LINUX Unplugged - 482: Legacy Gets the Boot
Episode Date: October 31, 2022Are the long-timers holding Linux back? Lennart Poettering argues we are and proposes a new Microsoft-blessed way to secure Linux. Plus, our thoughts on the slow decline of mailing lists in open-sourc...e development. Special Guest: Neal Gompa.
Transcript
Discussion (0)
We start the episode this week with a call out to you Linux users with old and weird laptops.
Direct quote there.
We need help.
Some backlight changes are coming to Linux 6.1 and users of old, weird laptops can actually help make sure that we don't break things.
I just think this is one of those great moments. So there are changes landing in Linux 6.1 that would allow setting the maximum brightness amounts
and then communicating that clearly when those controls are not supported.
That seems like a great feature, right?
Well, early testing has actually shown that it's damaged some old, weird laptops.
So you're probably okay now.
They've made some fixes there, but they still need testing.
And there are ways you can just download and help test the next kernel today.
Go help. Only you, old weird Linux laptop user, can help.
Hello, friend, and welcome back to your weekly Linux talk show.
It's just me. My name's Chris.
Nobody else here today.
See, I let Brent off the hook because he had some sort of family hit he had to do.
It's family business. I can't get into it.
And then Wes got the sick.
I think he was doing, like, some really important on-location business for the show.
And he came down with the sick.
So it's just me in studio this week,
but I am joined by a fired up and ready to go virtual lug. Time appropriate greetings,
Mumble Room. Hello. Hello. Hello. Hello. Hello. Hello. Hello. Hello. Hello. Hello. Hello. Hello.
Hello. That is, that's a, I think that's a top five intro right there, Mumble Room. Hello,
everybody. Hello, everybody up there in the silent listening today.
I hope you have your old weird Linux laptops ready to go because the kernel team needs your help.
Coming up on the show today, let's discuss if us longtime Linux users are holding Linux back a bit
from the next level of growth. There's a couple of topics, both of which Liam at The Register has
just absolutely nailed this week. So I think, Liam, you are the unofficial co-host of the show this week
because you've got two pieces that I want to discuss
with the Mumble Room and with you listening out there.
And there have been some changes and some trends over time
that have just been kind of going in certain directions
that mean kind of a fundamental way,
a shift in a way that the community communicates,
organizes, develops.
Plus your good buddy, Lennart Pottering,
the system developer, has a new idea
on how to really improve security for Linux.
There's essentially one major change we could make,
and it may be good, may be bad,
but it also could reduce maybe the tinkerability
of Linux, if you will.
So we'll talk about what that change could be
if it really is such a big deal
and kind of what the idea is and why some people are saying it gives Microsoft full control over Linux.
That's like the going all the way.
So we'll dig into that, too.
And we'll round out the show with some boosts, some picks, and a heck of a lot more.
So before we go any further, I have to say good morning to our friends over at Tailscale.
They're like the secret sauce.
You know when you have some family member's food and it's just like extra tasty
and you discover they put butter in?
Tailscale is the butter for my networking.
It's so great.
It just makes everything work a little bit better.
It creates a mesh VPN powered and secured by WireGuard.
One flat network for all your devices
that you can get going in just minutes.
We love it.
It'll change your networking game.
Go say good morning and try it for free
for up to 20 devices over at Tailscale.com. Tell them change your networking game. Go say good morning and try it for free for up to 20 devices
over at tailscale.com.
Tell them the Unplugged program
sent you. So we'll see.
We'll see how we do today.
Just me. I don't even know how long
it's been since I've done a solo show for the Unplugged
program. I wonder if anybody
out there knows.
It's got to be hundreds of episodes, right?
I think the last time you did it
you were still doing the linux action show probably probably shoot like i think i was
in college the last time you did that that's 10 years ago are you trying to make me feel old
are you look man you started doing this podcasting when i was in middle school
so i can make you feel old by mentioning that fact.
You just did. You just did. Yeah. Yeah, I know. That's pretty crazy. I know this show is older
than some of my kids. That's also really weird because they're actual human beings that exist
in the world. You were not married when you started. Yeah. And now I've been through divorce
and remarried. So how about that? Well, the GNOME Project is going through a bit of a divorce
with mailing lists. The GNOME Project is preparing to shut down its mailing list towards the end of October, which is right now. Happy Halloween, everybody. And the register has a great piece about that. They interviewed the GNOME project executive director, Neil McGovern, about this and several others.
and several others,
Neil points out,
that's Neil from GNOME,
not Neil from the Mumba Room,
points out that like many other projects that use Mailman,
they find that relying on Python 2
is not sustainable anymore,
which probably means
they have an old version of Mailman.
And so that's a reason
that they're shutting down the mailing lists.
Evolution and other GNOME projects
have made the announcement
that their mailing list
will be retired at the end of October.
They write, as we've been communicating during the past few months,
GNOME's mailman platform is being decommissioned.
They cite the Python 2 deprecation.
And also, they cite a major burden with spam.
They say the deadline is currently set to be the end of October 2022.
Mailing list subscribers are invited to migrate to GNOME's discourse instance.
And they have some information about that. And we'll come back to that discourse instance,
because that's a major factor here. Other projects are doing the same.
My read, and Neil, here in a second, I'd be curious to get yours, but my read is, is that
infrastructure kind of got out of date both
physically software wise the team has just had skills that evolved over those years they don't
necessarily specialize in maintaining mailman anymore so they don't necessarily have the right
skills people or time to devote to replacing it or upgrading and their mailing list has seen a
steady decline since they rolled out
that discourse. And GNOME's infrastructure team coordinator told the register that, quote,
the new platform offers way more features than Mailman, including gamification, which newer
generations in general appreciate, but also markdown support, RSS feeds, proper spam support,
multiple authentication types, so on and so forth.
So I'm curious, Neil, because I know you've participated across the spectrum.
Are you sad to see the slow death of mailing lists?
And it seems like it feels like for some reason with the Gnome project kind of winding this up, this is kind of a major one.
And I'm curious what your thoughts are.
So one of the big things I don't like about the elimination of mailing lists is
that with forums in particular you have a interesting restriction on who you can talk to
they have or communicate with and that's all the people that are already there one of the unsung
capabilities of mailing of mail list based communication that i've leveraged over the years
is being able to c CC some other person somewhere else
into a conversation and deliberately bring them in
and give them the ability to have context and whatever.
That's a great point.
I've also been told just behind the scenes
that it's also how a lot of people scale
across multiple projects,
which is, I'm curious if it's a tool for you
because you can aggregate into one inbox.
It's the only way I can function.
Projects that have moved to the forums, I've mostly stopped engaging in because I can't. In order for those
things to work, I have to actually actively poke into those forums and go look at them and whatever.
And yes, discourse has an email-based function. No, it's not very good.
And RSS.
What browser has RSS support?
And yes, I could have a dedicated RSS reader.
I don't use one because I'm on different computers all the time.
And browsers are the only thing that stay in sync across all the computers I have.
And Google Reader killed it for all of us.
Yeah, pretty much, right?
This kind of comes back to, I don't have Google Reader anymore, so I don't exactly have a good
way of doing that.
Google Reader anymore, so I don't exactly have a good way of doing that. But more seriously,
this move to discourse, I suspect, is actually not driven by the things you'd expect.
One of the things that has been going on undercurrent in GNOME infrastructure for the past few years is that they've been retooling all of their infrastructure to run on top of
Red Hat OpenShift container platform. And so all of their applications have to be able to deploy on OpenShift
and run in the OpenShift environment and scale with that and whatever.
Like they just recently redeployed the GNOME GitLab
and broke everybody's ability to push via SSH
because the way that you have to do SSH,
Git SSH in OpenShift or in Kubernetes in containerized environments is completely different from non containerized environments.
And so everybody has to adjust for that and stuff like that.
And what about their argument that gamification appeals to a newer generation?
That's totally true. Right. Like even like that's why Fedora has the badges thing.
And like we've got this whole big thing. You remember a a couple years ago when the Butterfest stuff was going on,
there was a Butterfest badge for everyone who came in and tested.
And that's, like, that's still, I think, like, the most given away badge in the Fedora badges system.
So, you know, it shows that it was the most tested feature that we've ever done.
And that clearly shows the value of it.
But that's not the point.
feature that we've ever done. And that clearly shows the value of it. But that's not the point.
The point is that they don't actually want to, they don't want to spend the effort to move the mailing lists onto OpenShift. Maybe they could argue they don't have the right people on their
team. Phooey. If you can get GitLab to run on there, you can get Bloody Mailman to run on there.
All right. Well, here's the other argument. They say it reduces fragmentation amongst the GNOME communities. Improved integration. They have a bridge with live
matrix chat so they can move conversations between ephemeral and something that's posted online.
And they say it's a modernization of the overall infrastructure project. They've migrated IRC to
matrix. This is the next thing. This is akin to IRC moving to matrix, they say.
matrix this is the next thing this is akin to irc moving to matrix they say no but sure uh there there's certainly a modernization aspect to this but it's definitely not a like this is a you know
a strict improvement of the experience it certainly allows richer formatting whatever
like the biggest reason why email conversations aren't rich is because there's this convention
to use plain text emails and to do
bottom posting and all this this netiquette stuff from the from the 90s right whatever fine isn't
there some truth though to like the whole you know when you go on github all of a sudden you get a
lot more contributors isn't that something to like when you go on discourse all of a sudden you're
going to get a lot more people that can get their eyes on it actually here's another dirty secret
um overall engagement in the gnome project on various communication platforms has been going down.
So one of the Gnomies told me privately that discourse is kind of half dead in terms of
engagement from both developers and users.
And the mailing lists have also rotted, but so has everything else.
And the mailing lists have also rotted, but so has everything else.
So if on the whole balance, engagement and communication is rotting and in decline, the ones that are in decline the fastest are probably the ones worth kicking out.
And mailing lists are probably in decline way faster than all the other ones because people just leave and whatever. And sure. And email, unlike the other platforms,
is actually harder to keep up with because
you still have to do all the stuff to make sure you don't
get listed as spam. You have to
update for the MTAs and
all that other fun stuff. But
in general, from what I've been told
from a few Gnomies
that are involved in this, is that
overall, engagement in GNOME has actually gone
downward in communication. Discourse, mailing lists, IRC, all of it is all on a downward trend.
It doesn't feel like a technology problem to me, Neil. That feels like a different problem going on
there. It's a different problem. We're not going to talk about that. I don't need that right now.
But basically, because there's a downward trend here and mailing lists are the harder of the two to maintain,
they're going to cut the mailing lists.
This is actually going to be a little painful
because GNOME isn't the only project that uses the GNOME mailing lists.
That was why I brought them up for discussion
is because they're not the only project doing this
in the open source community broader.
So I wonder, if we zoom out from GNOME,
what are we losing here?
Like, I could think there's definitely
an accessibility aspect we're losing
because when you take things out of plain text
and out of email, you're automatically going to make it
less accessible to some folks,
especially those that might be visually impaired
or something like that.
So I recognize that's a loss,
but I'm wondering just outside of that,
from like a development community,
what else are we losing if we move away from that?
In some respects, you have to consider forums are a lot less asynchronous than email is.
Sure.
Because in order for you to engage, there's a different set of expectations when you're working with web forums.
But can't you argue they're more transparent because they're on the web and available to anyone?
I think that depends.
Like, it depends on how you run the forum.
It depends on how the forum works. It depends. Like, there's a lot of factors here. But there are some common things, right? So web forums are pseudosynchronous. And that means that
while they're technically asynchronous, there's a lot of community expectation of timeliness.
Like, for example, the Gnome discourse auto- locks discussion threads after so many days of inactivity.
That is a pseudosynchronous thing to do.
That means that there is an expectation that there is engagement continually.
But the way that discourse and most web forums work, it's a push.
You have to actually directly go there and pull the stuff.
So not push-based, pull-based engagement.
And because it's pull-based engagement, the effort is on you to find out what's going on.
Yes, there are certain ways to mitigate some of this, but you can't fully mitigate it because it's built into the model.
Whereas emails are push-based.
Generally, when you subscribe to something, the engagement comes to you,
and you make the choice to interact with it. And there is not really a straightforward way to lock people out of a conversation. True. And it's pretty easy for you to
develop your own tooling around that to manage it, filter it, and sort it. But I will say,
from a research standpoint, when I'm investigating a story for Linux Action News...
Forums are easier. Yeah, way easier to search, way easier to find stuff,
way easier as an outsider to come in
and get a good picture of what the conversation has been.
A mailing list is a chore sometimes to track it all down.
I mean, there is that aspect to it.
Sure, there is.
And also, it also depends on what kind of archiver is being used, right?
Some archivers have a search engine, others don't.
Most projects using Mailman2 or Pony something or other,
I forget what the Apache one is, Pony Mail, I think,
they don't have any of this.
And so it's, or God forbid,
you want to search the SourceForge ones.
Like that custom front end is so garbage.
Oh man, oh man, painful memories there.
Right, those are difficult for sure.
But like, if you look at HyperKitty, shoot, there's groups.io is a mailing list platform. It's a commercial SaaS based one
and Google groups and those it's yeah, you're right. They have decent search. They're a lot
more accessible to find these things. They also all have the unique capability of letting you
reply from the web. I wanted to give NJCS a chance to jump in here in regards to email
accessibility and all of that. Go ahead. First, I'm seeing in the chat. I wanted to give NJCS a chance to jump in here in regards to email,
accessibility, and all of that. Go ahead. First, I'm seeing in the chat, and I want to differentiate a couple different accessibilities that people seem to be talking about. There's
information accessibility when it comes to this kind of thing, which is great in a mail client.
As long as you're pulling down copies of things, you can search through things. And
a mailing list is super easy to get through with a control F or however you want to search
through that text.
But then there's also the accessibility of low vision users.
I happen to be one.
And after a stint of several years working in large educational institutions that still
use Mailman specifically to do mass mailings and group discussions, I can say that from
a visual perspective or a low vision perspective,
mailing lists are awful to get through as a low vision user unless you have a specialty client
that's going to understand the conversation nature. Otherwise, you're listening to the entire
wall of text. So moving any type of mailing list for visual accessibility reasons to a web-based plant that understands
messages, that understands the web standards that can separate things out for screen readers.
Big plus. Something that I would be very excited about.
Well, that's great insight. Thank you for that. That's good to know. I want to give Gamma a chance
to jump in on the demographics of users that could be using these systems. Go ahead, Gamma.
Like Neil actually mentioned earlier, when you have an email, you can be subscribed to so many
different emails and pull them in fairly passively. So you can be engaged in the community
fairly easily. There's a lot more passive, almost drive-by nature, and you really don't get that in
a forum where you have to go out and actively be engaged in it.
People who are going to the gnome discourse are people who are actively
seeking out gnome,
like gnome things.
Like maybe,
maybe,
maybe it's a news,
like it's,
it's a reactionary that they're going there instead of like,
they're,
they're passively like,
Oh,
there's,
they're seeing stuff as it's going on. Like, no like they're going there for a reason i could see your point
there well ultimately kind of i kneel i kind of want to know your thoughts around just i know i'm
sure you have lots but my thinking is is developers are really the target demographic here developers
are capable of using their own tooling and consuming this information in their own way
to work best with their particular workflow is that not a factor in this and don't mailing lists potentially
suit that use case better again because we're not looking for everyday users we're looking for
developers here for sure right like every everyday users i think totally can be satisfied by forums
and i've actually made this point before on other venues that user support isn't well served by mailing lists.
They're actually better served with web forums and things like that because you don't want brandos being pulled in in all kinds of crazy places.
And you generally want a more curated experience there.
Whereas developer engagement, especially the highly distributed nature of open source development, it doesn't work super well when you have islands for communication but also i wanted to mention
something else uh i forget which one like someone made that point about the uh accessibility stuff
this is actually also a function of what kind of web email archiver you have some archivers
do translate email conversations into something that screen readers and whatever can actually
handle in the same way that they would handle a web forum. And I know that those are not terribly
common in the open source space yet. But like, for example, I think HyperKitty, Groups.io,
Google Groups, they all actually use these tags and like smart detection to make it so that these
conversations are handled in the same way that you would handle, say, quoted messages in web forums, and you're able to ignore them and
process them properly and things like that. Unfortunately, not everybody is using that.
You've still got your mailman twos, you've got your pony mails, you've got your MLMMJs,
and all these other older ones that just don't do any of this stuff. The mailing lists are an
email experience that you make of it,
whereas web forums are typically what they've made for you.
And that's where I think the crux of the difference is.
That's not to say that anyone else's concerns about mailing lists are invalid,
but it's certainly something where the group implementing the mailing list has to care to deal with these problems. cloud hosting with really the best support in the business because Linode is architected differently. They're built around a great product that had to do well in the marketplace, and they
had to actually compete for their customers by making something they'd want to use. And so in
that, they have created a fantastic support department that's available 365. The first
person you contact is the person who resolves it. They don't have to like do that silly game
of escalation,
but let's be real.
On the big hyperscaler platforms,
the support situation is obtuse.
It's a nightmare.
It's opaque.
It's awful.
And it always starts with a chat bot.
So Linode is a little differently
because their product had to be great.
So the systems are fast.
The dashboard is fantastic.
The API is clear and easy to implement.
The infrastructure management tools are whatever you want to use.
Kubernetes, Terraform, Ansible.
Yeah, it all works.
And they managed to do it while they're 30 to 50% cheaper than the hyperscalers that just want to lock into their crazy platform that they like to pretend they invented.
But on top of that, the performance is just fantastic.
It's so good.
I've had an opportunity to try out their GPU rigs. I've had an opportunity to try out their dedicated cpu systems their monster systems
i've got a matrix box with like 48 cpu cores and something like 96 or 128 gigs of ram it's in the
category of like the number so high that it just doesn't really even make sense anymore the
performance is insane and we started that at a tiny little system, a tiny little two core box with eight gigs of RAM or something like that,
that we just scaled up over time as our matrix user base needed it. I couldn't have done that
with a physical box. I may have, if I built something, I may have started with something
a little more powerful than two cores and eight gigs of RAM. But within a few months,
I have way, way, way outstripped what i would
have been able to afford to build and i just did it incrementally as our user demand required it
it was really simple to use their tools to do that plus we have backups and snapshots
they got 11 data centers for you to choose from they're bringing on a whole bunch more next year
so go build something go learn about something it's a great way to try out an open source project on incredibly fast hardware. Go try it for yourself with that $100. Really
kick the tires. Linode.com slash unplugged is where you go. Supports the show and you get that $100.
Linode.com slash unplugged.
Just a spot of housekeeping here because it's all on me this week.
Nobody else is here to clean up and who's going to bring the meat?
This is rough.
I mean, I know it sucks for Wes to get sick, but did nobody think about me?
Anyways, just a few things to mention.
If you haven't checked out our new community-built website at jupiterbroadcasting.com,
something really special is going on over there.
And it is totally open on our GitHub over at Jupiter Broadcasting GitHub. You
know, I don't know, github.com. You get it, right? It's a URL and then you put slash our name in
there. Anyways, you go there to the dot com section and you can open up an issue. You can
all participate. And we're kind of putting a challenge out to the community. I talked about
this in Office Hours 15. I think we are probably a few months away, if people worked on it, from a portable, open source, fully self-hostable, podcasting 2.0 compatible podcast network website.
You know, it's weird. There's no really good site built for a podcast network.
You know, like my buddy Joe and Michael,
they have Tux Digital and Joe's got his late night Linux series of shows
and they've all kind of taken different approaches
like I have at trying to either centralize
or not centralize all of the shows.
Like, how do you do that right?
It's not like anything just does it out of the box.
And when you go look for like templates
for like Hugo or WordPress,
what you find is like
something that's designed for a single podcast. And it's all like old school, like Apple sets the
terms on what the RSS feed support, just like an old janky way of doing it. And I don't know if
we'll ever get there, but I've kind of put the challenge out in Office Hours 15. So the details
are at officehours.hair slash 15. Episode is one PR at a time.
I don't think it'd be that much work to like make it possible
to swap out the branding,
swap out the theming
and build your own network, Hugo site.
And the beautiful thing is
this thing builds itself.
When we release an episode,
it just automatically builds itself.
Every post is automatically generated.
I don't have to do a thing.
It's so beautiful
and it's how it should be
and we're building it out even more we're not done yet
we're adding more podcasting 2.0 features and specs
and we're opening
we've opened up the development to the community so there's
all kinds of things that are open or can be
improved we just recently
had some big updates
to the website to make it possible
to automatically update the sponsor segment and all of that. We'll be talking about all of that more in office hours.
I've decided I'm putting it all in office hours, but I wanted to make you aware
in case you haven't been listening. Our Matrix community has been growing like crazy too.
Details for that over at jupiterbroadcasting.com slash matrix.
I'd love to have you join us over there and hang out with the crowd. Go get the Element app.
It's open source.
You can use it in your web browser or you can use it as a downloadable standalone like Flatpacker.
I don't know.
It's probably a snap.
Hey, Rich Lobster!
I got some baller boosts I want to thank before we get into the big meat of the show today.
John A., you sneaky, sneaky SOB.
So, I get it, man.
I get it.
Deleted came in.
She kind of threw you off your game,
threw down a challenge.
She felt like it was a lot of pressure.
Sats aren't free.
They are on sale right now,
but they're not free.
They recently went up a little bit in price.
I know how you're feeling.
You're feeling like, I can't do this.
So, John A. Boosin, 10,000 sats.
He's like, okay.
I got to go low this week.
Someone else can have the glorious experience of paying to hear the Hey Rich Lobster song played after their mention.
All right, John A.
For you.
Hey Rich Lobster!
You see, John A. likes to stay in touch.
So as the week goes on, John A. sends another 5,000 sats.
As to my location, I'm actually in the Yakima area.
You ever heard of Yakima Hops?
That's where it comes from.
The delicious Yakima Hops in your beer.
That's where John A. lives.
He lives in the Valley of Yakima Hops.
He says, if you guys ever go to Spokane for a meetup, I'd absolutely try to make it over there.
Okay.
All right.
That sounds great, John.
So then John A. sends in another 5,000 sats.
And he says, I also will be in the Seattle area sometime in the next two to four weeks. I could always drop by the studio and say hi. I would love to see your setup anyways. I moonlight as a pro audio guy. Well, first of all, I want to hear more about that, John.
but uh how dare you ask that how dare no i'm kidding totally you could totally join to send me a boost when you're getting close when the when the date is approaching and we'll arrange a little
hangout here in studio we got a third seat you can hang out in so i think that i think that in
total puts you up to 20 000 sets which puts you in the baller section so you made it and you would
have been our top baller but then out of absolutely nowhere a sleeper baller. But then out of absolutely nowhere, a sleeper baller comes in. Two hundred thousand
sats. From Enutech, it was actually a hundred thousand. But then because I got their name
right on the live stream, it became two hundred thousand. So that's I've never been rewarded like
that for getting a pronunciation right.
It totally restructures the motivation.
As humans respond to incentives, my friend.
He writes, I stopped using GNOME because of the members' attitude and hostility towards its users and the way they insult potential contributors in downstream projects.
So this is a sentiment that I've been hearing from the audience.
It's something we talked about in our members pre-show. I'm curious to know if the politics or the communication style of the project
matters to you at all out there, dear listener.
We talked a lot about it on our live stream today.
I'm curious to know out there in the download audience,
do you really care?
I realized one of the things I really enjoy about Arch and Nix is I can't really articulate
any political positions necessarily that any of the leadership take. Now, if I dig around in my
memory, I can. But for the most part, I can't think of any like controversial things coming
out of those projects, right? Like I could name some out of every other project, but, you know,
just as an example.
And there is something nice about that
and something that is a factor
when I choose a distribution.
But I'm curious out there
if that is true for you,
like it is for Enutech.
So you can let me know
by sending a boost
or going to linuxunplugged.com
slash contact.
I want to thank you guys
for the baller boost.
I know they're still getting,
it's still kind of early uptake
on the adoption.
Outside of just showing your support for the baller boost. I know they're still getting, it's still kind of early uptake on the adoption outside of just showing your
support for the show.
Personally,
for me,
it makes,
it makes me feel pretty good because I am,
I'm not totally comfortable with the way the podcasting and just general ad
market is going.
I don't actually know if we're going to be screwed,
but I just keep hearing all of these disastrous reports by,
by the podcast
networks and and podcasters that are like you know they get like 200 300 000 a million downloads of
the really big numbers and i just keep hearing these devastating stories about how they've lost
their sponsors and like it just seems sponsor spends are way way down wes isn't here today but
he was just recently telling me about a podcast that has dynamic ads that he's listened to forever but they just switched to dynamic
ad insertion because they lost their advertiser and I think he said not only is it somebody that
you can barely understand because their mic's horrible but to fit in a longer ad read into a
smaller section they like time compressed it so it switched it switches to the ad read into a smaller section, they like time compressed it.
So it switched to,
it switches to the ad read at like two X speed.
So the ad read sounds like a chipmunk going super fast,
like just absolutely horrible.
What's going on right now.
And I just,
it seems like a slow decline.
And then I have to say,
I hate to say it cause it hurts me because I've been a customer of theirs
for,
I don't know,
13 years, but I feel like Libsyn is undercutting the podcast industry as well, the very industry
they serve. Libsyn is doing their best to undercut advertising and podcasting at the time when
there's just a lot of pressure. And I worry about the tough decisions that my friends out there will have to make and that other small businesses will have to make.
And the boosts are just outside of all of that.
It's just a system that is outside of all of it.
And there's something that I fantasize that if everything went really bad and JB collapsed and everything just totally fell apart,
JB collapsed and everything just totally fell apart.
I feel like I would still be going down the road and lady jupe somehow fueled by corn fuel and podcasting powered by sats.
Like they would,
that would still be a thing that would still be,
that still would be online.
PayPal could be gone or I wouldn't use,
but you know,
it's just like,
it feels like it's this,
you know,
that there's like a,
in the back of my mind,
there's that Linux prepper in me.
That's always thinking about how do I be completely non-dependent on any commercial platform, on any centralized network, on anything that's closed source.
That RMS in the back of my head that says, don't trust the closed proprietary networks.
The commercial systems will always inevitably screw you.
So the baller boosts are really kind of a way that says to me, like, there's people out there that get this, you know, you know, this is my livelihood, right? If things just went really sideways, I feel like
there'd be a community out there between the members and the boosters and people who contribute
to the website and people who show up in the mumble room and people who participate in
our chat rooms, the people who have contributed to the meetups or have shared the show with
somebody like all these ways that they, that that's the core value that would continue
to happen. That value for value would continue regardless of what happened with anything in the rest of the market, what happened to the podcast landscape.
That stuff's a foundation.
And that's why it's such a big deal to me.
So thank you to John A.
Thank you to Enutech.
And we'll get to more boosts later on in the show.
I also have in the show notes a link to how the Serenity os developer makes a living and that is some lean lean living but it's interesting how they get it done so i
have a link in the show notes if you're curious about that but let's shift gears and talk about
the future direction of linux and just how secure we need it to be so lenart pottering the systemd
developer has written a lengthy very technical very jarheavy blog post. He does put a glossary at the bottom. a more secure, robust, and trusted boot experience.
Leveraging your favorite technologies like TPM, Secure Boot, and things like that.
Specifically, TPM 2.0 hardware.
Sort of like Windows 11.
Essentially, the issue that Lenart brings up is that there is this flaw.
No matter how secure you make everything else,
when you update things that touch the kernel,
your Linux system updates your initial RAM disk
and builds a new one.
And there is an opportunity for nasty things
to get slipped in there, he thinks.
You update a kernel and you get a new version
of the graphics driver,
you're building a new initrid, right?
Like, you guys, you've all seen this
if you've updated Linux for a period of time.
So, Lenard is essentially proposing a unified kernel image, or a UKI, for the kids out there,
which is a combination of a Linux kernel image and a NITRD image, or a NITRD image.
My OBS system is freaking out because I'm talking about changing Linux right now.
That's kind of funny. And a UEFI bootstub program.
It would all be loaded into a single UEFI PE file. And the PE file stands for Microsoft
Portable Executable, which you can probably start to get why it bothers some people.
And a shim is a boot component that uh extends the public key
database for that secure boot maintains and you can use that that shim in there so all of this
is a is a really sophisticated system to create this unified kernel that lives in uefi that would
be completely signed and then you would know that absolutely everything is secure because what lennart says the issue here is somebody could just
insert something in that init image and then you could have the most secure system in the absolute
total protected world but none of it's going to matter if that little init ram image gets created
and you got malware in there and it can just infect the system over and over and over again
and then you scan your system and everything looks good and you're not that that scanner isn't necessarily going to decompress and open up the image and look
at the init image, right?
Like, that's probably not happening.
So you're just kind of blind to it.
And it can just attack a system over and over again.
Hold up.
Why wouldn't it?
Why wouldn't it open up the init ramfs?
I mean, it totally could.
It should.
Like, Windows malware scanners open up zip files and tarballs and all those things.
Yeah. It should. Windows malware scanners open up zip files and tarballs and all those things. If we make the assumption that we're not going to scan archives on our disk, we're screwed a lot of different ways.
So let me ask you, and I agree, I'm just saying, I'm trying to articulate Lenard's case here. I assume they're thinking primarily in server context and probably maybe laptops. I think it's actually primarily driven by laptops and not servers. Well, that's my question, Neil, is what is the demand here? Who is asking for this? What
is this use case? Okay, so first of all, nobody's asking for this. That's the important part to
remember. The second thing is they're thinking about, like, this isn't super useful on, well,
okay, of course it could be useful on
servers, particularly ones that are like edge devices that are actually floating around. The
key thing is, this is primarily useful if the device that's running Linux is mobile. It moves
around. It is not fixed into a secure location. Most servers are fixed into a data center or a
cloud or whatever. And basically, you have perimeter protections, you have
fixed area protections, things like that. This just becomes redundant
on top of all of that. And then that's redundant protections, belt and suspenders, that's all well and good.
But when you look
at where most of the attacks are
happening, they're not at servers anymore. They're at
customer premises equipment. So those are edge devices, those are laptops, those
are desktop computers or whatever. What about Android?
Android, yeah. Android has a similar system to this already. They already
do this. But here's the problem.
Android devices can do this because the user is fundamentally
not screwing around with the host operating system. The brave new trusted boot world that
Lenard is talking about is immediately violated by two particular conditions. The first condition
is if you need to install a third-party driver. Because in Linux land, your drivers need to be able to be part of the init ramfs
in order to boot the system properly,
particularly graphics drivers, storage drivers, things like that.
In the server space, network cards frequently,
and storage controllers even more so,
are a proprietary out-of-tree drivers that you have to load into them.
So once you have those cases, you can't do this anymore.
Then you have accelerators and things like that, like the NVIDIA, what's it, the CUDA accelerator things for data centers and things like that.
Again, you're back to the NVIDIA driver.
As soon as you have these things, you can't do any of this because you have to generate a custom NITRAMFS.
But
what they're, I think, envisioning
here is that the default case is what they're hoping
for, where you have your basic
Intel laptop with all the hardware fully supported
in the mainline kernel. You can produce
in an NITRAMFS
unified kernel
image server-side, like the distribution
provides it, signs it with their key,
does the whole kit and caboodle.
You do that up front,
ship it out as an RPM or whatever,
and then you install it on your system,
and the key chain goes through like,
okay, shim verifies against the Microsoft third-party UFI cert,
boots that.
Grub is cross-signed with both the Microsoft cert
as well as the distro cert,
so that passes the validation chain
so that the grub that trusts the distro cert
then boots the kernel,
which then goes forward and does a PCR check
and verifies that the image is there
and then goes forward into the operating system
and then the Linux takes over with lockdown.
Yeah, in reality, we can't do any of this
because there's not enough integration
at the upper layers of the stack.
And there's no interest.
There's no interest in providing this kind of security
because all of this requires giving up control to the user. And I mean, the other obvious issue
here is that, as you just articulated, it also builds a dependency on Microsoft. Well, no,
the Microsoft dependency is not a given. Right. I know you could. You could, but most hardware
manufacturers don't even allow you to load your own keys. The ones that do, you could.
Yeah. The ones that you do. And some of them are buggy where you can break everything by,
by doing that. Like it's the, the, the, the crux of the issue is that if you actually want to do
this properly, you basically need custom boot BIOS firmware too, because you have to guarantee that
you can articulate the security at that level. Now this makes the assumption that your firmware is good, your CPU is good,
and all that fun stuff, but you can't make that assumption because it's usually not.
Yeah, it's not. Yeah, it never is.
Right, so that's not to say that we shouldn't try to strive for more security in this stuff.
And TPMs actually, take aside the UKI stuff,
you could do this TPM asserts on things to better protect the system.
You could also do an indirect trust by saying, all right, your init remifest has been checksummed and verified, and you store the verification on the ESP.
And the bootloader then verifies that part and checks it to make sure that it hasn't been tampered with.
And the bootloader image itself is regenerated to include the checksum inside the binary. You've just described the NixOS boot spec. It's a research
project to do this. Right. So then if you go further down the road, then you want to have
your root file system locked down. You want to have FS Verity or something like that,
which then has authenticity. So you do authentication to verify the integrity of
the file system. So all your operating system components are verified against a distro key imbued into the file system.
And that's trusted by the Linux kernel through something.
You can also do IMA to do other things.
You can have a kernel key ring of all these components, all files that are verified with that.
There are a lot of different ways to do this, to solve this problem.
Okay, so you're convincing me that this isn't necessarily the only way to solve this.
So I've noticed a much stronger than typical reaction of, this is Microsoft, because now
Lenart works at Microsoft. This is Microsoft just embracing and extending, and everybody's
conspiracy theories about system D and Lenart were true all along. I've seen memes about it already.
Told you, you know. So this is definitely not a microsoft thing
because i can tell you that lenard's been complaining about this for like 10 years now
he's he's been complaining about this on the fedora mailing list for god knows how long he's
been complaining about it in systemd mailing list for even longer he's been pushing everybody to use
systemd boot even though the user experience of sdboot is kind of crap. And it just makes it so, like, he's not making any friends with
this proposal because he doesn't know how to communicate that.
And the other people that are actually signed on to this, like if you look at the bottom blog post, there's a number of people who are
also signed on to this. Some of them actually do a much better job of communicating the value
prop of this, and I certainly understand it. I work at a company where I help build
freaking edge devices. I, of course, see the value of this. But I understand it i work at a company where i help build freaking edge devices i of course see the value of this but i also have to work with said edge devices that have broken
uefi and can't actually do this correctly and the tpm doesn't work the way it's supposed to
and like the cpu just it bugs out all the time so like what am i supposed to do i don't know
it makes me realize though that if SystemD were to start life today,
Lenart were to start SystemD at Microsoft,
there's no way it would have gotten the traction. It would have immediately been called out as an embrace and extend technology.
It never would have taken off on Linux.
Yeah, no.
Microsoft is not a company you want to have start.
From a political perspective, this is irrespective of what good or bad or whatever irrespective you you just don't want microsoft to be creating linux
technologies because there is a large contingent rightfully or wrongfully i'm not going to make a
value judgment here that microsoft can't make a good technology choice for linux stuff for the
broader ecosystem without surreptitiously screwing over everyone in the process so i have a question and, and this is open to anyone in the Mumble room. Of course, it's open to you
too, Neil. But I wonder if this isn't sort of symptomatic of a larger tendency in free software
development where the engineers, the bright people are always trying to build these really
next advanced systems and these complicated ways of doing things that are so great. But
when you look at the fundamental, like pragmatic ways we could improve Linux security,
I was just taking a quick little look skis
through the systemd GitHub open issues and pull requests.
They have almost 1800 open issues right now.
209 of those are labeled as bugs.
Some of those could be security issues.
22 are labeled as needing total rework.
There's even more that are labeled
as needing like complete re-architecting.
There's 197 different labels that describe the various different issues
that people are having with different problems on systemd.
One of the most recent ones today, issue number 25,160,
rsyslog takes 100% of CPU on certain systems with systemd
when they interact with each other.
100% CPU.
That probably doesn't leave your system at a very good state. That probably exposes it to security issues as
well. It's like we don't look internally at the things that we could improve, the obvious problems
in front of us. Instead, it's always like, well, what's the next big pie in the sky idea? What's
the next big thing? Instead of just looking at the open issues and going,
well, you know, if I fixed a couple of hundred of these,
or if we focused on a couple of these,
we could just dramatically improve security for multiple distributions across the board
because so many people now are shipping system D.
What is this tendency?
This tendency is it's not fun.
Is it just that?
Because that just seems like such a...
So, Lennart, at the core of it, is an architect.
He wants to build... He wants to build architectures that... Is it just that? Because that just seems like such a... the Azure Linux team. He's working on CBL Mariner, and he gets to do this. He gets to be an architect to build out what he believes is the dream vision of a legacy-free Linux system.
And I'm curious to see it because I think he's an intelligent individual. I don't mind.
Sure. I mean, he's not always wrong, or actually even most of the time he's not wrong.
He does a really good job and he comes up with things and he solves hard problems.
But one of the things that he's struggled with you know and and many of the and this is true of many of the community i could name many many people and i i'm subject to this sometimes myself
is we don't want to think about what it takes to account for the real world when we want to solve
a problem we don't want to think about what it takes to adapt to the ugly messes that we already
have today we don't want to think about how do we build something where we minimize the pain to stakeholders around us to make things better. A good example of this
is how we've gone around with sandboxing. Sandboxing applications didn't require us to
change the way we delivered applications in the first place. But we tied the two together because
that made it more interesting and it was more disruptive and it meant that you could do more breaking things.
But we didn't have to do that.
Neither Microsoft or Apple did.
There are various ways that you could implement sandboxing without having to do that.
There are all kinds of other things out there that we could have done.
Like, you know, people are just not interested in working on the problems that we have today.
They want to work on the problems we might have tomorrow because those are more interesting or more fun
or more greenfield or whatever.
Nobody likes working on brownfield projects.
Everyone wants to work on a greenfield one.
What it sounds like to me is,
if this were, say, executed on,
to the degree that Leonard outlines,
which we have a link to his blog post in the show notes,
it would kind of seem like, essentially, bar would be linux could only boot on systems that can also boot windows
11 like you know that mark that microsoft made that windows 11 linux would be held and that i
mean talk about like we talk about eliminating 32-bit support or we talk about eliminating 486
architecture support talk about eliminating a lot of users and then on the arm side of the world
secure boot often can't even be disabled like on x86 you can sometimes turn that stuff off
but you can't on the arm devices in most cases and so as things transition to arm by default
you can't you generally can't add your own keys if you can't add your own keys you potentially
open yourself up to the vulnerability of malware being able to add your own keys you also can't
remove the microsoft keys without the system, even if it's
supported. That's awful. Because like, think about this. Something people don't realize is that
Microsoft's third party and primary certs are actually used to sign option ROMs and things for
the hardware that's on the system. And so for example, booting network Ethernet, the network
Ethernet option ROM has to be signed by Microsoft. If you remove the Microsoft certificate, the Ethernet hardware fails to initialize.
And in servers, video option ROM has the same problem.
You know what it sounds like?
It sounds like macOS.
Exactly.
It is.
It's the same setup.
And generally, computers are moving in this direction because in the proprietary systems,
you don't have any other way of securing the platform.
So is this the path that we inevitably set ourselves on when we accepted system D into
our lives?
No, this was the path we set ourselves upon when we didn't have any stakeholders of the
Linux community involved in the UEFI process.
Yes, right.
Very much so.
I completely agree.
Because, I mean, it starts with simple things like UEFI process. Yes, right. Very much so. I completely agree. Because, I mean,
it starts with simple things like UEFI mandates PE binaries. That doesn't even make sense because PE is one of the more complex binary formats, but it's the one that's used in the... Yeah,
that's a Microsoft thing. Yeah. Right. The second thing is we have to, the PE system,
the UEFI system has
specific requirements and structures
that essentially force little endian.
Well, what about big endian architectures? What about
power? What about
system Z? Why can't they use UEFI?
Well, because
UEFI is little endian because it was written
for Itanium and x86
originally. All other architectures
to support UEFI need to be little endian. But those also are all the same architectures that only Windows
supports because Windows doesn't support any big Indian architectures anymore.
Other choices are based on the people that are actually
involved in the project. Red Hat and SUSE and all these other companies, they got
involved in the UEFI stuff way too late. It was just Apple and Intel and
a couple of others up front, and HP and a few others up front initially. And of course, what they chose were
the ones that they were working with. And because of that, we're stuck with this long legacy of
choices that make it harder for the Linux side to actually really be part of this story.
There's no innovation in the boot space from the Linux side because there can't be.
You know what I like about you when you visit, Neil, is you always drop the member berries.
You know, like, oh yeah, I'd forgotten about that whole way the UEFI thing went down.
It really did start with Apple and Intel and they brought a few others in.
The Linux folks basically didn't get involved until everything was set.
The Linux world didn't start getting involved until I think it was like 2008, 2009.
That was when Matthew Garrett started working on this because Microsoft with Windows 8 started having PC makers do secure boot.
And then people flipped out over it because initially you couldn't boot Linux systems.
By the way, almost 15 years later, we are now getting laptops where by default you can't boot Linux on them because the UEFI third-party certificate is now turned off.
Oh, I've noticed.
Or not installed by default on, quote-unquote, secured core, which are all systems that are, I think, 12th-gen Intel and Ryzen 5th generation and newer.
So, like, that's a big deal, right?
Like, you're going to have – or 4th generation Ryzen.
I forget what the
ryzen generation 5000 series whatever anyway point is that's happening and like i actually
had to help somebody just last week saying i i'm trying to get fedora to boot on this laptop it's
like hold up you have a you have a yoga don't you all right go into the bootloader turn on the uefi
third party third party certificate because that was true that's not on and that's why it doesn't boot.
And nobody knows that.
Nobody knows that that's a thing.
And it basically invalidates the whole reason
we went through all this crap
to do secure boot support in the first place.
But we can't not do it
because removing Microsoft certificates,
by the way, NIST actually recommends
that you remove the Microsoft certs when you're securing something for high security environments.
But in order to do that, you have to do all kinds of other crazy things to make sure that the system still boots afterwards.
But in order to do proper security with Secure Boot, you have to remove the Microsoft trust and put your own.
But in most computers, especially consumer ones, doing so breaks them permanently.
Linode.com slash unplugged.
Go there to get $100 in 60-day credit on a new account.
And it's just a great way to support the show while you're really trying out the Linode platform.
Linode is fast, reliable cloud hosting with really the best support in the business because Linode is architected differently.
They're built around a great product that had to do well in the marketplace, and they had to actually compete for their customers by making something they'd want to use. And so in that, they have created a fantastic support department that's available 365. The first person you contact is the person who resolves it. They don't have to, like, do that silly game of escalation, but let's be real.
do that silly game of escalation, but let's be real. On the big hyperscaler platforms,
the support situation is obtuse. It's a nightmare. It's opaque. It's awful. And it always starts with a chat bot. So Linode is a little differently because their product had to be great. So the
systems are fast. The dashboard is fantastic. The API is clear and easy to implement. The
infrastructure management tools are whatever you want to use.
Kubernetes, Terraform, Ansible.
Yeah, it all works.
And they managed to do it
while they're 30 to 50% cheaper
than the hyperscalers
that just want to lock
into their crazy platform
that they like to pretend they invented.
But on top of that,
the performance is just fantastic.
It's so good.
I've had an opportunity
to try out their GPU rigs.
I've had an opportunity
to try out their dedicated CPU systems, their monster systems. I've got a matrix box with like 48 CPU cores and
something like 96 or 128 gigs of RAM. It's in the category of like the number so high that it just
doesn't really even make sense anymore. And the performance is insane. And we started that at a
tiny little system, a tiny little two-core box with eight gigs of RAM
or something like that,
that we just scaled up over time
as our matrix user base needed it.
I couldn't have done that with a physical box.
I may have, if I built something,
I may have started with something a little more powerful
than two cores and eight gigs of RAM.
But within a few months,
I have way, way, way outstripped
what I would have been able to afford to build
and I just did it incrementally as our user
demand required it
it was really simple to use their tools
to do that plus we have backups and snapshots
they got 11 data centers for you to choose
from they're bringing on a whole bunch more next year
so go build something
go learn about something it's a great way
to try out an open source project on incredibly fast hardware
go try it for yourself with that $100 really kick the tires Build something. Go learn about something. It's a great way to try out an open source project on incredibly fast hardware.
Go try it for yourself with that $100.
Really kick the tires.
Linode.com slash unplugged is where you go.
Supports the show and you get that $100.
Linode.com slash unplugged.
We got some emails into the show this week.
Matthew wrote in.
He loves NixOS.
He says, oh my God, oh my God, oh my God, oh my God. NixOS, oh my god, oh my god, oh my god, oh my god,
NixOS, oh my god, oh my god,
oh my god, oh my god. Now, I just wanted to shoot you an email to thank you for NixOS.
I finally pulled the pin out, and just wow,
just wow, I never have to fully
configure this system again.
I believe the NixOS challenge was a screenshot
of HTOP. Well, here is my screenshot
from inside Terminator.
Oh, that's great.
Also,
I noticed the host name.
I'm loving that host name.
Picard at enterprise.
Call yourself captain Picard.
That's so funny.
That's so funny.
I know.
I know.
I know.
Not everybody.
Neil loves Nick's OS,
but, uh,
and that's why,
that's why every week my personal struggle is not to make the episode about Nixos.
That's my battle.
That's my burden.
And I take that.
And I try not to make every episode about Nixos.
But behind the scenes, I'm still freaking out.
Low Palm wrote in and he says, I have a suggestion for the cupboard display in Jupes.
So I want to install a tablet a tablet or a touch screen in my cupboard.
And because this particular cupboard that I want to install actually has an outlet in the back of it.
And I want to have the Jupes Home Assistant dashboard kind of embedded into this cupboard.
So they write, to make it an appliance, you should use the Nerves project.
A kiosk NERV systems for the Raspberry
Pi or 3 is available. You can configure the kiosk system to go to a URL in a web view on boot.
NERVs is a project for creating a Linux-based firmware that boots. Oh, cool. Elixir and Erlang.
It's in a little VM. It's made for embedded stuff. And I suppose if I was an Elixir guy,
I'd probably love that. He says, but you can ignore the Elixir stuff and just have it display the home assistant dashboard now you're talking my language that's
great Lopalm I currently use wall panel I think it is on Android tablets I might have that name
wrong I think it's wall panel though and that's also just basically a kiosk web browser and I
plug that in to the home assistant dashboard URL. And because I'm a fancy
boy, I have different dashboards for like different things. Like I have a heating dashboard and I have
a lighting dashboard and I have electrical use dashboard and I got like an admin dashboard
because, you know, dashboard for days. That's my thing. So different tablets point to different
dashboards. So like heating and energy and lighting. And man, if that system doesn't work great i don't know
what does but the problem is is that android tablets are crap they're just crap and uh they
just get junkier over time and then to make matters worse i'm buying the cheapest ones i can
because i'm plugging these things in 24 7 and mounting them on the wall and just displaying
a web page i'm not like playing angry birds on the thing you get where i'm going boosted gray we got some boosts into the show true grits boosted in with a trek
boost 1701 sets make it so i'm surprised you guys haven't noticed the reason wes is so good with the
ai prompts is because wes is an ai akin to data from star Trek. Now, hold on, before we go on,
if that was true, true grits,
then why isn't Wes here today?
Do artificial life forms get sick?
I'd say you could argue either way.
If it's later Star Trek,
Data's always the one that isn't affected by, like, the gas that gets released on the ship
or the alien influence.
But if it's season one, episode two,
and everybody's
getting drunk and you know what happened when data and tasha got drunk well then if you prick
him does he not bleed so i don't have an answer for you but josh the techie boosted with 500 sats
and again it's not the amount anymore it's the it's just the boost message but i want to get to
that more but uh 500 sats from j Teche. First time booster here from Florida.
I try to listen to the show each week in between calls and meetings at work.
Thanks, Josh.
I do love to know how you guys just kind of process and consume the show.
I'm always curious.
Just like to picture that.
The boosts for me, personally, sats aside, because there is an amount, whatever it is,
you know, it could be dollars, it could be dog coins.
Well, not really.
Don't send me your dog coins. Makes, I don dog coins. It's something real. It's a name, it's the episode you're listening to, and it's a message, and there's a value attached to it. It's just
more visceral. And so that's why I love them. It doesn't have to be some incredible message.
He goes on to say, thanks to the show, I've gotten back in the Linux community and really
enjoyed watching the evolution of Linux on the desktop. Yeah, that's quite the show, isn't it?
Keep up the great work. Look forward to listening to the next episode.
P.S. I hope you put NixOS with Butterfest
on the new Office Thalia.
Yeah, I haven't ordered it yet.
I've just been too busy, but I'm going to.
And I have
been reliably informed an
Intel Arc GPU
is inbound, so I may have an update on that next week.
Trolley the Hellhound boosted it with 7,000 sets.
This is my first boost ever.
Here to congratulate you all on the new website.
Hope you have better luck on your road trips in the future and the tech.
And for podcasting 2.0.
A podcast I worked on and got caught up on was an iHeartMedia blitz.
Oh, it was about the show Firefly.
It didn't last too long after that.
But I wanted to throw a curveball question to see if you guys know of a program I can try.
What is a good open source alternative to KitSanaris, which I think is a screenwriting app?
The problem is the program I have doesn't resize well.
The budget is zero.
So if you know out there of an open source screenwriting app,
please put the name of it in the Matrix chat or boost it in out there and then they did follow up with an
additional 777 sats so the slot machine boost is for 7777 sats right you get it it's like 777s on
a slot machine followed it up with 777 sats to just round it all out if you want smart tech
without linus tech Tips and the hype,
you could listen to Linux Unplugged.
Wow, I didn't say it.
I didn't say it.
We got a row of ducks
from BHH32.
This old duck still got it.
I want to see how much the Steam Deck
is a success story for our community.
I finally got mine last month
and it's going to be
my go-to gaming device now.
I'm choosing this over my PS5.
The icing on the cake is that on release day,
Gotham Knights ran flawlessly.
This was unheard of in the past,
and I believe it's still taking Linux to new heights.
I'm even thinking of selling my console
and going back to strictly PC gaming because of it.
The Stream Deck got my oldest definitely more interested in PC gaming again. And he's
thinking about things now in terms of if I get it on Steam, then I can play it on my laptop,
I can play it on dad's Steam Deck, I can install it on my future computers. But if I'm playing
on the iPad, I can only do it on Apple's devices if I play on the Nintendo. So it's got him thinking
about things in a different way, which I think is really positive. And I think it also kind of
restored his faith in Linux gaming a little bit because he was fading
because some Geometry Dash game was only available for Windows or Android or something like that.
So his faith was fading and the deck came along and I think it kind of
turned things around for him. Kelzone 9 boosted him with 5,000 sats.
B-O-O-S-T!
Hello, JB.
I've been holding on to some sats
until I had something
thought-provoking to say.
That's not happening,
so just take my sats already.
You guys do such great work.
I'm usually always up to date
on the latest Lepcoder and LAN.
Throw a little self-hosted
in there, Kelds.
Well, thank you.
And then Mississippi Mayhem came in,
which, let's be honest,
that would have that would
be a great that would be also a really great boost i should have a missy if anybody wants to clip me
a little mississippi mayhem boost go ahead but 300 sats to say just a quick peep to let you guys know
i'm still alive having some issues that are making it difficult although i do want to be involved as
a member of the community and boost into the show maybe next time i'll have something worth reading
on air all right stop the show i got something i I'll have something worth reading on air. All right, stop the show.
I got something I got to say to you guys.
I feel like I've set the expectations too high.
Just hearing from you and knowing you're out there
is really a lot.
That's 80, 90%.
A great message gets it on air.
But hearing from you, knowing you're out there,
knowing you're listening, seeing the boost
is sort of like a yes, keep going. You did a great job. but hearing from you knowing you're out there knowing you're listening seeing the boost is
sort of like a yes keep going you did a great job that kind of stuff that is super invaluable to us
as a team motivator so don't wait if you have something don't wait for some great inspiration
just say hi and let us know you're listening and a special thank you because not all the boosts do
make it in a couple of more but there's more that gets sent in we are just selecting just several to
read on there we got 100 sats from the Bosch.
The Bosch definitely would be willing to listen to an AI-generated version of our podcast voices.
If you don't know what he's referring to, check out last week's episode.
We also got 555 sats from NomadicCoder5.
I'll be listening for the next few weeks to hear your take on the Odroid H3 experience
to get an idea if I should buy one.
Good, NomadicCoder.
I hope that's value we can offer to you. I will update you. I have a couple of more components arriving.
I have the Odroid H3, which is a little tiny, they call it a Raspberry Pi killer, but I call
it a Raspberry Pi alternative. That's obviously x86. It's got two SATA ports. It's got an NVMe slot and two RAM slots.
So just like,
and two gigabit,
2.5 gigabit NICs actually.
So just like, it's just a huge upgrade over the Pi 4.
And I'm waiting for a SATA cable
and an eSATA power cable
or whatever they call them.
You know,
the ones that have the weird adapters.
I'm waiting for that still.
But once that arrives,
I am building my box.
20,000 SATs came from Mitch, the lead developer over at podverse.fm.
This is sending Bitcoin boosts to your favorite podcasts with Podverse and Albi couldn't be easier, and it's all open source.
Go podcasting.
Thank you, Mitch.
Podcasting 2.0 apps are coming along at a remarkable pace, and Podverse is one of many.
They're getting better every single week if
you'd like to boost to the show support new features support an open podcasting ecosystem
go to newpodcastapps.com try one out podverse is the one we mention a lot because it's gpl
it's fully open source it's what we've embedded on our website people love fountain fm you hear
get mentioned all the time because you can earn sats while you listen of course there's boost
cli if you're a ninja and all of that so go over to new podcast apps.com and grab one and
then say hey two picks this week one is an honorable mention for brent he said he submitted
it even though he couldn't be here this week and one is going around the internet like crazy so i
really i can't take credit i did technically flag it but
you probably have already heard of it if you've been lurking on the internet in the last week
it's called vhs i got my attention it's actually it's like a gif recorder for your terminal or a
gif your choice so you can do something on the terminal you know maybe you're neo fetch maybe
you got a bug you're trying to get the you know you got the output on the terminal. You know, maybe you're NeoFetch. Maybe you got a bug.
You're trying to get the, you know, you got the output of the error.
Something like that, a build fails.
Whatever you're trying to capture, maybe logs on your command line.
And you want to make a gif gif that you could like toss into a chat.
Well, this is the tool that just makes it happen in seconds.
You just do like the command and then you add, so like say you're going to open up a document
so you do nano demo dot tape and then when you're all done you get the output of that you can give
it the size the width you want you can add some dramatic effect like having it type it all out
slowly kind of like you know hunt for for red October text promptings now.
That's called VHS.
You've probably seen this.
If you haven't, you're welcome.
But the one that like everybody's talking about, even our chat room was talking about it before we got started, is ffmpeg.guide.
It is finally here.
dot guide.
It is finally here.
Build the perfect FFmpeg command or filter
with a Graph
GUI interface.
It's so gorgeous.
You have
boxes with lines
that connect to other boxes where you set your
filter parameters that then connect to other boxes where you set your filter parameters,
the thing connect to other boxes.
It's a graph style, kind of a mind map to give you a visual.
It's a bit of a mind map.
And you put it all together and out comes the perfect FFmpeg command.
And they got a beautiful live demo on their website.
Simple GUI to create complex FFmpeg filter graphs quickly and correctly without having to mess with
cumbersome filter syntax so you know my old school approach was I go on like stack exchange or
reddit or something and just find people's like really long super super long commands copy it and
then try to like reverse engineer what that command was doing. No longer. No longer shall you be subject to that.
FFmpeg.guide.
Of course, we'll have a link to that
in the show notes at linuxunplugged.com
slash 482.
And I can't help but notice
we're getting close to 486.
Getting real close.
I'm feeling like we should do a retro episode
from 486,
especially with the hot talk about the 486 architecture
getting worked out of the Linux kernel.
If you didn't know about that, you missed Linux Action News,
linuxactionnews.com.
It was a real short and tight one this week.
That's kind of our deal with LAN.
We're not going to waste your time.
We're not going to fill it with stuff that you don't need to know about.
And, you know, that Wes Payne, when he's not puking in toilets, he's a
hell of a news analyst, let me tell you. You'd be surprised.
A bit of a news hound.
See you next week. Same bad time,
same bad station.
Alright, I would love to have you join us. We do the show live
on Sundays. You do it at noon
Pacific, 3 p.m. Eastern over at Jupiter.Tube.
This week, big round of applause to our
Mumble Room. Thank you everybody in there.
Really helped round out the show this week. And you could do that too if you joined us live at Jupiter.Tube. And details for our Mumble Room. Thank you, everybody in there. Really helped round out the show this week.
And you could do that, too, if you joined us live at jupiter.to.
And details for our Mumble Room, which is going 24-7,
that's at jupiterbroadcasting.com slash mumble.
All right, you get in the theme, like slash matrix.
We made it real easy.
We made it real easy for you.
Just made it nice, nice and simple.
Go check it out and join us live sometime.
But if you don't want to, no problem.
We have RSS feeds for you to get the show any way you want, anytime you want. Just thanks it out and join us live sometime. But if you don't want to, no problem.
We have RSS feeds for you to get the show any way you want, anytime you want.
Just thanks so much for joining us.
I'll see you right back here next Sunday. All right.
Now, I know we had a couple of more things to touch on.
That topic, we could have talked about the Secure Boot stuff forever,
but Jeff, you had a comment that maybe there's a communications thing that could be improved here that would at least help end users?
I consider the end user to probably be the distro maker, right?
So if there would be a little bit better communication, kind of going back to that whole GNOME topic,
maybe what you brought up, fixing older bugs and stuff like that would be better.
It might happen more often.
I mean, we see a lack of communication in other industries all the time.
And these engineers come up with these great, big, grandiose ideas that are supposed to make everybody's life
better, but nobody speaks to the person that's actually using these products, right? So it ends
up making things worse in the long run. And I just kind of wonder if that, you know, the same idea,
the same thing's happening here. Right. I actually would love to have anyone out there in the world.
This show reaches far and wide across the world of Linux users.
Lots of you are out there in the industry.
Does anybody want this sort of unified kernel that gets loaded into UEFI,
that's signed, it's full secure boot from top to bottom?
Do you want that?
And no judgment.
I'm just curious, is there actual user demand?
Like maybe, you know, Lenard's working at Microsoft and Microsoft's hearing from, I don't know, maybe it's government contractors or maybe it's defense people. Then they have a certain minimum bar of security and they're pushing back and saying it's just not good enough. And so, you know, the team at Microsoft has been tasked with coming up with a solution and Lenart's on it. Or maybe it's a problem looking for a solution.
I really would love to know if you're listening out there
and you're like, no guys, trust me,
in our industry, we need this.
It's a problem.
Let me know.
Send a boost or go to linuxunplugged.com slash contact
or ping me on Matrix.
Maybe Microsoft can start a discourse for him.
And then just to really put things over the top,
Enutech boosted live while we were streaming another
300,000 sats. Keep the
change, you filthy animal. Let's push
the total to 500,000 sats
for today's show. This boost is
for some extra support for Brent and Wes.
Brent, I hope everything's okay with the
family. And Wes, I hope you feel
better soon. And Chris, keep the great shows coming.
And you tech, thank you so much.
Truly our baller booster this week.
Much, much appreciation.