LINUX Unplugged - 519: The Clone Grift Wars
Episode Date: July 17, 2023Have Oracle and SUSE lost their minds? Plus, we dig into Fedora's proposal to add telemetry collection to Workstation. ...
Transcript
Discussion (0)
I'm really excited.
You know, I didn't realize that we needed this hero.
But Oracle is swooping in to keep Linux free.
And they say they can't afford not to.
You see, in 2006, out of their goodwill and for the people of this world,
Oracle launched a RHEL-compatible distribution that offered support
and lets you run your applications like it were RHEL.
And they did that, and they chose RHEL.
They write on their blog
because we did not want to fragment the Linux community.
And our effort to remain compatible
has been enormously successful.
And all along, Oracle has done this for us,
not so that way they could undercut a competitor,
not so that way they could try to control the stack
in a free software world
but because they wanted to prevent fragmentation and they didn't want the user to suffer and while
oracle and ibm have compatible linux distributions they have very different ideas about the
responsibilities and the open source stewards about not for an operating system under the gpl
version 2 oracle rights and they're pretty upset
about the change that red hat has made of course they attribute it to ibm and they say quote why
did ibm make this change well if you read ibm's blog which if i check um links to redhat.com
but if you they say they write if you read ibm's blog attempting to explain its rationale
it boils down to, quote,
at Red Hat, thousands of people spend their time writing code to enable new features,
fixing bugs, integrating different packages, and then supporting that work for a long time.
We have to pay people to do that work.
Well, Oracle writes, isn't it interesting?
IBM doesn't want to continue publicly releasing RHEL source code because it has to pay its engineers,
they ask.
That seems odd, they write.
And given that Red Hat has a successful,
independent open source company,
they chose to publicly release the Rails source and pay its engineers for many years
before IBM acquired them.
In 2019, something has changed, they imply.
Something is amiss.
But Oracle's going to stand up and they're going to fight ibm
oracle they write will continue to release a rel compatible distribution to the extent they can
they say in the past they had access to rel source code because man that made it real easy
but from a practical standpoint they believe oracle is going to remain as compatible
as they can even through the future.
But, you know, they have some words of wisdom.
They write, if you're a Linux developer who disagrees with IBM's actions and you believe in the Linux freedom the way we do, we're hiring.
Come work for us, Red Hat employees, is essentially what they're saying.
And then they have an observation for ISVs, you know, places out there that maybe run CentOS for customers.
or ISVs, you know, places out there that maybe run CentOS for customers.
They write, IBM's actions are not in your best interest.
By killing CentOS as a RHEL alternative and attacking AlmaLinux and RockyLinux,
IBM is eliminating one way your customers save money and make a larger share of their wallet available to you.
If you don't support your product on Oracle Linux,
we'd be happy to show you how easy it is. Give your customers more choice.
I really love this paragraph. This is my favorite in here, maybe my second favorite, because
it is Oracle essentially advocating to have everybody chip away at the very foundation
of which they built their product on top of. Stop contributing to RHEL and come contribute to Oracle Linux. Well, that's, how does that work when you base
your product on RHEL? And where does that lead? And then they wrap it up with, they say, a big idea.
Big idea for you, IBM, they say. You say you don't want to have to pay all those RHEL developers.
Of course, they never said that. That's not what they said at all it's an obvious twisting of their words but they continue here's how you can save money just pull from us become a
downstream distributor of oracle linux we'll happily take on the burden and that's the line
that betrays their motivation to behind this entire thing and shows you they are capitalizing
on the under-informed and the emotional reactions out there.
Because you couldn't do this.
There would be no Oracle Linux to base on if there was no RHEL.
This is an absolutely preposterous thing to say
that is leveraging low-information fools out there to get them all riled up. Hello, friends, and welcome back to your weekly Linux talk show.
My name is Chris.
My name is Wes.
And my name is Brent.
Hello, gentlemen.
Well, coming up on the show today,
the fallout from the recent Red Hat Enterprise changes
has grown to a whole new level.
You might have just gotten a taste of that.
And Fedora is proposing telemetry collection for Fedora Workstation 40 going forward.
Say it ain't so.
It's true, Wes, but never fear.
Red Hat's director of software engineering will be joining us in a little bit to dig into the details.
And I do indeed ask him the hard questions.
And then we'll round out the show with some boosts and picks and a lot more so first let's say good morning to our friends over at
tailscale go to tailscale.com slash linux unplugged if you don't know tailscale is a mesh vpn protected
by wirecard you get it up and running in minutes builds a flat mesh network that you can do
everything on top of no more inbound ports for wes myself or bradley probably i don't know
doesn't really count.
Oh my god. Once he has
Starlink though, then we're really going to find out. We love it.
It's going to change your game. So go say good morning to our friends
over at Talescale. Talescale.com
slash Linux Unplugged and get it for free for up to
100 devices.
And of course, time-appropriate greetings to our virtual
lug. Hello, Mumble Room.
Hello, Chris. Hello.
Aloha.
Hello, everybody. Thank you for joining us today up there i think we'll need them now a quick reminder before we go too far into the show brent's going to be in berlin
and a meetup on saturday july 22nd meetup.com slash jupiter broadcasting for that we just want
to mention it now because it's coming up very soon by the time you hear this any new details to share with us brent uh i think my new detail is that i'm really
highly considering doing two meetups again this time last time we did that last minute i think
we should just plan on doing that so we've got july 22 that's the saturday and then i was thinking
maybe the following weekend like the 20 um um uh brent yeah brent oh um yeah we don't want to put this in the
show but i don't know if you should tell them right it's like you tell the one meetup so that
way as many people show up and it's like oh surprise we got another meetup you know because
otherwise people might just punt the first meetup all together so i don't know yeah you want them
to feel like they've missed their only opportunity to see you and then surprise! It's like the call for papers
has a deadline and then it always gets extended
a little bit, but like that deadline brings a lot
of papers in. So I don't know.
Alright, well anyways, back to it.
The cone of silence.
Yeah, so meetup.com, well only one meetup
for sure, only one meetup.
Meetup.com slash Jupyter Broadcasting. You better make it.
I'll be there for two weeks, but I'm really busy.
Yeah, he doesn't want to eat food and chat with people and socialize.
It's no good.
All right, well, let's get into our first story this week.
And that is sort of the furthering of the Clone Wars that we saw after Red Hat Enterprise Linux announced that their source RPMs would no longer directly be available and that RHEL's source would be available upstream via the CentOS stream GitHub. We've been watching
Rocky Linux and Alma Linux and Oracle Linux all have their responses and we'll get into some of
the updates there. But I think one of the bigger things that happened this week is SUSE made quite
an announcement. SUSE announced that instead of using OpenSeuss,
you should use their new RHEL fork.
And they have also announced
they're going to put $10 million of investment behind it.
They write, quote,
we have a responsibility to defend these values,
talking about free software.
This investment will preserve the flow of innovation
for years to come
and ensure that customers and community alike
are not subjected to vendor lock-in and have genuine choice as well today. And of course, this is a
hypocritical statement by SUSE because they would probably trade their left arm to have the market
share REL has and to have the vendor lock-in situation REL has. And this is the only kind of
position they have. It's a position of weakness as they want RHEL's market share. So they're going to start producing a RHEL clone. They write, SUSE is committed to working with the
open source community to develop a long-term enduring compatible alternative for RHEL and
CentOS users. And SUSE plans to contribute this project to an open source foundation,
which will provide ongoing free access to alternative source code.
So they're going to set up a foundation, Wes.
So we're going to be hearing a lot more about this.
I see that they managed to get Edge and AI slash ML into this announcement somehow.
Nice work.
Oh, that's the marketing people at Seuss getting their paychecks worth there.
So you remember a year ago or so, the rumors of Liberty.
Oh, right.
And that was something they were cooking up where they were considering making a CentOS clone sort of more akin to Rocky and Alma after the original CentOS news.
So here's a path for you.
Let's say, you know, you're using Zeus, but you got you got some rel boxes there you're not really happy with.
We've got we've got an offer right now. And they also have that patching sort of umbrella service that patches and covers support for both SUSE systems and RHEL systems.
Which this would sort of snap in nicely with.
And then the word that came out from staffers that could reveal certain details on background.
But the word that came out was they killed the project internally before the announcement,
like right kind of early,
or kind of sort of at the last minute, I should say, not early.
Because they raised a concern that we raised
on an episode of Linux Action News when we heard the news.
And that was,
they're just going to create Red Hat's original problem.
They're going to have a CentOS clone
that competes with their bread and butter. And now in this case, it's not even necessarily going to be compatible
with their main product. At least with CentOS, there was application compatibility. So if you
wanted to upgrade or whatever you want to call it, step up to RHEL, you could just move your
applications. Hell, there are scripts to just convert a CentOS box into a RHEL box. I don't know
if you should do it, but they're out there, right? I mean, that's the kind of compatibility we've
been talking about before. Now we're going into an era where that won't necessarily be the case.
And with SUSE's offering, whatever it's going to be, it's going to be like apples and oranges
between their two enterprise products now. I do wonder out of, you know, Oracle or SUSE or some of the other ones,
do any of them have enough leverage to get some of the, you know,
some of the value of having things certified for their, you know,
their version of the ecosystem?
How do you even get it certified?
How do you do that?
Well, I just mean, do they have more of a, like, at least background and staff
who can reach out to other places that are certifying for RHEL now?
What is the certification like?
Damn close to RHEL?
Stamp.
Or more like more product saying works with whatever the SUSE fork of RHEL is.
You know, the other thing that leaves a bad taste in my mouth is SUSE uses quotes from Greg of CIQ and Rocky Linux to like emphasize their position.
And Rocky Linux.
It doesn't even really seem to be associated with this.
In fact,
Brian clams,
the project manager at the Rocky enterprise software foundation wrote on
hacker news that they haven't teamed up with Seuss.
They don't really know why they were quoted.
The announcement from Seuss included that CIQ is teaming up with them,
but that doesn't seem to be the case.
I mean,
they're open.
It seems to
using of course whatever SUSE throws over the fence of course they will be because then they're
taking the legal liability uh and they he continues to write rocky is always going to try to be a one
to one compatible bug for bug compatible with rels they can okay we'll see how that plays out
and then he goes on to say and this this really shows you the group
thing at rocky in my opinion he says quote i believe we rocky linux were pretty specific about
how we're going to get the source in the announcement then he links to the announcement
we've covered two weeks ago we're going to get source rpms from ubi's that's the cloud
images that are rel based we're going to spin up cloud instances, etc. And I always like it when somebody's snarky about how specific they've been
and then one of their specifics is etc. You know, we're going
to vaguely figure out how to pull things out of these container images. We're going to
find a cloud provider that won't shut us down for doing this, but we don't really know
where and we're not really going to say which one, but I don't know why you're accusing us of not giving
you specifics.
That's literally the logic here.
That's the Rocky team logic right there.
Well, the next sentence too includes,
the only intentional admissions are... Yeah.
It even says there's intentional admissions.
I know.
And so this is the Rocky approach.
You've got the SUSE approach.
All of these feel like pretty sketch.
The SUSE one, it's a little unfortunate right because
you're never going to see Red Hat market like this they don't they don't do this kind of marketing
when like SUSE is down and SUSE has been sold for the third time you don't see Red Hat coming out
and joking about how or you know making light of the fact or doing blog posts about how RHEL's
been with one company this entire time right like they don't really do that kind of marketing so it's a little unfortunate to see seuss do it and then of course quoting greg
who's running rocky linux who's just trying to find the biggest loophole he possibly can
to keep this thing going alma's going to take a different path and i i fear and i'm curious to
know what you guys think that perhaps you know they're going to suffer in in user share as a
result it sounds like they're going to try to build from CentOS Stream.
And it's going to be a more active development process for them.
Looking at these different takes, Neil, Rockies, SUSEs, and ALMAs, I'd be really interested to hear your perspective.
Well, I would say that I think people don't understand exactly how close Red Hat Enterprise Linux and CentOS Stream are.
I know Carl has made many statements about this on the Fediverse about how close they are vis-a-vis between a RHEL minor version and CentOS Stream.
and CentOS Stream.
Furthermore, I think he's also said at one point that most of the packages that are in CentOS Stream
are basically, with the user space,
are identical to what they're in RHEL.
And the stuff that changes
tends to reconcile fairly quickly between the two
because CentOS Stream is where RHEL development happens.
So necessarily, at some point, they've got to be similar if not the
same and more importantly they have to be compatible with each other because centos
stream is ultimately where rel begins so right you can only let them diverge so much before you're
just making a bunch of additional work for the next RHEL release, right? Absolutely, right? And so, I mean, the real
sticking point
that I've seen from
some of the
Rocky folks in particular
has been the kernel,
right? And up front,
yes, the kernel is probably
the one package where everything's going to be
a little different, because
the kernel is
very aggressively actively maintained even across rel minor versions but everything that is in the
rel kernel is in centos stream they may not necessarily be in the same order or the same
sequence but if you know what to look at it's not hard to figure out what makes a rel kernel from a
centos stream kernel you just have to kind of do the work to figure out what makes a rel kernel from a CentOS stream kernel.
You just have to kind of do the work. And as someone who makes a derivative kernel from CentOS stream for a distribution, the CentOS hyperscale variant, right? Like, I know how it
works. And I'm able to work with it fairly easily to maintain a kernel for the CentOS Hyperscale workstation
and other deliverables that are being made for CentOS Hyperscale SIG.
So, I mean, if I can do it, and I'm just one person doing it on the side in my spare time,
I'm pretty sure anyone else can too, if they paid attention to it enough.
I don't have a lot of sympathy for those who aren't willing to roll up the sleeves
and contribute to the community.
And I am really happy about where Alma is going.
I mean, this situation sucks for everyone, of course,
but I think that this is going to make Alma better long-term,
this is going to make Alma better long-term, and it's going to introduce more participation in the enterprise Linux ecosystem than we've ever had in the past. And the open contribution model within
CentOS Stream, I'm looking forward to seeing contributions come in from AlmaLinux. I know for
a fact that at least one member of AlmaLinux has actually been sending merge requests to CentOS Stream to fix bugs and introduce features and stuff like that.
And we're just waiting to see them land. Neil, what do you think about my concern, though,
that ultimately why people have chosen these clones is because it's the easy button and they
can kick the can down,
they can have something that's RHEL compatible, and that's truly what sells these clones,
is that RHEL compatibility. That's why Rocky leaned so hard on the bug for bug compatibility.
And Alma is going to be able to say probably what, application compatibility, perhaps?
Well, so if you look at where these distributions tend to be used, depending on what type of market segment you're in, some of it may or may not matter as much.
So the main level of incompatibility that AlmaLinux will experience compared to Red Hat Enterprise Linux, again, we don't know how that's going to work out for them.
We haven't really seen them deal with it for the kernel,
and that's the kernel stuff. But for most people, we're talking about building open source kernel module drivers for Alma Linux so that they can either enable hardware that's been disabled in
the RHEL kernel officially, or they add additional features, or they're using add-on components of
some kind, right? So these
are all able to be built against any kernel and be tested against any kernel for compatibility.
And so I don't foresee as much of a problem. The user space part is much easier to deal with.
There are very few cases in which there's a binary interface breakage between rel minor versions.
Off the top of my head, I know of two.
And that is Qt and that is LLVM.
Most, if not all, applications will work just fine,
even if they're just primarily sourcing from CentOS Stream.
Like you're deploying some sort of particular proprietary app
that you can't really update or change that needs that particular interface.
And unless you have that, maybe you're not going to run into too many problems.
Well, they have to reconcile anyway, when you go to a new minor version in RHEL anyway, right? It's
going to happen no matter what, right? So when you're looking at, say, the main incompatibility
issue that people would have a problem with, it's going to be proprietary kernel modules, which Red Hat and the community's position
is proprietary kernel modules shouldn't exist
and aren't really supported.
So, I mean, if you're going to try to do weird stuff
in the kernel, prepare to get bitten.
And again, I should remind people,
even Red Hat Enterprise Linux
does not guarantee ABI compatibility
at the kernel level between RHEL minor versions since RHEL 9. Even on RHEL minor versions, you have to rebuild the kernel
module. If you're being compliant with the kernel license, your kernel module needs to be open
source. If it's open source, then somebody can build it and do their own thing. So in practice,
I don't think it's as much of an issue as everyone is making it out to be.
All right.
I appreciate that perspective
because that's, I think, similar to how we see it.
And it does make them feel much more like,
you know, their own entity.
Now I'm looking forward to that.
Could be a space for some innovation there.
And they're open to that idea by reading their post.
When I look at Oracle's reaction,
I look at Rocky's, Alma's, and I look at Seuss's.
Oracle and Seuss are standing out to me right now oracle is so unbelievably disingenuous with their post like you're worried
about preserving free software and you're worried about the custodians of the gpl2 then open source
zfs gpl zfs if you're so damn worried what a bunch of liars and if anybody remembers what happened
to sun and open solaris after oracle bought them then it's laughable to say that they are the
defenders of free software there is so much irony and hypocrisy in that post that i'm actually angry
about it and it's just unbelievable the way they're like vultures taking advantage of this
situation it's shameful
behavior from a company that's been around way longer and has unfortunately never behaved the
way they should wouldn't it be great if this like meant that the oracle and sue stuff in particular
meant like oh a whole new you know cluster of activity in upstream you know helping do these
things make incentive stream really great almost the only one because the rest of them are all just
trying to figure out the most clever way to kick the can without getting sued.
That's what they're all trying to do.
I mean, Rocky's at least being fairly
transparent about it in their kind of sales pitch
way, but almost the only one that's taking
the reasonable approach that's not only the most
obviously legal one, but
may even lead to some future innovation
in RHEL because they're going to have
their own bug catchers
now. They're going to be doing their
own testing i i just it's gross the way these competitors kind of turn and capitalize on this
and i guess that is what they do but i just oracle has always disappointed me because i've watched
them for a while but susa you know with that whole preserving software and the whole thing is just
such crap they they would
love to be in red hat's position they would love to and i just i don't know well i think the biggest
thing that stands out for me is again alma with alma they seem to be actually showing some actions
that support uh what they're hoping to do where everybody else is just kind of uh making promises
and we've yet to see it come to fruition. client that I used to snapshot and upload to S3 object storage and more. They're beautiful cloud manager dashboard, the API that's well documented with libraries ready to go for your
favorite language. You know, all the things that have made it easy to deploy and scale in the cloud,
all that stuff is there. But now it's combined with Akamai's power and global reach,
and they're expanding services to offer more cloud computing resources and tooling while still giving you that reliable, affordable and scalable solution for yourself, for a community or a business of any size.
I have friends that have been using Linode for over a decade and I've watched them scale their business.
And we now have several years of experience and we've done the same.
We've been able to scale up and scale down depending on listener demand.
And everything that we put forward is on linode because we want
to come across as professional and high performant and we want to be able to compete with you know
larger distribution networks and now that they're part of hecami we're on that distribution network
and it's part of their global network of offerings data centers are going to be expanding worldwide
giving you access to even more resources to help you grow your business and serve your friends
your customers your community whoever it might be. So why wait? Go experience the power
of Linode now, Akamai. Go to linode.com slash unplug, get that $100 and learn how Linode,
now Akamai, can help scale your applications from the cloud all the way to the very edge.
Like I'm talking the edge, like, you know, Brent's house, all the way out there.
Go find out how and support the show.
Linode.com slash unplugged.
Well, moving from the world of CentOS Stream over to Fedora,
we want to get a little ahead of some potential controversy out there.
There's a proposal to implement, quote-unquote,
privacy-preserving telemetry in Fedora Workstation
40. So, you know, to get the straight facts, we're inviting Christian Schaller back to the show,
Director of Software Engineering at Red Hat. Well, Christian, welcome back to the show. And
once again, you've joined us. It's been just about a year, so it's about time you come back
and tell us what's going on. So thanks for being here.
Well, thank you for having me. Much appreciated.
So the reason why we're chatting this week is because there is a proposal brewing for Fedora
Workstation 40, so in a couple releases, to enable what the project is labeling privacy-preserving
telemetry. And of course, the Linux community has traditionally been pretty sensitive when we're collecting telemetry about our systems.
So could we maybe start with why?
And then we'll get to how you guys are going to do it differently and whatnot.
Yeah.
So the why is that I think we have very, very often for many years now
come to the conclusion that we are making a lot of decisions
based on assumptions, essentially.
So, I mean, we have discussions
in Fedora about, like, hey, is it time
to turn off support for an old
generation of CPUs, for instance? It's like,
well, based on
what we see around us and what we hear,
we think this is fine because we
think there's nobody or not a significant
amount of people using this anymore, for instance.
Or, for that matter,
in terms of choices, right? I mean, I think there have been so many times over the last few years where I, like, for instance. Or for that matter, in terms of choices, right?
I mean, I think there have been so many times
over the last few years where I like,
for instance, listen to your show and there's like,
hey, I use GNOME, but you know,
without that one extension is useless to me.
That's sort of like a statement I heard quite a lot.
And then of course, I end up sitting there that like,
okay, how representative is that claim?
How true is it?
And like, so I end up having to always parse data
and make guesstimates based on all
the best experience. Like, is this relevant?
Or is this because, hey, like,
Chris really loves Sudoku, so that's why he has
a GNOME extension doing solving of Sudoku
puzzles. What about something more recent
like the LibreOffice decision to switch
from packaging to Flatpak?
Do you think there could be a scenario where this
telemetry data could have been used
to make a more data-driven decision there?
Absolutely.
And LibreOffice was a hard one to really know
because it's pre-installed in Fedora Workstation.
Right.
So we don't know whether that's in there.
People never start it or use it,
or if actually everyone was using it, right?
And I mean, another important thing for us, right,
is that we have this long-term vision of moving maybe to more something like Silverblue,
which is an immutable core system.
But there's a lot of things in the way of doing that.
Like, for instance, there are certain printer drivers
that you then have to either do a complex job of layering onto the system
or whatever to get it in there.
And once again, with modern printers
and printerless driving,
no, driverless printing, sorry.
That might not be a problem,
but once again, maybe there's 100,000 Fedora users
who happen to have one of those
older print models still in use.
So there's a lot of these things
where getting a system for gathering metrics
can help us make better decisions, basically, for the Fedora community.
What about the art of it all?
Like, you know, I'll steel man this just for a moment.
I think Fedora Workstation has turned out pretty great and has become one of the absolute leading edge distributions.
It's really kind of shown the way forward for a bunch of other distributions and has made a bunch of decisions that seemed semi-risky at the time.
Systemd, Pipewire, ButterFS.
Would a data-driven distribution have made some of those same decisions?
What about the art of it?
Well, I mean, obviously there are certain decisions
that I feel metrics probably can't help you with.
It's like, is making a choice to do something
for instance to bring in a whole new group of users the other metrics on the current user base
probably will never help you answer that question and and at the same time i don't think about at
least the way we look at metrics um you know it would affect the things like our investment in
pipewire as a good example i mean that, that was partially us thinking, okay, hey, how can we make life easier for pro audio users?
And how can we stop having the audio stack being such a mess, basically,
and at the same time also get similar line of support for video?
So obviously, certain things, metrics will not help us with,
and that's, I guess, where the art of it comes in where we have to sort of make some make some call it both strategic and educated
decisions about where we're heading that that we can't necessarily prove up front with data
so there'll still be some gut involved of course um okay so let's talk about let's talk about how
you're going to do this because one of the things i've noticed reading through the proposal and then the discourse conversation it feels like there's a lot of thought about
how to do it in a way that doesn't use a third-party system like google analytics
sounds like there's been a lot of thought about doing things that don't capture identifying
information even like things like you know not looking for looking at proprietary installed apps
because maybe somebody has some sort of custom binary they run that might hint at who they might be.
Like, you guys have thought a lot about that stuff, but I see less thought on what you actually want to collect.
As the conversation has gone on, it seems like there's kind of been a realization of, OK, we probably do want to track that, but we have to do it right.
It seemed like in the initial proposal, there was
this attempt to be like, well, we think we want to watch these things, but as the conversation has
gone on, that window seems to be expanding a little bit. What are your thoughts on the critical
things and just sort of the way this might go? And my initial criticism of there's been a lot
of thought put into the technical implementation, but not a lot of thought into the actual practical collection so far when we put
all the proposals over over to us let's start agreeing upon the process for how to do it before
we start digging into those and for us we thought like you know instead of having a predefined list
of these are the things we have been thinking about let's instead focus on the fact that let's
have a community-driven process where we have elected community members who will be part of
decision making for what metrics you gather or not so that it becomes
more about the process for how we do it as opposed to individual items. I mean, I agree, of course,
based on feedback, we realized that we needed to provide more examples because people are like,
okay, are you going to check my browsing history or I mean, what are you trying to do here? And
so we're trying to add that now and bring that in. But it, you know,
it's also this sort of weird situation when you do development in open is that on one side,
people say, oh, why isn't your proposal more fleshed out? But at the same time, if you come
with something that's super fleshed out, like, oh, the decision is already made, you didn't
involve this from the beginning. Fair. Yeah. Yep. And it seems like there is a lot of technology available that's thought through this a lot.
Reading through the proposal, it seems like a lot of the tech that's going to be the back end is going to be stuff that was created by Endless for their platform, with some modifications, it seems.
And can you talk a little bit about why Endless's implementation and how it's going to work a little bit differently for Fedora?
why Endless's implementation and how it's going to work a little bit differently for Fedora?
Yeah, so the background for it was that
quite some years ago, I was at GoDeck in Greece,
and Robert Queen, who's the head of Endless,
he was actually talking about their metric system.
And the topic of the talk was like,
how do we do metrics in a way that isn't sort of murky to users?
And one of the things he pointed out was like,
hey, let's make sure the data capture is open source
so people can audit that code.
Let's make sure the server is open source
so people can audit that code.
And make sure it's easy to turn on and off for people
so they can easily opt out.
So I thought like, oh yeah, that's actually sounds reasonable
because I think a lot of the gut reaction people have
against any kind of metrics gathering is,
I don't know what's happening on my system.
There's some people looking at what I'm doing and taking some data out, and I don't know what's happening on my system. There's some people looking at what I'm doing
and taking some data out,
and I don't know which data it is
or what's going to be done with it.
So by trying to be sort of super transparent about it
and having like everything being open source,
everything being hosted in a clear way
and having even a community process
for deciding what to gather,
we're sort of hoping to alleviate those fears, right? And
I think at the same time
we did some changes because
Fedora is different from Endless
in certain ways, so we felt we wanted
to err even more on the side
of caution when it came to how we did it.
So for instance,
that's why we did some changes to the Endless call.
But at the same time, we're trying to basically work with
Endless to have a shared call base so that as we improve this thing, it's useful for everyone.
And then, of course, also other distros who might want to start using this can also take the same system.
One of the things that I thought was really kind of neat and gives me a bit of peace of mind is it sounds like it would be theoretically possible for the user to point the metrics collection at
their own server backend, and then they could actually look at the exact data being sent to
the server. That's neat. That's a neat implementation. So, okay, on the client side,
it is going to be on by default for brand new installs so far that if the proposal goes forward
with workstation 40, How will that practically work?
I've got a brand new install.
I've just done my first login.
Are you collecting information about my system?
What's being sent at that point?
Yeah, so nothing is being sent, but the system is collecting data.
And we are discussing whether it's better to wait.
I mean, it's also about like if you wait and maybe miss some critical information
that could be useful to, let's say, figure out the bug that's happening on the system before the first login, as an example.
But what's going to happen is that the system logs by default.
And then once you get the initial system setup screen, it will ask you whether you want to do metrics or not.
And if you say no, then it will just turn off everything and delete whatever it collected so far.
a node and it'll just turn off everything and delete whatever it collected so far.
Could be, as I said, based on discussion that we end up turning it on at that point, as opposed to having it on from the get-go.
I feel that's a minor detail, but I mean, I think for some people it matters more.
But to be clear, the collection is on right now, the proposal is the collection will be
on, but the uploading is not on and does not get enabled until the user clears
the privacy screen where they have the checkbox to turn it off.
Yes, correct.
Okay.
And then once it's on, or say you're on a 39 system or a 38 system and you upgrade it
to 40 and it's not on yet, there's going to be a new UI created in GNOME settings?
Yes, correct.
So there will be a UI there.
People can go and, I mean,
let's say you did a fresh install
and then you, you know,
regret your choice later on,
be that turned on or off,
you can go into GNOME settings
and change it.
But also for people who did an upgrade,
they will then be able to go there
and turn it on.
We are talking about like
whether Donderol can come up
with a good way to present
a UI after upgrade.
I mean, part of the problem
is at the moment, we have nothing in Fedora
that would sort of easily enable us to present a question to users,
hey, do you want to opt into this now since we have this new thing?
So that's why at the moment it's only for fresh installs.
But I mean, maybe with online we come up with a way to do that in a non-annoying way.
Right. Interesting.
I mean, because I think it would be kind of,
I think it'd be kind of maybe jarring for users
that upgrade that had it off
to have it turned on by default.
So I think that probably is a safe way to at least start.
Okay, so I want to kind of talk about
the overall idea and goals here
because we have some implementation details.
They seem pretty solid.
They're going to follow a lot of the endless stuff,
which they've done a really comprehensive blog post on that is fantastic that I'll put a link to in the show notes if people
want those details. So my question to you is, if this goes forward, what are like the must-have
things from a 50,000-foot level managing the project view that you'd really like to have,
like the data points that you don't have that are your pain points right now?
I think it's definitely, I would like to be able to see more about,
I guess, certain technology choices, as we talked about, right?
I want, for instance, to know, hey, when is it fine to stop caring
about a certain class of hardware, for instance?
I also want to see, you know, what shell extensions are popular,
so we can see, like, do we need to try to integrate them closer?
I mean, it doesn't necessarily be that
it turns out that 60% of Fedora
users use a specific extension, so let's
package that in Fedora. That might be an
output, but it could also be that Alan Day, who's our
head designer, maybe he will take that
as input to go back to the GNOME community and say,
hey, what if you try to integrate this feature
into GNOME itself? Because it
turns out there's a huge
subset or even superset
of users who want this specific feature.
Another thing could be, you know, I mentioned Butterfest.
You know, I don't know how many Fedora users are still on Exifest versus Butterfest.
So, I mean, in terms of, for instance, starting to try to take advantage of certain Butterfest
features, I need to know certain that, okay, no 99% are over in BetterFest.
So I can start sort of assuming almost that that's a default for a Fedora install.
There are also things like when you, for instance, want to convince a new hardware partner or not even a partner,
we want to convince a hardware maker to start supporting the LVFFS for firmware.
If I can say, hey, I know for sure that there's
50,000 Fedora users who have your hardware
and they would love to get firmware updates for that.
That's a lot
stronger argument to make, both for
me to them and for them internally, than if I say
I think there's quite a few somewhere out there who
probably use this for stuff. That data opens doors
I would imagine. It starts conversations
for sure. So, okay, so one of the other
areas I saw discussed is and I suppose you could look at this with a perspective of, I'm sort of shocked
this wasn't already there. Of course it's not, but I'm sort of shocked because any other commercial
software packages would be there. GNOME software. There's discussions in there tracking about, well,
when does somebody actually click on a banner in GNOME software do the people actually use the featured app section and just really really basic information about just the standard stuff how users are using gnome software
i never even thought that that information wasn't available i for some reason thought maybe there
would be like analytics in there but of course there's not and to me it seems like obvious that
how do you really improve something like gnOME software without having an idea where the rough parts are?
But what if now let's just let's play just fun here.
What if something comes back and I doubt this is going to be the case, but what if something comes back and says like 4% of workstation users use GNOME software more than twice or something like it's such a could there be a moment where upstream at GNOME or the Fedora project goes, you know, we're actually just going to stop working on something.
Could there be that kind of radical shift?
What do you think the ultimate end result could be for something like that?
Well, I think definitely there could be cases where we, for instance, realize that, hey, this tool that we thought was something, quote-unquote, everyone was using, nobody is using.
And it will at least trigger some kind of rethink, right?
everyone was using and nobody is using.
And it will at least trigger some kind of rethink, right?
I mean, there's no point in... I mean, we are investing quite a bit in GNOME software
in terms of having an engineer more or less full-time on it.
And if it turned out that nobody was using GNOME software,
then A, the question is, why is that?
I mean, of course, maybe we would start probably by figuring out what,
because to some degree it would feel natural, like,
okay, people probably need some software tool.
Does really everyone just use the NF command line
or what's the story there?
But of course, worst case scenario, we might decide,
okay, well, if nobody's using it, why are we,
maybe that engineer can instead go and work on this other feature
that we see from the data people are desperate for,
but we currently have nobody working on.
Right. I mean, I'm sure it does, right?
I'm sure it gets used.
The pop-up comes up, says there's updates, people click it, it launches GNOME software. I'm sure it gets used. But I just thought it was an interesting thought experiment. I guess my other thought that I just generally, and this is kind of going for your personal opinion on this one, I've seen kind of a trend where there's people and groups out there that kind of want to capitalize and take the opposite position of anything that anything associated with red hat
does you know what i mean so if red hat comes out and says we're going to do this they'll come out
and say we're going to save the users and we're going to do why and come join us are you concerned
at all about you know this metrics telemetry stuff getting spun as anti-free software anything like
that well yes i guess i am i mean i obviously i do not want that to happen at the same time i
always feel that you need to be sort of confident enough about that you're doing the right thing
that you know that fear doesn't deter you from from doing it because i mean at the end of the
day i believe that this data will allow us to make fedora significantly better and i think that will
pull in a lot more users so for me that's i think that outweighs any noise on the Internet, basically, around it.
Yeah, it's generally noise.
I think you're right.
I think if Fedora stands out, and as Fedora has gotten better over the years,
and I think we've seen it, right?
It's grown in its popularity and its praise, and rightfully so,
because it earned that through just being a good product.
And this really is just, we're talking workstation, right? and its praise, and rightfully so, because it earned that through just being a good product.
And this really is just, we're talking workstation, right? We're not necessarily talking some of the other flavors or spins.
This is just workstation right now.
Yeah, so I mean, Endless, of course, is a GNOME-only distribution.
They designed it specifically to track data in GNOME,
but that said, of course, big chunks of it are usable.
So what we have said is that if any other spins want this,
they are free, of course, to work on making sure that this is integrated into their spin and works for them. But at the
same time, I want to keep the data separate because, I guess, as an example, I mentioned
in one of these discussions we had internally was I said, like, you know, I want to, for instance,
know whether, well, I mean, what is an interesting data point for me is, for instance, how many GNOME users are using GNOME Terminal versus console, for instance.
What is not, from a Fedora works-based perspective, as important for me,
is whether KDE users are using console or not.
And at the same time, with that, again, might be useful data for the KDE spin, right?
They want to verify, oh, people are actually using our default terminal application.
So I think we will probably come up with a way that if some of the spins decide to do this,
we will have a sort of separate repository for them,
because some data, of course, is valid across the spins,
but KDE probably couldn't care less about which GNOME extensions people use or not.
No, maybe they'd like to know what plasmoids I'm using, though, because I do have a couple.
Okay, so really my last question for you is, just again to just sort of steel man this a little bit. So actually in totality, I think this
is a great thing. And I think you guys have a really solid implementation that respects privacy,
but let's just say like, you say you're getting a really, there's a few data points that are
coming and you've got some great signal and somebody at some point by auditing this discovers,
actually, I do have a way to deduce somebody's potential identity from this metric.
Have you thought at all about a process
for how you'll wipe that data out,
or if you will,
if you're going to keep taking that signal,
if you'll get rid of that particular telemetry point?
What are your thoughts there?
Yeah, no, I mean, I think our thought is that
if that happens,
we will basically on the database level
need to go and do some data laundry.
I have a hard time imagining the scenario where it will be possible.
I mean, I was trying to think about it and say, hey,
if you happen to use an Acer laptop, maybe you're the last person in the world
to do that. And if I know you and I know you use an Acer laptop, I know that we got
that data from you. But that means I have to already know that
you're using an Acer laptop for me to know that that was your data point.
And you need to be the last person in the world
using that Acer brand laptop.
Sure, yeah, yeah.
So, I mean, if it happens,
we will, of course, jump in
and then do surgery on the database to purge it.
But I have a hard time imagining the scenario
where this comes together like that.
Yeah.
I mean, reading through it, it really seems like the number one priority is avoiding user-identifiable information, even at the cost of losing out on useful information.
Yeah, correct.
Yeah.
Well, Christian, thanks for coming on and answering some of my questions.
And keep us updated on how it goes.
We'll keep an eye on all of the discussion and Fedora Workstation 40 as well as it develops.
Thanks again.
Can I actually add one last thing before we leave?
Sure, absolutely. So one thing that came up
a lot in the internal discussion, and I want to address it
is people are like, because a lot of
things in Fedora's discussion have been about
should signing up for this be something
that has a, we have a, you know,
this privacy panel saying, do you want to
join or not? And then the question is, what's the
default? Should the default be join or not join?
And a lot of people feel that if you even suggest something you're doing something wrong but i
i ended up actually reading some studies from cambridge university today who had actually
done studies on on like opt-in and why do people behave the certain way when they see opt-in things
and the primary thing they pointed out was that when people see, for instance, a question
asked, hey, do you want to opt in? And it's defaults to yes, they take that as a recommendation
from the people making the survey. And of course, if we are asking people to sign up, obviously,
we want them to sign up. That's implicit. And then, of course, the two other things I mentioned
was like ease of choice. I mean, of course, not having to go and click no is a little harder than
just clicking next.
But it was more about the fact
that people like, I don't care enough, so I'll
just click next as opposed to, I don't understand
it, and I click next, right?
And then interestingly enough, the last thing I mentioned
was that people tend to choose
to default just because they
consider it the status quo,
basically.
But, I mean, to me, the most important thing is, like,
the thing that really struck me was this whole thing
about, like,
people see that choice
as a recommendation from the people asking.
And I feel that, like, if you're going to ask
people or have a telemetry system, obviously
you need to believe enough in it to feel
confident about recommending over users to use it.
So I think we are
looking at some design tweaks
to try to compromise with people
on that, but at the end of the day,
in order to also get the volume we need, because
once again, right, I don't want
people, if it's sort of only the hardcore
who ends up signing up, for instance, then you
sort of like, oh, so the most popular
IDE is still Emacs. I never realized.
You know? Yeah. Oh, everybody's on
i3. Wow, who knew?
They switched over. I didn't know. Yeah, absolutely.
Yeah, they're all using tiling extensions.
And I think
that is a good point, is you want to try to
cast as wide a net as possible.
And I think the thing that gives me
some peace of mind as a user,
and I don't know if I ever would, but if at some point I felt like I wanted to opt out, it's just right there in GNOME settings.
And I can just go check that box.
And that's nice that I don't have to invoke some sort of command line magic to get it to turn off some sort of service or something like that.
I just go check a box.
Yeah.
And it's worth mentioning that Fedora used to have this opt-in tool
back in the day
called Smolt.
I don't know if you've tried it.
I was going to mention
that I forgot.
But yeah,
I remember it almost had
like a previous era UI to it.
It was a different time back then,
but it was kind of
a more primitive version, right?
It was not nearly as in-depth,
I imagine.
And it sort of also proved that opt-in
doesn't necessarily work because it turned out
that only people who were motivated to run it
were the people who were like,
oh, my system doesn't work correctly,
so I'm going to run small to submit that
and hopefully if someone will fix my system.
The problem with that is that you got a database
that made it look like the Linux community
was only using weird systems, basically.
Right, yeah.
Yeah, it would skew the results, I would think.
Or you got guys in there like,
my system's so awesome,
I want to submit it with my six monitors.
Yes, exactly.
And then if you design your system
assuming everyone else has six monitors,
you're probably missing part of the market.
I mean, I imagine there's two.
There's going to be a lot of software
you'll have to create on the back end
to visualize all this and view it and understand it, right?
That's going to be a whole project in itself.
Yeah, I mean, of course, as long as
we have it, I mean, one of the
restrictions we're putting is that it's all going to be
independent data.
We're not going to create a user profile. It's like
linking things together.
So it makes, of course, parsing it
a little simpler in some ways because it's like,
okay, so 40% of
Adora users like to use Inkscape.
It's like, I cannot necessarily that easily correlate it with it like, okay, so 40% of Fedora users like to use Inkscape. It's like, I cannot necessarily that easily correlate it with it.
Like, you know, and they use GIMP too, kind of, right?
Because they're just two separate data points.
I mean, maybe if the percentage is very close,
I would assume that, you know, maybe these are some of the same people
who are artistically inclined.
But it means, you know, the sort of analysis we can do,
at least as long as we keep that model of having everything completely independent,
is a little bit more limited, but, you know, still a lot of useful data to be had.
That's an example of the privacy trade-off that the project's going to have to make.
Yeah. And I could, you know, of course, there's commercial vendors
that are going to go way farther and go way beyond.
But I could see wanting to walk that line very carefully and respectfully as a
free software project because you'll probably be
setting an example for other projects.
Yeah, and hopefully. And I mean, you know, we
obviously have learned from what Endless they are doing
and I think they did a stellar job with their
tooling and we are trying to take it and sort of
adopt it for our use case. And I think
that's the other thing is like I feel this is
trying to do, you know, metrics gathering
the right way as opposed to,
like people probably think about like, as I said,
like, you know, weird hidden things in your system
that gathers hidden data in a mysterious way.
It's in there.
You know it's doing something, but you just have no idea what.
That's the Windows experience, and we don't want that.
No, exactly.
All right, Christian, thank you for coming on
and answering my questions and explaining it to us.
Yeah, well, thank you for having me.
Let's start to make it less than a year the next time.
Sounds good. Thank you.
Collide.com slash unplugged.
If you work in security or IT and your company has Okta, you need to listen to this.
If you've noticed that over the past few years, the majority of data breaches,
you know, hacks that maybe maybe you read about in the news
they seem to have something in common don't they the attack vector is often the employees i mean
sometimes their device gets hacked because of unpatched software i'm looking at you old android
devices sometimes unfortunately employees leave sensitive data in an unsecured place sometimes
they just don't know better and it seems like every day a hacker you know breaks in using
credentials they got from some phished account or something that leaked online.
Just it's a huge problem to deal with at scale.
And the problem here isn't really end users, is it?
I mean, they're not they're not doing it intentionally.
And it's the solution so far that enterprise has been provided.
They just haven't really prevented these breaches.
They just don't do enough.
It doesn't have to be that way, though.
Imagine a world where only secure devices could access your apps.
In this world, FIS credentials are useless to hackers because you can manage every OS,
even the Linux machines, from a single dashboard.
And best of all, you get employees to fix their own device security issues without creating
a whole bunch of work for IT.
And the good news is you don't even
have to imagine this. It's actually available with Collide. That's what Collide does. It's a device
trust solution for companies with Okta. And they ensure that even if a device isn't trusted and
secure, it won't log in to your apps. That's powerful and stops problems before they happen.
So go to collide.com slash unplug to watch a demo and just see how this works.
It isn't magic. They've really figured it out. So you go to K-O-L-I-D-E dot com slash unplugged.
That's collide.com slash unplugged.
As usual this week, we got some great feedback. Thank you very much for that. If you want to leave us some, maybe about what Christian and Chris just shared, we would love to hear it. Linuxunplugged.com slash contact for that, and I'll even read it
personally for you. Now, Matthias sent us a little note, and I thought, Chris, you might add this to
your, maybe your wish list. Matthias says, I have a book suggestion about IT security. I do have to
warn you, though, after reading this,
you will feel a strong need to move out into the woods in a Faraday cage. The book recommendation is This Is How They Tell Me The World Ends, The Cyber Weapons Arms Race by Nicole Perleroff.
Oh, man.
And we have a link to a Goodreads insert on that. So have a look. And Chris, are you going to get this one?
Boy, I already have run out into the woods tendencies. I don't know. Is this...
Next step, Faraday cage, I think.
Hmm. Could I build a Faraday cage into the RV bedroom?
Is Jupes a Faraday cage?
Maybe. Sometimes. She's got plenty of radio signals inside. Interesting. Okay. All right. This is
how they tell me the world ends. The cyber weapons arm race. You know, I always find getting
information on this fascinating, even if, you know, maybe it only affects a small percentage of
those on the internet doing who knows, maybe nefarious, dark, secret things. But it's always kind of interesting because even if it increases your own mindset or protection or the steps you take for yourself by, I don't know, 5%, 10%.
Well, that's already a win for you personally.
So I say go for it.
I mean, if it's an audio book, which I don't know if it is, but if someone finds it, please let us know.
Why not?
Yeah.
You got me.
You sold me. All right. Thank you for the,
I really appreciate the book recommendation. And now it is time for Le Boost. A delicious name,
noodles with a Z writes in and they are our baller this week with 93,650 sats.
3,650 sats.
Sending in via the podcast index, they write, hey guys, just sending in a boost after a long kerfuffle with Strike and getting sats because I had my identity stolen in the past.
So KYC, that stands for Know Your Customer, which is sort of law here in the West, makes it near impossible to get sats for guys like me.
Anyways, I've been listening since around episode 250.
So a long-time listener, but a first-time booster.
I just want to say love the show,
and I hope it goes on for infinity or near it.
Well, as best we can, right?
I mean, look at these two guys.
They look like they've got years left on them still.
Maybe we can save these sats for robot bodies?
Yeah, definitely.
You know the robots are going to be taking sats for sure.
I actually would love to know more information about the whole identity stolen, how you got the sats after that, and the troubles you ran into because I've got to imagine that could happen to anybody.
Thanks for jumping through all the even more hoops. You know, it's also a zip code boost there, Wes Payne.
Yeah, looks like it's coming in from Fresno, California. Hey!
Not too far away.
There are also noodles.
1, 2, 3, 2 on
Matrix.org if anybody wants to chat
from Fresno. Very nice. Thank you.
Rotted mood boosts in with
$50,003.
Oh!
Hey, rich lobster!
I was wondering where you all get the most value for the show,
the membership or the boosts.
If one were to have to do one or the other,
which provides the most for the network.
Also,
here's another boost just to say I'll miss Linux action news during its break.
It's what brought me in to the network.
Oh,
that's always interesting.
I always like to hear that.
Thank you.
Yeah, so what, I don't know if I would say
one particularly over the other.
I think the memberships I look at as a nice predictable
kind of this is what we know we can afford to produce.
On an ongoing sort of.
Yeah.
And so, you know, that's pretty important.
A pretty important metric.
I look at the boost as a way to try to finance that individual episode as sort of like, so if the membership covers the baseline production, the boost is sort of covering our time and a little bit extra.
Some of it goes to Drew, some of it goes to developers.
So it's kind of like a thank you for that particular production and the value you got from that particular episode. So I kind of see them as sort of
two separate things. But my answer is, is whatever works best for you, right? Like if
you don't want to mess with the sats, I totally understand why the membership would go. If
you're ready to experiment with something that's pretty fun and technically interesting,
then the boosts are there. And they seem to be really, really popular for people that
are on new podcast apps too, because if you think about it,
you're just listening along
and the feedback button's just right there.
You just hit that button and boop, boop, boop, boop, boop, boom.
You send it in.
It's a nice way to say thank you
if there was an episode that you thought was really useful.
We also touched on this topic quite a bit, Chris,
in episode 32 of Office Hours.
You can check that out in officehours.hair,
where we're trying a bit of a new model,
if you haven't heard of it yet. Chrisris can you give us like a one sentence what we're doing over there
what are we doing over there a bounty for production you know it's a community show
and we're setting a modest bounty uh and when we reach that or get near it we start producing the
episodes with short quick like little updates on what's going on in the feed in between from time
to time so it's a new model we're trying.
So the idea is, is that we have, we're not, we're not kind of like putting the show production
on credit and then hoping we make it back, maybe, which we probably wouldn't.
And so what we're going to try instead is we'll do a bounty.
And when that bounty is getting closer reached, then we will begin production on the episode.
And we know we can safely produce the episode and not put the network at risk.
Office Hours Prepaid Edition. Yeah yeah you could say it's a new experiment
we're trying it's not you know we'll see we'll see what about lan well the reason why we didn't
do it with lan is because our goal with lan is to really keep it lean and tight you know i mean if
we can get if we can get really solid information in under 15 minutes that's a that's a win for us
and so if we you know the only way that i think the value for value model really works is it's not,
it's not a payment technology.
It is a format.
And so you have to do the shout outs.
You know, the community comes up with like the row of ducks
and the rich lobster and, you know,
like that's all community driven
and it's part of the value for value format.
And I don't think LAN, not all shows,
at least I think right now,
are particularly well-formatted for that.
If you want something that's 10 to 15 and 25 minutes is a long episode,
I just don't know if it works there.
Maybe.
Maybe you could do a short version of the top two or top three boosters or something.
But that's maybe why we start with try things like that in office hours,
and then if it's wildly successful, reconsider. So office hours, that's maybe why we start with, try things like that in Office Hours, and then, you know, if it's wildly successful, reconsider. So Office Hours is, that's just a good, that's a great point. That is our test ground show where we just, whatever, like, the wildest thing we're trying on the network.
We're trying some new technology, we're trying some backend thing, we're trying out a new format. We do it in Office Hours. It's sort of a skunkworks.
So the reason I ask about this is because I remember when Linux Action Show split into LAN and LUP, right? And the idea
back then was the
two components of Linux Action Show would be
decomposed into tighter,
more focused shows.
But, you know, LUP is designed
to respond to LAN, and if you don't
have LAN,
so where does
the inflow come in for
being able to have the commentary of the news from the JB perspective?
How do, I guess, I don't know, does it mean that you want to pull pieces of land back into LUP and make the show again?
It's very rare that we do the same topics in both shows.
It's probably one out of every four episodes or so of land.
Okay.
We're basically doing what we just did today,
is we're pulling in the topics that are worth discussing.
The reality is, outside of this Red Hat news,
there's not a lot of news during the summer in Linux LAN.
Yeah, it's usually a dead time.
This and Thanksgiving are pretty dead.
Right.
So it's sort of like the time to do this for LAN,
and we can take that extra load on.
Now, when summer ends, news cycle picks back up, developers get back to work.
Yeah, we'll see.
And maybe the advertising market will be changing by then too.
That's a possibility.
Cyber Gray boosted in two, three, four, five, six Satoshis.
I started listening during 2020 and have been an avid listener since.
I started listening during 2020 and have been an avid listener since.
All of Jupiter's shows are awesome, fun, and the entire JB team is a delight to hear from.
Huh, geez.
I don't know if I could go on, guys.
I'm blushing so much over here.
Yeah.
I would love to attend a meetup. Any chance there can be more over by, say, Alex or in the general east coast of the U.S. generally?
The boost is a nearby zip code, by the way.
Hmm, Virginia Beach, Virginia, or thereabouts.
Wouldn't that be great?
Yeah, travel is tricky because A, it's expensive,
and B, I got three young kids, and C, I got a tiny farm.
So it's tricky right now,
but it is absolutely one of the highest goals I have
is I'd really love to be able to travel more and get out and do more meetups and more live shows.
Because, you know, when you do something for a really long time, going out and getting that kind of recharge is like anything, anytime you get a chance to do that, it's so great.
Every time we have a meetup, we're like, let's go.
And it really, you know, it gives us a nice boost because there's such great people, great conversation and all of that.
So that's a long way of saying inevitably, yes.
I don't know when.
We really had a great crowd in the Raleigh area.
So that I could see doing again soon.
If we could find really cheap flights or if we have a listener out there that can get us a cheap flight or if I could get a source of a lot of gas and I could just drive there, I'd do that too.
One way or another.
We take the train and we podcast the whole way.
Oh, yeah.
Oh, yes.
Can you take a train all the way there?
Can we do that?
Let's find out.
That would be great.
It'd probably almost be as long as taking the RV.
LeBan comes in with 20,000 SATs using Castomatic, which I hear is great on iOS.
Interesting to see Oracle bashing IBM and Red Hat
for the recent rail decisions.
Yeah.
He says, it's one Titan fighting another.
However, should Oracle be the one to throw the first stone?
I know.
I thought Oracle was just not going to say anything.
I think that's why I was taken so aback
by like such a tacky post.
They would just keep quiet.
Yeah.
Do what they're going to do.
They're like a huge tech Titan. Lawyer driven. They would just keep quiet. Yeah. They're going to do. They're like a huge tech Titan.
Well,
you're driven.
They don't need to say anything.
And then to have a post,
it sounds like it's written by like a tech bro.
Who's cock of the walk of his department and nobody can tell him to say
anything different.
It's like,
wow,
I can't believe this is coming out.
Like you think this is coming out of a hundred person company.
It's unbelievable.
Anyways,
that's my take.
Sorry, I didn't mean to go on.
The band goes on to say, but alas, Microsoft course corrected years ago and arose from
everyone's S list, pushing Google down in the process.
Perhaps it's time Oracle do the same.
The easy way to do every, oh, I know.
He says the easy way to everyone's heart is for them to GPL ZFS.
I agree.
I will have a thank you appreciative Oracle episode if they just GPL open ZFS
or whatever.
Oracle hearts open source.
The interesting thing about Oracle's relationship with open sourcing things
people want.
I will make an observation and you can make for what it's worth.
Oracle relicensed dtrace which
had been wanted for a decade in linux from right the paris license to the gpl after nobody wanted
it anymore the after at that point you know uh bpf trace that came on board and system taps
a dtrace portability framework was reused for eBPF and things
like that. At that point, Oracle
re-licensed DTrace
into GPL and incorporated it
into Oracle Linux.
So, I don't
know what that says about how Oracle does
stuff, but it is an observation
that I've had about
how they seem to approach taking
Solaris technologies
and making them available for Linux.
All right, quick, everyone, pretend CFS is trash.
Yeah, pretend you don't care about it,
and then Oracle will open source it.
You know, because they don't want to fragment Linux,
and they don't want to cause any heartburn for Linux users
because they care so much about free software.
Hey, maybe they could be a Linux Unplugged sponsor.
Yeah, wouldn't they?
Oracle, go get Oracle Linux.
It's just like RHEL,
but now not quite as much.
J Moon boosts in
with 7,777 sats.
Boost!
With the simple message,
Boost!
Thanks, J Moon.
Love to know you're out there.
Pascal comes in with 2,000 sats
from the ConShchax web app.
Heyo, that's a great app.
Hey, Linux team.
Thanks for using the podcaster support page for your podcast.
Time to tell your audience how easily they can post a message and send you some support.
Also, if you have any suggestions, please let us know how we can improve.
Conchax.
All the best from Pascal. How great is that? What? They're kind of like passing on. It's like passing on the message about the service via Boost. And that's great. So Conchax is a great
dashboard. If you launch a value for value podcast that uses Boost, you can pipe it into Conchax and
then it also generate a support page for your audience so they can go and see like if it's something we could potentially use with office hours so I'm gonna I'm gonna look
more into it it could be something there Radman comes in with 5,000 sats is looking forward to
this every single week thanks guys. Alwyn comes in with 4,000 sats just to say great show also
from Conchax web look at that. Hey okay Might be part of the Conchax crew there.
User 56823579er comes in from Fountain with 2021 Satoshis.
First time booster from NL.
Now I'm just going to pretend that's Newfoundland.
A postcode boost with Fountain earned sats.
See, postcode. I'm telling you, it's Newfoundland. Listening to most of the JB shows.
Got a postcode, Boost.
Sorry, Brent.
It's from the Netherlands
in Harlem.
Hey, that's great.
Thank you for boosting it in
and thank you for the zip code.
Are you thinking, Wes,
when you see these,
are you thinking,
maybe I should just build
into the script
when somebody says something
about a postcode?
It just looks at the SAT amount and goes, look that postcode up.
I hadn't, but now I am.
Coming in hot with the boost.
GeneBean comes in hot with 8,649 SATs.
You've all been talking a lot about XMPP.
Is there an end-to-end encryption available for it?
I think many years ago, end-to-end was not there.
That's what led me to other places.
XMPP, it's hot again. It's, people
are talking about it again. They've looked at the alternatives
and they go back and they say to themselves,
I wasn't so bad. But I do
think the end-to-end encryption, that must
have been, I don't know, I mean, that must
have been client-side because I could have sworn.
It was part of off-the-record conversations.
Oh, that's right. I knew there was
something. Yeah, back then it was called OTR, off-the-record.
And it encrypted the messages
and then threw away the decryption key
after a period of time
so you couldn't go back and see the messages.
That's what led them to be, quote-unquote, off-the-record.
That's cool.
Okay, see, I think we should set up.
Just a really early Snapchat.
Oh, Matrix, Yeah, of course.
Yeah.
You could do it with Matrix as well.
The difference between Matrix and XMPP on this is that the decryption key is preserved by default.
You could destroy the decryption key whenever you want and make all of your messages unreadable.
Hmm.
Hmm.
Yeah.
All our Star Trek chats destroyed like that.
So sad.
Bear 454 boosts in with 10,000 sats.
Oh!
Boost!
From the podcast index.
While I get your takes on the Red Hat source decision,
I don't agree.
For me, Red Hat has broken the promise
of providing support for a free product.
The product is now only freely available
after you have paid for support.
And while it may be technically legal under the GPL, it definitely is not free Libre open source software.
This is something that I've been, that has kind of been a peeve of mine for a long time.
Okay.
What, that it's not GPL anymore?
No, no, no.
The support thing.
Like what they're defining as support.
Right? No, no, the support thing, like what they're defining as support, right? When you look at open source stuff and you look at what is actually involved in making, I mean, even in proprietary software, like what support entails is not just, hey, you file a bug and someone responds back and does something with it. Or, or the it's also includes basic things like being able to, you know, do the
development to make the software work, add features and and security fixes, and stuff like that. It's
engineering effort, it's customer experience effort, it's documentation effort, it's, you know,
lifecycle, it's certification effort, like all these things require, you know,
people to spend time and energy on. And a lot of this is difficult to do on a volunteer basis.
Some of it's straight up impossible on a volunteer basis. Like, are you going to ask somebody who can
only spend like 30 minutes a week on a project to do like ISO certification or common criteria or FIPS. No, that's unreasonable.
Those kinds of things require, you know, people to be paid to follow through with everything,
to deal with all of the gnarly bits of these things. Also to keep the software working for a longer period of time than anyone really should.
These kinds of things take effort and time
and money. Nobody can live off of
you can't live off of, in the art world
and in the actor's world, you can't live off of exposure. In the
open source world, you can't live off of exposure. In the open source world, you can't live off of GitHub stars.
You can't live off of appreciation.
Appreciation's great.
I barely get any of it for the open source work I do.
But I can't live off of it.
If I got all the thanks in the world, it doesn't change the fact that if I have no money, I can't live in my house and I can't get food and I basically would be a dead man.
Like, no. You got to eat. You got eat you gotta eat everyone you need to survive somehow and by the way rel is for businesses it's for enterprises and businesses that make money right that's its customer base
right it's that's that's truly its customer base and i think where i can where i can kind of
jive with bear here is like i would i do wish all of these centos changes and rel changes
over the years were done on an enterprise time scale where it's like at the end of the supported
release we're making this change i you know i've been i've been informed that you know it's like
this has sort of had to be done because the infrastructure that we use to produce those
srpms needed to be addressed and so there was just several factors at play.
But I do wish the time, I think where I kind of agree with Bear there,
is I do wish the timeline could have been better and more user-friendly.
It's complicated to weigh the interactions of all entities, corporations,
people with their own agendas and goals in the open source mixing bowl.
And this is just one factor, I think, to keep weighing as we watch what happens in the future choices
and where you want to be in the ecosystem.
I want you to think about this, the viewers, the listeners, everyone.
How bad is it to pay $400 a year
for all the software, all the open source software
that underpins your applications,
your workloads, to run essentially forever, right? How bad is it to pay $400 a year
to pay for the engineers that spend all that time to work on it?
Well, especially if the software you're running makes you a million dollars a year.
Right. And in the desktop space, we've talked about how there's this general assumption that, you know, there's no
money in the desktop, but you could buy desktop Linux. You've always been able to buy desktop
Linux. Red Hat offers Red Hat Enterprise Linux Workstation for, I think it's like $200 a year
per system. Like you can go to redhat.com slash store and you can just go
see it for yourself as an individual. You can buy workstation, you can buy server and use it on your
own machines. Red Hat is gracious enough that for individuals, you can get 16 instances of RHEL with
all the content available for free through the Red Hat developer subscription for individuals
that you can get at developer.redhat.com. But if you want, you know, be able to file support cases and stuff like that,
you could absolutely buy it as an individual. And if it's something you depend on, and you
you want reliability, unmatched reliability, pay for it. I mean, it's not even just with rel,
right? Slezz has had SUSE Linuxa Linux Enterprise has had paid off options for decades. Like it's been
there for both distributions. You go to Sousa.com slash shop, I think, and they have them there.
I used to buy the box version of Sousa all the time. Loved it.
Just pay for, like paying for a subscription. You know, we talk about how doing code contributions
and documentation and stuff like that. My philosophy here is that you contribute and support open source
with either your time and effort or with money.
You could do a mix if you'd like if you're not skilled in everything,
but those are usually your choices.
And I tend to choose more often than not that I spend my time and effort
helping open source projects, but where I can't, I obviously give money instead.
Or sometimes I do a mix if I can't help a lot but i can try like if you care about the success
of the linux desktop or the linux server and the linux ecosystem start by trying to pay for
for the stuff that you consider that gives you value that that like enriches your life, that makes things great for you.
It's been a real problem for...
We've been talking about it for as long as, I don't know,
all the way back to freaking Linux Action Show way back in the beginning of how there's this problem about funding open source work.
Red Hat is the largest company that I know of doing open source work,
and it's the largest pure play open
source company I'm aware of you don't want to support and and enable them to do more of that
like that money helps make all that stuff happen and improve it and make it go better like
you if you want to have open source be the default,
if you want open source to win,
you can't take it for granted and you can't just not be willing to support it.
Yeah.
Like that,
that's,
that's my piece on it.
We agree.
Listener Brent boosts in to say,
thank you,
Neil,
for everything you do for open source.
And we've also got a boost from listener SWAT.
2,317 Satoshis.
Long-time lurker and first-time booster here.
B-O-O-S-T!
By the way, the Satoshi amount is half of my Dutch zip code.
Good luck, Wes.
Please keep newbie content available in the show,
even if it's just a remark here or there.
I noticed that the younger sysadmins or programmers don't always know or remember the old stories and don't have the knowledge we older folks take for granted.
Apparently, there are still some people that we need to onboard.
All right, Wes, track them down.
It's somewhere in the Netherlands.
Bergen of Zoom?
One strict? it's somewhere in the netherlands uh bergen off zoom uh won't strict boost in and let us know uh maybe a little more closely where you are yeah and how how good he got that uh yeah we are still
taking feedback on technical content versus newbie content uh we're always trying to get that balance
right we i think personally like to skew a little more technical, but also we don't want to be unavailable. And newbies, too, we want to be approachable by them.
Sort of a hard Venn diagram to actually nail, but that's why your feedback kind of helps us nail it down.
Unknown Sender, a mysterious sender, came in with 6,777 sats with no message, but we just wanted to say thank you.
And they're using Castomatic, which runs on iOS.
Zack Attack comes in with a row of ducks.
A little behind on
the boost, but wanted to thank you for your perspective
on the whole Red Hat soap opera.
Your coverage of it in 5.17
really brought a different perspective that I
appreciate. Well, we appreciate that when it
does register with you, when you get a little value
from it, you thought to boost in. Thank you, Zachatech,
for that row of ducks.
Thank you, everybody.
It really does feel like a soap opera at this point.
I know.
I know.
I know.
We got a boost, too, from Dan Johansson in the Mumble Room who boosted in their Noster earnings in the last week.
Man, Dan, I got to get my Noster game up.
I got to figure out how to link my Nostra identity.
And I just got to, I've been enjoying the discussions over there, but I'm just a lurker.
I'm just a total lurker.
Well, some of those sets are yours.
Oh, okay.
Yeah, I did.
I did give Dan a zap.
So you boosted into your own show.
Bonus boost that's relevant from a devry 17,000 sets.
Should JB continue to be technical?
This is a response to 503. Yes.
That's one of the main reasons I love these shows.
Go deep and break down what's being talked about in a way
that's understandable while explaining it
along the way. Well, we appreciate that.
I'd still like to get some signal on that and see
if we can continue to get
there. Thank you, everybody who did boost in.
Not all of them do make it on the air, but we try to get
most of them. We had 18 total boosters
this week, which is awesome, across 20 total boosts.
A couple of people boosted in a couple of times.
And we earned a grand total of 241,232 sats.
It's a bit low this week, but still appreciate every one of them.
And we'll put them to work.
Thank you very much, everybody.
And I had a question for the boosters next week.
Oh, you had a question?
I'll ask you live.
If you noticed any particular habits that your dogs have developed due to like your
podcast listening or just listening to content on your phone, here's an example.
So Levi likes to stay in whatever room I'm going to be in.
And if I leave a device playing a podcast in a room and I step out, he stays in that
room because he knows I'm coming back.
But if I take the phone with me that's playing audio and I leave the room, then he follows me.
That is clever.
I'm going to have to look out for that.
No, I've noticed mine, you know, when I put my wireless earbuds in, they're like, oh, going for a walk.
Oh, yeah, yeah, yeah, yeah.
That kind of stuff.
If your dog does that, boost in and let us know because I love dogs.
You can boost in by getting Albie.
Just go to getalbie.com.
A little web extension that brings the Lightning Network to your web browser.
You top that off either directly or you can use something like Strike or the Cash app.
And then you just go find Linux Unplugged on the Podcast Index.
We have that linked, podcastindex.org.
And you can boost right there from their website or go get a new podcast app at Podcast Apps.
Podcasting 2.0 revolution.
Podcastapps.com.
Fountain, Castomatic, and Podverse,verse i think are the favorites among our audience and they're constantly getting new updates
podverse just got a great update for android really solid um and fountain has been a rock
on my iphone for a while now they really nailed it over there and i hear good things about
castomatic so thank you everybody who boosts, and of course we'll be thanking our members later as well,
but we are thinking about you too.
We've got not one, but two fantastic picks this week.
I just wanted to give a shout out to Thunderbird 115,
the Supernova release.
It looks so good, I think I'm going to give it a go.
They have redone the UI quite a bit,
and I really like it. They've made it super fast, they say,'m going to give it a go. They have redone the UI quite a bit. I really like it.
They've made it super fast, they say.
A bunch of new stuff in here.
Got a new logo.
Improved calendar design.
New menu system.
New unified folder system.
I mean, it's just checking boxes for me, Wes Payne.
Pretty sure the updated version's already in Nix packages, too, so it should be easy to try.
Love it. I know they've been working on that so congratulations to them and then our second pick this week i was so blown away we had to have two picks i can't believe it maybe it's maybe it's
because we shamed them on air i doubt it i doubt it a while ago i don't know if it was in the
members uh stream or if it was actually in the show,
but I mentioned I was a little disappointed in Rust Desk because they were really dragging their feet on Wayland support.
And Rust Desk is a fantastic, true team viewer alternative.
I'd say superior to team viewer in every way.
Been a really quality tool.
I mean, you've used it a bunch for doing live production.
Oh, man.
Back when all of our systems were on x11 i would i would do
entire shows remotely produced routed through the studio and rust desk was helping me activate all
that software-based stuff it was so solid then i made the transition to wayland and when i installed
rust desk it came up with a little box and it says oh rest desk doesn't work on wayland would you like
us to fix it and if you say yes what they do is they go alter your system
and change it to run X11 and they rip Wayland out. That's what they're fixing. Right. And I
was so incensed by that. I just stopped using Rust Desk. Well, Rust Desk 1.2 is out. It's
completely rewritten in Flutter. What? Maybe that's going to be a good thing. Beta support for IPv6.
I thought I'd never see it.
Hardware encoding for H.264, H.265 in beta.
AV1 codec support.
And the big one, it is a beta, but a big one.
Wayland support.
No way.
Headless Linux support.
Resolution adjustment.
I did see a comment here, like, it looks like this is pretty new.
Surely there's bugs. Yeah. port resolution adjustment i did see a comment here like it looks like this is pretty new surely
there's bugs um yeah just noticed kde neon doesn't seem to work uh so far we only are testing it this
is quote on their github only tested on mainstream stable ubuntu 2204 arch and fedora all right so
it's a mixed bag on nix probably we'll see. Sounds like it's not going to work so well on my Neon system.
But I can wait.
This is progress.
Just use Fedora.
Yeah, there you go.
That'll solve it.
This is fantastic progress.
And I want to express a lot of gratitude for the Rust-S team for taking this work on.
Rewriting into a new toolkit.
That's no major job.
Hardware encoding.
Huge thing. And then Wayland support yeah maybe a
little word you know like not knowing what the plan for Rust Desk was was ever going to continue
to be a good player something I could recommend even if we're not using it something to recommend
for other people because it was so easy to guess I mean I've used it to support you know my mom's
laptop in the past yeah so be nice to have it around uh we'll see how it does I'll be curious
to see exactly how they're implementing it too
oh man, oh it works good, I'm putting it back
on the kids machines, it's going to be so nice
the RDP stuff's been a little rough
oh I'm excited about that
well if I do it, I'll report back
I'll tell you how it goes
I'd also like to put a request out to the audience
for your thoughts on these most recent developments
in the REL soap opera
that we've been witnessing
unfold this feels like we've entered the beginning of a of a really new era and almost the player
that i'm personally the most interested in but i also worry and i'd like to know what the audience
thinks that this strategy may cost them those users that are truly looking for that kick the
can bug compatible i don't want to pay rel solution and will almost kind of get punished that are truly looking for that kick-the-can, bug-compatible, I-don't-want-to-pay-REL solution?
And will Alma kind of get punished for that strategy?
Or will they be successful because they're kind of doing it the legit Red Hat way,
which if I were in an enterprise,
I'd be wanting to work with a distribution that's doing it
the most legit, sustainable way possible,
which seems like what Alma's doing.
So I'd like to put a request out there for the audience's thoughts on that.
Now we're going to have to switch the studio to Alma.
I know, like, you know, like two episodes ago when we talked about all the RHEL stuff,
I felt like I had a really fine resolution on my thoughts.
On all these most recent developments, it feels a lot more vague.
And a lot of promises and just, I don't know.
Yeah, it's a little awkward.
Something we get to watch for, I suppose, a while to come.
Enterprise timelines, after all.
Yeah, that's true. It is going to, and the whole foundation has to get spun up. It's going to awkward. Something we get to watch for, I suppose, a while to come. Enterprise timelines, after all. Yeah, that's true.
And the whole foundation has to get spun up.
It's going to take a while.
Maybe by the time LinuxFest Northwest comes along, we'll see some serious progress, eh?
Eh!
I hope we see everybody at LinuxFest Northwest.
Details at LinuxFestNorthwest.org.
It's going to be in October.
We're going to have Lady Joops there.
We're going to have some cooking going.
Crew's going to be there.
It's going to be a great time.
And if you want a little more show,
remember we do get together every single Sunday
at noon Pacific,
3 p.m. Eastern
over at jblive.tv.
See you next week.
Same bad time,
same bad station.
And a very special thank you
to our members,
unpluggedcore.com,
where you can support the show.
You get an ad-free version
or you get the bootleg version,
which we really try to add
some value to that.
So I feel like you get
like double the show, which could be, if you want more Linux show, which we really try to add some value to that. So I feel like you get like double the show,
which could be,
if you want more Linux show,
maybe you're going to go on a long ride.
I don't know.
Get the member feed,
get the bootleg feed.
RV approved.
Yeah,
that's for sure.
Road trip approved for sure.
And of course we appreciate that because that support maintains production and
you can support all the shows.
If you really want to go all in at jupiter.party.
Links to what we talked about today are over at linuxunplugged.com slash 519.
That's the website with all the links and deets,
including that blog post from EndlessOS that goes into very expanded detail
about how that telemetry collection is going to work.
So if you really want to be informed on the nuts and bolts,
the Endless implementation is pretty solid, and they document it over there, is going to work. So if you really want to be informed on the nuts and bolts, the endless implementation
is pretty solid.
And they document it over there.
And a good portion of that
will be used by Fedora.
And love your thoughts
on that as well.
Linuxunplugged.com
slash 519.
You got it.
And of course,
the contact page is over there,
as well as our subscribe page
and all that other good stuff.
Thanks so much for tuning
this week's episode
of the Unplugged program.
And we'll see you right back here
next Sunday. Thank you.