LINUX Unplugged - 522: Practical Privacy
Episode Date: August 7, 2023Why Linux reigns for privacy; our recommendations for secure tools from chat to DNS....
Transcript
Discussion (0)
This just might get us working on those ESP32 projects again, Brent.
There is a really slick write-up about a privacy-friendly ESP32-based smart doorbell using Home Assistant for local integration.
This guy ripped out his Amazon Ring doorbell and built himself a little device for probably just $30 in parts total,
and then has it streaming to his Home Assistant instance.
in parts total and then has it streaming to his home assistant
instance.
There's a world of possibilities
with these little ESP32s.
I know we thought of a lot of ideas
but how do we not think of this one?
Because you've had that device on your door there
that you've hated for so long.
It seems like an obvious choice.
I know. I like to have a whole security solution
every square inch of jupes has got to be
monitored at all times. I do find it a little security solution. Every square inch of Jupes has got to be monitored at all times.
I do find it a little amusing that nine-tenths of the parts list still come from Amazon.
Hello, friends, and welcome back to your weekly Linux talk show.
My name is Chris.
My name is Wes.
And my name is Brent.
Hello, gentlemen.
Well, coming up on the show today, we'll make the case why we think Linux might just be the best darn platform to protect your privacy.
And we'll give you some recommendations for private and secure tools from your chat to your DNS and more.
your tools from your chat to your DNS and more. And perhaps most importantly, I hope, give you some ammunition to advocate for taking privacy seriously in your local family group, social
group, whatever it might be. Maybe give you some tools for discussion and whatnot. And then we'll
round it out with some boosts, some picks, and more. So let's say good morning to our friends
over at Tailscale. That's a mesh VPNpn protected by wire guard links all your machines
directly to each other builds a flat network in seconds we love it it's going to change your
networking game we don't have any more inbound ports on our firewall so go say good morning and
try it for 100 devices for free at tailscale.com slash linux unplugged 100 devices for free and
unlimited subnets tailscale.com slash linux unplugged. Well, boys, you're back.
We're not live this week because we did a little late start because Wes
literally just got in from the other side of the country.
Yeah.
Thanks for waiting for me.
Thank you for making it up here.
Cause it's like a two hour drive ish from the airport.
So it's a long drive.
Must go on.
That's true.
And Brent's back and better than ever.
Am I?
I don't feel better.
This time zone change stuff is really hard. Yeah. But I mean, connected better than ever. Am I? I don't feel better. This time zone change stuff is really hard.
Yeah.
But, I mean, connected better than ever, right?
Like, good strong signal.
Oh, I see what you're going at.
Yeah, yeah, yeah.
Some may remember that I ordered one of those Starlink devices before I left,
and it's just been sitting in a box for the last two weeks.
And it turns out it's great.
Chris, you've been trying to convince me for, since i moved out here to get this and of course you were right so thank you there's
a fantastic sales it was a great opportunity and yeah it's a much better connection than lte that's
for sure and now you're you're linux all the way through you're a linux laptop connected to a linux
starling dish connected to linux satellites which go to Linux ground stations, which are routed through a Linux running network, which is then connected into our Linux powered studio.
I feel so proud.
That's pretty great.
Yeah, it's pretty great.
We may have a meetup in Chicago.
I say may because I think we're looking to see if there's enough interest.
So check meetup.com slash Jupiter Broadcasting.
Alex is going to be in Chicago for DevOps Day.
And he's thinking maybe August 10th. Meetup.com slash Jupes Broadcasting. Alex is going to be in Chicago for DevOps Day. And he's thinking maybe August 10th.
Meetup.com slash Jupes Broadcasting.
And, you know, I don't know.
We'll see.
It's last minute.
If you're in Chicago, do it for us.
I mean, I wish I could be there.
Yeah, but you got to go and show some interest.
So ultimately this week, we really want to talk about privacy
and cover some tools that we can personally attest and
recommend and there's so many ways to kind of get into this topic but there's a new story this week
about the uk government and a new mass surveillance law and i'm sure those of you listening over there
are probably pretty familiar with this but it's called the online safety bill if the online safety
bill becomes law the eff argues that the bill would quote require content filtering as well
as age checks to access erotic content it also requires detailed reports about online activity to be sent
to the government end quote and there's always been this push we've seen here in the United
States several attempts to build in the ability for the government to access things like telegram
messages and iMessage and whatsapp and they want to have keys to get access to it.
And of course, the technically literate have always argued that if you build a back door
in for the government, it could likely be exploited by a bad actor or some other nefarious
purposes.
But there has been this push over the years to come up with legislation that gives the
government access in some lawful mechanism.
And there's different people on either side.
UK's Minister of Culture said that, quote,
the House of Lords reviewed the EFF's letter and said that, quote,
we expect the industry to use its extensive expertise and resources
to innovate and build robust solutions for individual platforms and services
that ensure both privacy and child safety by preventing child abuse content from being freely shared on public and private
channels.
So they kind of don't really have an answer when the EFF sent them a letter raising the
concerns about privacy.
It's a sort of a hand wavy answer that says, well, we expect these platform providers to
be able to come up with a solution that solves this problem.
We don't know what that solution will be.
And we're not funding that solution.
Right. Well, we assume that they will come up with some solution.
I remember about, I think it was two years ago now, Chris, Apple tried this very thing.
Did they not? And they tried to do a clever way to, you know, screen for a lot of this content
that they're suggesting they're going to be searching
for. And how did that go for Apple? I mean, it went pretty poorly. Yeah. Backlash. There's the
SISA scanning or whatever it's called. Yeah. And then a few years before that, there was quite an
attempt by FBI director Comey to get access to iMessage encryption after I think it was first
the Boston bombing. And then there was another sort of state terrorism case that they tried to get access ultimately they just went with an
israeli agency that could just crack the iphone and then they relented on their pursuit to apple
but that's because they got access to it from another means there's just a real strong drive
you know these agencies have a responsibility to deliver results and i think they view these
encrypted personal messaging services as hindrance to them getting
to the bottom of what they consider to be a very serious matter.
It feels like we kind of skipped the balance of, well, okay, we understand that, yes, maybe
this would, in theory, if everything executed right and you were doing what you promised
you could do, perhaps add some degree of safety in some sense.
But what about the, you know, the trade-off of being in a society and determining, you know, like what risks we want to
enable the kind of society we want to live in? And I think this is where I want to start talking
about a position that I've been wanting to take on the show for a while. And it's such a hard
topic to talk about, but I really believe that privacy is a fundamental human right. And you'll
often hear people argue, well, I have nothing to hide. so why do I care? I'm blasé fair about it. Yeah, I'm online already. I'm on social media.
Why do I really care? Well, I wanted to play a clip by Andreas Antonopoulos that talks about
privacy and why it's such a fundamental right. To what extent do we have a right to privacy in
our financial lives? Should we be incentivized to be public? Does privacy perpetuate or enable injustice? That's a great question. Privacy is a human right. It is also the fountainhead for all of the other human rights. If you don't have privacy, you don't have freedom of expression. You don't have freedom of association. You don't have freedom of assembly. I saw a really stunning picture, which was this
week in Hong Kong, they're protesting against the extradition law that China is trying to pass so
they can extradite dissidents to China and disappear them into the gulags. And so they're protesting
really, really hard, but they learned last time they did protest, they used their subway cards to track who went to the protests. So
this time they had lines
of people lining up
with masks on so they can't
do facial recognition in the stations,
buying tickets with cash
and using paper tickets that are
untraceable. They
learned an important lesson. Without financial
privacy, you don't have political rights.
And this happens all around the world. It can happen here just as easily.
So it's a fundamental right. We should not incentivize people to make their private
financial information public. Because what happens is, the people who are powerless will
be forced to make their information public. And the people who are powerful, who for centuries have maintained their financial privacy, including criminals, will elect to remain private.
They will put their bank accounts in Switzerland.
You can read their names.
They're in the Panama Papers.
You remember when the Panama Papers were released and we found out that the world's financial elite had been stashing trillions of dollars in foreign bank accounts and then all of them got prosecuted and half of them went to jail?
Oh no, they just killed the journalist who wrote the story and no one went to jail.
So you think they're going to give up their financial privacy?
No.
It's up to you to decide if you want it.
And does it perpetuate or enable justice?
to you to decide if you want it. And does it perpetuate or enable justice? Justice is a fundamental requirement for peace. Peace is not the absence of war. Peace is the presence
of justice. As Martin Luther King said, without justice, there is no peace.
Well, gentlemen, the question that always comes to me when I'm thinking about this topic is,
who are we trying to stay private from? Because
as we'll see, we have a massive list of tools and there's an even
massiver list of tools that we're not even going to touch on. And the question for me always
comes down to how much effort you put in versus what your, I suppose, threat model,
if you want to use some of the more modern terms to look at this.
So what do you think of that? Who are you trying to protect yourself from?
That's a question you can't really answer, because I think one of the fundamental issues we have today is that data collection, data that's collected today, can be used for future research and determinations
as systems get more compute and more complex so you really can't answer that
specifically you could name it i guess you could if you want to say i'm just going completely off
grid and i want zero fingerprints and i'm going to have zero presence and i suppose that's a line
you could draw but i think because the problem with privacy is so broad i just try to look at
it as how do i reduce my overall footprint, almost like I would from an environmentalism
standpoint, but I apply it to privacy. So how do I avoid things that might later on betray me,
essentially? And it doesn't necessarily mean I don't use Gmail because I have a Gmail account,
but I know if I'm going to transact an email that's truly private, I don't do it on the Gmail
platform. And I try to use the right tool for the right job. And so my perspective on the who are you trying to hide from is more like, why not just reduce your footprint
as much as possible in general? Because ultimately, the less information that's out there, the less
that can be collected about you, the less that can be determined about you, ultimately, the better
you are. And you can, once it's out there, you can never take it back. I mean, and things have just
changed so much. I think that's kind of what scares me in some of this is like you're saying stuff isn't getting deleted
it's getting spread widely now that we have the technology you know 100 years what it meant to
sort of have privacy and what folks could know about you especially as maybe you know not a
celebrity or a politician it's just very different now and I don't know all of the implications. And beyond that,
it seems like we've just opted into this new era
of default, it's shared and used.
It's like, I might be okay with some of that, right?
Like you're saying like,
it's a trade-off that I could be okay with,
but that's not part of the discussion.
It's just happening.
And now we're in the era of,
well, if you want to use our service,
you're also going to just quietly sign up
to let us use all of your data
to train our fancy AI models, regardless of if you want to use our service, you're also going to just quietly sign up to let us use all of your data to train our fancy AI models,
regardless of if you want that or not.
The other angle I think about surprisingly often
is about data breaches.
Even if you have a party that you have trusted
with data breaches happening every day these days,
some data you thought was private
can become public in a way that you never
expected. So I like your model, Chris, of trying to stay as private as possible in as many
circumstances as is reasonable, I suppose. And I think foundational to this discussion is it really
starts with using Linux and open source, because you have to be able to trust the fundamental
platforms that you're going to run your applications and services on top of. And I think even just kind
of taking a really broad swath at it, Linux users on average and on a whole, really regardless of
the distribution they choose for 99% of them, are going to be better off than a windows 11 user or the average android user or mac
or ios user because there's just a lot less pre-installed vendor applications that all have
analytics and monitoring and look at all the stuff that microsoft monitors on windows 11 or on the
ios platforms apple just loads their apps by default on their their photo software that auto
backs up to the cloud their photo software that auto backs up
to the cloud, their note software that auto syncs to the cloud, and they continue to add more
features. So even if by some chance you didn't just start using these apps by default, like the
notes app and the photo app and the calendar app, even if some, by some chance you didn't just start
using the default apps, they're always there. they're always getting new features they're always
kind of nudging you to use them always asking for you to start using them and linux users you know
you could install pop os or ubuntu or whatever it might be and yeah maybe there's some maybe some
really basic analytics on the system at worst and so I think just as a base average,
if you're starting with Linux and open source platforms
and you're keeping them relatively up to date,
that's a good starting point right there.
Yeah, there's the technical side of it,
just what exactly is collected and sent.
But then as you're saying,
there's something about just the culture of,
if you're opting into these tools,
you kind of flip the default
and now you're often asked, you're presented,
even if it is a default, you're still kind of told that it's happening.
I feel like that's a healthier way so that when you do then install whatever proprietary
software you do need to run, maybe you're already thinking about those things or those
features and problems stand out more.
Yeah, it's more opt-in.
Linode.com slash unplugged.
Head on over there to get $100 in 60-day credit.
It's a great way to support the show and kick the tires for real
while you're checking out the exciting news that Linode is now part of Akamai.
So all the tools that we love, like their beautiful cloud manager,
that API with all the libraries and documentation,
command line client that I use on the daily,
all the stuff that I love that we've used here at JB to build and deploy and scale. All that's available, but now they're combining it with
Akamai's power and global reach. They are the top tier network and they're expanding their services
to offer more cloud computing resources and tools while still giving us that reliable,
affordable, and scalable solution for a business, a project, or an individual of any size. I've
recently just deployed a new IPFS podcasting node on Linode,
and my math is really simple.
The moment something benefits from having a public IP,
I don't deploy that on my LAN.
I'm putting that up on Linode, and it's so quick and so simple to get started.
I did an Ubuntu LTS for the software I'm running,
and it's like just a few clicks.
And as part of Akamai's global network of offerings,
they're expanding the data centers in more locations,
giving everyone more access to more resources and help everyone grow your business or your project
or whatever it might be.
Maybe it's just a hobby.
So why wait?
Go experience the power of Linode, now Akamai.
Go to linode.com slash unplug to learn how Linode,
now Akamai, can help you scale your applications
from the cloud to the edge. It's been great for us and I know you're going to linode.com slash unplugged to learn how Linode, now Akamai, can help you scale your applications from the cloud to the edge.
It's been great for us, and I know you're going to love it.
Linode.com slash unplugged.
Now it comes to the practical side of things.
If you do want to start minimizing your footprint, you're probably going to need some non-standard tools.
aren't minimizing your footprint, you're probably going to need some non-standard tools.
We wanted to try and create something of a definitive LUP episode that would like talk about the tools that we use to try to implement these. I don't know if that's possible.
Probably needs to be something of an ongoing discussion because these things are going to
change. Hopefully there's going to be some new and better tools out there. And I imagine
there'll be some audience feedback that'll add to our list. I know one topic I've wanted to dive into, I was playing with a tool
here, but it's DNS. I'm relatively new at seeking out privacy over DNS. And I know, Chris, you've
been running a high hole for what is it years now. And I just recently dug my toes into that tool and I was kind of amazed and now I feel
really inadequate for not having used it for so long. But maybe we should explain how to get more
private with DNS and what the tools might be. Can you guys fill us in here? I'm kind of new in this
area. I think we don't really think about the information we are revealing with our DNS queries.
But every app you use, every website you use, everything on your network is constantly doing DNS queries.
And you can build a pretty decent profile of what a family or a household or a business has behind that firewall just by monitoring those DNS requests.
And, you know, often by default, you're just going to get whatever the, you know, maybe your ISPs friendly neighborhood DNS service. And I think we all know ISPs have a history of
being happy to collect our personal data. So there's absolutely a privacy aspect to it,
but there's also, this is one of those picks that will not only improve your privacy,
but it's going to improve your performance because just about everything from the apps on your smart television to your web browser or your banking app, they all do DNS lookups.
So if you take your DNS server and you put it on your LAN where it has an 8 millisecond response versus a 20 or 30 millisecond response or even 15 millisecond response, you're speeding every single transaction that happens over the internet up
and with something like piehole or ad guard which is also fantastic these are ones you can run on
your own land it'll prevent that traffic from really ever hitting your your uh end users things
like ads and malware and things like that so it never even gets downloaded over the network never
even transfers doesn't take up any uh extra bandwidth and piehole is the one i love i think it's really
solid and it's really just using bind and basic linux tooling under the hood and it's really easy
to understand what it's doing if you've ever used any of those tools but there is next dns that i've
heard recommended to us which is kind of this but on the internet you set your network to resolve
to next dns and then you log in and you can have filtering and block malware and adult content and all that if you want using NextDNS, which is at NextDNS.io.
But, Brent, I'm curious, did you notice any differences with PyHole?
Did anything not work?
Because that is one caveat, is you can subscribe to these blacklists, and it will sometimes break things that rely on the ad networks or whatever it might be.
It's a great question.
Anytime you change anything in your network, things break.
I wanted to play with this to see,
to have a bit more transparency into what was happening on my network.
I think if you don't have this kind of tool that's reporting,
you know, some of the traffic that's happening on your own network,
then you don't really know.
It's not a pie hole, but more of a black hole.
And so the thing that stood out the most to me was just watching what it was filtering. You know,
it has a wonderful dashboard that reports the highest hits and the things that it's blocking,
but also the, you know, the most sites you've visited and such. And just, I spent a surprising
amount of time just staring at that, just watching it almost live.
And that was really fascinating because it made me realize I have no idea what's happening on my own network.
There's a lot going on.
There's a lot of information through DNS.
I mean, you can just ask your ISP.
The other thing that's kind of slick about it is it gives you a good UI to manage DHCP if you want and reserve DHCP addresses, do name resolution on your LAN, all that kind of stuff.
So, you know, AdGuard Home is another popular one in this category.
Very solid.
One of the questions I had for you, Chris, then, is let's flip this.
Have you ever had issues with yours?
You've been running yours for a couple of years now, and I haven't run into any issues so far, but it's only been a week.
You know, funny enough, right around when I first started using Piehole, Fireside FM was getting blocked.
So I couldn't load the podcasting platform we use.
I don't know if it was the.fm domain or what, but they got resolved after a couple of months.
But that was, and I really haven't had too many problems since then.
But for show and tell, I brought in, I know I think you've seen these before, Wes.
I'm not sure if you've owned one before, but when you're on the go, we've really liked these GLInet Slate routers and the others.
Mine is just a little itty-bitty hotel room one.
Yep, I know this one well.
I definitely have one.
You can run it off a USB.
It's got three LAN ports.
It runs OpenWRT on here, or their version of it.
And I was told by the audience the later versions do in fact
support tail scale so great if i update this i can get it on tail scale and i have had really
good experience with jellyfin over tail scale which could be great for hotel rooms so i think
i'm going to take this with me to el salvador this is going to be my el salvador and it also
will be my ap and all that it's nice i mean maybe you just need to extend the you know the wireless
that's in there already uh or and add some protection also nice. I mean, maybe you just need to extend the wireless that's in there already
and add some protection.
Also nice, I find,
just if you want to be
that tech-friendly friend.
You know, maybe you're
traveling with companions
who don't have the skill set
to set one of these up
and are just going to use
whatever is provided.
Yeah.
I'd always rather use
my own Wi-Fi.
Plus, you don't have to
configure any of your devices,
right?
And they all just
connect automatically.
I will say I had two of those devices, the Slate,
and they were wonderful,
although I was using them in a way they were never designed for,
which was as my main router, don't do that.
And I burnt two of them out doing that.
So I would not recommend as your mainstay router.
Yeah.
The nice part is they're cheap enough to buy a couple of them.
You can have a hot swap spare.
That is my second, because for a little while, when I first moved into the RV, I used it as my primary router, too.
And it did burn out.
You and I both.
Just terrible.
Also, you guys know us, but just because we want to try to make it all in one episode, if you are considering a smartphone and you're concerned about the privacy implications of modern-day smartphones, but you need the things like maps or something like that when you're traveling.
I know this situation comes up.
We all really like graphing OS.
It has been super solid.
Wes and I are still daily driving it since November and I'm very happy with it.
You've even done like the whole new phone thing.
Yeah.
Replacement phone thing.
I didn't even think about switching.
I'm gonna, yeah, no plans to change anytime soon.
And the sandbox Google stuff works really well just basically has the same access any old standard
user app does and it's been really solid so i do i definitely want to give graphene os a mention
here there's a lot of solutions for mobile os's but man if they nailed it and they got a range of
pixel devices you could pick up a used one on a site like Swappa or eBay and, you know, $150, $200.
You have a really solid device.
It'll have updates for years.
It does still feel a little special to have.
I mean, that's the state of things, right?
It's like I'm still a bit in awe of the quality of the experience
without the downsides that we've had before on good hardware.
Yeah, yeah.
All right, let's talk really briefly about VPNs,
if there is such a thing as a brief discussion about VPNs,
because this is another part of this discussion with mobile data,
DNS,
when you're traveling,
I definitely rely on a VPN a lot more when I'm traveling.
I'll often actually VPN back to the studio.
Now I might use something like tail scale.
There's so many ways to do this.
You could roll your own,
throw it up on something like Linode,
use Wirecard.
But I think if you don't want to self-host,
I think the one that I feel comfortable recommending probably right now is the Proton VPN because
I've used that before. And I've used AirVPN.
Are VPNs go-to tools for you? Are you concerned about protecting your
day-to-day internet traffic? I kind of find them more useful as just a way to change
where I'm exiting. Maybe I don't trust an ISP, especially if I'm traveling or I, you know, I'm just getting
geo-blocked or something. So I, I don't know how much I endorse or feel super comfortable with any
of the, you know, we don't keep logs. There's some examples out there. You can try to pick
among them, but I tend to think of it as more of a, you know, like one add-on layer that you can
apply that has some, you know, some uniqueness compared to maybe you're exiting back at your
home ISP or use Tailscale to exit via Linode or something. And you might use all of those or two
of them or, you know, combine them as you see fit in the right situation, but they can all,
they can all be really useful. That kind of describes how I do it. What about you, Brent?
When you travel, are you firing up a VPN and whatnot?
Yeah, I typically do.
And for the reasons that Wes mentioned, just hotel ISPs and stuff.
When I was traveling to Europe this time around, I didn't have a SIM card again, so I didn't have my own internet I could rely on.
So I was kind of jumping from hotspot to hotspot.
And that gets really dirty feeling very, very quickly.
that gets really dirty feeling very, very quickly.
And so using a VPN just as much as I can just makes me know that at least I'm popping out
at a node that I'm familiar with.
It's not perfect, of course.
But what ended up happening at the little brunch
that I hosted with a bunch of listeners in Berlin
this last week was this exact topic came up of,
you know, is using a VPN in that way really makes
sense considering you have things like HTTPS now almost everywhere. And so does it actually make
a difference? Do you really need it? Is this an old technique that maybe we don't need anymore?
Like if you're using tailscaled access stuff that's, you know, on your mesh network, that's a
whole different story. But in the trying to protect your traffic,
do you guys think that it's still a good thing to do?
I think one nice part about it is it's sort of traditional
and decently well understood.
You know, when you start thinking more,
breaking it down to the components,
then you're thinking separately about my HTTPS connection,
what's all included there.
You're thinking about, you know, like,
is there encrypted, you know, host name involved?
Or what about the DNS side of things? So I think the VPN is nice for just the simplicity. there you're thinking about you know like is there encrypted you know host host name involved or what
about the dns side of things uh so i think the vpn is nice for just the simplicity i do think my
solution is more hodgepodge is i consider each tool and so i i frequently don't use a vpn but
i'll use a tool that i know is secure and designed privately and for the most part everything i do
over the web and apps,
I consider to be public.
It is nice.
I mean, especially in the Let's Encrypt era,
that's one great benefit of HTTPS being everywhere.
I did also want to add on the self-hosted VPN
or especially the fancy mesh style these days,
Tailscale, Nebula, et cetera.
It just ties nicely because a lot of the stuff we're talking about,
one of the options is self-hosting.
And the easier you make that for yourself,
like maybe you want to run something like a Pi hole,
well, you can use Tailscale to use that as your DNS server
even when you're on the go in ways that were a lot harder to do
before that technology was so easy.
That's definitely something I think everyone should consider
is we now live in a day and age where your Pi hole can go with you if you put it on like your tail net or your nebula network or whatever it might be.
And that I think could give you a lot of consistency for a name resolution on your tail net or whatever it might be.
And be like you could have custom DNS settings and block lists that work everywhere you go.
And I think that's really nice.
So that's sort of our thought about mobile data, internet data. But one other thing just before we completely leave phones that is really tricky, and I
think it's missed a lot, is if you're genuinely concerned about privacy, you have to realize
that push notifications are a major vector of data leaking.
You can use the most secure messaging application in the world.
But if you're getting push notifications that expose metadata about who and when and god forbid maybe even a preview of the message because remember
even if you have your phone set not to display the message on the lock screen or whatever it
might be it is entirely possible that metadata is still in the push notification but on the client
side is just simply not being displayed so So there is a lot of information.
If you think about what comes through on a push notification
that is getting collected probably by Google,
probably by carriers, and probably by developers.
There's not a lot you can do here,
but there is a really fantastic open source project
called Unified Push, unifiedpush.org.
And they're working on creating an open source push notification infrastructure system where you can elect to use a hosted one or you can host your own using a various different back ends, including one that runs on NextCloud.
So you could run a NextCloud unified push notification app that runs your own push notification.
And more and more apps are developing support for this.
And more and more apps are developing support for this.
Podverse, the GPL podcasting 2.0 app, is actively working on integrating Unified Push support so you can get Unified Push notifications about live streams and new releases if you want.
Well, that's exciting.
And the more apps that take advantage of that, that's just one more thing that can be private.
Those push notifications, I believe, are a massive leak factor.
And they're probably logged by Google and Apple too.
So just think about that.
We'll have links to Unified Push.
I think it's a project that needs more community support.
So I wanted to give it some love here.
We were talking about using the built-in apps.
I think a big thing folks need
is something like a private cloud, right?
A place to put all their things, documents,
be able to access them remotely.
And those, especially the ones that have broad adoption the ones where you can get the client on your phone and it's not some like you know fancy neat nerdy but linux specific tool well
you know those are often proprietary yeah i think there's a lot of options so maybe what we
maybe we should cover is what to look for in an app.
The client should probably be open source.
Yeah.
If possible, there's some audit that's occurred by somebody you trust
or somebody that seems to have a good reputation.
And ideally, they should have native clients for your operating system of choice.
Linux, ideally, Android, Windows, macOS, iOS, whatever it might be.
Then you look at the encryption that gets used.
You look at that kind of like what's their service retention, stuff like that.
I think reliability, does the tool work well?
Is it easy to use?
There's a lot of ways to crack this.
I mean, you could GPG everything up and throw it up on Google Drive if you want.
But the one that keeps getting recommended to us is Proton Drive.
Proton suite of tools seems to be pretty well respected. They got mail, VPN, and drive,
encrypted cloud storage, and people seem to trust that quite a bit. I have to be honest with you
though. If it's something like, you know, a wallet seed phrase or pictures of my kids,
I don't know. I still would rather self-host a NextCloud instance because ultimately I just have more control over that and I'm more aware of what that instance and that data is doing.
So for myself personally, I have opted to self-host that stuff.
But I think ProtonDrive seems to be really well respected.
I am a subscriber and I have used it and it's a pretty good implementation. It would be nice to have, you know, a relatively trusted offering because, you know, just to try and get even a tiny amount of folks off the, you know, the big ones.
Yeah.
Another one that's tricky in this area is email.
I have a lot of crap boxes and I have private email like on Proton.
proton um the bitcoin dad says that he loves simple login which makes it really easy to set up a bunch of bogus email addresses that are in front of your inbox and this is an open source
service that's running uh infrastructure done by proton and they open source the project
and so you could create vendor specific email addresses you know amazon at oh that's nice you
know pain palace.com and then it would go to your
main inbox, but you would know if Amazon sold that or leaked that or anything like that.
Simple, I think SimpleLogin also might offer Bitwarden integration. I don't recall, but
then it just creates a unique email address for every service you use. And then SimpleLogin
gives you a dashboard to kind of keep track of all that and manage it.
That does sound handy. And again, it's open source.
We also had a recommendation that might be up your alley, Wes.
Yeah.
I mean, perhaps you want to consider self-hosting.
There's a lot of reasons not to.
But one thing on our list to check out is the simple NixOS mail server.
You know, we have a mail server.
We don't admin as much as we should.
I'd feel better about it if it was running on NixOS.
I'd feel better about everything running on NixOS.
And email is one of those things where, like, you know,
there's the side about the association with your actual address,
and then there's also just the flow of info.
It's a hard thing to really have a lot of privacy
if you're not encrypting your email,
and then even then there's the metadata.
Thankfully, you can kind of split things up, right?
You could have Gmail for some things. You could have a relationship with a,
you know, an outgoing provider or someone to proxy in front of you that then you just
pull and have your own long-term storage. I think one thing about email for me is so many of them,
you know, if they are housed by this business, the sole business is an email, there's a lot
more incentive to, you know, use that to train their AI models or use that for advertising purposes. But if you find someone that's smaller, yes,
they can still see your email, but perhaps their incentives are a bit different.
Absolutely. I think that's the best compromise you can make with most email. And I don't look
at email as a secure communications medium. I regret that something like GPG over email didn't
really take off. It's really a shame
because that worked for me, but I think it was just too complicated. I feel like it always could
have been built in more to the clients too, to make it a little easier. So I've always kind of
considered email as a public medium just because of all the places it has to go through. But there
are some, there are some ways to solve that, I suppose. And when it comes to calendar, I think
we should touch on calendar and we'll touch on file syncing too,
just while we're kind of moving out of this category.
Brent, you had a solution for Calendar Sync.
I've played with a few things for a really, really long time.
I did, I've done calendars and contacts
using DevX 5 on Android,
which syncs to a Nextcloud server that I control,
which has been really super nice.
But I did recently learn about something a little different called EtySync, E-T-E-Sync.
It's doing end-to-end encrypted sync, very similar to how SyncThing would do it. So from client to client without the need for a central storage platform. And I thought that's actually a really
great concept.
I haven't tried it.
I'd be curious if someone has,
but the concept, at least, I think is really powerful here.
Yeah, and we'll give a plus one to DAVX5
if you're syncing to Nextcloud.
The nice thing, if you take the time and the hassle
to host this stuff yourself,
is then you can throw it all behind Tailscale,
and then you just only do it on the private network or all behind tail scale and then you you just only do it
on the private network or all behind nebula or all behind tink or whatever it might be
and then it's that's also another layer of privacy because that information isn't
being transmitted over the public net same thing you mentioned that really fantastic tool still
that i don't know why it doesn't get the love it should from the free software community
i've been using it for years and years it just works too well i don't know it should from the free software community. I've been using it for years and years. It just works too well.
I don't know.
It sits in the background.
It gets my files where I need them.
Yeah, it just works and it's protected.
It's secure.
I mean, I give that one a 100% recommend.
There's even desktop clients now.
Obviously, NextCloud is a more complete solution.
So if you need file syncing plus collaboration
and that kind of stuff,
and these apps that we've mentioned that has this app platform that lets you create your own authentication back in for a lot of this stuff or create your own push notification platform for this stuff.
It can replace things like Life 360 for tracking on maps. It's really, really comprehensive. And NextCloud can act as sort of this central authentication and hosting platform
that all of these different things can plug into.
So it could be really worth your time.
But if you just need the file syncing aspect of it,
something like SyncThing is a strong recommend.
And if you just want to securely send one or two files around the Internet,
well, then there's Send, which is, I think, a fork from Firefox.
Remember that Mozilla project?
Oh, yeah, okay.
Yeah, and you can send files directly using WebRTC to each other, I believe.
I'm not sure. Maybe they do an intermediate upload.
We occasionally also use Magic Wormhole.
We've had some great success with that if you're more into the tools on your desktop.
Spoil for Linux tools there.
Yeah, I love Magic Wormhole.
Yeah, there's a lot of tools in your desktop. Spoiled for Linux tools there.
Yeah, love Magic Wormhole.
Another tricky aspect of trying to stay in control
can be interfacing with the proprietary platforms.
You know, I'm thinking things like social media,
things like YouTube,
things that you can't quite get away from.
There's just, you know, there's just too many people.
There's too much conversation.
There's too much content.
But you still want to have whatever control you can claw back.
Yeah, or another scenario.
Somebody links you, hey, look at this juicy thread on Twitter, or hey, did you see this
post on Reddit?
It'd be nice if there was a machine you could throw those links into that would strip away
all the tracking, strip away all the JavaScript, and just show you the results without having
to have a login, right?
That's what these front ends are really kind of doing.
For our list, we had a couple of requirements. They need need to be open source they need to be self-hostable and they need to at least give you the basic functionality without having to
log in and there's a lot of options here guys so this is an area you could really nerd out on but
if you want a front end to twitter the one that seems to have the most momentum and i've used
extensively is knitter n-i-t-t-e-r it lets you browse twitter
content without a having a login you don't have to worry about javascript if you want that turned
off you could use something like the tor browser if you want and knitter will help you generate rss
feeds from twitter oh that is slick okay now and again you just you just run this on your own
instance it's really minimal you give it a
twitter url and it goes and gets it all for you and displays it in a much nice easier to read
clean layout to n-i-t-t-e-r there is also a ton of options for youtube front ends dozens at least
so if you're looking for a solution on the web but you don't want to go to actual youtube free
tube is great for that it It lets you essentially browse YouTube
maybe from behind a VPN or something
like that.
On Android, NewPipe is
pretty popular and quite useful. I know I
always keep it on whatever phone I've got.
A nerdy little thing that can
be nice too is they've got a separate
YouTube parsing
information gathering algorithm from
YT, DLP, those, that lineage.
So sometimes one breaks and not the other or vice versa.
So it's nice to have that diversity
in the YouTube scraping ecosystem.
Yeah, you get sometimes better results on NewPipe.
Yeah.
Yeah.
And it's also a better experience for downloading videos
and just kind of watching those offline.
And on iOS, there isn't NewPipe,
but there's Yate, I think, or Yate,
line and on ios there isn't new pipe but there's yachty i think or yachty y-a-t-t-e-e a privacy oriented video player for ios tv os and mac os tv support that's nice that is chris you set me on a
challenge a little while ago that i haven't really reported back on um in the browser you suggested
six months ago that i install lib redirect which kind of
brings a lot of these front ends into one place and does redirecting for you automatically and i
will say it kind of works uh occasionally it doesn't but they know that and they have like
refresh buttons and stuff like that so i would say if you're interested in just kind of tasting
some of these front ends lib LibRedirect as a browser
plugin is maybe a place to try it. How often are you bypassing it? You know, how often are you
trying to go to the source? Yeah, how often do you have to undo the redirect? Well, I will admit I
forgot what the extension was called, and I also have it disabled now. So I think that gives you a sense of how it's been going.
But I will say it is very customizable.
Let's say you only want knitter.
You can just leave that one turned on and turn off all the others.
So it's really customizable, which is actually really nice.
I turned it off one day because I was in a hurry and I wanted to, I don't know, I forget.
I was trying to get somewhere and it was sending me to the front end, which was broken on all the instances that I would try.
So I like refreshed five times and they're all broken.
And I was like, all right, I just got to get this content.
So that, you know, barring that experience, I think actually it was fairly good.
NVIDIUS was also a front end for YouTube that is quite popular and works fairly well.
So it has a giant list.
So I would say that's a really nice place to start.
Oh, yeah.
So we'll put a link to LibRedirect in the notes.
And then perhaps the way to do it is just turn it on for a few of them,
the ones that you're most concerned about.
Try them out.
Yeah, could be a great way to go.
Hey, here's a quick one.
I've been playing with Aegis.
Have you guys seen this?
It is a open source two-factor authentication app and what i love about it is if
you have a next cloud back end it can auto back up the whole app to next cloud and then if you
need to reload your phone you just get everything set up get the app on there and it'll just re-import
that backup and recover all of your two-factor keys right there in the app no third-party cloud
required that is nice.
That is very nice.
I admitted to Wes a couple weeks ago that I was looking at Aegis
and that my 2FA game is not the greatest.
I just store all the 2FA in my password manager,
which is kind of defeating the purpose, maybe.
How do you feel about that?
If anyone's not taken on two-factor authentication, is this
the place to start? It depends on the app and how much
I care and the site. Sometimes
for convenience or if it's like a business
login, it's nice to have it in the password manager.
And you can always have
separate password vaults, too, if you want to have a little more
security isolation. But
you might also want something to bootstrap
yourself to get into one of those vaults
with 2FA as well.
This could be great for that.
Yeah.
I think it's got a nice clean UI and I love that it's open source.
There's options out there, but you want something that's free software and something you can do your own backups and check on them.
So Aegis is the win for me.
A-E-G-I-S.
Link in the show notes.
And then just two choices for secure communications which is the subject
out of all this list that i take the most seriously because i'm thinking about it in terms
of what am i going to chat what what am i going to use to chat with my family and my kids for you
know five years with trusted correspondence yeah like just small stuff in there just little day
things the everyday things in in a family you know that you just don't really want public though and so we're thinking it's this a it's got to be open source it needs to have
whatever we pick it should have end-to-end encryption it'd be ideal if it supported like
element does unencrypted and encrypted chats but you could do encryption by default like
those types of options where the users don't really have to think about it but they just get
something that's kind of secure by default. Obviously, elements high up there on our list, but that's a
big haul to get private communications going between a group or a family or a business,
maybe a business. Maybe if you're a business, elements probably worth it. But the one that I
keep coming back to that has been such a win since we talked about it on the show, is Simplex, or SimpleX,
which is a private and secure messenger with no user IDs,
no phone number required,
and it uses a really clever relay system to make it very, very hard,
nigh perhaps impossible,
to track people and messages.
And they were audited in 2022 by Trail of Bits.
I've heard of Trail of Bits before.
Yeah, it can be tricky to assess the audit thing.
I do think there's something to at least, you know,
they're seeking that out.
They're engaging with the process.
There's more folks, in theory,
It's better than not being audited, right?
Yeah.
I'm impressed with Simplex
just in the sense that it's fun
seeing folks, you know, like these fresh iterations
as technology and encryption
technology improves, both on the sense
of, like, better security and privacy,
but also just on, like,
how convenient that can be.
I think I still have maybe a couple concerns, or I
need to be, like to have some prepared stuff
about, like, here's how we use this chat,
here are the limitations
or the risks of, you know,
you've got to take care of your keys or whatever else.
Yeah, you've got to link devices.
You can do that remotely, but obviously
it's a little more ideal to just do it by QR codes in person.
But that's, I mean,
besides that, it just feels like a normal
chat app that I feel like I could
introduce to family and they wouldn't they wouldn't think it was weird yeah UI wise it
totally is like it's like telegram light if you were to cut telegram back to the early OG days
and that's the thing about these right is you gotta a lot of the people I correspond with
don't listen to the show don't install weird apps on their phone by them for the most part yeah
which is I suppose good this is one where i feel like people listening to this show maybe have a little influence in
their social group or in their family or their place of work where maybe they could push the
needle a little bit towards using secure chat like this like if you've got a friend group or a family
group that wants to start coordinating on telegram you could use simplex instead and they got nice
features coming a desktop client is in the works
it'll be essentially a lot like the mobile client but built for desktop but that's going to be nice
to have a desktop version they're reworking groups to support thousands of people in groups and
they're also coming up with a self-hostable directory bot so we could have like a jupyter
broadcasting directory bot that could be added to a chat and you could try to query it to get like brent's handle or whatever so there's a team behind this that kind
of has a goal to monetize via working with businesses to provide secure messaging for
businesses okay and they believe that will sustain development for the entire project
and so that's how they kind of i think intend, intend to monetize it. So they have a path. It sounds like it's not ads, it's not tracking,
it's working with businesses to implement this for them through contracts.
And they've got a couple of funded developers behind it.
I think it's going places.
I just recently watched an update for them
and I really think they're addressing the feedback that people have given them.
And as long as I've been using it, which has been months now,
it's literally been getting better and better.
So I'm transitioning the whole family.
It was pretty easy to set that relay up too.
How are we feeling about old defaults like Signal?
I'm a huge Signal fan
and I converted my whole, I don't know,
extended family a while ago.
But what's the general consensus on that as an option here?
I think there's a lot of folks who, you know, there's issues with the control, the centralization of Signal.
They've obviously done a lot of good, right, in introducing some of the protocols that have been widely adopted beyond them.
So that's great.
And I think it probably depends on what are your goals, what are you trying to keep private, and who are you?
Because it feels like it's kind
of maybe like in the proton camp of it's it's a service that exists out there it's more than that
there's open source i'm not trying to limit it to that but primarily it's a service that you
interact with that at least has the right ideals and goals in mind but there is some third-party
trust involved um and then a lot of these messaging programs require a phone number or a user id
which you know we could talk
about it from a privacy standpoint but it's also just a non-starter for kids you know or people
that don't have phones they they get completely left out and so when you have a system like simplex
that doesn't require an id and doesn't require a phone number it means it's literally available to
everyone and you can have multiple accounts too if you want you don't have to have multiple phone numbers associated with it.
So I really like that.
I like that you can self-host a relay if you want,
like we have chosen to do.
You can also just choose to use the public relays
and you're still going to be secure.
It also seems like there's incremental things,
like better signal than using SMS messages.
Definitely.
Now, Simplex has a couple of different options for
push notifications because that team
also recognizes the
sort of data leak nature of push notifications.
And one of the most
aggressive ones can, you know, it'll
eat up about 2% of your battery
in a day, depending on your device.
For me,
since using my phone for private
communications with my family
is like the number one thing I use it for,
I'm totally fine with that trade-off to have absolutely secure private messaging
with private push notifications.
But that's just something else to consider.
Simplex has a couple of different options there when it comes to notifications,
depending on your level of comfort and battery and all that.
Yeah, I think I was playing with the one step down from that in terms of frequency.
And that was, you know, it wasn't as immediate as maybe it could be, but like within a very
reasonable time frame.
Yeah, that's what I had used it on for 90%.
I only recently just turned it up because I thought, now this matters.
I want this up.
I didn't turn it up because I needed to.
I just turned it up because I wanted to.
Turn it to 11, Wes.
We'll have links to all of this, plus really great resources like privacyguides.org,
privacytools.io, and others linked in the show notes.
So definitely head to linuxunplugged.com slash 522
to get all of those.
And do let us know your recommendations,
your feedback and thoughts on the tools that we've picked,
or any just quintessential low-hanging fruit
that you think we missed.
And we'll do some follow-up in next week's episode.
Collide.com slash unplugged.
If you work in security or IT
and your company has Okta,
I've got a treat for you.
I have been there
and I have noticed over the years,
I'm sure you have too,
that the majority of breaches these days
come from low-hanging fruit.
Maybe it's unpatched user software. Often now it's credential phishing. Somebody ran
some ransomware with credentials on the network. And it typically comes from the users now of all
different levels on the network. And I guess it's not really their fault, right? It's the solutions
that are supposed to prevent these problems, but it doesn't have to be this way. Collide.com
slash unplugged. Picture a beautiful
world where only secure devices can access your cloud apps. In this world, things like phished
credentials, they'd be useless to hackers because every OS, even Linux boxes, can be managed from a
single dashboard and you can guarantee they don't connect to your apps and your network until they've
passed the on-device checks. It doesn't
have to be fake. It doesn't have to be imagined. It doesn't have to be pretend. There is a solution.
You don't have to imagine it. This is Collide. And you can go check it out right now at collide.com
slash unplugged. It is a device trust solution that's better. It works with the staff. It checks
the device and makes sure it is trusted and secure
before it can log into your apps. So it should be preventing issues before the user's even connected
and help guiding them through it. Go see the demo. They make it really simple and clear at
collide.com slash unplugged. It's a great way to support the show and see how it all works.
That's K-O-L-I-D-E dot com slash unplugged.
works. That's K-O-L-I-D-E dot com slash unplugged. We love reading your email, so if you'd like to send us one, linuxunplugged.com slash contact is the place to go for that. Adrian sent us one,
asking for a little advice. I've been a fan of the show for two years now, and I find fun and
fascination in tinkering with every single bit of
technology. That said, I'll be starting my four-year PhD in November, and I think I should
switch up my system to be as reliable as possible during that time. What distribution would you
recommend to me for use to set it and forget it for the entire duration of my PhD and with support for the whole studies program.
I'm willing to wait to set it up, but I don't want anything to change during my studies.
Also, no nicks.
It sounds impressive, but I have no time to learn it on my own machine.
Maybe I'll get an old used laptop or something to tinker with it there.
Thanks for the
advice, Adrian. I think any of the long-term support Ubuntu-based distros could be an easy
answer, and you're not going to go wrong there. I also think you might put some thought into
backups, restore, snapshots, depending on your level of comfort and skill, being familiar with, you know, if you want reliability,
having an easy practice path to say, you know,
oh, something changed on my system that I don't like.
I need to get my work done right now.
How do I go back to a known state?
Because I don't really need that update.
That's the number one recommendation.
Because when you're a new Linux user
and you're like, you know,
Adrian here in the middle of trying to get a PhD,
when things break, you're not in a place to be like,
okay, this is a learning opportunity.
Let's tinker with this for two days and figure out why it broke. You are in a position of,
I need to get this working again as fast as possible.
And the fastest way to resolve this new weird issue I'm having
is to reload the distro.
And there's no shame in that game because I'd rather you do that than switch back to Windows.
So I think Wes's point is a good one is whatever you switch, just make sure your restore and recovery practice is good.
And then you can even just keep up and stay current if you want to.
Then you could consider something like Fedora.
If you're really looking for low and slow and just let it ride, something like an LTS will go for five years, you know,
and SUSE has equivalents.
I mean, hell, even you could make a desktop out of CentOS Stream.
But I think something like an Ubuntu LTS or a Mint
is going to be a kind of middle-of-the-road answer,
but you're not going to go wrong.
Like, nobody's going to get fired for recommending that.
Yeah, well-targeted by, well targeted by a lot of different
software that you might need. It also sounds like you kind of
already have some good discipline around how you're using your system.
So playing around more with having easy
containers or virtual machines that if you are trying to make some quick modifications
you don't do that on your main system if it's not easy to roll
back. That can be a nice way or just
as you say, have a whole tinker machine and a work machine.
Might I recommend the opposite here?
I'm tempted to recommend the thing I'm using, of course.
But Butterfest rollbacks with OpenSUSE at Tumbleweed,
just a rolling release that just keeps on ticking.
That's been surprisingly good to me. So I might suggest that as a temptation
a bit more in the risky category, perhaps.
I kind of like it, though,
because you get a more modern set of drivers.
So, you know, if you've got a laptop you already own
or something like that,
you're going to probably have a better time
with a newer kernel.
And then the one thing that's really been true for me,
having used Linux on the desktop since
97 ish the ones that have remained the longest functional installs have been the rolling distros
and so if your ultimate goal is to set it up once and you're willing to roll back or fix from time
to time i think there is some logic to Tumbleweed there. Especially, you know,
maybe it depends a bit for me sometimes.
If it's a system that I only use sometimes
and I want to kind of come back to and I'm not using
all the time, Nelts is
more appropriate, or at least it
has more of a higher chance of being
chosen. But yeah, if you've got a work machine that you
spend most of your time on that you want to,
you don't mind keeping up a little bit,
but otherwise you can kind of fit
to your workflow very nicely.
Arch, Tumbleweed, something like that
could be really nice.
Let us know.
Let us know what you pick.
And then I'd also love to know how it works out.
And now it is time for the boost.
Before we get to the boost this week,
I wanted to just cover a quick update
from the Albi developers.
That's the Get Albi extension
that we mentioned quite a bit.
I'll probably cover this further on Coder,
so just a real brief mention here.
But guys, if this isn't what I've been hoping to see,
the Albi team has officially released a new tool.
It's called PackageZap.
And it gives a way for Node.js developers
to easily fund the packages
they're
relying on for their project using the lightning network uh albie has figured out a way to use the
noster connect protocol the as nwc as it's known to connect noster clients to lightning wallets
they're going to use the same now for this node.js plugin and so it could be a way to send some value
back to open source developers now it's no js
so it's early days you know it's like okay doesn't really move the needle for me personally
but some of the big stories we've heard about these massive linchpin projects with one developer
who's been chronically under defunded those were no js packages so this is great to see. Package Zap, PKG Zap. And I hope this is the start of something that could really revolutionize paying open source developers for their hard contribution.
We sure need something.
And with that, we get to our first boost this week, and it comes in from some guy named Brent.
189,426
sats using
Podverse. He says, first time booster,
long time hoster.
I think you mean hoser.
He says, I'm sending in 50 euro boost
bounty from Craftnix for packaging
Paul's Knicks release. I love
this community. Right, so this was the
$50 euro note that you got.
You've now successfully converted it into sets and boosted it into the show,
which then splits right back out to you again.
Well, only part of it.
I want to say our community found a way to package some Knicks stuff
while also boosting into the show as a thank you, as a boost bounty.
It's like, we never thought this would ever happen. It's just you guys are inventing all sorts of things. a thank you as a boost bounty it's like we never thought this would
ever happen it's just you guys are inventing all sorts of things so thank you for being creative
that is fantastic and it completes the circle tech geek boosts in with 132 832 cents i hoard
that which your kind covet i finally gave in i'm going to try NixOS.
I've been hearing about it so much for so long,
I'm going to have to try it out.
I'm a long-term Fedora user,
and I still love that distro,
but I'm going all in.
Keep up the good work,
and drop the first digit in my boost
to get my zip code.
Uh-oh, get the map out, Wes.
Oh, good good you brought it
you came prepared all right so looking on the map where is uh tech geek at let's see so we drop the
one three two eight yeah three two yep carry the two looks like that's uh orange county florida
somewhere uh orlando lake heart you know i've always wanted to visit Jupiter, Florida, just because of the name.
Oh.
I thought, how cool would it be to do a podcast from Jupiter, Florida?
So, Tech Geek, if you've got any Florida hookups for RVs, because I know how busy it can be and crowded it can be down there, let me know.
And let us know how the all-in with NixOS goes.
Yeah. Yeah. Also, a little hint, self-hosted, I think it's 103, the one coming out the Friday of this episode,
Alex follows up on his NixOS journey, and it's positive.
Hybrid sarcasm boosted in 97,000 sats from Castomatic.
Hey, this is my first boost from Castomatic using my Albi wallet.
I'm just keeping that boost train rolling.
Hashtag 1 million sats challenge.
Thank you very much.
And here's something for your trouble.
Nice.
First boost from Castomatic Hybrid.
Nice to hear from you.
Cairo comes in with 66,666 sats.
I wonder if he realized he was nailing that total because it's across two different boosts
using Podverse.
And Cairo, I got this just for you because I know I'm always saying your name wrong because I think it's actually pronounced Kiro, which rhymes with hero.
But here's why I always get it wrong.
I thought you're such a solid booster.
I would go find this station identification for you.
So you at least knew what I'm talking about all the time.
K-I-R-O-F-RO FM 97.3, Tacoma, Seattle.
Your world.
See that?
How do you not get that stuck in your head, right?
So that's your, there you go.
Kira, you got your own boost sound bite now.
I'm pretty sure they had an idea, because look at these stats mounts.
5, 4, 3, 2, 1, and 1, 2, 3, 4, 5.
You're right.
You're right.
Well, they're right.
I just got my first paycheck for a new job.
I landed as a senior full stack dev.
I made a big impression during the interview
when I mentioned I've been daily driving Linux
on my personal computer for almost 10 years.
Interviewers do love that.
It shows initiative and willingness to learn.
And that's really what you want from a candidate.
He says the 10-year-old Linux romance started
and has continuously been fueled over the years
thanks to all the shows on Jupyter Broadcasting.
Also, LogSec is absolutely the best.
Hey, Wes, you got one.
Woo!
I finally moved away from plain old markdowner text files, which is what Brent and I use, like animals.
But it's so much more powerful, so much easier to locate things.
It is a game changer.
Glad to hear it.
Yeah, LogSec gang check in.
Now, are you ready for this one?
I think I know where this is.
This one's got a Canadian flag,
so make sure you open up the upper area of the map there.
Is that a moose?
Yeah, okay.
Definitely a moose.
This is a postal code in Toronto.
Oh, great.
Shout out to Toronto, Kiro.
Thank you for boosting it. We call it Toronto. Oh, right. Of course to Toronto, Kiro. Thank you for boosting in.
Oh, we call it Toronto.
Oh, right.
Of course.
We need the translation.
Thank you, Brent.
Yeah.
The Dobstopper boosts in with 60,218 sats.
Boost!
Well, it's a zip boost.
We'll come back to that.
I give up.
My long-running server, running Ubuntu, finally broke.
Oh, no.
After years of tinkering and figuring things out as I go.
I wiped that machine, and I'm installing NixOS.
Amazing.
This box runs Home Assistant in a virtual machine, Plex, and other services I rely on,
but also my fiancée.
She came home from work and was like,
why doesn't the light work?
And that was it.
Yep.
I need NixOS for when I break things.
It is nice to go back.
Yes.
Oh, it's so bad when you have systems that don't work correctly.
Like, I call that like the dad shame moment.
Like when they go to hit the button and the light doesn't turn on.
Or the other day we had Jellyfin crap out on us during a movie.
The last 20 minutes during the finale.
And it was a long movie.
That's rough.
I feel you, man.
They do go on to note that Ubuntu served them well.
But the install got cluttered in the previous projects.
It never got cleaned up or fully removed.
So that's especially why they're looking forward to the NixOS journey.
Also probably going to switch my laptop to Nix as well.
I just need things to work.
You know, this is such a familiar story that I heard like at least three times at the meetup that we had in Berlin recently.
It's this is this is the new way.
This is the way.
Oh, and that was a zip code boost.
Oh, right.
Was it?
OK, good.
I'm glad you caught that.
Here's the map.
Yeah, I need my supplies here.
It's so big.
I know.
I don't know why we got the big one.
We don't we don't need to make a map for it.
That was such a bad idea.
Blanket Fort was way better.
How about Evanston, Illinois?
Yeah, all right.
Hello, Illinois.
How's it hanging over there?
Let us know if we got it right.
Our dear listener, listener Jeff, that is, boosted in 25,000 sets and simply wrote beer popcorn hearts.
Coming in hot with the boost.
I mean, I love those things.
I love those things. I love those things.
And we love you, Jeff.
Magnolia Mayhem comes in with 10,484 stats from the podcast index.
I've been stacking stats lately.
I just had to boost in on this one.
It's less of a tip and more of a prompt, but I feel like Tor has been getting less attention than it deserves over the last few years.
I know there's been some bacon fried by certain people, but I never put much weight on those claims. There's plenty of evidence
that it's safe enough. I've absolutely had to frame everything in terms of a tip. I'd say,
well, people should know about Tor Socks. From what I remember, it's a utility that you can spin
up a shell that wraps any application launched from it in Tor, though it's been some time since I actually played around with it.
Also, this boost amount divided by 2 times 17 plus 1 is the zip where I was
when I first joined the old-time JBIRC back in 2015.
How about that?
Well, I got to make up for this drunkle from the last time.
Yeah.
I'm on it.
This is Clark County, Nevada, Las Vegas.gas hey come on hello las vegas boy i bet it's warm there right
now zac attack boosts in with 9999 sets coming in hot with the boost in response to your challenge
i didn't even know this till monday after listening to the podcast, but the newer GLI net routers with firmware 4.2 or higher of tail scale built right into the app section.
There you go.
4.2.
That's the version number you need.
I did not know that earlier.
Thank you, Zach.
I'd be curious if Jellyfin works the way you're thinking.
I might try.
I may try it myself the next time I am out with my next cloud server away from home.
Well, I definitely can confirm that Jellyfin over at Tailscale has worked great on my phone.
So like when the wife and I will go out and get,
every now and then we'll get a burger at the best place in America to get a burger,
Skagit Valley Burger Express.
And the problem is, is they got like, because I've talked about it,
and you know, maybe because the food's good i don't
know they've gotten some uptick in customers and so for some reason now the line's a lot longer so
what i do is i show up with the old phone and the jellyfin and we just watch the boss yeah we just
watch a little who's the boss while we're waiting for our food it's great so i can confirm that part
works really well we got a boost in from Hasnap2000Satoshis.
Hey, I think I heard that Chris uses Nix and Android now.
Oh, I didn't know if I'd mentioned that.
I think you mentioned it more than twice, actually.
Oh, okay.
Well, how about combining them?
The Nix Android app forks the UI from the Termux app, but but replaces the Turmox distro with NixOS.
It was actually my first experience with Nix. I had a long train journey without a laptop,
so I used the opportunity to read up on Nix and set up a basic config with Home Manager.
I even got NeoVim with GitHub Copilot set up and used it as the ultimate autocorrected prototype
of a project on my phone's little keyboard.
I haven't used it much since that initial tinkering,
but I find it really useful for running occasional scripts on my phone with the
next run command.
Oh,
and of course it's packaged on F droid.
All right,
well I'm installing this right now.
Yeah,
this screams West pain.
Um,
I actually came across this just a day ago.
I don't know if it was because I saw has his boost come in or if I just, I can't remember, but geez, I love this. This is so, so, so, so, so, so slick. Definitely want to play around with this. And we'll put a link in the show notes to the F-Droid implementation.
Any ideas what you would do with it first?
Well, first thing is to get Docker running on your phone, obviously.
I'm just thinking like the troubleshooting utility,
you know, all the command line scripts,
all the things in Nix,
and because like, you know, Nix run and flakes.
Yeah.
That's so flexible.
Are you saying I should run a pie hole on my discarded Android phones with bad batteries on them?
Would you do that?
There you go.
You better try, yeah.
Yeah.
I mean, what are you going to do?
Just not use them as home
servers? Right.
Beowulf cluster. The show mascot,
the Golden Dragon, comes in with
lucky 6,666
sats.
Across two booths.
You're right, so I found out that you can top off
your fountain wallet with your fountain
address right from the Zeus app.
I'm now boosting with power.
Can't wait to see you guys at Linux Fest Northwest.
Side note, Zeus wallet app, very good software.
High, high marks from Chris.
And you can connect it to your own private node or you can connect it to your Albi account.
And then you can use it to move sats in and out of your lightning or out of your albie account and all that because all this stuff is an open network you can stack stuff you
can use different tools it is so fantastic also golden dragon saying should i design a challenge
coin yes we very much want a challenge coin we just never get off our butts and he'd like to know
what our recommendations are for clothing coming to LinuxFest Northwest.
He's wondering about the weather.
Dress in layers.
Yeah, I would prepare layers.
Because in October, you can have beautifully sunny days with a light breeze.
And you can have gray, cloudy, rainy, awful.
Because we're kind of on that transition.
You'll probably see some nice fall colors.
It's generally a very pretty time to be here. Like if,
if I was only going to be here in the Pacific Northwest when it's nice,
I would stay till the end of October.
And then I would probably get out of here like November and,
and I would come back like February,
April ish.
And that is the window of time where like right now,
this is one of the best places in the world to live.
You know,
it's mid seventies.
It's warm in the studio, but it's mid-70s.
It hasn't rained in two months.
It's just gorgeous.
It's about to rain, though.
And in October, we're transitioning out of that.
It's going to be potentially rainy.
Could be nice.
So just kind of prepare for layers.
But not like super cold, you know, 50s and 40s.
Yeah, a t-shirt that you throw a flannel over, right?
Because you want to fit in when you're in the Pacific Northwest.
I would like to observe that this is the second set of boosts that totals the devil's Satoshis.
Six, six, six, six.
You mean the lucky Satoshis?
I don't know.
Sorry.
Lucky Satoshis.
Yeah, yeah, yeah.
Just a quick note.
This episode is doomed.
Just a quick note.
This episode is doomed.
Limiting factor, my favorite general offensive unit,
boosts in with 16,000 sats.
My privacy tip is to install only the bare minimum of apps on your phone,
since we know that they're used for data collection and fingerprinting,
for shoveling targeted ads down your throat.
Just use the crappy web-based version, and as a bonus,
the web version sucks so you won't spend as much time on that social media platform.
Plus one to this.
Honestly.
Yeah.
I will add to that as well that you should audit the apps you have installed every once in a while.
Like, there's probably a collection of apps on there that you're not using anymore because you used them, I don't know, two, three years ago or something.
I have not had the Facebook app installed since the iphone 7 um and i you know when i switched over to graph
you know it's i don't know if you know this but i run android now oh um yeah never never even
considered the instagram stuff never have installed tiktok never installed facebook never because if
i for some reason needed to i would just i'd open in a private browser tab in Firefox on the mobile device that is a great easy tip limiting factor and my wife does this too to
limit her Facebook use she deleted the app and she just uses the website because it does kind of suck
she hardly ever uses it totally works grounded grid boosted in with 13,760
greetings from the birthplace of IBM.
Though, that's still kind of a sore
subject around here. I've been meaning to
make a zip code boost for a while, so
have some demographic
info. Computers are mostly
a hobby for me. I also enjoy
amateur radio with vintage and home
built equipment. I use Linux at work
as a diesel mechanic to eavesdrop
on CAN bus traffic
and run a digital lab scope. That's so cool. Well, I'd love to know more about that. And is it only
diesels you can do that on? I knew that was coming. Yeah. I know there's lots of goodies on that CAN
bus. All right. Did you bust out the map there? IBM seems to be based from Endicott, New York.
New York, huh?
New York.
All right, all right.
I just won't get my salsa from there.
Eric comes in with 2,500 sats.
Hey, guys, I finally installed NixOS on my main workstation when it finally arrives.
Oh, he's going to be.
Arch is great, but the cruft is starting to get on my nerves.
I'm also going to try out that Git2i after you guys recommended it and i'm loving it wow the nix train is going strong i know it's
really something thank you everybody who boosted and we can't get to all of them this week for time
but we had 17 boosters 22 boosts in total amazing and we brought in 64,743 sats for this episode, which we're absolutely thrilled about.
Thank you everybody for supporting the show. This is gaining momentum and it's something that is
extremely gratifying because if you look out over the next few years of where this medium is going
through massive transitions, and so to be absolutely aligned with our audience is extremely
rewarding and it's motivating too. If you'd like to boost into the show we'd love to have you participate you can keep your podcast app if you like just get albie get
albie.com you top it off in app we're using something like the cash app or strike or i don't
know robosats go crazy and then head on over to the podcast index look up linux unplugs you'll
find our entry over there right there boom embedded in the web page they got a boost
little thing ready to put a message in your center right in there it's great you're ready to try the revolution and
we've got some podcasts here on the network they're going to be taking advantage of these
features very soon go get a new podcast app at podcastapps.com something like fountain
podverse or castomatic whole new world of experience and features in there and a brand
new way to discover new shows too so those are all at podcastapps.com.
Either route you take, you can boost into the show and we really appreciate the support either
through the boost or from our members at unpluggedcore.com. Well, how about a pick?
InvidTui is an NVIDIA's client which fetches data from NVIDIA's instances and displays a user
interface in the terminal. Yeah, that's instances and displays a user interface in the terminal.
Yeah, that's right. How about some YouTube in the
terminal? Yes, please.
Also, I think gives you some options
to do some downloads in there
and whatnot. Open
view edit and save M3U8 playlists.
Oh. Yeah.
It also queries the NVIDIA's API and can
select the best instance for you.
You can point it at yours if you'd like.
Seems pretty handy, and
maybe it'll look like work when you're just watching
something in the terminal. Yeah, you know,
that's the nice thing about it, is it always looks legit
and official. But NVIDIA's is
another great YouTube front-end that you can also
self-host, or you can use one of the community-run
instances, and then this layers
on top of that. Which is so cool
when you have all these open-source things just building and tying up each other.
Yeah, it's so great.
We'll put a link to that in the show notes.
You know, this is a massive, massive topic.
It's been, I've never been more nervous for a show probably since episode 500.
Because, like, how do you do something like this justice?
And how do you make it appealing to people who don't think privacy is an issue?
how do you make it appealing to people who don't think privacy is an issue?
And then how do you actually manage to list all the tools and go through all of that without leaving something out,
which I'm sure we did.
So please Linux unplugged.com slash contact,
or even better send a boost in and let us know what we should have covered.
Maybe we do a part two down the road or if nothing else,
just a real brief followup next week with some of the biggest ones we've
missed.
So we'd really like your feedback on that.
And of course, we're looking forward to seeing all of you at LinuxFest.
It's coming up in October, linuxfestnorthwest.org.
They're going to be looking for community sponsors soon.
So if you are out there in your business, it's in the open source space,
and you want to get a booth and help support LinuxFest Northwest, check out their website.
They're going to have details for that soon.
There's going to be a call for community sponsors.
This has been a discussion that we've been having internally.
Traditionally, the revenue for Linux Fest to like pay for the venue and everything has
come from commercial sponsors.
And with the fest taking a year off and just kind of the market the way it is and just
kind of my priorities, we just really think in total community support's the way to go and there's really reasonable pricing
for an open source project
to get a booth
and have some good representation
on the floor at LinuxFest Northwest.
I don't know if they have the info up yet.
I probably should have checked
my messages this morning,
but it'll be at LinuxFestNorthwest.org
if you're out there
and you think you might want to participate.
As for us,
we will be live again next Sunday
back at our regular time,
noon Pacific, 3 p.m. Eastern.
We'd love to have you hang out with us in that mumble room.
See you next week.
Same bad time, same bad station.
And when you're ready to go try out some of these apps,
linuxunplugged.com slash 522's got you all taken care of.
Links are all up there.
Ready to go.
Thank you to our members, unpluggedcore.com.
We weren't live this week,
but you still get a very special members production just for you in your members feed.
Or alternatively, as a member, you can get the ad-free feed, lean, mean, and tight version of
Linux Unplugged. All of that's at unpluggedcore.com or support all the shows at jupiter.party.
As for us, I just want to say thanks for listening. Maybe there's someone out there
that you think could use some of these tools.
You'd like to share the episode.
We always appreciate that.
And we hope to see you right back here next Sunday. Thank you.