LINUX Unplugged - 418: What's up with WireGuard
Episode Date: August 11, 2021Big things are happening in the world of WireGuard, Jim Salter joins to catch us up. Plus we chat with Daniel Foré and Cassidy James Blaede about the just released elementary OS 6. Special Guests: Br...ent Gervais, Cassidy James Blaede, Danielle Foré, and Jim Salter.
Transcript
Discussion (0)
Hello, friends, and welcome into your weekly Linux podcast.
My name is Chris.
My name is Wes.
Hello, Wes, you handsome bastard.
You know, this episode is brought to you by CloudGuru, the leader in learning for the
cloud Linux and other modern tech skills.
You know, they got them hundreds of courses and thousands of them hands-on labs.
So go get certified.
Go get hired and get learning at cloudguru.com.
Today on the show, we find out the latest developments in WireGuard.
What the heck is going on with WireGuard?
Turns out a lot, and our favorite VPN just got even better.
Jim Salter joins us in just a bit to chat about that. Plus,
we have some community news. We have pics. We have feedback and even more, including one Mr.
Brent. Hey, Brent. Well, hi, Chris. You're joining me right here right now. You know what we need to
do? What is that? We need to say time appropriate greetings to that virtual lug. Hello, mumble room.
Hello. Hello, everybody. Thank. Hello. Hello. Hello.
Oh, hello, everybody.
Thank you for joining us.
I don't really know how many are in there today because we are remote on the road.
So I'm not actually looking at the Mumble Room right now.
Sounds to me like a whole fluffle of them.
I go with a fluffle.
I could definitely go with a fluffle.
Yeah, I could see that.
Yeah.
So Brent and I are here in Salt Lake City right now. We're on the road trip, you know, winding our way out to Denver.
We just had our first meetup in Salt Lake City, and it was great.
It was really good people.
There was all kinds, all walks there.
And I don't know, it just turned out even better than I think we expected.
I was really impressed with how many people showed up.
We didn't really have final numbers.
That's kind of how it goes.
But we had to keep adding tables as people walked in. It was really
great. Yeah, and we had security
analysts there, we had software developers, engineers,
people that were just learning about Linux
and were curious about the Linux community.
I mean, it was pretty nice.
It's wonderful. It was.
And Brent, in the entire time, has been crammed
in here with the family in LadyJupes, where
we are recording right now. I think that's Uncle
Brent to you now. That's right, yeah. Especially after you went to war in the pool recently.
I think I lost.
I'm not sure that the verdict's still out on that.
You always lose, Brent. When it comes to that, you just pay for it later. But I'm curious. So
how has it been? I thought maybe you were a little crazy coming along with us,
because there's you, me, the wife, three kids, and a dog in this 37-foot RV right now.
It's true.
Now looking back, I think I should have thought about it a little bit more.
But I will say.
Now you're stuck.
Yeah.
Day one and two was like heavy learning curve for how to do the RV life.
And I kept getting tips from everybody.
And the kids are great at saying, no, no, you've got to do it this way.
They're experts.
Yeah, they're pros now.
But now that we're in, I don't know even which day we are.
Is it day seven?
Seven, six, seven, something like that.
I feel like we've got this amazing routine.
When it's like, okay, lights are out soon, everybody just kind of buzzes around and nobody has any questions.
It's just like a autopilot.
You've gotten some quintessential RV life.
You've gotten the campground experience
where we've had a very, very, very loud campground.
You got some off-grid boondocking experiences
where we're going off of battery.
You even had the, oh crap, we got to pull over.
There's a horrible windstorm situation
where we were in Jerome, Idaho and the winds were getting up to 25, 30 miles per hour and we just decided to pull over. There's a horrible windstorm situation where we were in Jerome,
Idaho, and the winds were getting up to 25, 30 miles per hour. And we just decided to pull over
and spend an evening in a parking lot at a shell station. I would say we made the best of that
situation having those, well, we grilled a bunch of tacos and stuff. Yeah. That's actually one of
my favorite nights. It's been pretty great because I've got Brent following behind me in the focus.
And so I can like relay messages to Brent.
Like, you know, I can be like, hey there, Brent,
we're going to pull over here in a couple of minutes.
So keep an eye out for the next exit.
10-4 there, Jeebs.
And that's been pretty great.
So we got the two-way radios.
And so we were in Idaho and I had to radio Brent.
I had to say, you know, I think we're going to pull over.
We're going to fuel up and we're going to check the weather because things are getting
pretty bad.
And we parked for a bit and we just couldn't get any information.
We just couldn't figure out what was going on.
Idaho kind of has like stuff spread out all over different web pages.
So eventually I was relieved when we found the ultimate Idaho resource. It turns out there's a
Drive Idaho podcast that is done by the Transportation of Idaho, and it's all about Idaho's roads.
Hello, and welcome back to the Drive Idaho podcast. I am your host, Vincent Tromboli.
I am the Chief Communication Officer for the Idaho Transportation Department and the Idaho Transportation Board.
It is my pleasure to host these podcasts now for three years.
We're in Season 3. This is Episode 7. Boy, how time flies.
Yep. Three years of the Idaho Drive podcast or Drive Idaho podcast.
And every episode is packed full of insightful information that really had us riveted while we were trying to figure out if we could survive on the road.
And one of the things we've been using most recently is ultra-high performance concrete, which is very strong concrete, almost has the strength of steel.
And we've been using that innovation recently.
Yeah, so you don't want to miss that kind of stuff.
That was really helpful.
So we just didn't know what to do.
We couldn't get any information.
We didn't know what was happening.
We had the wind forecast and they all looked bad.
So we spent the night there.
And I think we made the right decision.
Yeah, it did seem like the right decision.
And now we know about the Drive Idaho podcast.
So now we've got something to listen to.
And then just this morning, Brent made a special JB breakfast out on the griddle.
Because, of course, we brought the griddle with us.
Got to have a griddle on board.
That griddle has been pretty priceless.
I think all of us were a little groggy this morning, so I thought I'd make a special breakfast.
And I think, well, how was it?
It was delicious.
Not only was it packed with protein, but you cooked it in the shape of the letters JB
between the bacon and the eggs.
So that made it really special.
It's quintessential.
You should post a picture of that online.
It was pretty good.
So then this is our last show that we're recording in Salt Lake City.
Then we hit the road on to Denver.
We'll have that meetup in Denver on August 20th.
That's going to be huge.
We're going to have folks from Linode there.
They're going to be giving away hardware and prizes
and gift certificates for Linode
services or whatever you want to call that.
Credit, I suppose. It's going to be huge.
Plus, we're going to have drinks and food.
I heard we're going to have many of our friends
there. Some people from the Ubuntu desktop
team, some people from elementary.
Obviously, System76
folks are going to be there. Who else?
Rumor has it. We are probably going to even be joined by other guests that I can't
remember at the moment.
That's how you keep it secret around here. You tell Chris, but he won't remember.
That's very true. Wes is going to be there.
Yeah.
You know, Alex is going to be there. That's going to be pretty great.
Yeah, absolutely. So that's going to be a lot of fun, too. But let's talk about who's here right now, because Cassidy and Daniel Foray from Elementary OS are joining us.
And they have some really particularly fantastic news.
Guys, congratulations on Elementary OS 6's release.
That's super exciting.
Thank you.
Thank you.
Thanks.
So I feel like this has been one that we've been waiting for for a while.
And there's like so many things we could talk about.
But I think the one that I'd like to start with, and I don't know which one of you wants
to take this, but could you just tell us a little bit about the new touchpad gestures
that are supported throughout the OS?
Yeah, that's thanks actually to a lot of work uh from uh jose exposito and also
from um some of the work that uh purism has been doing with uh lib handy so we had some like
really great community and upstream work that kind of came in at the right time and we were
able to take that and integrate it really well and uh so we have gestures, not just at the window manager level,
where we can do things like, you know, one to one multi touch gestures to get into the multitasking
view, or pinch to zoom, or you could do push and pull to zoom with multiple fingers, stuff like
that. But we're also using handy to get gestures inside applications as well. So you can do things like two finger swipe to go
back, navigate in system settings or in web or in a bunch of other places throughout the OS.
Man, it's so smooth. It's so slick looking. I mean, I experimented with an earlier version
of it, not even the final version, and was just so, so happy with how that all worked.
Cassidy, I know also this has sort of been the accumulation of a lot
of the thinking and
work around dark theming, and
can you explain to us how dark theming now
works in elementary OS 6? Because I'm not necessarily
going to have every app that's dark,
right? Right, yeah. So
we've been really careful to do
an opt-in dark
style. So by default, you
can choose it in the system
and all your system apps and the default apps
and things like the panel and dock will switch to a dark style.
But we're not going to force a dark style on third-party apps
because they might have custom styles.
They might be forcing a specific text color
and switching the background out to a dark would make it unreadable.
So we ensure that app developers can opt into that
through a really simple system API.
And we're also working with the free desktop community
and other desktops like GNOME and toolkits like GTK
to ensure that that can be supported across desktops as well.
Like a real standard or something.
Yeah, it'll be a standard where, you know,
theoretically a cross-platform app like Firefox or Chrome
could even hook into that and use the same dark style like they do on other platforms.
Oh boy, I hope that takes off.
That really seems like that's the great way to split that problem
where some developers are concerned that you're forcing a style onto an application
so it won't look correctly.
But this kind of system, this sort of opt-in system,
that just seems like a great way to do it.
I know there's also just, there's so many
things we could talk about here. I love the new accent colors, the way they look and the way they
affect everything from like your suggested action buttons to text selection and all of that.
Such a nice, subtle, subtle effect.
Yeah. It looks so sharp. It just really pops. There's also though a couple of shifts in
applications. I think this is where we're seeing a big embrace by the project around Flatpaks and how Flatpak security is going to work.
Can one of you guys talk to that a little bit?
Because one of the things I noticed is there's that new permissions view in system settings that will show you, I think, I haven't tried this yet, but I think what it does is it kind of shows you what each portal Flatpak apps have been granted. Like it's a centralized place for people to view and
manage this. Yeah, we really embraced Flatpak in a big way. And we're trying to build like a
complete story around Flatpak and not just like, oh, we're shipping a couple of Flatpak apps.
But like you said, with managing permissions and the entire app center publishing
flow is all built around flat pack. Now we provide a flat pack runtime for developers to target.
And also we ship our sideload app. So our sideload method for elementary OS is flat pack apps. And we
tell people, you know, hey, you can download flat packs from Flat FlatHub or from wherever else, you know, people might be distributing them.
So we're really trying to embrace like this entire Flatpak model.
Yeah, I mean, this is such a great example of when you guys do something, you really go all the way.
It just feels integrated and it feels like it's just completely like a complete solution with that extra system setting in there.
I know that Mail has also seen a total rewrite for elementary OS 6, and there's also a new
tasks app. Yeah, online accounts is another big one that we've been looking at. And there's been
a lot of work from our community upstream and evolution data server to help make it easily consumable with Vala and improving the language bindings.
So we were able to take that work and then completely rebuild mail around Evolution Data
Server and this new tasks app. And we completely rebuilt all our online account stuff around
hooking accounts into Evolution Data Server. So we've really got this great foundation now to be able to start going a lot deeper
into online accounts and to do that work upstream.
That's awesome.
That's great to hear.
Now, you know, I got to ask,
let's talk about release timeline.
Some people have been waiting for a long time
to see this release.
How do you guys feel?
Did you hit the mark?
Did it take longer than you'd like to see?
Or is there really no expectation here?
What's your thoughts on that?
It's been a long road.
Like, I mean, we said in our announcement blog post, like there was a whole global pandemic
dropped on us in the middle of development, which definitely affected the timeline a bit.
But, you know, we've always been about when it's ready rather than a hard release date.
And we want to make sure we're getting things right.
I know this cycle we had a lot of really big features like the multi-touch and
like flat pack and rewriting, not just our packaging for our own apps,
but rewriting the whole backend for app center itself or how developers submit
their apps.
So there was a lot of work that went into it that had to be done.
And I think given that, given all the circumstances, I think it came out at a good time. It definitely seems like the features that have
landed here are kind of the kind of features that check my boxes, because what I feel like I'm
sort of noticing is a slow increase in what I can customize throughout the distro.
Yeah, absolutely. There's, you know, there's always, people will always say, you know,
elementary OS, you can't change anything.
You can't right click on anything.
You can't customize your theme.
And, you know, there's trade-offs for all of those.
So we've introduced a lot of these options
into elementary OS in a way that's well supported
where, you know, users can make their operating system
and their computer feel like their own,
but also we don't have to support
every possible combination of settings.
So it's always a balance, and we're definitely able to move
in the direction of offering more options, which is really nice.
Yeah, that stands out, I think, about this release.
You can tell that the whole team's been weighing and thinking carefully
about a lot of these things, clearly like the dark style.
It's something that's been on a lot of folks' minds for a long time,
but it seems like the project didn't really want to jump into it
without having properly thought that through. And I think
that shows in the user experience. Yeah, I think that's kind of something that's a theme for us is
we're not always necessarily the first people to do stuff, but when we build a feature, we really
want to make sure that we do it in a way where we can really stand behind it and believe in the
direction we took with it. Man, I am so excited for you guys.
I know the community is really looking forward to this.
The hype was real.
I checked in on Reddit last night on the elementary OS subreddit and people were piecing together,
reading the Twitter feeds, trying to figure out how close it might be.
Yeah, that's always fun.
Yeah, it was good fun.
It's an interesting problem as a completely open source project.
You know, everything we do is open source. You even have the copy for the website on our GitHub profile like days ahead of time. And we want to be completely transparent, but also we want that hype and that excitement.
So it's always fun to see what people pick up on. Well, congratulations again. And we'll have
links in the show notes if people want to go grab it and support the project. I think this is a
great opportunity for people to kick in and help with the
future developments.
And then we will also have a link to this blog post that Cassidy put together
that is a monster post.
Like there's so many more things we didn't even get to.
I don't know.
Do you guys feel like we missed anything pretty critical that we should
mention on the show?
Cause I feel like the blog post itself has got, you know got another 10, 15 things we didn't even touch on.
Yeah, I mean, we could probably do a whole show, you know, if you want to do a whole show just about the release.
But no, I think the other really big one is we put a lot of work into the installer and kind of the first run experience.
experience. And so we hope that that, you know, helps people that are installing for themselves, but also provides a better experience if they're installing to give a computer to somebody else or
help us with OEMs that are distributing. So I think that's a lot of work, you know,
going in there to make it so that it's a lot easier for people to install and get
elementary OS pre-installed. Yeah, great. I'm glad you mentioned that because I do remember
that was a point during the beta to have people test that.
And that seems like a lot of work went into that.
And it was a very impressive experience when I tried it.
All right, well, thanks for coming on
and telling us about the new release.
Congratulations.
And now go get working on the next one.
For sure.
Thanks for having us.
Thank you.
All right, now just a really brief deck update,
because, you know, it is Steam Deck time, right?
In a move that I hoped we would not be seeing,
it seems that Valve is working to make sure that Windows,
even more recent versions of Windows, will run on the deck.
Yeah, this is a little disappointing to us Linux diehards anyway,
but it's a bit trickier than it might seem because Microsoft's recent push for a more
secure platform means that there's that whole secure boot and TPM 2.0 requirement
if you want to run Windows 11 without any tricks anyway. Now, this does include the AMD Desktop
Ryzen 3000 series. It's got the TPM.
That's based on the Zen 2 microarchitecture,
just like the APU in the deck.
But the support for that TPM actually working in the way Windows wants it to requires some BIOS support.
That's something that Valve and AMD are currently thinking through.
Yeah, and it sounds like they've already got Windows 10 up and going on it.
Now it's just really about getting Windows 11.
Is this a fatal mistake?
It's kind of like undercutting your platform's best chance, in a way.
Well, I mean, how could they not, though, right?
I mean, at the end of the day, to be pragmatic,
you want people to buy the hardware,
you want them involved in your platform,
and Steam runs great on Windows.
So, yes, I think to some extent, right, it does dilute the message,
but could they really have not done this? I'm not sure. Yeah. And I guess it's another feature in that box, right?
In that checkbox, you know, it says, Hey, I've got, you know, Windows support when you're looking
at all the features of the various competitors, I suppose it's a, it's a feature. Runs all your
favorite proprietary software. I think that was the downfall of the steam machines and not complete
downfall, but I think that contributed to the failure of the Steam machines is that people could buy them for cheap
and then throw Windows on them, and
it just didn't move the needle
for Linux gaming, so it didn't encourage developers
to port native games, and now
here we are in a world of Proton.
The other thing I'm curious about is how it's going to run
on the system. If you throw
Windows on there, is it all of a sudden going to bog it down
in some way? That's not the experience they expect.
It also seems
like this time around, they've switched where the
effort is, right? Before they were trying to build a platform
on Linux, which required buy-in, and
now they're bypassing that, right?
I mean, yes, they want developers to better
support Proton, but it seems like to some extent they've
acknowledged, like, well, we're just going to have to do it.
If we want Proton, if we want to run on Linux, we're
going to do the work to make it work.
Well, we can probably guess why Valve rebased SteamOS on Arch from Debian, but maybe we don't have to guess. We don't have
to guess any longer. Isn't that nice? PC Gamer, one of the lucky few, I know, not us somehow,
who recently went to Valve HQ, well, there spoke to a Valve designer, Lawrence Yang, who noted,
so Arch Linux, one of the main reasons,
and there's a couple, but the main
reason is the rolling updates
of Arch allows us to have more rapid development
for SteamOS 3.0.
We were making a bunch of updates and changes to specifically
make sure that things work well for the deck,
and Arch just ended up being
a better choice.
Linode.com
slash unplugged. Go there to get
$100 in 60-day credit on
your new account, and of course you go there
to support the show. Linode is where we
host everything now, and they've really
been focused on making it the absolute best
Linux experience in the cloud
for 18 years. They're independently
owned, and that's what they have been doing.
That means things are fast, like the rigs,
the networking, the dashboard, even the customer support. Linode really has the best human customer support, and that's what they have been doing. That means things are fast, like the rigs, the networking, the dashboard, even the customer support. Linode really has the best human customer
support, and you can get them by phone, ticket, or even on social media. Our most recent Linode
deployment has got to be probably our colony tracking server that we're using for this road
trip. I have a client that runs on my phone, and that pings OwnTracks running on Linode every time the phone detects
a certain amount of movement.
And then OwnTracks renders out an embeddable web view, and we are displaying that over
at colonytracker.live, all running on top of Linode, the entire stack.
Heck, you know, pretty much the entire business is running on Linode while we're on the road.
I had to offload a bunch of stuff into the cloud for my local server, even what I've that I've relied on for years, just because I was having stability issues. And you can build from their marketplace as well, like with one click deployments and get going really quick. That's that's nice. But you can also DIY if that's how you prefer. You can also create your own images. And then they even have community
scripts, stack scripts that sometimes even have like multiple distributions you can choose from.
There's a lot of options. So that's why I think the $100 is great because you can go over there
and really experience it. Get that visceral Linode experience, if you will. DIY it up if you like,
or deploy from the marketplace. They've got 11 data centers around the world you can choose from.
So that $100 means when you go over there, you're really going to kick the tires.
But you've got to go to Linode.com slash unplugged.
That's how you support the show, and that's how you get the $100 in credit.
Try it out. Experiment with something.
That's how I got started, and that's how I got hooked.
And I didn't even have $100 credit.
I tell you what, I did it on my own dime and I stuck with it and I love it absolutely.
And I can enthusiastically recommend them to you.
I have no doubt you'll find something to do over there
to deploy, to test, and even to enjoy.
So go try it for yourself
and support independent content like this here program
and get $100 in credit for yourself
for 60 days on a new account.
That's linode.com slash unplugged.
Well, with you on the road, Chris,
we've really been putting our WireGuard setup to the test.
I mean, this weekend we were recording LAN
and having no ends of trouble with our usual tools
establishing a good connection that we could actually record over.
But always the first thing we try is WireGuarding back to the studio.
Yeah, it's like this, maybe it's a carrier problem, troubleshooting step.
And it actually works sometimes as we just kind of bypass filtering and use WireGuard.
And I'm using it right now to pull up the mixer and control the mixer in the studio
for the remote production that we're doing because it all streams through the studio
even when we're not there.
And the way we connect back to that to do that is over WireGuard.
So to say it's mission critical would be an understatement. And there's been some updates
recently. And something that Wes and I have been kicking around digging into is, is there an
improvement in the state of management tools? Because WireGuard itself is kind of a lower level
technology, right? It's an enabler, but you need kind of some user space applications on top of that to manage it.
Well, yeah, right? I mean, what happens when you
dump water all over your computer and then
you need a new WireGuard key given to you, right?
Too soon, dude. Too soon.
And as you say there,
WireGuard is great, but you kind of just get some command line
tools. There's like WG-Quick for the
command line. You can do systemd services, but you still
got to manage all the peers and stuff yourself. You might be
running scripts. You might forget exactly what you need to do if you don't
use it all the time. And we were kind of early on the wire guy thing, right? We were compiling the
module, you were using it before, you probably should have used it in production. But that meant
there wasn't really a rich set of tooling ready to go to help us kind of do the next level of admin
stuff for everyone that might need access to the JB studio or just for our own personal stuff.
level of admin stuff for everyone that might need access to the JB studio or just for our own personal stuff. That's changed though. I mean, wow. I was kind of just trying to do a little
mini review of what are the available projects, what's still being maintained. Cause you know,
things pop up all the time, but it might be maintained for a year and then people move
on to other tools. There are so many options now. Yeah. I actually wasn't even sure like what would
be the right fit for us because like the web-based stuff seems too much, but the command line-based stuff seemed like it was too little.
But I noticed that you found one, two, three, four different command line apps for managing WireGuard users and keys.
Do you even feel like it's that necessary?
I guess it's necessary if only one person on the team
knows how to use the core tools,
and then you want other people to have the capability of managing it.
Maybe that's where it becomes necessary.
That's just it, right?
We've kind of come a bit farther from everyone having to read
the Arch Wiki article on how to use WireGuard.
I'll get it configured and understand what the configuration files are.
Now we've got clients for our phone, you've got QR codes you can scan.
That's the next level of user for WireGuard. And yeah, if you do have a setup
where you've kind of got one person or a team of admins, you might want some helpers that can,
you know, give you a list of stuff that, all the keys that you've got. And there's a huge range
here. Some stuff is just at the shell script, or there's a clever Perl script that uses the same
configuration you've got with WG Quick, but lets you add comments and metadata and sort of query that as an information base
in a way that you can't do with the standard tools.
And then you've got stuff that sucks all that data inside of it itself.
So some of it's YAML.
There's one called WG Manage, which has a snap and all the stuff stored in one YAML file.
So if you like that, have at it.
Another one I've been looking at in particular is called DSNet, and that's got kind of the
same idea.
It's all stored in a JSON blob.
So that's one layer of how do you want to interact with it.
Some of them have different styles of interfaces.
And then some, like DSNet, well, they don't have a full true sort of GUI to do the admin
side.
They do have GUIs on the reporting side.
It's got a sort of monitor for the actual
server itself. So it'll show you the WireGuard send and receive traffic if you don't have net
data installed. And it can make you a little handy HTML report of what all the IPs you have are,
who's online or offline. And so this is more of a whole server infrastructure, not just a script.
Yeah. And also like how much transfer up and down they're using with the description field
in there.
Now, this is really cool looking.
So this sits on top of DSNet and it generates this information.
It's not part of DSNet itself.
Yeah, so there's no, the monitoring is a side project by another individual, but it is,
I think, officially, you know, the official monitoring dashboard for DSNet.
So external, the HTML report, on the other hand, that's built right in.
Ah, okay.
Okay, so now talking about GUIs.
So those are command line applications.
We'll have links to all of that with information in the show notes, like we do.
But maybe we should just quickly talk about something that we used to use
that we've kind of backed off on, but it's not necessarily a bad project,
and that's Subspace.
Yes, Subspace.
Just a simple WireGuard VPN server GUI,
a web GUI at that.
Yeah, and it looks pretty nice.
It's kind of got what you'd expect, right?
Just a nice little dashboard.
You can see all your devices,
and it's got a little handy helper form
if you want to go add a new device.
It can show you QR codes.
We were excited about this
because it kind of came out early.
It was one of the first really full-featured,
and there was a service backing it,
and they'd sort of put the stuff
that they used for their own internal paid service
out in the open source world
which is awesome.
Unfortunately, it hasn't
really been touched since then.
And that was kind of the problem we ran into
is it had a lot of good ideas but not everything
was fully fleshed out and not sure if that was
just, you know, it had been a code dump
over the wall or they were still working on that internally. But in any case, it meant it was just sort of
half finished. And there's downsides when you go with some of these more complicated systems is
all the data lives in its own custom config. And that meant if there were problems with subspace,
like we've been doing a bunch of updates on our Schedule-y Arch-based server. And at one point,
there were some issues with mismatched
versions from what the
subspace container was
built on and what the
host was using, and that
meant I had to go muck
around with all the
internals, and it wasn't
as easy I would have
liked to just be able to
pull all the keys out or
add a new key by hand on
the command line if the
GUI wasn't operational.
Yeah, maybe not as big
of an issue on an LTS
version of Linux?
Yeah, that may have
been better, but I don't
know that that's really
how we want to operate
our server necessarily.
I think we like moving ahead, and that would have felt like a workaround to this project not really keeping up with the state of WireGuard and the kernel as well,
I think. We wanted something that was a current base. Yeah, exactly. Now, in a development I had
missed out on, there is now an actively maintained community fork. It's in the subspace community
named GitHub Organization, which is pretty fitting.
And it looks like they're just carrying on
development. So maybe, maybe
one option I didn't expect for us to have is to
just try switching to that and see if we like it.
Hmm, okay.
That's really interesting. I'll definitely have to read up on that after
the show. There was other
GUIs you found, and this all gets
kind of confusing because the names
are not great. Like, what I liked about subspace is that's a name that that sticks in my head. It makes me think of
Star Trek. That's not going anywhere. But then we've got projects that are named like WGUI and
WireGuard UI and WGEasy. And it just kind of all blurs together and they're all separate GUIs,
all kind of trying to accomplish the same thing.
Did one of these stand out to you over the others?
Yeah, it's tough because there's a lot of good options,
and while I've played with most of these,
I haven't used any of them really in anger.
We haven't actually decided what we're going to switch to
if we do switch our solution.
I'm tempted by DSNet so far if we don't go the GUI path.
Both WGUI and WireGuard-UI
seems like they offer a lot of the same functionality. And pretty much all of these
have Docker containers available. And several of them are just single go binaries you can run. So
the setup should be easy, kind of just pops up a UI and just needs WireGuard installed on your
host system. So to some extent, it might depend on what admin actions you actually do
and how well that's supported by that particular container
and if you like the way that the GUI looks.
That said, there was one that stood out, which is called Drago,
a flexible configuration manager for WireGuard networks.
And this basically is trying to take things to the next level.
It can show you the network topology.
It can have overlay spanning networks,
kind of approaching some of the ideas that we've talked about in Nebula.
But it can do a whole lot more.
It's got a REST API, automatic IP assignment.
It's also a single binary lightweight.
And it's really meant to set up, you know, encrypted node-to-node communication.
And that's where there's a whole other category of, like,
advanced WireGuard tooling that didn't really exist before as well. communication. And that's where there's a whole other category of like advanced wire guard tooling
that didn't really exist before as well. Oh, I love the way this displays the nodes that are
connected to each other. We'll have a link in the show note where they have an animation that
shows you the way they can visualize the network topology. That right there is so cool. But the
overall UI does seem clean, seems really straightforward. And the fact that
it's a single binary means it's going to be really simple to get up and get going. So that's Drago,
D-R-A-G-O. And I agree, Wes, that does look really compelling. The only other direction I might
suggest people consider going, I think you might agree, if you've already got Home Assistant,
there is actually a Home Assistant community add-on to turn your Home Assistant box into a WireGuard machine.
And it's essentially just using a container with WireGuard in it to do that.
Yeah, I mean, why not?
If you're already invested in Home Assistant, if you don't, you know, if you're not doing the kind of throughput where you might want to have this on its own dedicated box somewhere on your LAN,
you just want to, you know, an easy backdoor to some of your home stuff that might, you know, you might want to be trying to get a backdoor to your Home Assistant box anyway.
This could be a really easy fit.
Although I've got to say,
I have not tried this one.
No, no, I haven't either
because I like to have it separated out.
But I could see some folks
that might want to just sort of
combine everything right there
and just have it all managed
within the Home Assistant UI,
which makes it pretty simple
to add and remove the stuff.
So I could see that.
You've also found some more
advanced options out there. Boy, we got a ton of resources for the show notes on this one.
Seems like there's almost too many options. Like things have really exploded.
Yeah. You know, there's that company Tailscale, which has a sort of mesh wire guard proprietary
offering. Well, they've got some of their stuff open source and someone's written Headscale,
which is basically a self-hosted implementation of back end control server. And then there's a whole bunch of different takes on sort of wire
guard mesh networks at different maturity levels, including stuff for Kubernetes, or there's an
interesting project called auto wire, which integrates with console as a back end and can
sort of auto magically give you a wire guard network. There's also stuff to integrate with
OAuth two or even a little tiny rust tool, WireGuard-P2P,
which uses a distributed hash table
sort of BitTorrent style to help you set up
peer-to-peer connections over WireGuard.
That's awesome.
Okay, alright.
Now, I want to make a call out here
while we're still talking VPN stuff
because we don't get to do this too often on the show, and we
love to geek out about VPNs.
If anybody out there is actively using Nebula in production,
that's a VPN technology, a peer-to-peer network technology we've talked about before. If anyone
out there is using Nebula, we'd love to hear just a little bit about your setup. You don't got to give away
the secrets, but just tell us how it's working for you and how you're using it because
we want to do a future episode on Nebula again. So go to linuxunplugged.com
slash contact and check out the links at linuxunplugged.com 418 for links to everything that Wes found and all kinds of additional resources.
And if you're struggling to just sort of put all this together, I want to mention that our friends over at CloudGuru have an LPIC 2 Linux engineer exam prep.
Now, this is a course that's designed to cover all the objectives for the LPIC2-201 exam.
And this is going to give you a lot of good information, a lot of fundamentals, including
how to do capacity planning, utilities and concepts that you should know and use for
that.
And when you've completed the course, you're going to be ready to pass the LPIC2-201 exam.
And that's pretty great, too.
Helps you get certified and helps you understand some of these fundamentals. We'll have a link to that, or you can go to a cloud guru.com for that kind
of stuff. Now we did get a chance to chat with Jim Salter. You guys probably remember Jim. He
used to do tech snap with Wes and now he is on two and a half admins with Alan and Joe. He also
writes for ours, Technica, and he's been covering WireGuard for a long time. And so when some new features in WireGuard landed, we thought he'd
probably be the guy to call up and get the scoop because he usually does a deep dive. And one of
the big things announced recently is a massive improvement for WireGuard on Windows. My
recollection, Jim, was that they had a user space Go version of WireGuard, but this is something totally different.
Yeah, exactly.
So, you know, since the earliest days, there have basically been two major implementations of WireGuard, the Linux in kernel and a user space that was written in Go, Google's user space programming language.
programming language. And the Go version was kind of the portable one that, you know, would get run on other non-Linux operating systems, or you could run it on Linux if, you know, for some reason
you wanted nothing to do with kernel module. Client of last resort. Exactly. So like WireGuard
Go is what you'll be using on FreeBSD or Macs or, you know, Windows up until now, and most likely
still now, but you have the option of instead using a proper
in-kernel implementation called WireGuard NT.
Ah, and so I guess the big difference here would be that running it in the kernel is
going to mean what?
Better performance?
Is it going to mean better stability?
What are Windows users going to see as an improvement as switching from user space?
Stability, no.
The big things that you get are improved performance.
space? Stability, no. The big things that you get are improved performance. And this isn't really confirmed like the extent of it, but just intuitively, you absolutely should be seeing
lower battery usage as well on portable devices. Because what you're doing by moving the implementation
in kernel is you're getting rid of all this context switching from user space to kernel
space and back again. Normally, when you're interacting with your network stack, by the time
you say, you know, hey, I want to get all this data off this box and packets,
everything goes into the kernel and it stays there.
Like your whole network stack is in kernel from that point.
So you just have the one transition.
But when you're doing a user space VPN,
whether it's WireGuard or whether it's OpenVPN
or, you know, what have you,
what you end up having to do is kind of pop in and out of kernel space, right?
Because you've got some kind of a virtual network driver shim, basically,
that just kind of serves to dump things onto the kernel side of it,
but doesn't do a whole lot itself.
And then you've got, you know, all the processing, whether it's the, you know, the crypto,
you know, you have it, the majority of that happens in user space. Now, that context switching, when you go from user space to kernel space and back again,
that introduces additional latency. Now, on the lower end, that's not going to be a big deal
performance wise, like, you know, if you're only talking about a few hundreds, you know, even a
gigabit on like most x86 systems, you're not really going to see a big bottleneck there. But when you start talking about the higher end, when you've got, you know, 10 gigabit on like most x86 systems. You're not really going to see a big bottleneck there. But
when you start talking about the higher end, when you've got, you know, 10 gigabit or larger network
interfaces and, you know, boxes with enough CPU to at least in theory be able to manage that.
Now you start talking about a really big difference performance wise.
Well, we know how you love getting nitty gritty details there, Jim. I assume you whipped out some
tools and did some performance benchmarking here. Well, yes and no. I did do some performance benchmarking, but I didn't try to test the 10
gig stuff. WireGuard creator Jason Donenfeld had some handy dandy screenshots to go. He was using
Ether, which is a Microsoft offered tool, pretty similar to iPerf 3, at least in the way he was
using it, you know, to test sequential throughput.
And he showed between two, what used to be packet.net C3 small instances with 10 gig interfaces, the WireGuard throughput went from two gigs flat using the old WireGuard
Go and Winton approach.
And when he dropped in WireGuard NT with the same instances, you know, the same everything
else, it went from two gigs flat to 7.5.
Whoa.
All right.
So this I think we should probably stress because you did you did kind of touch on it.
But this is still experimental right now for Windows users.
Like it involves tweaking the registry.
It's not quite ready for production, correct?
Yeah.
This is absolutely not ready for like real production yet. I mean, now,
if you're somebody who's just got like a couple or three machines you want to keep connected and
you're like, oh, hey, well, if it if it looks good, then, you know, I'm ready to try it and
see how it goes. Then, yeah, I think it's ready for you to jump in with both feet. But if you're
talking like, well, I've got a network that like a bunch of people's productivity depends on this.
Or if, you know, even if it's a case of like, well, there's only two machines.
But if this tunnel goes down between them, then like, you know, I'm gonna have to drive 50 miles to get things fixed again.
Then no, this is absolutely not for you.
I mean, it's not even beta yet.
This is alpha code at this point, which what that actually means is that, you know, the features are pretty much all complete,
but it's had very little testing.
Right. It's all about that next level of, is it really robust? Is this going to work in
real production scenarios?
Exactly. And, you know, as long as we're talking about, you know, the reasons that you might not
want to use this someplace where you can't afford to monkey with it yet. Although I,
I did some testing of it and I have not seen personally any issues with it.
And, you know, I have seen these tunnels with, you know, many terabytes thrown down the pipe
and no issues. The other big difference, because everything has been moved in kernel is that,
you know, if you do hit a major bug, the consequence is not like my tunnel went down.
It's my windows box, blue screened, potentially.
Right, it's a crash.
Yeah, sure.
So with that in mind, these things are hard to judge.
But for you personally, when do you think you would start deploying
this thing for clients?
How long is it before Jim Salter
is going to advise clients use this
over an existing VPN on Windows?
In the absence of an overwhelming problem
that one of those clients is reporting to me, I'm not going to be using it in production to support clients until Donenfeld says this is production ready, which I would guess.
Now, this is do not take this as like, you know, super informed, like I got the scoop from the guy.
This is literally just a guess.
But I'm guessing, you know, somewhere along the lines of like a year from now, probably. Okay. And have you, when you were doing research for this, have you gotten any sense if Microsoft is hip to this, what their sense of this is?
If Donnifield's maybe going to see somebody from Microsoft reach out, you got any idea what their reaction is to WireGuard landing in the kernel?
Let's put it this way.
I'll eat my hat, your hat, and the nearest MAGA hat available if they are not both aware and interested.
Okay.
It seems like they should be, right?
Well, so here's the thing.
I know they were absolutely paying attention when Donenfeld created Winton, which was the virtual Nick that lived in user space prior to this.
Ah, okay. He created that because he originally planned to use Microsoft's built-in VPN adapter technology and rapidly discovered that it really was neither modern enough nor suitable for his tastes.
And he already knew that he wanted absolutely no part of Tap Windows, which is the virtual network adapter that OpenVPN uses.
So he created Wintun, which is as simple as possible.
uses. So he created Wintun, which is as simple as possible. It's a project that's actually,
it's a separate project from WireGuard itself, Wintun is, that lives for no other reason than to be as basic and, you know, broadly applicable as possible. A nice little primitive for doing
this on Windows. Yeah, this little primitive network shim that you can hook other things to.
And that project already was successful enough that you actually have the
option of using WinTun rather than TapWindows on OpenVPN now. And an awful lot of people have done
a lot of testing that demonstrates OpenVPN throughput going up about 100% when you shift
from TapWindows to WinTun. And again, that's before you even get into the new stuff we're
talking about with Wirecard NT. That's just wild.
Yeah, it's pretty bonkers.
So you asked earlier, you know, had I done any testing?
And I said I hadn't tested the 10 gigabit stuff, but we never quite got into what I actually did test.
There was a nice little unexpected surprise that came about when Donan Phil first started letting a few people test WireGuard NT.
What they discovered, and this was not something that he had particularly expected
or planned on, but some of these early testers reported, oh, hey, this resolves my WireGuard
over Wi-Fi issues. And these weren't specifically WireGuard over Wi-Fi, but basically any VPN over
Wi-Fi, you tend to get considerably worse performance over the VPN tunnel than you would
moving the same data without the tunnel over the
same Wi-Fi connection. And with the shift from WireGuard Go and Winton to WireGuard NT, some of
his testers saw throughput increases of as much as double. So that was the thing that I tested
because I thought, you know, that's going to be the biggest deal to like the most people who hear
about this news, you know, outside like the
corporate segment. Right. You're not a big network engineer, but you might be using a VPN on your
home network while you're trying to get stuff done. Right. Like who isn't using a VPN over Wi-Fi?
Yeah, I hope. One of these days, in theory, people will, you know, go to those,
you remember those old school businesses? What'd they call them? Hotels, I think?
Oh, yeah. You could like rent a place to lay your body for several hours.
Yeah, yeah, yeah.
And those places would offer you, you know,
very dodgy Wi-Fi that you didn't necessarily
trust a whole lot.
So you establish a VPN across it.
Well, anyway, I wasn't able to see, you know,
those like super dramatic results of, you know,
people saying, oh, well, you know,
my WireGuard throughput went from 50 megabits
to, you know, like 200 or whatever.
But with that said, I was able to confirm throughput increases of up to like 25%,
which is not anything to sneer at.
No, I'll take it.
Yeah, especially because the, now this is not proven, but the most reasonable theory that I've
heard anybody talking about, including Donenfeld about, you know, why the Wi-Fi performance increases with WireGuard NT over WireGuard Go is packet aggregation, like specifically 802.11 packet aggregation.
It's basically, it kind of aggregates all that stuff out into a single burst that it can send out at one time with lower overhead and, you know, less issues with like window scaling, you know, all this kind of crap.
It's just better, right? kernel rather than doing all this constant context switching back and forth from user space to kernel space, what's happening is these packets are arriving in a timely enough fashion to the 802.11
stack that it can aggregate them all the same way that it would without the tunnel in the first
place. Now, the other thing about that is that means you're not just seeing a throughput increase
on your own personal WireGuard tunnel. You would also be consuming less airtime to move the same
amount of data,
which means the Wi-Fi quality gets better for everything on that network, not just you in that
one specific tunnel. Be a good neighbor. Run your WireGuard in the kernel. Come on, folks.
Forget the neighbor, man. I mean, who's only truly stop and think about it. Who only has a
single device active on their own Wi-Fi in their home these days?
I have a wish.
It's not me.
I'm sure it's not you.
Chris, you only got one device over there on Wi-Fi?
Afraid not.
Not even in the RV, am I right?
No, I think on average we have like 36 Wi-Fi devices in the RV.
Exactly.
So, you know, if you're moving data over a WireGuard tunnel over Wi-Fi,
you're not just improving your experience on that device.
When you shift to WireGuard NT and get-Fi, you're not just improving your experience on that device.
When you shift to WireGuard NT and get, you know, more Packard aggregation,
you're improving your Wi-Fi for those 29 other devices as well.
Well, while we're talking about complicated networks here, Jim, I'm curious, you know,
we mentioned OpenVPN here, and it's kind of the elephant in the room, especially for, you know,
bigger deployments. People have been using it for a long time. They've come up with ways of
managing these deployments. And when WireGuard for a long time. They've come up with ways of managing these deployments.
And when WireGuard first hit the scene,
I remember you and I talking about this,
promising technology, really nice, simple, clean,
but I think having administration capabilities for it,
actually managing all those connections
was a bit of a to-be-figured-out issue.
And I'm wondering, if you're using WireGuard
in production with your clients,
how are you actually managing it?
Oh, God, yeah.
I've long
since replaced. So I used to have a fairly large monitoring network that, you know, all of my
clients, server VMs and, you know, hosts and whatnot were connected to. So, you know, we're
talking like hundreds of nodes on this network and they would all connect outbound to what amounts
to a hub out in the cloud. And of course, if you know anything about network stuff,
you know that, you know,
once you've established that connection one way,
it doesn't matter which direction you established it.
It's a two directional tunnel once it's been established.
So you do it that way and you can avoid having to,
you know, set up, you know,
NAT pinholes and like a million networks, whatever.
But all that used to be with OpenVPN and it worked.
But unfortunately, every
month I was spending somewhere around five to 10 hours basically reconnecting crash tunnels and,
you know, trying to. Oh, geez. Don't get me wrong. I mean, I had watchdog scripts, right?
That would like look for problems and try to automatically disconnect and reconnect and
reestablish tunnels. But OpenVPN had so many interesting ways of crashing tunnels that even writing watchdog
scripts that would attempt to tear everything down to the bare metal and reestablish it,
I just never could get past that like five to 10 hours worth of, you know, there would
be a few things here and there that I'd have to find an alternate way into and reestablish
those tunnels, you know, by hand, you know, screwing around with it. Now, when I ripped all that out and replaced it with
WireGuard, I went to zero hours a month. It's been more than a year now. And the average is
0.000000 hours a month reestablishing collapsed tunnels now.
Wow. And I have to imagine over the last year, VPNs have probably been more important than ever for a lot of people.
Oh, God, yeah.
So the first step for me was replacing my monitoring network with WireGuard,
which was a smashing success.
The next step, which is still underway, is, you know,
all my clients who use OpenVPN themselves, like, you know,
with their Windows laptops and whatnot to get into the office remotely,
I'm switching them over to WireGuard.
And we're about halfway done with that yet.
And,
uh,
it is absolutely been a win.
And are you finding any particular tools or making that easier or not to
manage?
It,
the kind of scale that we're talking about here,
there's really not a whole lot of,
of management issue in the first place.
Right.
Um,
you know,
most of my clients are around,
uh,
let's just say the sweet spots is like 20 to 50 employees.
Sure.
So the big boogeyman that everybody always wants to bring up with WireGuard versus OpenVPN is, oh, you can't have DHCP.
Everything has to be statically addressed.
And that's true.
I've just never quite been able to figure out why I would care about that.
care about that. I mean, you still have the same basic process of like you set up credentials for a new VPN user and you hand them to that user and they install them and off they go. That's still
the process. I guess if you had like thousands of users and for some reason you wanted to not
subnet enough space for them all to be connected at once, that would be an issue. But as it is,
it's not that hard to just, I mean, they get an
IP address along with their key pair. And when you revoke their key pair, you revoke that IP
address as well. And you can reuse that for the next new user that needs it. Yeah. It's been so
great while we're on the road to use WireGuard. I use it every single day and I have really enjoyed
your coverage over the years now of it specifically over at ours.
And now you're sharing some of that
on two and a half admins as well.
And I just feel like you've nailed the WireGuard coverage
over the years, Jim.
So it was just great to have a chance
to have you come on here and update us on this stuff.
So thank you for your time.
Thanks, Chris.
There's some definite housekeeping
that needs to happen around here.
There is so much, so much.
Brent, I mean, you're making a mess over here. I'm sorry. It's my first time. Actually,
Brent, real true, honest, no joke. Brent did our laundry for us. Brent went out and did our laundry
and then he brought it back to the RV and like the rule breaker that he is, he line dried our RV in
the campsite. Of course, he's a campsite,
you know, he's a camping newbie. So he didn't know that's actually against the rules for whatever
stupid reason they don't want you doing that. But I thought it was fantastic. So Brent's actually
been helping keeping it quite clean. But what we do want to mention is the meetup page at
meetup.com slash Jupiter Broadcasting. We'll have our upcoming meetups there, like the one in Denver
and the feedback page. That's at linuxunplugged.com slash contact. And then I also want to mention
the Telegram group, where we're sharing additional pictures and tidbits from the road trip, as well
as just the conversation, always participating in and ongoing and whatnot. It's Telegram.
It's a real-time chat room. I don't got to explain it to you. You're not new.
Jupiterbroadcasting.com slash Telegram. Get up in that. Also, the Luplug, and it was getting some love,
getting some love at our Salt Lake City meetup. The Luplug happens every Sunday.
It doesn't matter where you are in the world. Every Sunday, the Luplug is happening,
and you can get in there on Mumble using free software every single Sunday and hang out with
like-minded folks.
Details at linuxunplugged.com slash mumble.
It's noon Pacific time,
but you can just go to jupyterbroadcasting.com slash calendar,
and you can get all of that in your local time.
We do that for you.
Robots do it for you, actually.
Scripted robots.
jupyterbroadcasting.com slash calendar for that.
Well, I think it's time for a little feedback.
Jan writes in,
having bought an iPad two years ago
and returned it after three weeks
because it was just unworkably locked down
and I couldn't stay in the OS,
I was a bit of a surprise to hear
some of your opinions about it.
Having tried to do even basic stuff
like importing a CA certificate,
it's just a pain in the butt. The system is so locked down your opinions about it. Having tried to do even basic stuff like importing a CA certificate,
it's just a pain in the butt.
The system is so locked down that it just doesn't make sense
for any kind of tweaker to use.
I've since bought a Samsung tablet
and they are really good.
In my opinion, better than the iPad
with respect to both media consumption
and productivity,
or even something like drawing,
especially price-wise.
And also, if you want to make tweaks and modifications,
you can have a Linux container system running on the tablet without an issue,
something that you'll probably struggle to do on an iPad.
So maybe you guys should revisit this?
Thanks in advance.
It really feels like one of those, it depends on your use case, man.
Like if your use case is running a container on your tablet,
that definitely isn't the iPad for you. No, it doesn't work. If your use case is maybe something more traditional,
then I think the iPad is a really, really strong contender. This conversation is really in the
context of the JingPad. The fact that the JingPad is out and it's looking like a pretty nice device.
And so the question has kind of come up on the show. Is it time to re-evaluate
our position on tablets? You know, because we've kind of written off the Android tablets and
everyone on the show kind of just begrudgingly went, yeah, it seems like the tablet to get right
now is the iPad. You know, and I think that's what inspired that email. And I guess this kind
of drives the point that it really kind of depends on what you're using it for. For me, I still think the iPad's a better tablet device because I want something that has a built-in LTE connection that's pretty reasonably priced and easy to connect to my provider and has support by my carriers.
I want something that has the X32 edit app from Behringer, which is an app in the Apple App Store.
And I want something that has WireGuard support. So that way I can connect over LTE, establish a WireGuard connection,
and then control my mixer with the X32 software. The iPad happens to nail that job. And I don't
think I could get it accomplished on the JingPad. Maybe I could on the Samsung. And so the question
is, is it time to revisit this? I think the answer is yes. You know, you look at the JingPad,
you look at what people are saying they're doing with different tablets. I think, yeah,
the question is, do you have the money for it? And that's really the problem is you only have
so much money to spend on these kinds of things. And you don't want to blow it on something that's
going to turn out to be a crap device. You want to spend that money on something you're going to
get years out of.
Maybe you can hand it down.
I can hear the pain in your voice, like maybe you've been through this before.
Yeah, I mean, that's what a lot of my kids have, hand-me-down devices.
And when you look at the years of support you get with iOS, the pretty good app store,
and the pretty decent performance, even from older tablets, it's a pretty strong value.
But there are a lot of other great devices out there.
Like I've recently started grabbing some Fire tablets for some of my home automation stuff.
And after you spend some time with them,
you can actually turn them into decent devices.
And they're at a way, way, way, way better price point
than an iPad or probably even the Samsung tablet.
But, you know, Brent, I noticed that you don't travel
with a tablet, you just have the laptop.
Never really appealed to you?
Well, I think you nailed it.
It's the combination of, you know, dedicating a certain amount of funds to a device that kind of, I guess when I really tried to explore them, they felt like they got old quite quickly.
And they were locked down in the ways that I didn't appreciate.
So for me, lightness in travel, of course, is another huge thing. Yeah, they all
seem so limited, right? So then you kind of just buy an appliance. Like you almost have to accept
the fact that this is a limited device. And that's why I have a PC. It's interesting. I thought the
tablets would replace my need to bring a laptop everywhere, but I haven't really found any success
in that. And every time I kind of dabble in it, maybe I need to be more creative, perhaps.
And I'm welcome to some feedback there.
Just carrying one machine and it's a laptop
seems like it works for you.
Well, I bring small things, you know?
It's only a 13-inch.
You did hear me complain about the fact
that that screen felt a little small.
And I've noticed some users using their iPads
as extra screens,
which I think that would certainly appeal.
So I have become re-interested.
That goes back again to your use case.
Like if, yeah, do you want to use it as an extended display?
Well, which tablet supports that?
And yeah, I noticed you only have one sticker on that laptop though.
I mean, it's a good sticker.
It's a Linux Unplugged sticker.
But did you know we have a whole new batch of stickers over at jupytergarage.com?
And they're all taken from
the high resolution. What's it called? Why am I blanking on it? Cause I'm exhausted. It's hot.
And I've had a cider album art. Yeah. Yeah. But what do we vector art, the vector, the vector art.
That's what I'm trying to say. Cause it's super high. We were able to, we were able to just do
like really beautiful stickers at three different sizes. That's what I'm trying to say, Wes. And the
other thing I forgot to mention last time,
which is why I put this in the show doc to begin with,
is if you get one sticker,
additional shipping on the stickers is 10 cents.
So you could get yourself like a self-hosted
or Coder Radio or Linux Action News
or Chris and the Badger or Linux Flies on Mars sticker.
They're all over at jupitergarage.com
and they are awesome. Our members get a discount
that is in your members info feeds and stuff like that. I think that's how it works.
You may have heard in our chat with Jim that he mentioned an application he was using to
benchmark his WireGuard connection. And we may have we may have talked about this,
but this is a pick that's so dang good, we want to talk about it twice. And it's called Ether, a comprehensive network measurement tool. And it's by this upstart developer named Microsoft.
that you can run on Linux, you can run it on your Windows and on your Mac,
and you give it a few flags and you're off and running and you get nice, really well-displayed information
about performance information, statistics,
any errors that have been noticed by the system, and all of that.
Adam, did you get a chance to play with this, Wes?
Because I think we've actually talked about it once before.
Oh, we have? It was actually a pick on Linux Unplugged episode 280.
And funny enough, that episode is when we had just gotten back from visiting System76 in Denver way back in 2018.
So it feels fitting to be revisiting it now.
Wow. That is, that's serendipity right there, isn't it?
You can tell something's on our mind when we're on the road.
And solid remote connectivity and figuring out what route and what connection is the best
is on our mind. We're solving problems. Yeah, exactly. Right. And clearly we haven't figured
everything out. We're still solving the same problems. Oh, ouch. As for ether, if you already
use iPerf3, I don't know, you probably don't need this if you're comfortable. I think the value is
they've got some neat thread based scaling. So you can kind of have a single server and use that to benchmark a whole bunch of systems,
and it should scale. And it's just a single little Go binary, so it's easy to run,
especially because it also runs on Windows and macOS. So if you've got all kinds of different
clients you want to benchmark, maybe this is the tool for you.
Hmm, very nice. Link to that in the show notes. All of those links will be at linuxunplugged.com
slash 419. Wes, am I right that the
next time you and I are doing a show, it's going to be together in Denver? Oh, I'm excited. Yeah.
You get in early that morning too. So I guess that means you're probably just going to have
to do all the show prep on the plane, you know? So I'm just going to assume you'll do all the prep
then that week. So you're going to have that flight out. You know, whatever they've got in
the magazines, I'm sure we'll have some mention of Linux the prep then that week. So you're going to have that flight out. You know, whatever they've got in the magazines,
I'm sure we'll have some mention of Linux, right?
Yeah, probably.
There's probably something in there.
If not, we'll just, I don't know.
We'll figure it out.
I'm really looking forward to it.
It's going to be fun.
We don't even know where we're recording yet.
We may do it in Lady Jupes.
We may be able to do it in System76.
Maybe we'll do it in the Airbnb if we can get in there that early.
Who knows?
But it's going to be fun.
And then once we're all there, we're going to have a JB Airbnb
where, well, we'll see how that
goes, but we're all going to be in one spot.
But we'd love to have you join us live just
to experience that and see where things are at.
You can do that over at jblive.tv.
We do it at Tuesdays at noon
Pacific, 3 p.m. Eastern.
See you next week. Same bad time,
same bad station.
And there is a lot more going on.
Of course, Self Hosted is going to be recorded
on the road this week as well.
So do your thing.
Go over to the Twitter.
Follow the network at Jupiter Signal.
Get information on all of that stuff
and future meetups.
You can follow this here podcast
at Lennox Unplugged.
Or if you don't do the Twitter thing,
I don't blame you.
You can just find everything we're doing over at jupiterbroadcasting.com.
That's the main network website.
And if you're not yet listening to Linux Action News,
you're missing about 20 to 30 minutes
of what the heck is going on
in the world of Linux every single week.
And you probably should get tuned into it.
Links to everything over at linuxunplugged.com.
Thanks so much for joining us.
And we'll see you right back here next Tuesday! I think Levi has won Brent over a little bit, you know, because Brent came in kind of a cat guy.
Not that he's anti-dog.
I'm not trying to say that.
But I feel like you came in and you just were kind of, you know, that's Levi.
That's great.
It's really good to see Levi again.
But then Levi started snuggling with you in the morning and then pretty soon you started taking him on walks.
And the next thing you know, he's spending the entire night with you. I feel like there's
something developing there. Well, I think he's got this nice way of welcoming guests and he's
totally won me over. That's for sure. It's pretty great to see. All right. JBtitles.com. I don't
think I started the titles. I don't because I couldn't get in the IRC room. So we'll just see
how that goes. You know, it's a road show, everybody.
Don't worry.
We've got a few titles listed under show not listed.
That seems appropriate.
It does, doesn't it?
Oh, man, I'm glad to be done for at least a couple of days
until self-hosted because I tell you what,
it has been tricky doing this on the road.
The connectivity has been really weird
because we're kind of close to downtown Salt Lake City,
which means sometimes the cellular networks are really kind of busy.
And there's a construction project going on.
There has been a concert.
There has been people coming and going.
Like even just during this recording, there was planes taking off, motorcycles going by, diesel trucks starting up.
I mean, the whole thing, it's been kind of a real juggle, more so than I expected.
So hopefully when we get out of here, it's going to be in quieter territory.
Salt Lake City has been very smoky, so it hasn't been like the most impressive experience.
But I do want to come back and enjoy it sometime.
The spot isn't bad if you were here to just enjoy the city because it's right next to the rail.
I mean, you can walk to the rail in like five minutes.
And it's close to everything.
It's 10 minutes to everything downtown and lots of good eating and all that kind of stuff.
So I would totally recommend this KOA in Salt Lake City if you were an RVer and you were coming here.
But if you wanted to come here to record or work quietly, it would probably look somewhere else.