LINUX Unplugged - 557: Crouching kexec, Hidden Linux
Episode Date: April 8, 2024We're building a completely hidden Linux OS inside an existing system—with no trace left behind.Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by ...default - get it free on up to 100 devices!Kolide: Kolide is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps.Support LINUX UnpluggedLinks:💥 Gets Sats Quick and Easy with Strike — The global money app for fast, safe payments and bitcoin. Get sats easy.📻 LINUX Unplugged on Fountain.FM — Grab the Fountain app and listen live, boost along, and more. Shufflecake — Plausible deniability for multiple hidden filesystems on LinuxSystem76 and Jupiter Broadcasting Epic Parking Lot BBQ, Sat, Apr 27, 2024, 4:30 PM | MeetupJupiter Extras: Nostr Workshop — Our Nostr workshop. We'll help you get your Nostr identity and answer any questions. 24.05 Call for Release Manager & Editor - NixOS — Both roles are fulfilled in tandem, meaning you get paired with an experienced partner, who already filled the role during the previous release.HiddenVM — Use any desktop OS without leaving a trace. — HiddenVM is a simple, one-click, free and open-source Linux application that allows you to run Oracle's open-source VirtualBox software on the Tails operating system.Tailspersistent volume featureVeraCryptDefeating Plausible Deniability of VeraCrypt Hidden Operating Systems — This paper analyzes the security of VeraCrypt hidden operating systems. How To Emulate Persistent Memory using the Linux "memmap" Kernel Optionkexec [ArchWiki]Unplugged Core MembershipPodHome.FM — Unlimited Shows and EpisodesPodBean Example: This Week in Bitcoin PodcastAtuin - Magical Shell History — Sync, search and backup shell history with AtuinI quit my job to work full time on my open source project — The 22nd of December was my last day leading the infrastructure team at PostHog. Going forwards, I'm starting a company and working full time on Atuin.
Transcript
Discussion (0)
So did either of you ever use TrueCrypt back in the day?
Oh, yeah.
Oh, yeah.
I did.
I mean, it was like the cool encryption because you could hide stuff.
And I guess, you know, the big thing was plausible deniability for whatever it was.
But ShuffleCake has come along in sort of the shadow of VeriCrypt and TrueCrypt.
And it allocates space for each volume as encrypted slices in random positions in the underlying device.
So whatever disk you choose.
And they say they've made some improvements over TrueCrypt or VeriCrypt.
They say ShuffleCake works natively on Linux.
It supports any file system,
and it can manage different nested volumes per device.
So it makes deniability of the existence of these partitions,
they say, quote, really plausible.
Multiple nested volumes per device.
Yeah, okay.
I suppose that means you could really squirrel things away in there.
I guess so.
Here's a few things they say you should know.
IO is roughly 30% slower than, say, Lux.
They have a max of 15 volumes,
which seems to be just a decision they've made.
It's not like a technical limitation.
But they also write... 15 should be more than enough for anybody.
That's what they say.
They're like, it's actually their answer. If you're doing this be more than enough for anybody. That's what they say. It's actually their answer.
If you're doing this with more
than 15, you're probably doing
it wrong, is what they say in the FAQ.
And the other thing to be aware of is
there's no crash consistency.
If you crash while using it, the
data may be in a bad state.
Definitely something to be aware of. So have your backups.
And I don't think
it's been audited either by an independent auditor.
I could be wrong on that, but I think it's still kind of new.
So there's those things to be aware of.
It's kind of nice.
But I think it has one major flaw, and there's nothing they can do about it.
And I think that problem is that if you even have the ShuffleCake software installed on your machine,
it's a bit of a red flag that you're trying to hide something.
They're saying it needs to be installed by default everywhere.
Oh, that would be one way to do it, but I don't think that's very likely.
But I think that is the problem we could solve for is a hidden system that leaves no trace behind. Hello, friends, and welcome back to your weekly Linux talk show.
My name is Chris.
My name is Wes.
And my name is Brent.
Hello, gentlemen.
Well, coming up on the show today, we've got a unique idea, we think, for a totally hidden Linux OS install,
perhaps one we've never seen attempted before.
And we're going to take a look at the hidden VM project, which supposedly lets you use a desktop without leaving a trace.
But how easy is it to actually use?
Then we'll round out the show with some great boosts and picks and more.
So before we go any further, let's say time appropriate greetings to that mumble room.
Hello, virtual love.
Hi, everybody. Hello, virtual love! Hi, everybody!
Hello, Ben. Hello!
Hello. Thank you for being here.
That's a good showing in there. Also, hello to our friends over at Tailscale. Tailscale.com
slash Linux Unplugged.
It is the easiest way to connect your devices
and services together, wherever they are.
We've been working on some really slick
studio automations for our trip to Texas,
and all of that is done over Tailscale.
We'll put the applications on the network.
We put the individual servers on the network.
It's really useful, and it's really fast.
It's private because it uses the noise protocol.
It's all based on top of?
A wire gap.
That's right.
Easy to deploy, quick, zero config, and no fuss.
VPN works great in your enterprise or for individuals.
And you can try it for free on 100 devices and support the show at Talescale.com slash Linux Unplugged.
Go over there and try it out.
It's Talescale.com slash Linux Unplugged.
Okay, I've got just a quick question before we start.
Does anybody in the Pacific Northwest that's going to make it to LinuxFest Northwest have a truck
or a grill or perhaps
both? Oh. Because
last minute shenanigans
it apparently is happening
we are doing a barbecue
Oh gosh. We're doing a barbecue
at LinuxFest Northwest
It's going to happen Saturday
about I think 4.30 which is
just when everything should be wrapping up before all of the parties, the after parties.
We're going to get together with System 76 and do a barbecue.
But we've got to get grills there.
And I don't have a way to transport grills, and I don't really have—
You don't have a whole fleet of grills ready to go?
No.
I looked at renting.
And to rent a grill, the actual grill itself is cheap.
You know, about $200. Okay okay and it's a big grill but they only deliver it on friday and you got to be in the somebody from jb
it has to be somebody from jb would have to be in the parking lot at the bellingham technical
college from 9 a.m to 4 p.m on friday because that's the window and then they don't deliver
on weekends so it's got to be friday and then they don't pick up on weekends so it's got to be friday and then they don't pick up
on weekends so it's got to be somebody then has to be there 9 a.m to 4 p.m monday oh with this
barbecue i mean i thought about it's like i could park the rv but now they got to use the parking
lot friday and monday so we're gonna have to bring our own barbecues and it's all coming together the
last minute wow it's very exciting though it's gonna be fun you know so putting the call out
for grills if you've got them.
And trucks and ways to transport them.
Any ideas for throwing on there?
Ways to feed people because there's probably going to be a crowd.
We'll have a meetup linked in the show notes.
System 76 put it on their meetup page for Saturday the 27th after LinuxFest.
And then on Sunday, we're going to do a live Linux Unplugged after Wes's talk.
I think we'll just take over the room.
All right. We'll come in. We'll take over the room, and we'll do a Linux Unplugged after Wes's talk. I think we'll just take over the room. All right.
We'll come in, we'll take over the room, and we'll do a Linux Unplugged right there
on campus. And then next week, we won't be recording the show because we'll have that
pre-recorded for you, but we are going to be live from Texas Linux Fest just next weekend.
So I guess stay tuned for the calendar or watch your podcasting 2.0 app to see our appending items.
Yeah. It's coming up. It's going to be a lot of fun.
We are really looking forward to it.
We're taking off here in just a couple of days.
And then we also, before we get into the rest of the show,
we wanted to mention that it seems that there's been a call out
for a release manager and a release editor for NixOS.
And something that we kind of picked up on at NixCon
is that they are struggling a bit on the back end
with just the scale of the project
now and keeping up with things. And it
seems that there's an opportunity
for somebody to join the team and perhaps shadow
existing members and learn how it's done.
Yeah, I guess for the release manager, you kind of have to
already be a Nix packages committer, so that
would be call out for more technical and experienced
folks, but there's also
the role of release editor.
So if you have the ability to explain things
well and you're not too intimately familiar
with the whole Nix ecosystem so you
still appreciate the difficulties that less
experienced people might have
you could be a good fit for that. Yeah they say
both roles will require a certain
time commitment over the next two months
the release manager requires commit access to Nix
packages repository like you're saying and the
release editor should be proficient in the English language and have great writing skills.
Yeah, you're out.
Definitely.
But I wanted to just give this attention because the 24.05 release is not very far away.
And they put this call out 13 days ago, I think.
I don't know if they've had a solid response or not.
If you've got the time, it does seem like a nice way to help out.
Yeah, we will link it in the show notes.
All right. Well, you got something to hide? What? What? will link it in the show notes. All right, well,
you got something to hide?
What?
What?
What is it?
You got something to hide?
Why?
Why do you want to hide
something on your computer?
Well, because it's fun, right?
It's useful if you have
privacy concerns.
Maybe you want to do
your banking.
It could be useful
to restore a system.
Maybe you need to
rescue a box.
And maybe it's nice
when you're borrowing
someone else's computer,
if you could use the computer without really leaving a trace
and leaving your data behind.
And maybe you have concerns you're crossing borders
or for some reason, you know, there's folks looking around your stuff.
Yeah.
No one likes that.
No.
And I could see like Brent.
I could see Brent coming to the studio, sitting down at a studio machine
and creating this hidden Linux system, getting his work done
for the day and then having it disappear.
So, Brentley, you took a look at Hidden VM.
Yeah, we found this project, what, a couple of weeks ago, and we've been sort of looking
at it and pondering it and wondering if we should dive into it.
And I decided, guys, I'm just going to I'm just going to dive into it.
Why wait?
It has several parts to it.
And that's, I think, where some people might get caught up.
But, you know, you got to be a little bit technical if you want to hide your bits around.
You're probably a little technical if you're even considering this concept.
Fair enough.
But that said, I think everyone should have access to some of the tools that we discuss here to hide their information and protect their information.
Unfortunately, it's not always true.
But this uses a few different pieces of software all connected to hide what is basically a VM, a virtual machine of the system you actually want to be working on,
but totally hidden on the file system that you're, I don't know, carrying around in your bag or you have stored on one of the JB Studio machines.
So at the very base of it is using Tails. And so I didn't have any experience with Tails going
into this. I've read a ton about it. Of course, many of us know about Tails and its mission to
kind of leave no trace. You can have Tails on a USB drive and be working
away on your computer and you just pull it and there's no trace left of you being there or having
done anything. So that's kind of interesting if you're, you know, interested in jumping into Tails.
But that's just the very first layer of this. So on top of Tails, this hidden VM wants to use some kind of hidden partition.
So they say not the Tails persistent volume feature. I guess there's some technical challenges
with those two in accomplishing what hidden VM wants to accomplish, but they recommend something
like VeraCrypt. And I thought, geez, I've used TrueCrypt in the past and wanted to always kind of check out VeraCrypt and which is the spiritual successor.
And so what it does is once you have that hidden volume, let's say on another USB drive,
they suggest two because, you know, backups, it then goes and installs VirtualBox in that hidden volume, which allows you to basically run any OS you want from there.
And that was attractive to me.
It's like, okay, I can use this as just an intermediary,
and then I can use any OS I want, really.
So Tails might be a downside for you specifically
because it has limited features.
It does some special things like
uses tor only for the network which can be an interesting challenge but if you can run your own
vm at least you have some of the niceties with with kind of a cozy blanket of security around
it and i thought that was really interesting so So if I'm understanding you correctly, you're not so much like taking over a part of the disk on an existing install, but you're
doing it inside a tail session? This is where I think the software isn't describing what's
happening in the backend, or at least I have missed a little bit of how it's doing everything,
but it 100% requires Tails. Okay.
So you run Tails and then it runs virtualization inside Tails.
Exactly.
Yeah, yeah, exactly.
And for someone who needs crazy amounts of protection and security, that's probably a
good idea.
For those of us who are just playing with this and want some of the benefits, maybe
Tails is actually a downside, but HiddenVM is closely using Tails to make some of these features available, which is also kind of interesting because they're, you know, nodding to Tails and using some of the technologies there, but building on top of it, which is kind of interesting.
everything on tails,
which means you're probably also what using tour by default. So that's going to,
there's going to be a lot of things that make it kind of a paper cutty for
day to day use or jumping in quickly and doing like a financial transaction.
So one of those paper cuts was like,
I,
I,
I got this all sort of stood up,
which takes a few steps actually.
So you,
you know,
download tails and install it to a USB drive,
which is fairly straightforward.
Uh,
and then you go and grab hidden VM from from within tails oh no first you gotta you know every single
time you boot it you have to make sure you set up the admin password for tails it's like
your username is amnesiac because it just forgets everything so every single time you boot this
thing you gotta like oh yeah i need to set up the admin password because otherwise i just can't do anything which i think is also a feature of tails if you're like in the in the perfect you
know tails user group which i'm not clearly but then from there uh you have to do some downloading
right so you got to go to the internet and download a bunch of stuff so step number one is
well download hidden vm so i got that from GitHub, which is fine.
And it's small.
But then hidden VM does a few things like when you go to install it into this hidden
partition, it downloads VirtualBox and installs that within this partition and then boots
up VirtualBox, which is pretty cool.
So then like, OK, great.
I got to this step and I have VirtualBox running within this hidden encrypted, you know, little partition. So that's pretty cool.
But then like you need an OS to run within the virtual access, the whole idea, right? So,
so go and download an ISO. Now that is where I ran into some challenges that were just kind of
frustrating more than anything, because it's like okay i don't
have the best internet in the world we all know that but having to run off tor as well by like
like not being able to get around that uh it just slowed the whole thing down so i was like
downloading minimum install uh images just to try to like i just want to see if this works
and that took like you know an hour
so that was a bit of a challenge for me because i was like i have these isos on computers around
my local network but i can't even ssh them into this machine to to put them in the right place
so i don't know maybe there's a way of doing that and i just didn't think about it if you use it all
the time i'm sure there's a way to de-hook Tor or something.
I know they say once you
did get the VM set up,
it connects to full-speed
pre-Tor internet by default.
Obviously it doesn't help you get it bootstrapped, but
you can bypass Tor
at least for the VM. I guess I had pictured this
differently. I'm really glad you looked
at this because I pictured this as sort of like it would
be a Tails-based distro that would boot and it would load a vm that would have a desktop os
ready to go but no it's much more the components where you assemble it yourself as far as i
understand it's kind of both like i'm assembling a bunch of these components but hidden vm itself
is tying into tails to make VirtualBox accessible.
I tried specifically to, you know,
I did all this hidden volume and stuff
on like an external SD card,
which was fairly performing.
It was fine.
But then I thought, okay,
well, what if I lose my Tails USB
or I'm at the studio somewhere I, you know, quasi trust.
Sorry, Chris.
That I could just plug this in
and use it on a different system, not Tails required.
I approached it from like, that's a bit of a backup for me.
Okay, if I don't have Tails around,
but I still want to get stuff done, can I?
And the answer is no.
No, you can't.
Hidden VM definitely requires Tails.
Yeah, see, that seems like a downside to me.
I don't think i want to
have to switch distros necessarily or i don't i don't even want it to accomplish this i don't
even think i want to have to stand up another os just so that i can stand up another environment
you know what i mean you don't want to run tails to then run your windows vm right that doesn't
that's just too much it also felt a little clumsy and reminded me of like my old computer days of like running Windows XP and having to like download all these independent pieces of software from different websites.
Because like even to set this up, VeraCrypt is not included in Tails by default.
Tails can open VeraCrypt partitions and stuff by default but
it can't create them you have to download at least from what i could tell you have to download
veracrypt to make that happen and it's not in the repos so you just got the easiest way i could
figure out how to do that just go to the website download from there which is like feels clumsy to
me yeah but maybe the idea is that you're trying to verify where you got it from yeah
which is good and that's where i run into this intersection of like uh or at least i start
thinking about well do i need these extra security features like well maybe i do i don't know it
makes me at least re-evaluate my situation and what my intentions are. But having it be like the ultimate solution by default
is probably good if you don't totally know what you're doing.
But for those of us who are like,
well, I just kind of want to play with this technology
and I can assess whether or not I need that level of security,
it's a bit limiting, I would say.
It's interesting that they're sort of like patched on top.
It's sort of like, okay, well,
you're probably not going to try and like twist Linux Mint or Windows 10
and like be able to do all the things that Tails is set out to do.
But we'll set you up in an environment where, you know,
we're making sure you're doing it in our little sandbox.
And you, you know, as long as you do all the right things
and don't leak the info, this stuff will remain relatively private.
You're starting from a relatively valid standpoint
each time. You know it's pretty safe.
It does have flexibility too.
I mean, you could even say they've tried
macOS Mojave.
I can't imagine performance is great,
but if you're doing this for some kind of task
that it's not your full-time
workload, but you still have concerns about it,
you need to spend a little time at Windows
to get this particular thing done maybe it's sensitive i kind of ran into like one
crippling challenge oh i couldn't get any os to have networking inside it's described in the faq
as like a frequent challenge oh just change your dns to 1.1.1 i couldn't get it working and i
didn't have enough time to like keep hammering on this,
but I spent a good half hour trying to get the networking going and I just
got nowhere.
So maybe that is because I,
you know,
it says you should be able to run any Linux in there.
No problem.
I was trying,
as I mentioned,
NixOS and wasn't able to get it going.
So mileage may vary,
but that meant it was just a complete roadblock for me.
And it wasn't very useful except for local stuff.
Okay.
That's good to know.
I mean, I think what I'm hearing here is it requires Tails.
It requires VirtualBox.
Then you've got to stand up the VM.
And then you might have some things you have to work through.
It requires VeraCrypt too.
You missed that.
And VeraCrypt.
Right.
Thank you.
have some things you have to work through.
Oh, it requires VeraCrypt too.
You missed that.
And VeraCrypt.
Right.
Thank you.
I say fine for some folks, but not how we would build it.
Number one, I don't think we want any app left behind to suggest that we might even be hiding something like having VeraCrypt or Shufflecake installed, you know, kind of
suggest you're hiding something.
So I think we want to avoid even the appearance that there's something to hide.
We want to also avoid something that can actually be a bit of a challenge,
which is the OS logging file system access. This is something that Shufflekick addresses in their
FAQ. They write, the question is, how do you prevent the OS from logging file system access
and leaking the existence of hidden volumes? Here's their answer.
We don't.
It's been a known issue since the work of going back to UsenX in 2008,
and essentially the OS is catching this stuff often.
They write, quote, it's a big problem.
There's just no way you can reliably trust the OS and all the installed applications therein,
including the document readers, everything installed, regardless of how you design your scheme, end quote. So we wanted something that could avoid this problem.
But how do you do that?
So before we continue, I wanted to ask you, Boosted and Telus, how would you do a totally hidden Linux OS? Before we reveal our secret sauce, how would you do it?
What software would you use?
What built-in technology would you use?
If you could, let us know.
Collide.com slash unplugged.
Yeah, this episode of the Unplugged program is brought to you by our sponsor, Collide.
If I would have had this tooling when I was still in IT, I think I would have been able to hang in for a little bit longer.
They help catch problems before they connect to your network and use your apps.
So you've probably heard me talk about Clyde before.
But did you hear that Clyde was just acquired by 1Password?
It's pretty big news because these two companies have really been leading the industry
at focusing on security that puts end users first.
So the end result is less friction between IT and the end users.
They can solve their own problems. For over
a year, Collide Device Trust has helped companies with Okta ensure that only known and secure
devices can access their data. And that's what they're still doing, but now as part of 1Password.
So if you got Okta and you've been meaning to check out Collide, now's a great time because
Collide comes with a library of pre-built device posture checks. And when you need to, you
absolutely can write your own custom checks
for just about anything you can think of.
And the problem it solves
that we really struggled with back in the day,
Collide works on devices even without an MDM.
So your Linux fleet or contractor devices
and every BYOD phone or laptop or whatever it is,
tablet, I don't know,
that comes into your company.
Now, Collide, part of 1Password, they're just going to get better and focus more on the end user.
So go to collide.com slash unplug.
Go watch the demo, see how they make all this work, and you support the show.
It's K-O-L-I-D-E.com slash unplugged.
Collide.com slash unplugged, and thanks to Collide for sponsoring the Unplugged program.
Collide.com slash unplugged.
And thanks to Collide for sponsoring the Unplugged program.
Well, gentlemen, that was my challenge for the week.
And I know you've been homebrewing something, but I actually don't know what it is.
But my guess is it probably has something to do with KXX.
Is that right?
Why would you think that?
We definitely wanted something that could be built in. And I think the fundamental thing that your experience had us thinking about was,
well, what if you could do this with KXX and a RAM disk?
Something that was ephemeral that would just, when you're done, it's just blown away.
And you're using built-in tooling that exists in Linux,
so there's no extra applications installed to even indicate you're doing something.
Yeah, you know, a lot of this stuff, as ever,
you kind of have to figure out what your threat model is
and exactly what your constraints are.
So I think in this world we're imagining,
yes, we are using Linux for this scenario.
We can take advantage of things native to Linux, and Linux does well.
And I think we're giving ourselves reasonable network access.
Yeah, and then you could really kind of solve this a lot
of ways. The easiest approach would be a fresh environment. You stand up in a RAM disk, you know,
you create a RAM disk, you expand an image in there, you k-exec into it. We'll get into the
details here in a second. But then the problem would be is you'd lose the data every time you
reboot. It's not a persistent environment. But again, you could solve that with built-in tooling
using things like maybe butterfs snapshots you could butterfs send your hidden environment
somewhere safe encrypted however you like and then you could restore that snapshot later into
the ram disk k exec into the environment we started kicking around these kinds of ideas
k exec obviously was always there in the middle. I knew it.
But the fundamental problem, Wes, is first of all, you have to be able to create a RAM disk.
So you need enough RAM. You need to know how to K exec, which
is really just learning like one long command you need to run. Yeah. And then
you need a way to either stand up an environment you can use right away or recover
an environment you can use right away. Yeah, you don't probably want to go through like a whole
like virtualized OS install all the time. That works. I do it that way sometimes. But,
you know, if you're actually just trying to get work done, you probably don't want to have to
recreate your entire environment. I mean, you could even do it with Ghost. I mean, there's so
many ways you could actually, you know, just clonezilla something. Yeah. I mean, if you do the
a certain kind of RAM disk, it really does look just like a block device. So, yeah, you could actually, you know, just clonezilla something. Yeah, I mean, if you do a certain kind of RAM disk,
it really does look just like a block device.
So, yeah, you could have just a raw block backup
and DD that back into the thing if you wanted to.
And it's also something that Nix is particularly good at
because you can have the entire environment defined
and you could stand it up fresh every single time.
Yeah, you kind of get flexibility too. You can either just, yeah, on the fly,
build a new environment and have it install into the whatever file system you put in there.
Or you could have Nix sort of regenerate you a file system tarball that you download.
Maybe you store it somewhere and it's encrypted with a key that you have and then
pull it down, decrypt it and dump it into memory.
You were playing around though with a flake that I thought was pretty neat because you
don't need to have an image ahead of time.
You don't have to download anything ahead of time.
You would essentially create that RAM disk as a block device and then install NixOS into
there.
And then this flake set up essentially a minimum viable environment that you could use.
Yeah, right.
I mean, basically with Nix, you know, you have your NixOS configuration and you can have it just build the whole thing.
And you could even go as far as things like Home Manager
to specify how applications are configured.
Yeah.
You can go pretty far.
I mean, yeah, basically anything you can configure, right?
And then it'll just spit all of the bits out
and you can have it just do that.
I mean, you know, use NixOS, install the command line
and then tell it, you know,
go mount your RAM disk in there.
And as long as you have Nix installed on your host system,
which you could use Nix portable for this,
or just install Nix on the host system if you want,
or, you know, if you're one of us,
you probably already do have that on your computer.
And then it'll just build it and stick it on the RAM disk,
and, yeah, you've got all the files in place.
And when you go with the Kexec route,
one thing that's kind of nice is you don't have to fuss
with as much of the boot chain, right? You basically skip sort of the firmware and the
hardware booting, and then the bootstrapping bootloader phase where you have to have the,
you know, the hardware hands off and either you're doing the crazy MBR style or the more modern UEFI
stuff. Either way, there's particular stuff you got to have, right? You got to have the right
format at the right partition and has the right flags on on it. With KExec, you're telling it directly
to just load a
new kernel. So all you have to have
right are the kernel and initRAMFS.
And tell me if I'm getting my KExec
layman's explanation right, because I realize we
haven't really explained what it is. It's a Linux
kernel function that allows you to
switch kernels without
rebooting. You can boot a new kernel
from the currently running kernel.
So you avoid the bootloader,
you avoid like post,
you don't go through all of that.
It's sort of like a hot swap
to another system.
Yeah.
On the command line,
what you experience is
there's a little utility
that basically calls
the system call in the kernel
called kexact.
You tell it that you want
to load a new kernel
that's going to load
the kernel into memory. You also tell it like, oh, here's my init ramfs that I'd like to go along with the kernel called k-exec. You tell it that you want to load a new kernel that's going to load the kernel into memory.
You also tell it like, oh, here's my init ramfs.
I'd like to go along with the kernel.
You can also pass it a command line to say like,
oh, here's the UUID of my root file system,
or here's the special flag you need
if you want to do a persistent RAM disk.
And this would be essentially the same command every time
once you learn it.
Yes, and for a lot of cases,
it's basically the same with one or two modifications
from like the command,
the stuff you'd see in the grub or the systemd boot.
Right, exactly. It's just basically saying
like, yeah, what kernel are you using, what inner parameters
and what kernel command line parameters
do you need? And there's a fair amount of examples
you would just customize it to your
machine's device ID and the path to your
net ridden. Yeah.
And then, you know, basically that
takes the kernel off the file system, loads it in the right place in memory and then once you're then, you know, basically that takes the kernel off the file system,
loads it in the right place in memory,
and then once you're ready, you
actually call the keg that call.
You can also use, if you want to be
probably a little cleaner, you can do it manually,
sudo kegsec-e,
but you can also use systemd,
so sudo systemctl kegsec,
and that's a little cleaner because that will
do basically the full reboot stuff.
Except right before it reboots, it kexecs instead.
So it'll do like a clean shutdown of everything.
Oh, I wondered about that.
So you mean it does a clean shutdown of the system you're switching away from.
Right.
Yeah, because otherwise it's like a hard reset essentially.
Yeah.
That's good.
That's where you can, I should be upfront, you can sometimes run into weirdness with KExec because depending on the hardware, you don't do like a fresh initialization.
So the kernel kind of has to be able to figure out from the hardware, and this can depend on the particulars of the hardware, the driver and the kernel, sort of be able to like recover the state of whatever the hardware got put into from the last running kernel.
got put into from the last running kernel.
In practice, I think it actually works fairly well in a lot of situations,
especially on well-supported, you know, for in-kernel drivers.
But it is something you should be aware of.
It also means if you have, like, a server that has a really long post time,
you can skip that.
Yes, actually, it's what it's really nice for,
is if you have a long post, just avoid that. Trying to patch a kernel for a security vulnerability,
and you just need to take the minimum time.
Also useful if you've got a system that's gone
sideways on you. You know, you could boot into another
box, assuming you can still do that, and then
mount the local file systems and start
repair. I've done that before
like with a box that had like a
Ubuntu box that kind of had its boot
set up, messed up, and I was able to just pull
a kernel and enter MFS from another system
and Kexec there and recover
the whole thing. But putting it all together, it's
only, it does require
learning a couple of commands. You've got to learn
how to create a RAM disk, and you've got to learn how to
k-exec. And then you'll have to figure
out how to get an OS into that new
block device. Lots of ways
you can solve that, you know, a Nix flake
expanding a
gzip. There's a lot of ways you can solve that problem. Yeah, I mean, I think probably depending on how much you need, you know, you can solve that, you know, a Nix flake, expanding a GZIP. There's a lot of ways you
can solve that problem. Yeah, any, I mean, I think probably depending on how much you need,
you know, you can, there's various container or like install setups for like LXC containers that
you could probably reuse or just like some OSs make it pretty easy, right? Debian has
to bootstrap commands. You can get the Arch tools installed on your system if you're trying to build
it that way. My favorite idea was ZFS or ButterFS sending to either a NAS device or a VPS, depending on your
setup. And then you just pull that down and write it to that new Ramdisk block device.
I just love the idea of that because...
All over Tailscale, presumably.
Yeah, you're sending it completely off-site. So there's nothing on the machine. It's totally
clean. Yeah, that's where it seems like it could be pretty convenient. You know, you're sending it completely off-site. So there's nothing on the machine. It's totally clean.
Yeah, that's where it seems like it could be pretty convenient.
You know, you've got your setup.
You've already customized it just how you like it.
You kind of get on the thing.
You get your bare minimum of like a little bit of tools that you need.
You would have to get the RAM to set up.
That requires a little pre-planning, maybe a reboot or a K exec.
Yeah.
Yeah, you got to get that.
But again, if you're really concerned about privacy, there are built-in tools. And you just then have to – you're basically working with the primitives and you have to deniability is you would just put something really embarrassing on there that you could accidentally reveal.
And that would then, you know, take them off the scent.
You know, I just don't want to, I just feel like, A, you don't have to go through those kinds of games.
And B, the tooling's built into Linux if you just think about how you could use the primitives.
The tooling's built into Linux if you just think about how you could use the primitives.
I do think it would work, too, for sort of trusted scenarios like you're talking about where Brent's in the studio and just wants to have his config on the machine because he's getting a bunch of work done in here today or recording a brunch or something.
Yeah.
I mean, if it was a fast process, if you could get it restored and get your working environment working pretty quick.
I think that's where if you've pre-generated it or pre-configured it and, you know, all you have to do is pull down the tarball,
extract it,
or DD something.
Well, I have a question
in that regard.
Could you use a container
to do something similar to this?
Like a Docker
to accomplish
some of the advantages
you're getting
with an XOS system?
In what component?
Do you mean a Docker
on the host system?
Like you can pull
a container down.
You could certainly use
the files from a container
file system. Yeah. Or are you thinking like a container environment that you run in and then
blow it away when you're done? Exactly. Where things are kind of predefined and all you need
to know is, you know, remember the URL or some kind of authentication just to bring down all of
that and get started from that point. I feel like it has probably a higher probability
of leaving traces behind.
Because you'd really have to clean it up
after you're done, make sure all the logging's cleaned up,
nothing's left behind,
no hanging Docker images.
You'd really have to make sure you're really
good at your hygiene.
You could boot into Tails and then pull the...
Maybe there you go.
I'm sure you could probably configure things
if you've got all the mount points for the place
that Podman or Docker is storing
the image files. So those disappear. Those are
on TempFS or something. There you go.
But you might have to probably have to
do some. But you'd also, you know, would you have
stuff in the journal from
the services running? It depends on how much
you want to hide, I guess.
That's where the whole system is in RAM.
It has no access to the underlying
disk. It's maybe nice.
Once you've Kexec, you don't have to worry about the host system logging
anything because it's gone.
The host OS could be
compromised. That was one of the vectors we were thinking
is nothing that could even just
watch what you're doing.
Maybe you don't care.
I don't really know what scenario we're trying to solve here, other than
it seems technically feasible and neat.
So,
I don't know. It might just be a
dumb scenario that we're just kind of playing around with,
but there is something to it. Yeah, I like the idea
of having, you know, something like NixOS configs
in a flake on GitHub that gets built
into little tarballs that's stuck in a safe place
for me. You can just kind of sit down at any Linux box
and create your own environment in a few
seconds. As long as it has
enough RAM, which even if it's got
32 gigs, you could probably just slice off
8 or 16. It's not like these are huge environments we're creating.
You do, there's some, you know,
depending on which way you do it.
We're talking in particular about using a
PMEM device, a sort of like faked
persistent memory device.
You pass a kernel command line option
called memmap, and you tell it
two things. One, how much
RAM you want to slice off, and then
two, where to start slicing that
RAM. So you do have to be a little careful because you don't
want the kernel to like put other things
in the middle of what you're trying to have be a file
system. But,
especially if you have like, you know, you're not super RAM constrained
like on a 32 gig machine, I'm able to easily allocate 20 gigs of RAM to just being a fake disk.
Yeah.
Yeah.
You know, that's still 12 left for doing regular stuff.
And it's super fast.
Firefox tabs.
It's so fast.
It's so fun.
And it's worth it.
It's worth it.
I like Nat's suggestion.
We could also save a little bit of space by using XC.
We could compress these images with XC. Like I said, I'd be really curious to know how you would solve this listener at home if
you would go to these lengths if there's other tools you might use if you have taken a crack
at solving this before I'd like to know if you've got a config let us know boost in and send it our
way take a look at it anyone crazy enough, can you get like PixieBoot over
TailScale over Wi-Fi?
Why didn't we
think of PixieBoot?
Thank you
to our members.
We don't have a slot right here. We currently
have an opening, but our members, they keep us going.
They really do. We appreciate it. You can go to
linuxunplugged.com slash core
contributor and you can become a member of this show what you get i think the
biggest perk you get besides supporting this your program is you get the members feed like i i don't
know like i feel like the people that just listen to the regular show have no idea there's a whole
several other shows there's yeah there's like there's like a whole other worth of show out
there and sometimes it's like us, you know, farting around,
but sometimes we get into some serious discussions.
I've often wondered if the members would be okay
with us one day doing like a best of release,
like we take a week off.
And some of the best clips from the members.
Some of the best clips from the members
because there's so much content that nobody ever hears.
You probably get a more full view of our opinions and process.
Well, there's things we say that we may not say in the main show.
Anyways, that's one of the perks.
You also can get an ad-free version of the show.
That's actually really popular too because it makes it a little meaner, leaner, and tighter, and you don't have to hear this part of it.
It just cuts it all out, Drew.
And then you also get all of Drew's great audio editing, which always makes it sound a lot better.
So anyways, thank you to our core contributors.
Link over there at linuxunplugged.com to become a member.
And we appreciate you.
Well, we have an email this week, but it's also deeply related to our very top boost.
So, Chris, take it away.
And now it is time for the boost. Tech Geek comes in with 75,000 sats, and he writes,
Hey, JB team, Tech Geek here.
It's been a while since my last boost, and I apologize.
I sent a separate email via your website to accompany this boost.
Please keep up the great work.
Well, you are a baller, Tech Geek.
Hey, Rich Lobster!
Thank you very much.
I want to note we are spreading the boost out this week between this episode and 5-5-8 because we're doing two episodes back to back.
So if you do not hear your boost, it's because we're kind of spreading them out depending on the content that we're covering and all of that.
So check in next week because you'll hear your boost. We appreciate you.
But our tech geek is our baller booster this week.
Brindley, would you like to read his email, sir? Hello, JB Crew.
My apologies for not sending a boost lately.
Should be on its way after this email, though.
I just started a new Linux tech home lab blogging project
that I'm self-hosting on a web server
in my home lab using Hugo's site, Generator.
Just moved from my self-hosted ghost.
Considering adding audio to my blog post
as an addition with the potential for
setting it up as a podcast, the idea would be that when I post a text post, an audio file or feed
would be included discussing any technical aspects of that post. Do you have any tips on audio file
hosting and podcast feed generating for my blogs. Tips for embedding
the audio player in Hugo would also be very helpful. Ideally, to keep things cheap, I would
just have these audio files on my web server with my website, but I could see that getting complicated
and probably use up a bunch of storage and bandwidth my ISP is probably not able to handle,
even though I doubt I would have a lot of traffic anyways. But
thanks in advance for the advice. Well, Techie, it's a great question, and you're our baller
booster, so I wanted to try to give you some value back on the answer. And I would say you
have to answer a couple of fundamental questions first. Do you want it to have an RSS feed?
And do you want it to be a podcast that is searchable in podcast directories? It's either
that, or do you want it just as an
audio file that you embed on your website? You have a fork in the road that you must choose here.
And if you want just audio on your website, you could absolutely just store the MP3 file on your
web server or maybe something like a Linode or Amazon S3 object storage. Because depending on
how much traffic you're getting, that might not be too expensive. And then HTML5 just has an audio element
that you can just put in there,
and you can just give it the URL of an MP3 file,
and it will put a native player from the web browser
right there in the web page.
Very, very, very simple.
There's also things like Podbean
has a really nice embeddable web player
that gives you a little more functionality.
If you want an RSS feed with it and you want it to be discoverable,
I think you should consider hosting it because those platforms have CDNs.
They have a GUI to fill out all the metadata you need for it to be a properly listed
and organized podcast to people's players and on directories.
And they can take care of certain functionalities like besides just RSS feed generation, there's
other things.
I've been really, really impressed with Podhome.fm.
And I've started hosting This Week in Bitcoin over there.
And I have a promo code for that show.
So they're a sponsor of This Week in Bitcoin, but I've been using them before they were
a sponsor.
If you use the promo code TWIB, you can try it for three months for free. And the thing
that's nice about them is they have all the podcasting 2.0 features built in, including
transcription, which is cool. And they have a really good player that you can embed and you
can set the colors to match your website. And it has some nice features in there, including playback
speed. And it's just overall nicer than just the HTML5 player. So that's pothome.fm and TWIB.
I mean, it's double serving myself, I suppose, because they're my sponsor.
But I really think they are a really good platform for a really good price.
Then it's just a solved problem.
So what you need to decide is are you going to spend money?
Because they're going to be, I don't know, like $10, $15, whatever it is, after the trial.
Or do you want to put that on your web server?
And then you have to consider how much traffic it's going to get.
If it's on your web server, then it's going to take up a web connection.
It's going to take up an available connection to your web server,
which means when it's streaming somebody a very large MP3 file,
that's one less web request it can answer.
So you do need to consider about how that scales depending on the capabilities of your box and the software you're using.
It may be enough to just have some kind of metrics or monitoring on it so you can see, you know, are there problems or how much bandwidth am I using and see if it takes off over time.
You could use op3.dev as a way to see how much your mp3 files are getting played, although it might require an RSS feed.
That's another nice thing about using something like Podhome is then you would also get analytics.
And you could see, are people actually using this?
Is this worth my time?
I think Wes makes a good point.
You're going to want to track this to make sure it's actually worth your time, Tech Geek.
So there's everywhere from just throwing on a web server and use the HTML5 audio tag.
There are even things like SoundCloud, although I don't think I go that route anymore, to
something like Podhome.fm.
Just kind of have to pick what probably makes the most sense for what you're trying to do.
And hey, maybe write back in when you do.
I'd love to hear how the project goes.
Yeah, definitely keep us posted.
Seems like a pretty good idea.
You know, audio with a blog makes sense to me because I was just saying in the pre-show,
there are some types of information that I just retain better if I listen instead of
read.
Hybrid sarcasm boosts in with 42,999
sats.
The answer to the ultimate question.
Follow up to the HomeKit
topic. Our baby cameras
are HomeKit cameras.
Binding them to Home Assistant first produces
choppy and unreliable video streams.
And since these cameras are
mission critical and the spouse
approval factor is a top priority, we leave them as HomeKit only cameras for now.
Updating to a more platform agnostic home camera system is on the to-do list, but that takes money, time, etc.
The background to this boost is I was given hybrid sarcasm a hard time for saying he was using HomeKit instead of Home Assistant and that HomeKit worked better.
And I was like, what are you talking about?
But that is the edge case.
HomeKit offers a really solid product for the HomeKit compatible cameras.
I have played with it really briefly and I was very impressed,
including like facial recognition based on the photos in your contacts and photo library.
Like it figured out my wife and my kids just by on-device processing somehow or something.
I mean, I don't know because I didn't use it extensively, but I was very impressed with that.
That is actually a decent little feature.
There are other systems out there.
Like Listener Jeff has a really nice frigate-based system at home, right?
Yep.
You know, I have a really crappy Shinobi system that doesn't work very well.
So there are other things out there, but it is
a hike. Zack Attack
boosted in 6,453
sats.
Coming in hot with the boost!
Thank you for your coverage of the XZ
situation over the weekend. I've been following it
all weekend with fascination.
I bet. Curious if it impacted
you at all, Zack. We haven't heard from anybody
who, like, wrote in and said,, my God, we had so many systems.
We run this bleeding edge system because we're building this app, and then we had to update this whole app.
I haven't heard any of that this time around.
I think we got really, really lucky that one Microsoft engineer was trying to make Postgres run just a little bit better on Linux.
We got lucky.
VT52 comes in with 2020 sets.
And it says, Chris, you mentioned the Gmail anniversary
or how Gmail was in beta for a long time,
which shook a memory loose for me.
Before Google was known for killing off
beloved and unprofitable services,
it was known for the perpetual beta.
They made betas cool.
All the new kids did their product launches
as betas to build buzz.
Yeah, beta was a different thing before
GMO. That's a fair assessment
VT. That's how I recall it too.
Added a certain, yeah, like, ooh, this is cutting edge.
This is the software you want to be using.
And it also made it
acceptable for technology
services and apps to launch a little before
they were actually ready, for better or for worse.
You know, oh, it's beta. It's beta.
Jordan Bravo comes in with 6,969 sets.
B-O-O-S-T!
I, too, would love to hear more content on networking.
It's an area that I find particularly confusing.
To get more specific, how about covering some stuff on DNS?
Such as why and how to host one's own dns
server can you ever truly be self-sovereign within the dns system or are you always relying on a
trusted third party that's an interesting especially for maybe setting your own name
records um you know we haven't run a nixos based dns server yet that's true that's true could be a
good excuse.
We should... I have a really crappy DNS server
on my tailnet.
We could replace that
with a Nix-based DNS.
Set up our own name services
inside the tailnet.
Become our own empire.
Control our own destiny
and our own names.
Thank you, Jordan.
Good idea.
Now, Cultivator came in
with a total of 19,345 sats,
and one of those is a Spaceballs boost.
So the combination is 1, 2, 3, 4, 5.
That's the stupidest combination I ever heard in my life!
As this was recording, I was busy downloading Arcos for my R36S and needed XZ to extract the image file, and so installed and went about my business.
Now, luckily, I've been daily driving NixOS
for a couple months now and happy to know
I never would have been vulnerable running stable as I do.
By the way, I got a sick custom boot image on my new toy,
so I'm feeling super old school right now.
Oh, and I'm also picking up a few more of these,
so thanks for turning me on to it.
Yeah.
Yeah, the R36S is a hit.
It's a hit.
I have mine at home right now on the charger.
I'm going to take it with me on the airplane.
Excellent.
Mm-hmm.
Mm-hmm.
Cool little thing.
I think there's a few devices every year that are just absolute hits, and that's one of them.
Thank you, Cultivator.
Appreciate it.
DexSword comes in with 14,690
stats. And yeah, the first one is Spaceballs
boost. 1, 2, 3, 4, 5.
Yes. That's amazing. I've got the same combination
on my luggage. They went on a journey to
top off their fountain wallet. Started
with Albie, but then had to pivot.
So they looked at building their
own node. Wow, that's quite the pivot.
On a Raspberry Pi 4 after two days,
the blockchain sink. Two days on a Pi 4 is not
bad. Not bad at all. That's not bad
actually. Dang, dude, what
disk are you using in that thing? He says
I only had, but then I found out that I had to enable
Tor services to connect to Albi.
And that requires a paid sub.
I didn't even know they had paid subs. Yeah.
Yeah, I... We're learning a lot.
I also find Tor to be somewhat
unreliable these days.
It seems like Tor is just under constant DDoS attacks.
So there's that.
But now he's looking at the next Bitcoin project.
He's decided to jump into NixOS.
Oh, fun.
Yeah.
I got to say, Dex, I mean, I admire the gumption you got.
You know, you're pivoting from fountain to running your own node to diving into NixOS.
I mean, this is a journey.
Awesome.
He also notes that Coinbase announced that they're integrating Lightning through LightSpark.
Could make things a little simpler in the Lightning world.
I hope.
Yeah.
I wonder what timeline.
They had previously talked about this back in September.
Now we're getting a little more specifics.
Well, I think what it was is they were working on their own implementation,
but they put their B team on that project,
maybe even their C team,
and now they have benched the C team and they're outsourcing.
So I think they've scrapped
and they're just going with that.
Yeah, that makes sense, right?
If it works, I guess.
Anonymous podcast guru says,
a user says,
with 3,200 sats,
thanks for the XZ coverage.
Oppie 1984 comes in with 4,000 sats.
B-O-O-S-T!
Via fountain.
Okay, writing in follow-up to last week,
Oppie sent in a zip code boost where we guessed that they were boosting in from Canton, Ohio.
And, uh, bada-bing, we were correct.
Hey, well done!
I have a Canton mailing address, but live on a town bordering the city.
As for what media format to send out flakes on, y'all are getting way too fancy with your floppy disks.
Oh, come on.
Floppy disks are great.
Core rope memory is the format of choice.
It was good enough to get us to the moon, after all.
Okay.
Well, why don't we just put it on wax cylinders?
You know, I actually kind of afterwards started thinking more about that floppy disk idea.
I like it a lot.
I do too.
I mean, you can print little cute logos.
Can you still get those packs of floppy disks?
We'd have to get a few packs, get labels that we printed.
What do you think the odds are some of the listeners still have floppy disks out there?
Can we crowdsource this?
Oh, maybe.
It might be like trying to get the dot matrix paper where we went went to go get dot matrix paper, and it was like $300 a box.
And now, thanks to Bear, we've got someone who's like, this is precious, precious.
Here we go on eBay.
Floppy disk, 50-pack of 3.5 and 1.44 MB floppy diskettes guaranteed 100%.
Oh, they're 100% guaranteed?
$19.95.
Wow.
And they're 100%, guys, 100%.
Save up to 10% when you buy more. Oh, I do like to buy more. Disc19.95. Wow. And they're 100%, guys, 100%. Save up to 10% when you buy more.
Oh, I do like to buy more.
Bulk discount.
Pre-owned.
I slipped under the cutoff this one because we're splitting the boost out,
but Jay Dickinson boosted 1,000 sats.
We have a 2,000-sat cutoff for time, but I wanted to put this in here
because he said, and it's true,
I find it incredibly sad that they targeted Lassie.
Is that how you say their name?
Probably. That's how we're saying it.
It's the epitome of tired but determined maintainer.
No thanks and no pay.
He publicly disclosed his struggles
and that probably earmarked him as a target.
There are very real
risks of neglecting maintainers.
Something the community has been talking about for a really long
time, but will we see a change?
Also, Phish is one of their first installs,
which we're going to get to.
I've wondered, too.
We haven't seen any announcements yet
from any of these companies about changes that are going to be
made. We may still, but I'm
always very skeptical of how much impact they're going to have.
Just doesn't seem to really move the needle.
People don't, this is probably
not the time to say this, but people don't like it, but it is true
that when I worked at Linux Academy,
I had thousands of thousands of dollars set aside
to donate to open source projects.
And every single one of them was a huge pain in our ass.
And it took way longer than it should have.
And most of them didn't accept whatever system we wanted to use.
Most of them were outside the states.
And it was expensive to move the money around.
And it became one of the most frustrating things we tried to do.
It was hard to let – to get – to give people money.
And a lot of them were skeptical too.
It's like, no, no.
We just – we have these funds and we want to distribute them to the community and it was ridiculous.
And everybody – not everybody but a lot of people had like moral reasons for not using this bank or moral reasons for not using PayPal or, you know, whatever it was like.
You wouldn't believe the resistance we got on PayPal.
You know, I mean, it was crazy.
So it is a harder problem to solve than I think we think just I'll throw money at them.
There's a whole culture and mechanism around it, too.
It's broken.
Do you need governance?
How do you plan this for the long term?
culture and mechanism around it too it's broken do you need governance do you how do you how do you plan this for the long term but but isn't that what some of these like collectives or
foundations were purporting to want to solve for us like it's not a new problem they do it for some
people i just don't think it scales to every library and every little thing that becomes
popular in six months i mean these foundations come along every so often they're slow by their
very nature it's probably tricky too i mean if you've got like you're, you know, a rising project and it's early and you kind of got the
momentum to start as you're doing it, but how do you, how do you pivot to that too? Like if you're
the XC situation and you hardly have time to just sort of keep up with the development, now you got
to take other time to go try to set up infrastructure to maybe get donations. Wasn't there just a story
within the last six months about months about a terminal tool that adds
color to the terminal output that turned out to have a vulnerability?
And it was used in tens of thousands.
It was a dependency for tens of thousands of projects.
And how do you solve something that scales to that?
I don't think foundations do that.
And I don't think Microsoft and Amazon can do it either.
Now, True Grits came in for yet another Spaceballs boost.
We're going to have to go right to ludicrous speed.
If I'm recalling correctly, you, Chris, and someone else, perhaps Brian,
started creating a Linux distro called JupyterOS
and decided to make a podcast as a way to promote it and discuss ideas.
But then you realized you're better at podcasting than making a Linux
distro. Ah, nice memory
trigger. It's pretty close. As I recall it,
we'd already started the podcast.
What we did is we created Jupiter
OS and
then realized, and it got some
traction, actually, surprisingly, because
we had the podcast, so there was listeners that were going to play
with it and make it into something. And I think we even had
some test ISOs going around. But then we realized we would be better at
podcasting and so we decided to do more podcasts instead of spend our time um and so we created
jupiter broadcasting um and then elementary os came along and their first release was called
jupiter i believe as kind of a nod and so it sort of lives on in some spirit over there but uh
yeah it was kind of uh we started the the podcast Linux Action Show and kind of got distracted by this idea of a distro and realized we should probably go back to focusing on the podcast and not focusing on making a distro.
We had enough of those.
And that's why Jupyter OS is not vulnerable to the XE thing.
Definitely not vulnerable.
Do you remember what your constraints were, like which desktop environment you selected and things like that?
I think it was GNOME-based.
I think we were experimenting both with,
maybe it was Red Hat or Fedora at the time, I don't know,
and Ubuntu.
We had experimentations with both,
trying to see which direction we wanted to go.
We would experiment with building them up,
creating the environment,
and then kind of creating an OS after that
and then see if we could continue to modify it
and move things and move things.
And there was only so much you could do. I mean, the tooling is better now in some ways,
but better back then too. So it just wasn't what we were best at. Thank you everybody who did boost.
Like I said, lots of the boost didn't make it in because there'll be a next week. We got lots of
you that sent in your top five first installed applications. I've put them all into a big
blender, threw that into a spreadsheet, then sorted by the most recommended. We will have the top five first installed applications next week.
So thank you.
If you didn't hear your boost there, it's because it's being split up.
We'll also have the totals in next week's episode.
And shout out to all of our sat streamers out there who just sit back and stream.
Sat streaming.
We see it and it definitely adds up.
Yeah.
Thank you, everybody.
Appreciate you very much.
And it definitely adds up.
Yeah.
Thank you, everybody.
Appreciate you very much.
And if you'd like to boost in, go get a podcast app at podcastapps.com.
Fountain, Castomatic, and Podverse are the favorites, I think, on our crew.
And they're all really good, solid apps.
And they're coming along really nicely.
Thank you, everybody.
We got a pick this week. And this one, it's a new shell history tool.
And this one, it's a new shell history tool.
So I realize out of the gate, I'm asking a lot for you to consider something that you have to, like, change your whole shell workflow.
But they say it makes your shell magical.
You can sync and search and backup your shell history with Atuin.
Atuin?
Atuin.
Yeah, A-T-U-I-N.
And it's kind of neat, you know, the idea that I could sync my shell history to all my machines.
Fully encrypted.
Yeah, it's open source as well.
You can store extra details in there like, you know, your flags, exit codes, things like the working directory you might have been on your last time.
It has supposedly a really good search and recall.
I say supposedly because I haven't used it long enough to actually verify any of that.
But it's a neat app, and the developer behind it just went full-time recently.
Wow.
Which that's pretty neat to see.
They quit their day job, and now they're doing this as a full-time gig.
They started a few years ago to scratch an itch they had.
They always thought it should have been easier to look some of the stuff up in your shell and now here they are you know at first i was a little skeptical just because i've been so pleased and spoiled by the just default pretty decent command completion
and history and fish um but i love that you get so much meditated here so there's an example in
the readme uh doing a search for all successful make commands recorded after 3 p.m yesterday
and you can tell it like i want the exit code to be zero.
You can pass it after this date time.
You can tell it what command.
I mean, structured data, that's just neat.
The fact that it remembers, like, it was a successful exit.
Yeah, that is kind of neat.
And then you can recall those.
So A-T-U-I-N, if you want to check it out,
the website is A-T-U-I-N.S-H,
or we'll have a link in the show notes.
It's, you know, time to change up the terminal spice it up a little bit right why not remember we'd love to hear how you would do a
totally hidden linux os please boost that in or go to linuxunplugged.com contact what you didn't
even mention i don't think did you what the language that this was written are you serious
no i don't think i noticed uh yeah you're not telling me it's Rust. It's Rust.
Who
would have known? And don't you just know there's a
flake.mix in there? Yeah.
I did notice that. It's seen more and more of that
these days. Let's put it right in there. Why not?
Why not? So yeah, let us know how you would do
a totally hidden Linux OS.
We will not be live next week
with the show, but we will be
live from Texas Linux Fest, streaming the fest and having people stop by the booth and chat with us.
We'll be hanging out with our friends from Sineri.
They have a beautiful booth, and they've let us take over at least a quarter of it for our live gear.
We're going to make it happen.
You can just tune in at jblive.tv.
And if you're in a podcasting 2.0 app, you'll see the live stream either pending or go live right there in your app.
Links to everything we talked about today?
Yeah, that's at linuxunplugged.com slash 557.
Lots of great podcasts over at jupyterbroadcasting.com, Coder Radio and the self-hosted podcast.
Go check them all out.
Of course, This Week in Bitcoin also coming to the JB website soon as well.
But normally we're live at noon, about 3 p.m. Eastern on a Sunday,
but next week we'll be live, I don't know
when. Texas Linux Fest starts early.
We've got to get there, get set up.
Texas has its own rules. So we'll be live
shortly after the Fest starts, I imagine.
Or maybe we can get in there ahead of time, get
ready and go live right as the Fest starts.
Lots of air time right there.
Oh, that would be great. Anyways,
great time to try out a new app.
Thanks for joining us.
See you next Tuesday,
as in Sunday. Thank you. you