LINUX Unplugged - 395: The Waybig Machine
Episode Date: March 3, 2021It's our worst idea yet. We share the password to our brand-new server and see who can own the box first. Whoever wins gets a special prize. Plus how Archive.org uses Linux, and more. Special Guests: ...Brent Gervais, Carl George, and Neal Gompa.
Transcript
Discussion (0)
we came across a little tool called Sokae,
which we will have linked in the show notes,
that looks at your bash history,
goes through everything you've been doing on your box,
and generates a pie chart or a bar graph,
whatever you like, you have some options,
of your most frequently used commands.
And we thought, this probably reveals a lot
about how we use our boxes.
So we're going to run it on our systems here,
and we'll have a link to it if you want to try it on yours.
And we're going to reveal our top used commands on our Linux systems.
Do you want to go first, Wes?
Yeah, okay.
You can definitely tell that I'm just using the terminal as a file manager
because my top three are ls, cd, vim, and then followed by cat.
After that, though, there's git and docker-compose,
so it gets a little more interesting.
Oh, man.
Mine are so embarrassing compared to yours.
Okay.
All right.
Well, you can definitely tell I'm into my Arch
because my number one command by, like, a lot is Yay, the package manager.
Well, you have to run it, like, what, six, ten times a day to be sure?
You got to.
And then YouTube DL, which is what I use for clips,
and then SSH, which is just me logging into everything else.
This is embarrassing.
Hello, friends, and welcome into your weekly Linux talk show.
My name is Chris.
My name is Wes.
Hello, Wes.
I like the tactical gear, color matched and everything.
This episode is brought to you by the all-new A Cloud Guru, the leader in learning for the cloud, Linux, and other modern tech skills.
Hundreds of courses, thousands of hands-on labs, get certified, get hired, get learning at acloudguru.com.
Well, coming up on this week's episode, it's our worst idea yet.
I don't know what we're thinking. We thought we'd have some fun, I guess. We're going to
hand out the login info to one of our
servers to our
chatroom. And then,
whoever owns the box first
gets a prize. We're going to have more details
later on in the show.
We're going to call it the Unplugged Hacker
Games, just because we're having fun as we approach
episode 400. So we have
the Hacker Games coming up. We have some community news to 400. So we have the hacker games coming up.
We have some community news to get into, including how the heck does archive.org actually run
and manage to archive the entire internet and some feedback.
But before we get to any of that, I have one line of duty that I must carry out before
we proceed any further.
And that is to say time-appropriate greetings, Mumble Room.
Hello, virtual lug.
Well, hello.
What are you, time-appropriate greetings?
Nice to have you all in there.
And so I wanted to get into something before we get into the news,
and that is just maybe a call-out, a request to the audience, perhaps,
as we approach episode 400.
Stay a while and listen. If you know us, you know that we like to do something to celebrate the audience, perhaps, as we approach episode 400? Stay a while and listen.
If you know us, you know that we like to do something to celebrate the milestones like 400.
We don't do it all the time, but every now and then we like to get, we like to have some fun.
And we thought, what could be some ways that we could really enjoy ourselves leading up to episode 400?
And there's one topic that Wes and I have always wanted to do on the show.
We've talked about it a hundred different times, but we've never really found the right
partner to work with, if you will, quote unquote, you know, using that term loosely, but we've
always wanted to do an episode on Linux and brewing beer.
We'd really love to go hands-on if possible.
We'd love to like make some episode
400 beer that we drink later on at some point and use Linux to make it happen. It's not required
that we go hands-on, but it sure would be fun. And we're looking for somebody who's actively
brewing beer. I mean, I've heard from people who have brewed beer, but we're looking for somebody
who's actually doing it right now. Maybe even has a brewery, maybe not,
but somebody we could engage with, learn from,
and then maybe share their story on the show.
And if we could end up with episode 400 series beer too,
boy, that'd be a lot of fun.
So we got five weeks.
It may not be impossible.
If you or someone you know is actively brewing beer
and uses Linux to make it possible,
get in touch with us at linuxunplugged.com contact
or hit us up on
Telegram or Twitter.
Or, Wes, I should also mention,
if anybody knows how the hell to use the brewery,
that automated brewing machine,
also let us know. Oh, the brewery,
yeah. We have it sitting out in the
garage. Technically runs
Android, which is kind of Linux.
I've heard that's Linux, yeah.
It's kind of Linux, right? Kind of.
So anyways, let us know, linuxunplugged.com
slash contact or telegram or the Twitters
would be fine as well.
But looking ahead at something that's also coming
just a few weeks out, that's Gnome Shell 40.
And one of the things they're launching in Gnome Shell
is fully realized gesture support.
And I thought maybe we'd just zoom in on this one feature
for this episode.
With the gesture support in 40, you can manage running apps, you can change your workspace,
you can bring up the overview. They've taken the gesture support that Gnome Shell has had for a
while, and they've really rounded it out and completed it. And assuming you're all into that
kind of thing, which a lot of people are, there is one major problem.
It does not work on X11.
There are technical reasons,
but it is a reminder of why X11 just needs to go.
Get that out of here.
Get it out of here.
But one clever developer figured out a way to bring these touch gestures to the X11 version of GNOME Shell,
and it really opens up the desktop to a quick and efficient way to bring these touch gestures to the X11 version of Gnome Shell, and it really opens
up the desktop to a quick and efficient way to navigate the UI. And so I've decided, as I'm kind
of prepping my space right now, I am making way for Gnome Shell 40 because I have been a plasma
head for a while, and I want to switch over to Shell 40 when it lands. So what I have done is
I have dusted off, and I'm charging it right now, an old Apple Magic trackpad.
Because I guess these work pretty well now.
Oh, look at you.
I know, right?
I'm thinking I'm going to do the two-mouse setup.
I'm going to have a regular mouse on my right, and then I'll have my trackpad on my left.
It's a setup I've used in the past for video editing.
It also kind of helps with RSI because I use my right hand less this way.
in the past for video editing.
It also kind of helps with RSI because I use my right hand less this way.
And I can manipulate the UI with my left hand
and I can click and point with my right hand.
So you kind of get the best of both worlds.
How well that Apple Magic Trackpad is supported,
that's what I'm kind of wondering
if anybody in the Mumble room
has tried these before with Linux?
Yes, I have indeed.
So the Trackpad 1 works pretty well.
Number one, okay. Yeah, I've done one 1 works pretty well. Number one, okay.
Yeah, I've done one that works pretty well.
What about the new Magic Trackpad 2?
I haven't tried it yet.
Yeah, but the one works well.
The only thing I have from time to time, it does not auto-connect.
So you will have to manually connect it via Bluetooth.
So I was thinking I'd do wired.
I was thinking, because I did read that some people get it working with Bluetooth
but get disconnect issues, but it seems to work
100% of the time wired. And I'm fine
with that, because this is a desktop.
So, that's, you know, and this is,
I just wanted to try this out. And
I've recently realized that I
am very much a desktop
guy. I really like desktops.
And so, I thought about it. It's like, well, maybe
I could just do a few things to take
what I like about the laptop experience and bring it to the desktop and make it even better. So, now I It's like, well, maybe I could just do a few things to take what I like about the laptop experience
and bring it to the desktop and make it even better.
So now I have like a full desktop keyboard and mouse,
but I also will have the trackpad gestures and all of that.
Does that mean you're going to buy like a really bad webcam to add on there too?
Nice.
I have like a Logitech C920 hooked up, but it is starting to feel old,
but they really haven't surpassed it much.
But you know what I mean, Wes?
Like I'm preparing the way,
like I'm getting myself all set up.
I got my monitors arranged the way
I'm going to want them for GNOME Shell.
Getting myself ready.
My body is prepared.
My workspace is prepared.
I don't know if this is like a,
I mean, obviously there's a lot of really good stuff.
It seems like GNOME 40 has a lot of nice things,
but does this speak a little bit to the GNOME,
you know, riding the edge of Gnome experience
that you either have to be upset by it
or, like you're doing,
choose to really embrace it and plan ahead?
Yeah, I'm wondering, Carl,
if your thoughts have evolved at all
on the horizontal workspace layout
and some of the recent things that the Gnome project,
like Alan Day made a post saying
where they're going to commit to multi-monitor support
and they're going to continue to work on that. Have your thoughts on GNOME 40 and if you're
going to stick with the more traditional layout stuff? Has that evolved at all?
I haven't read through all of the updates yet. I'm still a little skeptical. I mean,
I know they're going to try and work towards it and they're listening to the feedback at least.
I'll definitely give it a shot when it comes out, but time will tell if it's something I can
actually get used to or not with the different things.
What I've noticed is that every time I bring up the spatial relationship of the desktop, they like that they're focusing on the spatial relationship between elements on the desktop, like the app drawer and the workspace switcher.
But I've been more focused on the spatial relationship between different workspaces,
and those aren't the same thing.
Hello, Poby.
Good to see you.
I don't think I've gotten your take on the GNOME 40 shell changes.
We've been chatting about them on the show, kind of preparing ourselves for it.
I was just talking about how I'm setting up a rig to get ready for it, and I'm going to
jump in and try out the new layouts.
What are your takes on it?
Is this the time when the Linux desktop is passing you by,
or are you on board to try out the new changes?
Well, I'm on Ubuntu, so it's a bit difficult to try it out
unless I nuke and pave and go with some other distro right now.
What are your thoughts on that?
So I could give it a go on one of my other machines,
but I don't think that will help me because what I really need to do is play with it on my primary machine where I have multiple monitors.
Because, like Carl, I need to feel what it feels like using it on a daily basis.
And I'm not there yet because I need to use this as a functioning machine.
I can't really use pre-release software on this right now.
Yep.
I've thought about doing the pre-release thing myself.
Been tempted a couple of times.
We did load it up at one point to just kind of get an idea of what was coming so we could talk about it.
But I didn't really want to base my whole opinion on it yet.
Well, kind of in this same realm, talking about this hardware, believe it or not, in kind of a fixing the barn doors after the cow comes home traditional open source style, the Apple touch bar on MacBooks may actually see at least a glimmer of hope of getting upstreamed in 2021.
It's actually happening. That little touch bar, even though I think now it's rumored it's
going away, we may have at least some basic functionality soon. Sent out on Saturday by
independent developer Ronald Scalar was the latest reverse engineered open source driver code that
gets the touch bar and the Apple light sensor support working for MacBook Pro 13-inch, 14-inch,
and 15-inch models.
Yeah, light support.
Light sensor support is particularly interesting because that's part of the solution that Mac
OS uses to adjust the screen brightness.
Now, the Apple iBridge, that T1 security trip driver, is also needed for interfacing with
the iSight web camera and the light sensor and the fingerprint sensor.
At the moment, the Linux driver coverage is focused on the touch bar and the light sensor.
Yeah, so no webcam and no touch ID, but the driver is coming along.
pace, it means that people who are transitioning to preserving or archiving these machines or rebuilding and repurposing these machines are going to have support. And that I think is kind
of nice because as these are sort of probably being taken out of production with the M1 over
time now, and it won't be all at once, Linux will be ready to support the systems that want to stay
around and stay relevant. And I love seeing that kind of thing. And unfortunately, that seems to be about where our MacBook support is shining best
these days.
Not so bad, though, really.
You know, because if you buy a Mac, you're buying a Mac to run macOS.
But if you're buying a used Mac, it's really nice to be able to run Linux on it.
It's not an ideal situation.
Obviously, it'd be great if, hell, it'd be great
if Apple upstreamed drivers,
for heck's sake, Wes.
But, you know,
as far as a number two,
being able to run these machines
years after Apple abandons them,
I think is hugely,
not only useful
from just like an economic standpoint,
but also just from
preventing environmental waste.
Now, it'd be very,
very entertaining to me
if there was somehow
a touch bar revolution
on the Linux side of things
after the Apple ecosystem wasn't so fond.
Linode.com slash unplugged.
Go there, get $100 for 60 days on a new account.
That's really remarkable.
$100 in credit will really let you try out Linode
and see what it can do.
That's what's great is that kind of shows some confidence by Linode.
And one of the things I think is great about Linode is all of the distributions they support.
In a moment, we're going to open up one of our boxes for the chat room to log into.
And we're confident that we'll have the performance necessary to actually make that possible
because every machine has super fast SSDs, 40 gigabit connections to the internet,
and one of 11 choice data center locations to choose from. And one of the great things about
Linode, beyond just the fact that I trust them with our infrastructure, is I trust where they're
going long term. They're independently owned. They have been since 2003. That's a big deal if you're going to rely on them
for your business or for even your personal stuff.
And they've really honed in what they do well.
They focused on it and they make it just right.
They do it right.
They do the best virtualized Linux computing out there.
You can try it too and see it.
See it for yourself.
See how them being in this game for so long
has given them a certain head over everyone else.
Try it out at linode.com slash unplugged
and get that $100 60-day credit.
They're independently owned
and they're founded on a love for Linux.
And I love that about them.
And we run a ton of our infrastructure on there.
So I can recommend if you need to build a website
or set up a backend for a chat system or maybe run a real-time chat app like Mumble, Linode is going to work for you.
But even a static website might be the way to go, maybe for a blog or maybe for a resume.
I will toss a link in our show notes at linuxunplugged.com slash 395 to a really well
done write-up in the Linode documentation area on choosing the right static website for you.
And kind of the pros and cons, the theme options for the different ones,
and then a comparison of things like Jekyll and Hugo and, well, a bunch of other ones.
And then how to use them so you can get an idea of what the flavor would be managing it
and what front ends they have to even manage them if they have them.
It's all just kind of outlined for you beautifully.
And then, of course, like one click to get these things going on Linode.
And with our $100 credit, you could try each one of them.
Why not?
Actually, one of the first ways I started using Linode
and one of the ways I knew I was going to be using Linode for a long time
was I tried out every different combination of WordPress.
Just boom, boom, boom, boom, boom
on Linode. Tested each one of them, built each one of them up. Not only was it a great way to
refresh myself on how to use WordPress because it had been a while, but I really got a sense of what
performed the best for me. And I just kept that Linode. It was great. You can do the same thing.
Go to linode.com slash unplugged, get that $100 60-day credit, and of course, support the show.
We all love archive.org.
It's one of the greatest resources on the internet.
And it's the home of the internet way back machine.
It's also a content distribution network of sorts.
You got to imagine, it is quite the infrastructure.
And you've probably imagined, if you didn't know, it's running Linux.
You would be correct on both counts.
I mean, don't all the best things run Linux?
It's true. That's true.
Jonah Edwards is the infrastructure manager at Archive.org.
He joined in the fall of 2016, and this is in his bio.
Quote, escaping from the world of online attention optimization
to the peace and safety of a techno-utopia
librarianship, which is incredible. And he gave a presentation to the Internet Archive staff
about the infrastructure, you know, just to kind of tell the employees how things work.
And like the awesome people they are, they made the whole thing public. And Wes and I watched it,
and we grabbed a couple of moments to just kind of tell you how they use Linux and how the archive.org actually works. So why don't
we do this? Let's start with an introduction from Jonah himself. Hey, everybody. For those of you
who don't know me or haven't had the pleasure of meeting yet, my name is Jonah Edwards. I run the
core infrastructure team here at the InRed Archive. Yeah, and you probably suspected but may not have known that they run all of their own infrastructure.
There is no cloud.
So there's no cloud. It's just someone else's computer.
Most of us have probably heard this sentiment in some form or another.
But here at the Internet Archive, it's really, really there's no cloud.
It's just our computers in our buildings run by our people.
And he gives us a rundown of what those computers are.
We have around 750 operational servers right now. We run these things way longer than anyone else
does. The oldest systems in our fleet are from back in 2012. More than a thousand VMs across
the fleet, which is probably what those of you who interface with us directly mostly interface with, tens of thousands of storage devices from high-performance NVMe flash,
SSDs, the spinning disks underlying the operating systems on the servers, and over 20,000 spinning
disks in paired storage, which is the redundant storage layer underlying the Internet Archive's
corpus, totaling nearly 200 petabytes of raw storage
capacity in the Internet Archive.
200 petabytes.
I mean, I knew it'd be a lot.
I knew it'd be a lot.
But you can imagine the growth rate, too, is a hell of a thing just to even manage.
We're currently growing the Internet Archive by over a quarter of its size per year.
Per year, Wes?
Per year.
Imagine what that's like to manage
from like a server standpoint,
a disk standpoint, a network standpoint.
And they've recently seen a large jump
in traffic in general.
We've had a huge explosion
in outbound traffic over the last year.
You know, with the pandemic lockdown,
you can see there in March and
April of 2020, how we really flatlined just because demand increased so quickly and so dramatically,
much faster than we anticipated. Yeah, so the pandemic and people at home led to increased
use of archive.org, which is interesting because it led to a big decrease in actual
library use.
But the archive.org internet library saw a huge uptick.
Yeah, well, it's the safest library out there.
That's true.
And no mask required.
Then he gave us a bit of an overview of the network traffic they see.
This is hard to actually put in this talk because this was an area where he gave some
visual examples and did an overview
that was like put up on maps and whatnot.
So we will link to the video
so you can see the entire thing.
It's not that long
and it's interesting the entire time.
I think it's one of the best virtual talks
I've watched this last pandemic year.
And so if you want to check out the whole thing,
I would encourage you.
But here's a little taste
of the network infrastructure
and even kind of where they're going with it.
We're pushing 60-something gigabits out most of the time right now.
We're currently working on expanding that capacity.
My expectation is that flow will be probably in the 80 gigabit range once we kind of clear everything out here and then just more from there.
So the intersite links that we do are kind of our current bottleneck.
We run those with a technology called dense wave division multiplexing.
I'm not going to get too into this.
I just think it's super cool.
So I tell people about it whenever it comes up.
We use fiber optics to connect our sites.
And just like with a prism, if you shine the fiber optic in different colors, you can prism
it together into a single beam of light and deprism it back at the other end. Super cool technology. Anyway, that's my little aside.
What we're moving towards now is actually going to be a full fiber ring between our sites.
We're going to have 100 gigabit links between all the sites. We are going to be able to utilize
both directions of the fiber ring simultaneously, giving us kind of, you know,
200 gigabits of bandwidth in both directions. Of course, if we use the whole thing, then
we're not going to get quite the redundancy of the fiber ring. And that's the reason I'm really
excited about it is that's been kind of one of the biggest causes of outages for us, especially
long term outages. I know watching the networking details was your favorite part of the talk, Wes.
Oh my gosh, I just love the amount of openness here,
which I guess sort of makes sense
given it's archive.org,
but tons of nitty gritty,
tons of nice actual pictures
of their somewhat messy networking stacks.
You actually get to see some of how this really happens.
Right, not so much like the PR photos
you see
from AWS or Google Cloud, but like their actual infrastructure, the real stuff, kind of like we're
going to get to a little bit later in the show. Real infrastructure sometimes has issues. But what
I appreciated about this talk was you could tell the staff understood the value that this
infrastructure brings an electronic archive. And Brewster Kahle, the staff understood the value that this infrastructure brings in electronic archive.
And Brewster Kahle, the founder of the Internet Archive, wrapped it up with a real nice moment,
actually, where he acknowledged Linux's role in all of this. And of course, how awesome his team
has been at implementing open source technologies to solve these problems. We're all built on Linux and the wonder of open source.
And it's just what a sharing,
awesome, amazing environment.
The whole Linux, Ubuntu,
free and open source software,
the sharing that's been going on.
And then we built the Petabox
infrastructure on top of that,
mostly in PHP and Python
to go and offer our services to the world.
It is a really impressive thing that this group has been able to pull off.
Yeah, that was Brewster Kahle. That's pretty great. And it's nice to see them acknowledge
Linux's role in that.
Yeah, really nicely put.
And with that, we'll just say thank you to Archive.org for everything they do.
And a big, like, love from the show to them because they helped Jupiter Broadcasting do some of their early distribution.
And I love, love, love the Wayback Machine.
Some serious nostalgia, but also just great to go back and see how things have evolved over time.
Well, yeah.
I mean, I think especially as we rapidly evolve what happens on the Internet, that that's documenting the culture that exists or doesn't exist anymore.
All right, Wes, grab your Swiffer.
Time for a spot of housekeeping around here.
I did this last week.
It's your turn.
No, we're going to both do it.
We both have the broom.
You know, it's shared.
Gosh, I tell you what.
I don't know where you found this dual-handled broom, but OK. Wait, you missed a spot there, Wes. Yeah, right there. Come on,
get that. He's going to get upset with me. So you go to Jupiter Broadcasting dot com slash telegram
if you want to join the J.B. Telegram group. All kinds of reasons. Not only do you see behind the
scenes discussion, but you follow up with us directly. Additionally, show announcements.
And when events are happening, you'll generally get info about them in there.
Jupyterbroadcasting.com slash telegram.
Every single Sunday, our virtual lug gets together outside the show just to hang out and talk.
Sometimes some of the sessions are recorded.
Sometimes it's just to hang out and talk about things you love about Linux or things you do at Linux or ways to use Linux or learn. It's a pretty cool community and it's self-organizing every Sunday in our Mumble room. We'll have the calendar event at
jupiterbroadcasting.com slash calendar. And I encourage you to get Mumble set up because then
you can join our virtual lug during the show. And I was just thinking, it's funny how the Clubhouse social network thing
has gotten so popular. It's really mumble. What Clubhouse is doing, it's mumble. And it's not as
good as mumble. And it's not free software. But the idea is sound. So you can join the Lug and
hang out in there every Sunday. And while you're over at jupiterbroadcasting.com,
why not grab the all shows feed?
When we launch new content, you get it there.
But additionally, in that feed, along with this show,
you get Coda Radio, self-hosted, and Linux Action News,
where Wes and I are breaking down
all of the important Linux news every single week.
That's all at jupiterterbroadcasting.com.
Go get some.
That should be the new slogan, you know, jupyterbroadcasting.com.
Go get some.
That'd be really obnoxious.
Although, obnoxious is kind of the name of the game
because we wanted to be a little tongue-in-cheek,
have some fun with this,
because, you know, it's the Hacker Games.
What's even crazier than letting anyone join a virtual lug Have some fun with this because, you know, it's the Hacker Games.
What's even crazier than letting anyone join a virtual lug and speak on our podcast live on the air?
How about sharing the login information to one of our application servers with our chat room?
We've set up an application server with one major misconfiguration.
If you find it, you can own the box. Whoever gets Root first
claims the yet-to-be-announced
400 swag.
One box,
one hacker, one exclusive
prize. It's the Unplugged
Hacker Game.
Oops, we misconfigured
one of our systems.
An actual misconfiguration that I've seen in
production. The first who pops
root on the box and leaves their name in an email and their email address in a text file in the
slash root home folder wins LUP400 swag. Also, the first who posts a link to the super secret file
in the slash root home folder also will win the swag. So that's what we're doing today.
We have this accidental configuration,
and it's on a server at rust.rodeo,
and the login is backup.
And what was the password, Wes?
Unplugged.
Oh, right, yeah.
So the user account is backup.
The password is unplugged.
Rust.rodeo, go log in.
If you can pop to root first, you win.
And if you can find the misconfiguration that we did.
Now, this user account backup doesn't normally have a shell.
A lot of systems like Ubuntu or Debian, this is a Debian box, will have a backup user pre-added.
have a backup user pre-added. And I actually have seen in production when the client needed,
for some reason, the backup account to actually like log in and do something over SSH.
I can't even remember what the circumstances was back then, but it was something to do with backup PC. And they set a shell for their backup account and set a really basic password. And that is
actually how I got access to the box. And so we're kind of
replicating that setup, but with a modern twist, because this is an application server that we
have deployed. And so it's running amongst other things, container software, and it has net data
installed for monitoring. It's a common system, pretty minimal install running on Debian that
you'd see with one or two mistakes that I've
actually witnessed in production that have been made here. Maybe it's not the newest Debian,
you know? Yeah, maybe there's a couple of old packages on there. So go log in to rust.rodeo
with the user account backup and the password unplugged, and whoever gets there first,
the password unplugged, and whoever gets there first, put your name and email in a text file in slash roots home folder, and then let us know. And then in the meantime, what we thought we would
do is tell you about kind of like a cheat way that won't work on this box, right, Wes? This
isn't going to work. Like, we're not going to, I don't know if I want to tell them about it yet,
because then they could use it. But I don't think it'll work. No, I mean, it might work, yeah.
You think?
You think it might?
Mm-hmm.
Yeah.
But that'd be cheating.
You know?
That'd be cheating.
But I'm going to tell you about,
I'm going to tell you like a cheat code way you can do it.
It's something that kind of inspired this segment.
I'm curious to see how long it takes somebody to get access.
Because my thinking here is,
oh, I'm actually seeing a little bit of usage tick up
on it too. Interesting. I'm watching the system here. My thinking on it is quite simply, oh,
oh, we have some definite people. People are, wow, wow.
Excellent.
It's funny to watch what people are doing. So we have somebody who is spinning up Docker. We
have somebody who's running Nano on the sudoers file right now.
Look at you guys, you deviants.
What are you doing to our box right now?
This poor innocent box.
Boy, there's a lot of things happening right now.
Ideally, install some Rust on there because it's got a great domain name,
but I don't think we put anything
that was Rust powered on it yet.
This is our Rust application development server,
rust.rodeo.
So while people are,
I'm going to tell you a way you can get root,
but if you use this, you don't qualify for the prize.
But this is what kind of inspired the segment.
It's like, you know in Mario, when you get the star and then you're like invincible?
That's what this is.
You can automatically exploit any low-hanging fruit to pop a root shell in Linux with this app. And I thought it'd be fun to tell you
guys about it because if you wanted to test your systems and see how they stand up, we actually
ran this against a couple of boxes, some of which it could not exploit and some of which it could.
And it's called Trader. And we'll have a link to it in the show notes. And it's obviously up on
GitHub like seemingly everything is these days. And you run this Go app on your system as a regular user,
and it will automatically check
for all of the known likely vulnerabilities on a box
and then pop you a shell using one of them.
Oh, Neil, you got it.
You got it already.
Yep, I didn't remember exactly what you said I should do,
so I just went ahead and dropped a file in slash root
on the host file system.
That's great. I found the super secret file. I also decided, you know what,
just whatever. I'll just drop something in there too. I've got, I've owned everything. I access stuff. I, you want me to install something? I can, I can upgrade the system to Debian 10 and
break everything if you'd like. Well, that only took a few minutes.
Well done, sir.
So walk people through how you got root.
Tell us what you found and what was misconfigured. I don't know if this was the misconfiguration you were going for, but here's the one that I found.
Docker PS worked.
And that was enough for me to realize this is a Debian system, so this is probably going to be busted in all kinds of fun ways.
This is a Debian system, so this is probably going to be busted in all kinds of fun ways.
So by default, on most of the non-Red Hat family, and I think this is actually kind of fixed in the SUSE family now,
but at least in the Debian Ubuntu family, if you have the ability to access the Docker socket and you have a Docker service daemon, you're actually able to bypass every single protection
if you don't have, you know,
SELinux working on it, for example.
And so what I did was I just Docker run
dac-tac-rm space dash IT dash V slash to slash host
and opened up Fedora latest.
And that gave me a root of S with a mount point
with read write access to the host file system
and everything was there.
And I just poked around and did stuff
and it's like, oh, well, you know, whatever.
Man, Chris, you're bad at this.
You just wanted to say that you used Fedora to own Debian.
That's pretty great, yeah.
But I think what's great is,
so it's two issues that you compounded. used Fedora to own Debian. That's pretty great, yeah. But I think what's great is,
so it's two issues that you compounded.
So number one is you got access to the box.
Maybe in this scenario,
somebody has a backup account on a server and they're using a really basic password
that you're able to dictionary attack.
Or for whatever reason, you get shell on a box,
but you didn't get root shell.
You just got user shell.
He wasn't in the sudoers file or anything like that but then you leverage an extremely common docker
misconfiguration to own the rest of the box so that was actually exactly the route we thought
somebody might take so congratulations well done sir well done you will get the yet to be announced
swag item and i think that the point we were trying to make with this is it is actually pretty
exceptionally easy to have zero knowledge or experience with the box. And if you just have
an understanding of how these fundamentals work, you can get access. And that was exactly the point
we were trying to demonstrate. Ah, PyCrash was going that route too. Almost made it, man.
You almost made it. I left a little treat on slash root if you want to go look, Chris.
Oh.
Technically, nobody has posted a link to the super secret file yet, PyCrash.
So you could technically still do that and post a link to it in the IRC room,
which means you have to get it uploaded somewhere.
And then you would still qualify for the yet-to-be-announced swag item.
Gamma was looking at set UID binaries.
Yeah, that's a good idea. Yeah, this was a conversation that I think I had to really convince Wes we should do.
The other thing we did, although it's not super obvious, is we decided to go with kind of an easy
root password. It does have letters and numbers, so it's not super crazy easy, but it would probably
be guessable. Definitely, yeah, dictionary attackable.
Yeah. And that really is, everybody knows important passwords, but I just think that it's funny to
reach into a past life where I actually saw this scenario and it was using not a super simple
password, but a password for this backup account back with this client. It was using a password
that was in several scripts that multiple people had access to.
So there was many scenarios
where you would have an opportunity to see the password,
like if you're on the LAN or something like that.
And it was a dictionary word,
and you could just log in to any box's backup
with that password because they set it up
on every single rig for the backups to work.
And then all it really takes, right,
is someone's trying to backup up something, maybe they're
trying to back up a container, so they add that user to the Docker group, or they fuss
with permissions on the Docker socket, and suddenly your castle comes crashing down.
Congratulations, Neil, you are the winner of the first Unplugged Hacker Games.
I also have been thinking about a version we could do where we leave a box running,
and then see if somebody can own it that is in the download audience
so you don't have to be here live for that too.
Ooh, IRC update.
Yeah, looks like someone's got the super secret prize linked.
There you go.
There you go.
So that's two people now.
Good.
I was tempted to do both, but I figured, well, one, it's kind of a pain to copy the file out.
We got you with laziness.
Yep. And of course, because this is how it works on the unplugged program, the super secret file
was an adorable picture of Levi playing in the snow. It was cool. I loved it. With his baby
tongue out. You got a little baby tongue sticking out there in the snow. You need more of those.
I like Levi. Levi is, yeah. I mean, he is the prize. So put your, okay, good.
Carl, you got your, all right, great.
Nicely done, nicely done.
Carl got in there too.
Carl, which route did you take to get root?
I did the same thing that Neil did.
I knew that there was a way to do that.
I'd seen it blogged about before, but I couldn't remember the exact flags,
and it was the volume mounting, the root file system inside the container.
Thor leaves his mark. Thor was here also. Very nice. Nicely done. I think we'll do this again.
I really enjoyed that. But next time, next time it won't be a Docker misconfiguration,
but it does show you the importance of things not running as root, doesn't it?
Right. And also this is why I use Podman. Yeah. Because this kind of stuff isn't actually
the default setup.
Right. That's what stuck with me here.
Honestly, we probably wouldn't have used exactly this box,
but this is not that far off from just sort of a lazy default setup
of, oh, I just need to run some containers.
I've installed Docker. I'm setting things up really quickly.
And the tool we were talking about, Trader,
it's able to do this too.
You just have that Docker socket open for it, and away it goes.
And Trader is just out there.
Anybody can grab it.
It's not, you know, you just listen to some silly Linux podcast,
and you know about it.
This has been your Unplugged PSA.
Also, I want to say thank you to our Unplugged Core contributors
at unpluggedcore.com, keeping the show independent, helping us reduce the ad load needed.
And also, when you become a Core contributor, you get access to two different feeds, a limited ad version of the feed, same full production, just no ads.
Or you get the full raw live stream, all our screw-ups, all the stuff that never makes it into the show, the full pre- and post-show that's basically an extra show that never gets released, all of that is available to
our members.
And we do that as a thank you because it really makes a huge difference, and we immensely
appreciate it.
And let's do a little bit of feedback before we get out of here because I really ran my
mouth off a lot at the end of the last episode.
But before we get to that, Thor of Norway, wonder if it's the same Thor,
writes in about Minecraft Bedrock Bridge.
I was recently listening to the segment on Flatpak
and the Flatpak packages for Minecraft Bedrock Edition
that I mentioned last week.
He said, I started looking at a main list
of differences and capabilities,
and I came across a proxy bridge
that bridges Minecraft Bedrock Edition and Minecraft Java Edition.
I was linked to this in the Jupiter Broadcasting Telegram today as well.
It's at G-E-Y-S-E-R-M-C.org.
Geyser MC.
Geyser MC.
And it is a middle layer that allows Bedrock and Java Edition to play with each other.
It does the translations in real time. That's remarkable. What an incredible bit of engineering. And we'll put a
link to it in the show notes, because if you have this drugs like I have, then you know what a big
deal this is. And so thank you for everybody who sent that along. I will definitely take a look
into that. It also gives me another excuse to spin up a Linode. So there's that too. I always like
that. All right. Well, moving on to our next piece of feedback from Kai asking about audio hardware.
Long time listener, first time caller. I was wondering if you could talk about your audio
hardware setup in the show. I'm in the process of building a new PC
and was looking for a sound card.
It seems that there's no sound card
with official vendor support anymore,
at least for Linux.
And lots of, well, use kernel XYZ and this firmware,
and, well, maybe it works.
At least, that's the comments I see on Reddit.
So, do you guys have any ideas?
Regards, Guy.
I think it's safe to say that everybody on the team is a really big advocate of just getting a USB audio interface for anything where audio quality matters.
Yeah, so much so that it's been years and years that I've actually had an internal sound card.
Yeah, I use one upstairs on my desktop for my speakers,
but I would never capture audio that way.
And additionally, I have just found it super solid.
The way this has just worked 100% rock solid for me every time
is a name brand USB audio interface.
They can be a wide range of prices.
We have a couple that we like. Maybe,
Wes, you could mention those here in a sec. But the tip I wanted to give you is whichever one
you end up getting, you can go into any of the pulse audio control panels like Puva Control
and disable the HDMI audio out. Disable the built-in in and out. Just disable all of those and leave the only audio interface
enabled that you actually use.
For me, it's USB devices.
And then you're never really going to have any problems
with like Zoom meetings picking
the wrong audio interface or an application
launching and not playing audio right. If you disable
the sound cards you don't use in Puvit Control,
it solves the problem.
Yeah, that definitely makes it simpler.
Just sort of disable anything that you don't actually want to show up
to actually be an option.
And Pabu Control sure is pretty handy,
even if it's not the prettiest.
People are sending broadcast messages
on the owned machine.
Do you have any audio interfaces
off the top of your head that we recommend
besides like the M-Audio U21 or 22,
whatever it is?
Right, yeah, the M-Audio one.
They're not, it sort of depends on if you like them or not,
but Lexicon has some ones like the Alpha.
I think also the Omega line that works just fine with Linux.
I know there's been some mixed reports on the Focusrite Scarlett's of the newest line maybe,
which I've not personally tried, but all their older stuff has always worked really nicely.
That's what I'm talking to you on right now is a 2i4, but the 2i2 works great too.
That's the hot tip is get a used 2i2 or 2i4 Scarlett, perhaps. Focusrite. I have tried the newer ones and I don't really have any problems, but I have had multiple people tell me that the
older ones are slightly better with Linux support. In general, though, USB audio devices, just even the cheap, crappy little tiny ones you buy off of Amazon are better, especially
on a laptop than the built-in audio interface. There's just a lot of electronics in a small space
and it just kind of makes them sucky. And so that's why we always, always break it out.
All right. So let's get into the Arch stuff because I had a lot to say in the
post show and Eric writes in, he says, first of all, love the show, but I wanted to respond to
the concern about people making fun of Arch users. I don't like abusing folks for their choice in,
well, pretty much anything, but you know, it might help the Arch case if so many Arch users didn't
take to Reddit, the Manjaro forums and et etc., and question why people use anything but Arch.
It just kind of begs for
teasing. Regards, Eric.
I think he's kind of right.
Like, this all, I think,
started as a Reddit meme. Yeah, and there are,
you know, I think it's
safe to say Arch tracks some strong
opinions, I guess
on both sides, but, you know, people who
discover it and use it and
sort of evangelize it.
And I think it is fair to point out that there are times where that's not really appropriate
or where the message isn't appropriately nuanced with clarifications around, you know,
this is why it works well for me, but everyone skips that first part and it's more like,
well, this is why it's the best.
Indeed, indeed.
All right, we got one more that kind of gets to the philosophical side of the Arch discussion.
Indeed it does, from Mr. Durs.
I just had to write in on LUB394's after show Arch discussion.
I have a degree in computer engineering, so I get computers,
but I don't do anything with Linux as a career.
I've only ever heard about the toxic environment in open source,
but never experienced
it. Part of that is how I approach life and human interaction, but I honestly think the vast
majority of the community are honest, kind, hardworking, real people. A person's self-esteem
is often wrapped up in their life's work, their value system choices, and preferences. It can be
difficult to hear that another user doesn't
appreciate the same things we do, especially if we are a creator or contributor. For example,
Neil commented that he had failed with all of his hard work on Fedora if it didn't do what Chris
needed it to do. I do love Neil's commitment to creating better and better software, but he is
far from a failure.
We only fail when we fail to appreciate the wonderful diversity in how open-source tools can be used
and everyone's individual rights to choose for whatever reason that is.
For me, I choose Pop!OS, Ubuntu Server, Arch, Endeavor.
Sometimes it's my perception as the best tool for the job.
Sometimes it just feels good and it looks good and it sounds good.
But at the end of the day, it gets the job done.
There are so many car analogies I could make,
but I've already said too much.
Thank you for the show, Mr. Ders.
Good point, Mr. Ders.
And Carl and I were having a conversation in Matrix
and Neil and I were having a conversation in Matrix after the show.
And kind of what I realized too is part of the factor here is,
especially when it comes to Linux distributions,
is how much does community interaction matter to you
and what community does that best for you.
And for me, I realized afterwards,
I don't think I have an Arch UserForm account.
I don't think I've ever posted over there.
I've never tried to submit something
to an Arch maintainer for fixing.
Like I've never done any level of community engagement.
In fact, I think I've even commented to you off air
that one of the things I've liked about Arch
is I am 100% ignorant for the most part
to any politics going on.
I know there's some from time to time,
but I'm mostly ignorant compared to what I know
about what's going on with all the other distributions.
And I kind of find that to be a respite.
But others engage fully with the community and have had a different experience.
And so that has factored into one of many factors of choosing a distribution.
And I think that was probably what was missing from our conversation last week.
Yeah, we all have sort of different experiences and interactions with even if the same organization,
the same project, but you can use that, explore that and interact with the community in totally
different ways.
I'm just waiting for West OS, you know, with the pain command line that's all like customized
and looks really cool.
And the pain window manager, the pain programming language.
Then you're just going to come to me for support.
I don't want that.
You can find our sponsor Cloud Guru on social media.
They're at just slash a Cloud Guru,
just about everywhere online,
Twitter, Facebook, YouTube.
It's just slash a Cloud Guru.
If you do the Twitter thing,
you can follow this here show for announcements
at Linux Unplugged.
The network for all kinds of news is at Jupiter Signal.
And, of course, I'm at Chris Last.
Wes, I think you've got a Twitter account, too.
At Wes Payne.
Look at that.
That's so easy.
It's actually simpler than what mine is.
It's just my name.
Yeah, that's a lot easier.
The entire Jupiter Broadcasting network of shows, fantastic shows, the best shows,
jupiterbroadcasting.com.
And if you work in the
tech industry, don't miss Linux Action News. Every Monday morning, Wes and I break down everything
that matters in the world of Linux. You're not going to want to miss that, linuxactionnews.com.
See you next week. Same bad time, same bad station.
And do keep the Linux rolling. Tuesdays, join us live, 12 p.m. Pacific, 3 p.m. Eastern.
It's a heck of a lot of Linux.
But is it enough Linux?
Only you can determine that.
Links to everything we talked about today and how to contact us,
Mumble server info, our matrix server info, all of it.
All of it.
Linuxunplugged.com.
It's that simple.
People are still owning our box right now.
I'm seeing the messages come in.
Oh, man.
The poor little machine.
Deviants.
All right, everyone.
Thanks so much for tuning in to this week's episode of the Unplugged program.
As we build towards 400, we'll see you right back here next Tuesday. Bye. jbtitles.com
Everybody go boat!
I think our Rust application server has turned into a chat server for everyone who has owned it.
They're just chatting back and forth using broadcast now.
It's our own JB intranet.
Yeah, really.
It is.
Look at all these people.
So how many people are now logged into it?
Okay.
We've got 11 users currently active, a little bit less than during the show.
I just killed a lot of sessions.
Oh, did you?
Yeah, he just linked everyone. Yeah, he just yoinked everyone.
Yeah, he has thrown me out, but
I'm back in.
So there was 20 people
by the time he yoinked everything,
and I'm not counting the four separate sessions
I was running multiplex through Docker.
Oh, good. I think the next one we'll try
to do something that runs overnight or for
a couple of days to give people a couple of chances.
I think this was so much fun.
We'll do it even bigger and better next time.
It was fun.
Also, Chris, you're bad at security.