seems to be that people like those Kingston-style trackballs for RSI.
And, Drew, I think you recommended one of those, too.
Yeah, I've got the Kensington Slim Blade, and it has that gigantic pool ball right in the middle
and four buttons surrounding it. You twist the ball to scroll up and scroll down. I think it's
much better with the thumb track balls. My thumb will get tired and will just kind of get fatigued
and sore. But with this, you know, my wrist is nice and supported
and I'm able to roll the ball with my fingers. So yeah, my RSI went considerably down to the
point where it's pretty much gone. I decided this time around, I think I'll have a variety of gear
because I think one of the things that helps is changing up what I'm using to work, like not using
the same device for eight hours a day, but moving between computers that have different MIS.
And so one of the MIS I got is the Logitech MX Vertical.
MX Vertical.
They claim to have done a ton of research on this, and it keeps your wrist in a better position.
I'll put a link to this in the show notes.
Oh, yeah, I've seen these.
Yeah.
It does charge over USB-C, which I'm kind of looking forward to, I think. It has
gotten a lot of positive comments from
the audience. It's a pretty wild
looking mouse. You know, it looks comfortable.
Just imagining using it, putting your hand in
the shape that it is, it seems, yeah, alright.
I'm going to give it a go. I know the
big old, huge trackballs.
I've used them, you know, as a kid. I bet I
could probably pick it back up again.
I also got wrist pads for the studio keyboards
and the one upstairs, and that's helped.
I'm trying not to buy a ton of stuff to fix this.
The real solution isn't buying stuff.
There's two other things I've done,
and I'm just kind of hitting pause after that
and seeing where things go.
And the other thing is,
it's something I've needed to do five years plus,
is I've decided to replace my desk
and I've ordered a standing desk.
Oh, look at you.
Yeah.
Autonomous.ai has, I don't know why that's the name,
but they have a bunch of cool standing desks.
So I got one of those on the way.
It should be here middle of the month.
This is, I assume, one that you can switch between modes,
adjust the height.
Oh, yeah.
Oh, yeah.
Oh, yeah.
Oh, yeah.
And I'm trying to take stretch breaks,
trying to get up at least once an hour and move around and stretch my wrists out. And that has helped. Additionally, and this is not medical advice, but this has just been something that I've noted has helped is a couple of weeks ago, I started trying to take these pill form CBD.
I started trying to take these pill form CBD.
I'm not a medical doctor here.
So don't follow my lead.
But over the last two weeks, I started with a couple pills and now I'm on like four of them.
And I'd say it's taken my pain from an eight to like a three and a half.
I was telling Wes, you know, over the years I've tried vitamins.
I've tried all these different things and I always end up just stop taking them.
But I have not missed a single night of this because it really, I feel like between the stretching and the increased water
consumption and the breaks and these CBD things, it's helped a lot. And you know, I don't get like,
I'm not all like wacky stoned or anything from them. It's right. I mean, all of these are just
like, you know, aims to help you work better, you know, be able to continue to work. I got to be honest.
I wasn't planning to come on air and mention that I was trying CBD to help because it feels embarrassing and makes it it's very vulnerable for me to even admit that because a lot of people will take that the wrong way.
But if it's something you've considered, I'm saying it's helped for me.
I did a very, very loose and fast kind of check on research.
Some stuff out there, of course, says that studies
have been done that look like they have really positive indicators, but you know, you gotta,
you gotta follow your own medical doctor's advice on that kind of stuff. Not some podcasters advice,
but for me, it's helped. And a lot of this gear I've ordered hasn't arrived yet, but I'm hoping
combining it with the vertical mouse and, and trying to come up with a system of stretches
and breaks every morning. I hope we'll do it. Yeah. It seems like you're just trying to come up with a system of stretches and breaks every morning, I hope
we'll do it.
Yeah, it seems like you're just trying to get in some good habits, you know, just to
support things.
Change the bad habits.
It's so easy because, you know, we have to be at the computer pretty much all day to
do work, to do show prep.
It's easy to not take that seriously.
But if you were going to do, you know, some job where you needed to operate equipment
or you're training for a sport, well, you use the right tools.
And I don't think it's any different here.
I'm an extreme computer user.
Not always for the best way.
Anyways, I just wanted to kind of put an end cap on that because we've been getting a lot of feedback.
And I want to say thank you to everybody.
And please do continue to send it in.
That doesn't necessarily mean you have to stop.
But it's been a couple of weeks since we addressed it, so I wanted to touch on that.
All right, Wes, let's get into what everybody really seems to be focusing on this week, and that's Boothole,
a rather nasty-looking security exploit that involves our good friend SecureBoot. And there's
lots of explanations out there on the web. We've consolidated some of them for you in the show
notes, so absolutely do feel free to look further. But you found a really good one over on Debian's website.
Debian's security team has written a very readable write-up.
The readable write-up.
Yeah.
You know, I was just really impressed because there's a lot going on.
You know, the first vulnerability here, there's actually multiple that was found.
There's a white paper out on that.
There's going to be a webinar, all the usual, you know, stuff you get when a big security firm finds stuff.
But it didn't stop there.
You know, the researchers found this problem and kept going,
so it actually turned up a number of different problems all happening.
But if you remember things about SecureBoot, it was a big deal.
We talked about it here on the show.
You know, it was kind of a big kerfuffle in the Linux world as that was happening,
but I think we've kind of all forgot about what it is and, you know,
why we care. I got to be honest, that is true because I really rarely deal with it because
I'm not typically buying Windows machines now and trying to put Linux on them. But my understanding
was, is that ultimately Microsoft has to be involved in the signing process. And the way
this works is only signed code is going to boot in a secure boot environment. Yeah. You know,
it's a way of helping secure the whole boot process of loading up your
computer.
If you imagine the old days, if you didn't have a BIOS password or anything like that
configured, you just walk over, plug in a USB drive, and the firmware is happy to, you
know, just into dumb BIOS, just jumps over there, starts running the code, and away you
go.
But in the UEFI world, we've got secure boot so that, you know, in theory, maybe you're
at a hotel and someone unscrupulous comes and wants to try to steal information off your computer.
Well, with Secure Boot, you've got a chain of trust and you basically tell your firmware, these are the keys of people I trust, uses public key cryptography, and then it will only boot into stuff that's been signed by those keys. So in theory, totally fine. If you were paranoid about your devices, not that you need to be paranoid,
you know, in use by corporations,
anyone who's trying to have secure devices,
you enroll that in the bootloader
and only your stuff will run.
But of course, I mean, what, regular users,
they're not going to do this.
So by and large, the implementation,
the most way we run into it
is that Microsoft worked out deals
so that all the major manufacturers,
well, they've enrolled Microsoft's key in there.
Now, you could remove it, and most firmwares allow you to do that, not on ARM, but, you know, on x86.
But they ship it with Microsoft's key.
But Microsoft is shipped.
And that also means that, you know, in the Linux world, we were like, well, we don't want to have to tell people to go turn Secure Boot off as the first step in how do you install Linux.
That's kind of an awkward thing.
That's already a barrier to entry when we, you know,
they already got this far.
They've figured out that they want to try Linux.
All that stuff is no good.
So many of the major distributions worked with Microsoft
and got Microsoft to sign with the Microsoft key
some of our boot infrastructure.
And that way you can just take, you know,
your regular old Ubuntu ISO that's signed,
plug it into your new laptop that you picked up from Best Buy,
not have to futz around with secure boot. Essentially then, in that case,
transparent to the end user. Right. Because Microsoft's involved,
and really to respect the standard here, it's all about maintaining that sequence of boot. So the
firmware is told to trust the keys, and then it will only run stuff that's been signed by those
keys. But everything after that needs to follow the same rules, right? They have to have a system
in place, doesn't have to be the same
key necessarily, but that needs to have their own set
to maintain that security.
Otherwise, all of it's basically for nothing.
And that set has to be signed by a trusted set.
Right. I mean, you've got to have trust at each
layer so that you load a trusted bootloader, which
then loads a trusted operating system. And then
there's even some stuff that you have to think about in the
OS level, and Linux has these, where you
lock down the kernel a little bit more
so you would only load signed kernel modules, for example.
So there can be implications, especially for folks in the Linux world
who want to go run a bunch of custom stuff.
But if you think about it as an average end user,
this is just an added way that at least this has been signed by,
in theory, an organization you trust because you're running their operating system.
All right, so that's a Secure Boot recap and sort of the value it seems to provide.
And what happened here is various vulnerabilities in grub, which meant that you could get arbitrary
command execution as a result of grub loading its config file.
And there's some other ones too, but that was the first one figured out.
It's a bug in grub itself.
Right.
So it's parsing the config file, you know, does some bad stuff in memory and boom.
Now the person who maliciously, you know, modified that config file,
they've got control.
And it's running in a trusted way.
They can load unsigned code.
Ah, okay, I see.
And so this is a, you know, this would be one way that you might see it
is to install a rootkit that you wouldn't notice, you know,
Secure Boot's still on, but because this happened,
they were able to take over control of Grub for a bit
and install whatever code they wanted.
So this could affect more than just Linux boxes
because you could take a live environment with this vulnerability,
plug it into a Windows 10 workstation, a high-security Windows 10 workstation,
and essentially exploit Secure Boot.
Even though that machine never ran Linux, never used Grub,
but if you just brought a vulnerable Grub
in a live environment, you could have at it, right?
Interestingly, there were some issues found in Linux
too. Several that, you know, not necessarily
verified, at least from what Debian writes here,
but possibly could have interfered to
also allow secure boot bypass. But our
friend Jason Doenfeld from the WireGuard
project, he managed to fix those.
This is kind of tricky to patch
too, because unlike most normal security
vulnerabilities where you just sort of get the new grub or whatever
it doesn't have that flaw anymore. Old
versions that are signed still exist.
And so as part of mitigations
at some point you basically need to
take out the old Microsoft key
and add in the new key infrastructure.
And
anything aligned with boot updating these
sorts of trusted components is tricky.
Is it basically a firmware update for these machines?
Right.
At some point you probably will need, you know, yeah,
firmware updates, things that fix the keys.
And then a whole bunch of components had updates too, right?
So like the FWAPD infrastructure,
because there's signed versions of those
if you want to operate in a signed way, right?
So you can do, there's also the shim that works,
that fits between EFI and Grub,
new Grubs that are out without this vulnerability
that have to get re-signed.
For most of us, it's not a big deal.
You might not even have Secure Boot
turned on for your computer,
but there's a lot of thought and infrastructure
and planning and ceremony
that is involved in all of this.
And it's kind of just embarrassing that our,
you know, obviously the Linux community
takes security seriously. We've sort of had outside that our, you know, obviously the Linux community takes security seriously.
We've sort of had outside parties, in this case Microsoft.
It's unfortunate we have to have that arrangement.
But we've sort of had to convince them that, look, we have a secure stack too.
By trusting us, we're not going to let a bunch of your Windows machines get hacked.
And while I don't know that that's actually happened in the wild or that will happen, it's just kind of embarrassing. I am imagining a scenario where there's Windows machines out there that are no longer supported
by the OEM, be it HP or Lenovo or Dell or whoever it might be, and they'll never get
a firmware update.
The other tricky part, too, is once some of those changes happen, old install media that
you might have laying around, well, that won't work anymore because that was signed with
the old key that's no longer trusted.
Oh, right.
So it's just somewhat tricky all around.
You don't have to freak out about it.
Eventually do these updates.
But, and we'll have an article linked over at ours from our friend Jim Salter kind of breaking down,
some of the patches, some of the updates, some users have reported problems
because, I mean, you know, anything happening, changing up your boot is tricky.
So just maybe don't rush to apply those or at least do so in an environment with backups
and with time to troubleshoot.
Yeah, this has been a tricky one.
It has left some systems unbootable.
Jim did do a good job of covering that.
I just kind of imagine a parallel universe
where the relationship between open source
and Microsoft isn't super cozy
and we have serious egg on our face
where a flaw in Grub plus some compounding
problems in Linux led to essentially a bypass in the secure boot not perfect like intentions or
whatever like I've never been a big fan of secure boot so I'm not like crushed by this but it's
embarrassing nonetheless it's still embarrassing it's not like the world ender but it's embarrassing
and I'm imagining a scenario where the relationship with Microsoft isn't quite as comfortable as it is right now. And Microsoft responds by just saying,
we're not doing this anymore. Or, I mean, you could imagine in theory, some other vendor out
there who suddenly, you know, we have a relationship with a provider who, you know, we want to add this
distro ski or whatever, and it's just harder to make that case now. Yeah. We should probably also
point out that Grubb is used all over the place by tons of
people, probably another one of those projects that really deserves more appreciation and funding
than it gets because it's very useful and critical. Yeah, I think that's an understatement
and I think really well put. So Boothole is really, it's this ability to bypass this chain
of trust in Secure Boot and run untrusted code on any system with Secure Boot right now
that hasn't been updated.
Right.
If you've got a version of Grub with this flaw
and a computer that's trusting that version of the Microsoft key,
then yep, once you've got Grub loaded with a modified config file,
you can run whatever you want.
All that work, all that signing, all that fuss for nothing.
Shucks.
Yeah.
So it is an interesting story, and you can see why it's getting so much attention right now.
And like Wes said, there will be more information in a video webinar.
But it hasn't happened yet, so we can't link you to it.
But keep an eye out for that because by the time you're hearing this, it'll probably be posted on YouTube.
Yeah, and another one, too, where I'm sure at some point they'll have figured out some of the problems with some of these updates.
And just go check your local distribution for more info there.
Well, some interesting Valve news has percolated up on the interwebs, and that is they've hired a full-time developer to work on open source graphics for Linux.
a full-time developer to work on open source graphics for Linux.
Emulator developer Tony Walserka has announced that he is going to be joining Valve to work on the open source graphics for Linux.
It's part of a general push on improving graphics.
I like to hear that.
Yeah, it seems maybe specifically he's trying to make an impact on the open source AMD GPU driver project.
He's been a major contributor to the GameCube and Wii emulator Dolphin in the past.
And, you know, that really stands out.
That's for a long time their development blog has been one of my favorite things to check out just because, I mean, I don't do graphics programming in that way at all.
But workings of these consoles, the intricacies of the graphics stack, it's fascinating.
It's so awesome.
And there's a lot of challenges there.
So this guy probably knows what he's doing.
I mean, the people that pull those projects off
are like some of the
elite of the elite. And he maintained
the GPU subsystem and implemented
the Direct3D 11
rendering engine, which has to be some of
the hardest work there is for this.
Pretty neat. You have to wonder if he's
going to do some work on Proton and if the AMD
graphics drivers aren't just going to be seeing a whole bunch of improvements. Some just landed in 5.8 that came out today, Linux kernel 5.8. You've got Valve that's hiring a developer to work full time on Linux drivers, including specifically calling out the AMD graphics stack. You've got even more improvements coming to the AMD graphics stack in kernel 5.9. Wow.
I think I need to build myself a new AMD gaming rig.
Yeah, I'll be interested to see where Valve takes this
because last time Valve did some of this, we ended up with Proton.
So we'll see.
That's the Valve news.
While we're kind of talking about gaming stuff, though,
NVIDIA is making some news that looks like that deal that we hinted at recently
about them snatching up the ARM division from SoftBank
is like looking real
serious right now. Looking close, like it's actually going to happen. And a principal
analyst over at Trius Research said that if the merger goes through, it will be a disaster.
People will defect from ARM and more ARM customers will start looking at RISC-V,
to which I say, yes, please. All right. Maybe we're fine with this.
at risk five, to which I say, yes, please. All right. Maybe we're fine with this.
How do we feel about NVIDIA snatching up ARM? I don't feel good about this at all.
I think that what we're going to see here is people are going to get very, very concerned very quickly about ARM being owned by a primary licensee. I mean, it could be a history repeats
itself kind of moment, like what happened with Intel and x86. I mean, because in the 80s,
there were multiple sources, 80s and early 90s, there were multiple sources of x86 CPUs. Today,
there's just AMD and Intel. And that's only because they have each other at gunpoint, essentially.
And NVIDIA is not a good player in the ecosystem.
They generally do not help contribute to the advancement and the development of standards to support applications in gaming, as well as in professional GPGPU cases and things like that.
You know, after 10 years, CUDA is still a closed thing.
Yeah.
It seems like a clear move for ongoing licensing revenue, first of all, and maybe cornering
the market a bit more and a turning point for ARM as a platform, I think.
It will not change the current momentum around ARM. It just won't. Because one of the problems that the industry has is that they like to
capitulate to the strongest tech company. And when you look at that, even in the hardware space,
people talk very highly of NVIDIA because their technology works, quote unquote, the best.
But that's largely due to a lot of work they've done on the backroom side,
making everybody conform to their protocols, their standards,
optimizing for their drivers and stuff like that.
And it has shorted out all the competitors in the graphics space.
And I think the same thing would essentially happen
with the CPU space with the ARM ecosystem. But the thing is, nobody can peel back that investment.
And moving to RISC-V would be a recipe for disaster for most companies,
because the hardware industry, unlike the software one, operates on such tight margins
that redoing everything would take literally years to figure out the investment profile,
much less try to actually do it.
I think that's very true.
I think the existing momentum that people have invested in Arm isn't going to change.
It can't change.
Phone mobile ecosystem isn't going to change.
I think the turning point will be in considering Arm as a platform that you're safe to build
your business around.
I think that's a shift.
Once it changes hands like this again,
something, I think, changes in the way people perceive it.
I don't know if it's going to change really much
in terms of how many Samsung phones ship with an ARM processor.
I don't think that'll be affected one little bit.
But future projects, things people are tinkering with, I wonder.
I really don't feel very positive about any of it right now.
Part of me kind of just hopes positive about any of it right now.
Part of me kind of just hopes Intel pulls out of this downward spin and we just move into an AMD Intel world.
I'd be okay with x86 for another couple of generations.
At least let me get to my 50s.
I just can't get that image of Linus making a certain symbol
when referencing NVIDIA out of my head.
Yeah, there's that. There's that, too.
I think there's that history there.
Maybe that might be informing a bit of my reaction to this news.
I think that's very likely.
Maybe if I was a RGB gamer and I had three NVIDIA cards in my extreme Twitch gaming box,
I would feel differently about it.
But sitting here right now, looking at the momentum around AMD graphics and AMD CPUs
and the challenges like
we've covered just recently in our ARM episode. I'm not feeling particularly great about it.
Something though that does make me smile is Pine's invitation to get some input on a physical
keyboard and a Nokia N900 style keyboard if that invokes a certain image. What? Yeah it's really
kind of a neat idea of a little QWERTY keyboard that's totally portable that would make an SSH session really practical on a mobile device. And
it can be integrated with a case where it slides up or down. I think this is neat. And they say
they're in talks with a number of hardware vendors regarding this N900 style slide out keyboard
design for the Pine phone. It won't be thin enough, Chris. Yeah, I'm really glad that they're not hung up on that at all in this
because there are so many of us out there
that are perfectly happy throwing an extended battery pack on their iPhone.
Right.
I haven't done it with this one, but iPhones in the past,
I'd go get the big old fat battery pack,
and it triples the thickness and weight of the thing.
Or people are putting the pop sockets on the back.
You know, there's all, it's not super minimal.
And actually in a way it's kind of perfect if you can pop it all off and then you have
a fairly thin, I mean, you have the Pine phone right there.
That fits in the pocket just fine.
Totally fine.
It's like, it would be like having a Nexus in your pocket.
You know, remember this meant it's like the small Nexus size, like the Nexus 6-ish in
your pocket.
It's big, but it's not too big.
But then you can snap these accessories on that actually make it a functional device.
And as these things get more powerful, and as in the case of the Pine phone, the operating systems are more sophisticated, I love seeing these kind of things.
And so I think it's early days, as a lot of this stuff is when we talk about this.
But they're looking for feedback, and they have some suggested design ideas, and they have a form thread set up on it. So we'll have a link to that in the
show notes. I could see it. I can see it one day all kind of coming together. It just makes me so
excited. We've got, you know, manufacturing capability and a manufacturing company that's
interested in thinking outside the box, making some of these projects that, okay, maybe they
don't appeal to a wider audience, but then we don't need that. We'll find out. Maybe they'll sell millions. Maybe. I don't know. I mean, if you think about it, anybody that has okay, maybe they don't appeal to a wider audience, but we don't need that. We'll find out. Maybe they'll sell millions.
Maybe.
I don't know.
I mean, if you think about it, anybody that has infrastructure they need to maintain,
you could make the case at the price point for the Pine phone, if it is your day job
to keep systems online, you could make the case that you could have a daily driver that
is your Android or your iPhone, and then you've got this with you in the bag or in
the pocket if you need to just bust something out that's got a mobile data connection
that's got a fully complex operating system with terminal and all that,
and a keyboard, people walk around with MacBook and iPads all day.
Maybe us Linux users will do something similar,
but just thousands of dollars cheaper.
That would be our style.
All right, well, a little bit of housekeeping here before we go on.
Join us next week live if you can, because we're doing another classic chat room attacks episode.
We've come across an old JB device from the hardware archive, and we're going to give it a full refurb, load it up with a modern OS, and then open it up to the chat room for, quote, load testing, end quote.
I love these.
So join us next week if you can because you'll get a chance to punish one of our machines.
We need your help.
That's right.
And now if you don't know when we're live, you can get it converted to your local time zone via robots at jupiterbroadcasting.com slash calendar.
It's over at jblive.tv, noon Pacific.
And you can just come on over.
We start the show up usually, like the live stream usually starts 20, 30 minutes before the actual show.
We get music playing and we get on there and start chatting.
Sometimes like this week we started like 15 minutes late because we were goofing around.
You get to hang on all of that and then also get to help punish the system and name the show.
It's like a whole extra show.
It is.
So check us out over at jupiterbroadcasting.com slash calendar for the time and jblive.tv is where it's streamed at.
And also a reminder for the LUP plug.
I was hanging out in the LUP plug this Sunday while I was out working on the storage bays of Lady Jupes. so I'm carrying the phone in my pocket and I'm like spraying stuff and scratching down rust stuff
and painting over stuff
and chatting with the Lep Lug
about cellular antennas
and all the kind of stuff
it was pretty good
pretty good couple hours worth of chatting
and I got a lot done
took a break during some of it
because I ran out of Rust-Oleum
and then got back at it
it was good
so you can join us too
the Lep Lug is on Sundays at noon Pacific
and it's in the same mumble room we use for the show.
We just do it up in the lobby.
So you just have to have the open source mumble software.
Pretty easy.
They have it for the phone too.
They have it for the phone too.
Don't tell anybody though.
We don't tell people about that.
No.
All right.
Well, this week we're going to tell you
about our favorite headphones on Linux for like meetings or joining the mumble room.
This would be these would be great headphones potentially to jump into the LepLug on Sunday.
I also wanted something.
That's actually why I bought mine.
I bought mine specifically for the LepLug.
And then I wanted to start using them for Zoom meetings and whatnot.
And the requirements were something that works really well with Linux.
And I think for you and I, at least, we'll see where Drew falls down.
I think that's going to be an interesting one.
But for you and I, I think we both wanted wireless.
Right.
So you have the newer version of ones that I tried a couple,
like maybe a year and a half ago, the Jabra Elite Active 65Ts.
These are no bigger than AirPods.
Yeah, that's it.
I mean, then they're very much marketed as, you know,
competitor Android version of the AirPods.
Although, of course, they'll work with iOS too.
Yeah, they're not bad.
You know, there are newer ones now.
There's also the 75T.
I don't know why they don't make the, you know,
the version in between, but that's not my business.
And we should probably say the price
up front, they're $120,
so they're cheaper than AirPods,
but they're not super economical.
You'll see them on sale sometimes. Actually, I bought a
refurbished pair just because,
hey, why not? Even though they might have been in somebody else's
ear balls. Well, and then I immediately dropped them
on the floor and one of my dogs tried to chew on it.
So these are not necessarily
pristine.
But that's kind of the point is that, you know, I've already gotten some nice audio equipment, nice headphones, a nice microphone.
And I just wanted something that was a little more convenient where, you know, maybe I'm
not the star of the show for this particular meeting, but I want to be able to get up,
walk to the kitchen, make myself a snack or go deal with the dogs barking at something.
They're not bad.
I was definitely inspired.
I think I'd seen you and some other folks I know with AirPods and that looked very convenient. Audio quality? Well,
you got to make sure you switch it, you know, into the high quality audio playback mode,
which I will say, having used it both on a Mac and Linux, sort of struck me as just how these
things go with Mac and Linux. Because on Mac, it figures out if you're recording, you know,
it figures out like, oh, are you trying to talk? You have an application that needs to,
it needs an audio input. Oh yeah. Okay. Well then you'll be in headset mode. If not, then you'll
just automatically switch to high quality playback mode. Although sometimes it gets that wrong. So
it's perfect, beautiful when it works on the link side, there may be ways to make it automatically
switch. I've not investigated that because you just go in pulse. It's an option on the device, super simple, easy, and you can configure it yourself.
So I like that, and I was actually kind of impressed.
They're a little bassy for my taste.
But the audio quality, just for playback, watching a YouTube video on my desk,
or just listening to stuff, totally fine.
Yeah, for listening, not bad.
Totally usable.
Yeah, yeah.
Where things fall down a little bit.
Come in, Levi.
Come in, Levi.
This is Charlie. Repeat, Levi. Yeah, yeah. Where things fall down a little bit. Come in, Levi. Come in, Levi. This is Charlie.
Repeat, Levi.
This is Charlie.
I found the truth.
I found the truth.
Okay, I'd say that's phone quality.
That's it.
It's phone quality.
And it's definitely noticeable if, you know, you're switching from a different mic or honestly,
these days, even just like the phone on my Pixel 3, that microphone built in, I mean, to the handset itself.
Is better.
Is better.
Yeah.
And that's a little embarrassing.
Yeah.
Although if you're, you know, for me, and I think for you too, I wanted something that was totally just like I just got to chime in a couple of times in a work meeting.
And I'm not running the meeting.
I'm not talking a whole lot.
I'm doing a lot of yeah or I think so's,
or yeah, we can definitely look into that.
Exactly.
And it does totally work for that,
for something that's just really easy to pop in.
So when you pop them in, does it auto-connect
or do you have to go into the Bluetooth settings in, like, say, Linux
and connect them each time?
You know, it depends on the operating system
and how you've configured it, of course.
But yeah, for the most part, it just automatically connects, no problem.
I did run into an issue,
and I think this might have just been an issue
with the device itself,
is I paired it from the same machine
with the same Bluetooth hardware ID and everything,
but from two different distros.
And after that, I had to keep repairing it with those.
Though I was able to do like a factory reset on it,
that fixed it, which makes me think it was a problem
with just being confused about all these devices. Which made me, having repaired it a whole bunch of times before I bothered to do like a factory reset on it. That fixed it, which makes me think it was a problem with just being confused about all these devices.
Which made me, having repaired it a whole bunch of times
before I bothered to do that, made me suddenly have opinions.
I really actually kind of like GNOME's Bluetooth settings
more than I do in the Plasma world.
I'm going to jump ahead to mine,
because mine is about accomplishing a lot of that
and totally avoiding Bluetooth,
which I think is now the
way to go.
I wasn't sure.
I was, these were recommended to me by the LUP plug, and I went with the Corsair Void
RGB Elite Wireless Gaming Headset.
Now, that's a horrible name.
And RGB, I don't know about that.
It does have a logo on it that changes color.
But the thing that is fantastic about these is, now, these are not earbuds.
I will disclaim they're full over-ear headphones.
Right.
But, Wes, no Bluetooth, but they're still wireless.
How does that work?
Why, Wes, it's good old-fashioned RF, and I think they sound lovely.
Let me play you a little audio sample I recorded this morning here at the studio,
just to give you a sense of what it's like when you're outside a studio environment,
you're just in like a working office environment.
Here's the audio quality.
Ah, the freedom of true mobility.
The Corsair Void RGB Elite Wireless Gaming Headset.
For the connoisseuring pup who likes to game a little bit,
but maybe also has a pup day job. The Corsair Void RGB Elite Wireless push hard on the gaming angle,
but I don't really see it. They're all black, nice design, very comfortable to wear, and everybody
needs a good headset and microphone from time to time with today's video calls and whatnots and this certainly seems to fit the bill
I really like the way they feel on the head not too tight but they're not going
anywhere if you got the zoomies they're not flying off but additionally they
sound fantastic music sounds incredible on these but let's talk about the real
feature RF wireless true mobility I'm up I'm moving let's talk about the real feature RF wireless true mobility
I'm up I'm moving let's do a live demo I'm in my studio office
upstairs in the JB one studio and I'm gonna walk out into the foyer
and move about but now
as I continue to move across the foyer I'm into another office space
multiple walls between us yet we are still communicating. But friends, let's be honest. If you're an entrepreneur pup, easy for me to say, and you're going in and out of Zoom meetings all day like I find myself, you want something that lets you sneak away for those important moments.
moments. Well an RF wireless headset means if you've got to go potty during a meeting, no problem because one of the features that I absolutely love about
the Corsair is the way the microphone mutes. It's push to mute so when you're
ready to flush you can just simply push up on the microphone, notice,
and no one's the wiser that you were just flushing.
It has a nice little chime when it mutes
and a nice little soft chime when it unmutes.
So you can sneak off and do nature's business
without anybody knowing.
Ultimately, while the mobility is great
and I can sit here and yak my face off
while walking around the studio,
I think my favorite feature is how freaking easy it worked with Linux. I'm going to throw this thing.
That right there was me throwing the box because it worked so damn good. I plugged it in. Linux
sees everything, even the full name of the device, Corsair Wireless Gaming, and it shows an analog
connection and a digital connection. So if you want to try messing around with that 7.1 surround sound fake audio you
can but if you just want things to work you just want a simple stereo audio
device that's available to both show up to pulse audio and I think that might be
my favorite part plug it in turn it on and it just goes. And because the USB dongle is always persistent, Linux always sees my audio
device. Even if I don't necessarily need to hear sound, I don't want my headphones on,
it's still there. So my settings aren't changing all the time. The USB device is always there,
even if I'm not using the headphones. So if I have, say, like something start playing and I
want to hear it, I just grab the headphones, turn them on, and everything's already going.
No settings to change, no Bluetooth device to connect, none of that fussy stuff. It's just
always on, it's always working because it's a physical USB device that's the actual sound card,
and then it does all the RF magic for you. I think these are keepers. These are going to be my go-to
headsets, gaming or not.
I really got to say, the thing that I love about them is that the device is always on.
It's always there because I leave the dongle plugged in 24-7.
So there's essentially to pulse audio, the sound device is always there.
It's always there.
No crazy change in a default.
No switcheroo.
It's none the wiser if the headphones are on or off.
So I can just have my sound device always available and I just flip them on.
The other thing I like about it, and you could hear a little bit there in the clip,
is because it's analog, it actually tends to degrade a little bit more elegantly.
Right.
When I'm walking to the other room, you can start to hear a few pops and drops.
And there's actually a channel switch pop in there towards the very end of that clip.
So you have those analog drawbacks,
but at the same time, it means instead of cutting out audio,
you just sort of get slightly degraded.
Continuous degradation.
And I do really like the fact that when you flip up the microphone,
the little blue light on the microphone turns off and has a really soft little tone in the headset that it plays to let you know.
Your stop.
Yeah.
So if you got to take a potty break, no big deal.
It's right there.
You just flip it right up.
You don't have to embarrass yourself.
And it's comfortable.
I can wear it all day long if I need to.
It is also slightly cheaper because it's not fancy earbuds, right?
It's a big over ear.
What are we talking about here?
$99.99.
Oh.
Yeah. So it's
expensive, but they're probably
I gotta imagine I'll use these for
five years, and I would buy these same
These, when it comes to headphones,
if you find the right headphones, I try to buy the same one.
You know what works? What
changed it? These are my go-tos now. I hope
they don't drop them. I did think you sounded pretty good,
although maybe a little congested.
Was that, is that, you think the microphone?
Yeah.
I mean, it's just, it was just a couple hours ago.
It's a small capsule.
So, you know, I would imagine it's, but it's not awful.
I think it's a step up from yours.
Oh, definitely.
If you're doing a lot of the talking or you want to sound really professional, I don't think it's adequate enough.
And I bet you that's where Drew could probably help us out a little bit.
Yeah.
My impression is that it wasn't a full range signal that it's it's pushing through
so you're definitely missing some frequencies and like the high mids they're just gone so that's why
you sound so nasally is because you're not getting your full voice now one thing that i will say is
that in the pro audio world, when you see people
walking around with like wireless mics on stage and stuff like that, they're all RF. So this is
using technology that is tried and true in the pro audio space, which is great. You know, RF is also
going to go through walls a lot better than Bluetooth, as you demonstrated. It's a great technology for audio. I highly,
highly recommend RF if you're going to go wireless. You know, Bluetooth is fine for
super short range stuff, especially if you have like a good strong connection, but it's not going
to beat RF for straight audio. Yeah. And then, you know, also you don't have all of the Bluetooth
pairing trickery or management
that you have to do with it either. Just plug it in and go. Do you do anything below a professional
grade microphone? Do you, does Drew go out and buy a cheap headset microphone ever? No, I,
I, well for this, I actually did dig out my, uh, old collar bone set like Logitech. It's an old one. They don't even sell it anymore.
Bluetooth headset that I used to use on mobile back when I would have to go visit clients and
stuff and, you know, be working on computers and answer a call. So I had, you know, this hands-free
thing and I wanted to see how well it would work on Linux connecting over Bluetooth.
I did get it paired, paired just fine, and playback worked
fine. The audio quality was great, but the input didn't work. I could select it in Pulse,
and as soon as I hit record, the application that was trying to record would just freeze up.
And I tried this out in multiple different applications that record straight from Pulse Audio. Every single one of them had the same issue. Just hit record, boom, it's done. The
application is no longer responding. So total fail on recording for that. So the microphone
did not work and I don't really think it's a Bluetooth issue. I think it's a headset issue.
I think it's just too old because I've had issues with it on the phone recently too.
Last time I tried it, I had to, you know, stop using it and go straight to the handset.
These days for me, I've got a professional mic in my booth and at my desk.
And I've got professional grade headphones in my booth and at my desk.
So yeah, you do have noticed
what reason do I have to have yet another headset just for hands-free wireless, blah, blah, blah,
blah. I don't. So no. Well, it's something you were saying in the pre-show and I think it's
worth considering. One option is to just buy one microphone by and by at once and get a good one
and use it for everything. I specifically was
looking for something that I could get up and walk around with because I mean, just so many of these
now, and I'm trying not to sit there at my desk all day, but I like that point that you made.
And there are, we'll link to some microphones that are quote unquote professional grade that
are like a hundred dollars that are a good starting point. You know, it's funny. That's
basically what I've ended up doing is for calls that I want slightly better audio,
but I'm still not having to talk all the time
is I just plug in my USB mic at my desk
and then I switch the headphones
to just high quality playback mode.
So I can still go get up,
you know, refresh my beverage.
I just have to sit at my desk
if I actually want to talk,
but I sound great.
I will try to remember to put a link
to the USB microphone that I like.
They're all in the same range
and we'll put a link to a professional-grade mic that starts
at around $100, and then links to these
headsets. I really like this Corsair
for just using my computer
as well. I
actually edited the audio
for it on there just to hear what it sounded like, and I thought
it did a pretty decent representation.
Oh, that's great. I then listened on my studio monitor
speakers where there was a difference, but
in terms of just enjoying music and playing video games, these headsets are really good.
I really liked it.
And the sound was better than I expected.
So I like it a lot.
It seems like kind of a sweet spot and, you know, just usable.
You can use it for multiple purposes.
Comfortable.
Sounds good.
And good audio quality on recording.
Boy lesson, though.
Like what is really sticking with me is the beauty of these RF devices.
Right.
Is it's a USB audio interface
that's detected by Linux
and it's always there and it just works.
No pairing, no Bluetooth involved at all.
Just works.
Well, you know, I had to learn in this
experimenting that,
I guess we've switched
and now the Bluetooth,
the main Bluetooth implementation
is done in Pulse and not in ALSA.
You can still set that up if you want.
But of course, I was planning to record with Jack and things got more complicated than I want.
So I've been down in the bowels playing around with Pulse Audio,
loopback devices and virtual syncs trying to get what's a simple, you know,
simple mix situation in Jack going in Pulse Audio so that I can play music
while using my Bluetooth speakers on a Zoom call.
And it's been way more correct than I anticipated.
So tell me a little bit about that, because I think ultimately, are you saying you could send music into the Zoom call?
Yeah.
You're sending systems?
You know, play back a YouTube video and then have that and my mic go into the Zoom call as me.
All in Pulse? No jack audio?
No jack audio, because, again, I would have had to figure out some routing between Pulse and jack.
Pulse can do this?
Pulse can do this.
What's the secret software?
It is way more, well, you're going to have to bust out the command line and start loading Pulse modules yourself.
That's not too hard.
Zoom makes it a little more complicated, too, in particular.
So you can basically make these virtual syncs, which is kind of what it sounds like, a place to send audio that doesn't have to be a real device.
And then you can use loopbacks to connect them.
I'll have linked to a nice blog post that was written up
with the intention of recording from a video game while you were talking.
That works fine.
In their case, they were playing it back through a Google meeting,
you know, WebRTC in the browser.
And that's not as picky about what it treats as a microphone.
But Zoom, Zoom wants to see some kind of thing that isn't virtual anyway.
So I was able to find a great Stack Overflow write-up
that actually uses,
you know, an audio cleanup filter inside Pulse to get rid of echoes. That Zoom accepts. So it
sets up another layer of abstraction that just basically tricks Zoom into thinking that you're
sending it from a real stuff, but it totally works. I'm surprised to hear that Zoom even has
any facilities to detect virtual audio devices on Linux and then choose which ones it accepts and which ones it doesn't.
That seems like more work than I would expect.
It lists it, but won't let you choose it.
And if you change it in Bavu control, it just changes it right back.
Yeah, it's...
Really?
I was surprised to see that.
They've put thought into this.
They don't want you using it this way, I don't think.
No.
That's interesting. But you could use
the same trick, I guess, to do
only pulse audio routing to, say, take a video
game capture and send it to OBS for streaming.
Yeah. You know, and the
guides are really nicely done. The one
aimed at video games has a neat diagram
and a sort of method you can apply to work out
like, you list all your devices, you circle
ones that are, you know, actually hardware,
draw some arrows between them, and then connect all the arrows.
You basically open Pavu control and assign like, okay, this goes to this virtual sync.
This one goes here.
And at the end, your audio routes correctly.
And so ultimately Zoom is pointing at virtual devices that you could change what's going
to them at any time.
So you could switch out microphones or whatever you want and never have to change Zoom.
Yeah.
And then Pavu control is just a mixer console where you can, you know, slide things for
the virtual stuff.
So you can either lower your mic or you could lower the mix, the, you know, the one that
has both of them.
Yeah.
It worked surprisingly well.
I kept wanting to play back sound clips when I was in a meeting with friends, right?
Of course, who doesn't?
And I was just playing them on my phone in front of the microphone because I didn't have
a better solution.
And I just kept thinking to myself, like, in Jack, this would be so simple. You know, I already have it all set up. So I was
just neat to see that Pulse is more capable than we give it credit for, even if the ergonomics are
terrible. Yeah. I'd love to hear others, audio tricks or solutions they've had to come up with
for a more virtual calls that everybody is doing. Telegram is probably the best place for it.
Jupiterbroadcasting.com slash Telegram. Join the group there and chat with us about your audio
hackery. So how long did it take you to wire all that up? I mean, that was definitely, I was very
distracted for the first hour of that call. Let's just say. Are you doing a dirty call?
Well, I wanted the reveal, you know, where it just like comes out as me.
Because you can share audio in Zoom, but then it shares to everyone and only the host, you know, the configurator who can do that.
No rules for me.
Nobody ever, who wants a soundboard, right?
So we have some feedback from Marvin, and he points out about a neat little tool in MX Linux that I don't think we've ever shared with the audience.
And it seemed worth talking about.
He says, hey, guys, recently you mentioned the snapshot capability of Fedora
and how it nearly protects against OS killing disasters.
Well, there is no facility for that yet, but there could be one day.
OpenSUSE works to have that, and so is Ubuntu with CFS.
He says, I think your listeners would benefit to know that MX Linux also has a snapshot feature sort of like this.
With MX Linux, an ISO of the complete installation
can be made on demand.
In the event of any trouble,
your system can be reinstalled exactly as it was
at the time of making the ISO.
This saves a ton of time,
and all the customizations and software that I did
are instantly available
again. I think it's just one of these awesome features that are making MX Linux so popular
today. You know, it's really interesting. I find myself thinking to myself, gosh, I would hate to
have to do that. Like just not wanting to do it that way. But at the same time, that seems great
for just a consumer. And, you know, here's a simple backup step you can do. Save this on a
flash drive that, you know, are two of them that you store in a drawer and somewhere else.
Now you've got your backups. You know, what I used to do for family is I would give them
a Linux box and then essentially something kind of like this. And it's first it was I would tape
a CD in a sleeve to the inside of their PC case. And then towards the end, it was I'd tape the
thumb drive inside the case. Right. And then towards the end, it was I'd tape the thumb drive inside the case.
Right.
And then in case of emergency,
you break the seal and you restore.
And so you could easily accomplish that
with this feature.
And I really like that
because that's sort of the,
my Hail Mary remote tech support solution
back in the day was break the seal,
reload the machine.
And I knew because I had made that custom snapshot
that it would get them back to a state
where I could remote support them.
You could do that with this.
It'd be a pretty good way to go.
He says also, he threw this in at the end.
He says, there's so much to like about Fedora.
I agree.
But DNF is a total deal breaker.
It's so slow.
I just can't stand it.
They need to work on that before anything else,
in my opinion.
He says, glad you made it home safely. Keep up the good work. Marvin, them are fighting words about DNF. I love it. They need to work on that before anything else, in my opinion. He says, glad you made it home safely. Keep up the good work. Marvin, them are fighting words about DNF. I love it.
It's slow because it's sound, all right? It's doing a good job of updating your system.
I'll tell you what, it's slow because it gets it right. And if you want to see painfully slow,
check out Brew on macOS. However, I'll also add this.
We always talk about how fast Pac-Man is and Yay and those tools, but when you stop and
pay attention to how many freaking questions by default the Arch tools ask you, obviously
you can configure them or flag them so they don't.
But by default, like you're getting 20 questions before you install like five packages on some
of these things.
And so if you think about the actual time it takes, I think DNF may not be so bad.
It probably would have fared better when you, you know, upgraded that box, not in a TMUX
session the other week.
Probably would have.
And then also there was, I was doing an update upstairs just the other day when GNOME crashed
on me.
Right.
And I ended up reloading my machine.
I've had some bad luck recently, Wes.
I was maybe just going to skip updates for a while.
I'm just going to just let things...
Take more snapshots.
I'll just let them sit, I think.
Well, you know me.
That's not true at all.
In fact, I come in on the weekends and I update machines.
It's just something about it.
I love fresh, free software.
I always have.
And it's kind of like something you cross off the list.
Oh, yeah. I updated all my machines today. It does feel like I'm taking care of stuff. I'm
doing my maintenance. I'm being a good custodian, if you will, of my systems. Well, that brings us
to the end of today's Unplugged. We'd love to have you join us live next week for that live
punishment test because we need as much traffic as our little Comcast connection will handle.
We actually got pretty far last time, so it has fared fairly well.
Did you know this show is on Twitter for new release announcements and other things?
At Linux Unplugged, the network is at Jupyter Signal.
I'm at Chris Lass.
He's at Wes Payne, right?
Or is it at Noble?
I can't even remember.
It's at Wes Payne.
Why don't I remember that?
I should just have it on a sticky right here.
Really? We can get that. Really, I could just have it on a sticky right here. We can get that.
Really?
I could just put it on a sticky.
Remember, Wes is at Westpain.
Or you just ask me.
Could do that.
It could just be a bit that we do now at this point.
Who really knows?
But I do know this.
I'll see you next Tuesday! Thank you. Now, I definitely saw in the chat room while we were talking about MX Linux's ISO restore mode
that several people were mentioning other distros like puppy do this
as well. So what's a, what's a pretty well-known tool. Is there one that all these distros are
using or are they all rolling it themselves? So the Mandrake family had drag snapshot,
which evolved into its own tool called make live CD, which became my live CD. The current
descendant of the Mandrake family that still uses this is PC Linux OS. So you
can re-spin from a PC Linux OS system. You can re-spin the whole system as an ISO that you can
then use somewhere else. So that one exists there. And of course, Puppy Linux has its own tool.
The problem with making one that's generic is that since every distro does their plumbing
layers a little bit differently, well, every distro family that is. Of course. Yeah. Every distro family does their plumbing
layers a little differently. These tools generally cannot be shared. I still just really like using
my friend Clonezilla. Clonezilla is just recently been updated back in May. It's still a project
is still going strong. And it is like my universal like go to for when I for when I
receive a review machine I try to do a
clonezilla right also
with regards to dnf speed or
whatever dnf is getting rewritten
into c++
for dnf version 5 which is coming
hopefully this fall
boy fedora is going to be getting to be a spicy meatball
I tell you what why not in rust
oh
no
yes