LINUX Unplugged - 567: So Long sudo
Episode Date: June 17, 2024Your Linux box is a-changin'. systemd has a huge new release; we'll get into the most impressive features, including the new sudo replacement. Plus, our thoughts on the new Linux Arm laptops that are ...just around the corner.Sponsored By:Core Contributor Membership: Take $1 a month of your membership for a lifetime!Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps.Support LINUX UnpluggedLinks:💥 Gets Sats Quick and Easy with Strike📻 LINUX Unplugged on Fountain.FMAnnouncing systemd v256 — In the weeks leading up to this release I have posted a series of serieses of posts to Mastodon about key new features in this release.systemd changes with v2⁸:systemd 256 Released With run0, systemd-vpick, importctl & Other New FeaturesLennart on systemd-vpick — Basically, you can now place multiple versions of the same resource in some dir of your choice, suffix that dir's name with .v/ and the you get some basic version management in place: delete or add new versions by just removing/adding new files, and the tools will find the newest item dropped in automatically.Introduction to Portable Services — “Portable services” do not provide a fully isolated environment to the payload, like containers mostly intend to. Instead, they are more like regular system services, can be controlled with the same tools, are exposed the same way in all infrastructure, and so on. The main difference is that they use a different root directory than the rest of the system.Trying out systemd's Portable Services — All in all, the core pieces are already in place for a very promising new technology that should make it easier for 3rd parties to provide Linux system-level software in a safe and convenient way, well done to the systemd team for a well executed concept. All it lacks is some polish around the tooling and integration.systemd sleep — Putting a PC to sleep is complicated business and there are different mechanisms available to achieve this on Linux. Lennart on SSH and AF_VSOCK — This automatic ssh-via-AF_VSOCK logic is particularly useful DDIs and systemd-nspawn — Or in other words: there's now unprivileged systemd-npsawn containers. Yay!Lennart on systemd-vmspawnLennart on sd_notifyLennart on dlopenLennart on run0 — There's a new tool in systemd, called run0. Or actually, it's not a new tool, it's actually the long existing tool systemd-run, but when invoked under the run0 name (via a symlink) it behaves a lot like a sudo clone. But with one key difference: it's not in fact SUID.doas - dedicated openbsd application subexecutorDoas - NixOS WikiDoas on WikipediaThe Tragedy of systemd — Join me on a journey through the bootstrap process, the history of init, the reasons why change can be scary, and the discovery of a part of your OS you may not even know existed.The Two Year Journey Funded By Arm/Qualcomm For Improving ARM Linux Laptop Support — ARM Kernel developers spent the last two years working on improving ARM Linux laptop support with a focus on the Lenovo ThinkPad X13s powered by a Qualcomm SoC.Ubuntu 24.04 LTS support to the Lenovo ThinkPad x13sSnapdragon 8cxUbuntu Asahi projectTUXEDO Working on Snapdragon X Elite Linux LaptopMembership Summer Discount — Take $1 a month of your membership for a lifetime!Spokane Meetup, Sat, Jul 13, 2024, 4:00 PMBerlin with Brent: September Meetup @ Nextcloud Conference, Fri, Sep 13, 2024 | MeetupA Nix Flake for Bitfocus CompanionChrisLAS' Beelink NixOS ConfigBluetooth - NixOS Wikinix-direnvxscreensaver on AndroidRainier cherry - WikipediaPick: Iotas — Markdown notes that syncs with NextCloud Notes.
Transcript
Discussion (0)
A happy Father's Day to all the dads out there.
I thought, just to celebrate the moment,
I'd ask you boys if dad played a role at all with getting you started in tech
or your interest in tech.
Anything in there?
No, not on my side.
It came from my mom and her father, my grandpa, who worked at IBM for years
and always made sure that his daughter had the computer she might need
to go through grad school. or my grandpa who worked at IBM for years and, you know, always made sure that his daughter had the computer she might need to, you know,
go through grad school.
Oh, that's great.
My dad instilled me a love of books, which is a nice compliment.
Yeah.
For me, it was my father forced us as children to learn how to use the command line
on the Commodore 64.
All right.
And in the slight future, use the spreadsheets on said computer to keep track of our allowance.
Otherwise, we didn't get it.
So there's some deep history there, and it kind of forced us to learn to get in trouble on the computers.
And that continued to his dismay when we were teenagers on the family computer.
So some deep history there.
So thanks, Dad.
Yeah, I broke the family computer once or twice.
That's when I think Dad really decided it was time to help me finance and get my own parts.
So dad helped me do like a lawn mowing payment program, like some layaway.
And a couple of times I think he was generous enough to like preorder the part for me.
But then I still had to work it off.
He made sure I worked it off.
And it was neat because we were both kind of discovering the technology at the same time.
So that was a fun thing to do with that.
And, you know, now I try to instill it upon my kids and they look at the computers and they go, oh, there's some interest.
But, you know, back then we were building them up from the ground.
So it's pretty great because dad and I were building PCs together.
And it was a good time.
And you learned a lot.
Of course, things have changed quite a bit, too.
So shout out to all the dads.
Happy Father's Day. And when it swooned, System D was born from his tomb.
System D, it's taking the reins.
No more pseudo, no more chains.
Freedom flows in endless gains.
System D's the name that remains.
Through the server feels he wrong
If am I
sharper than chrome
Pseudo's time
has now shown
System D
now calls it home
System D
it's taking the reins
No more pseudo
no more chains.
Freedom flows in endless games.
Systemd is the name that remains.
Hello, friends, and welcome into your weekly Linux talk show.
My name is Chris.
My name is Wes.
And my name is Brent.
Well, coming up on the show today,
we'll be talking about how your Linux box is going to be a changing.
SystemD has some huge new features in their next release.
And we're going to dig into some of the most impressive new things it can do, including a new pseudo replacement that is in the works.
Plus our thoughts on the new Linux ARM laptops and improvements that are just around the corner.
And we'll round it out with some picks, some boosts,
and more. So before we go any further,
let's say time-appropriate greetings to our
virtual lug. Hello, Mumble Room!
Hello, guys. Hey, Chris. Hey,
Russ. And hello, Brian. Hello, everybody!
And shout-out to you up there in the quiet
listening as well. Thanks for being here with us.
It's nice to have you this morning.
And good morning to our friends over at
Tailscale, tailscale.com slash unplugged.
Tailscale is the easiest way to connect devices
and services to each other directly wherever they are.
So go say good morning and try it out for 100 devices
for as long as you like for free at tailscale.com slash unplugged.
Go build a simple flat network
across a complex infrastructure in just minutes.
We love it. You will too.
Tailscale.com slash Linux Unplugged.
It feels like old times, Wes.
It's been a minute since we've really dug deep into SystemD.
And I guess version 2.5.6 has kind of inspired us.
Yeah, I mean, we were certainly there, let's say, in the tumultuous period of SystemD's life as gaining acceptance.
There's always been still a little bit of drama lurking in the wings because SystemD has opinions and ships new ideas about how to put together your Linux desktop.
And since it's the thing putting together a lot of Linux machines, desktops, or servers, those opinions end up mattering.
servers, those opinions end up mattering.
Brent, as we get into this, I've been reflecting on life before system D and now trying to picture life without system D. Could you imagine going back?
Well, I'm in the phase where I'm just beginning to learn how to use system D in all of its
beauty.
So I feel like I didn't even Linux before system D in a way.
So I don't know.
It's always been with me.
And it's always been there as like this old trusty tool to use.
And so I feel like why wouldn't it just continue?
Why wouldn't it just get better?
So I'm looking forward to learning all this great stuff that's coming up.
Well, where SystemD giveth, SystemD will be taketh away, too, if you will.
Yeah, that is true.
Okay, so with system D version 2 to the power of 8 or 256.
Oh, Wes.
There are some things going away or some deprecation notices.
So for one, watch out if you need C groups V1, Legacy or the Hybrid Hierarchy.
More like Cya Groups.
That's right.
Yeah, okay.
Cgroups version 1 is going away.
Yeah, now considered obsolete,
Systemd by default will even refuse to boot
if you try to enable it.
You can forcibly re-enable, as they put it,
basically putting something when you boot up
and grub in the kernel command line.
But for a little context, well, cgroups control groups,
along with namespaces and some other kernel features are kind of at the,
you know, the underlying primitives that you can use,
not only to control and confine processes,
but also to enable containers that we all know and love.
cgroups v1 landed way back in 2008 in kernel 2.6.24.
Whoa.
So it's been around a while.
Cgroups V2,
a lot more recent.
That was added in 2016 in kernel 4.5,
but that's still,
I mean, what,
that's like eight years ago.
Yeah.
It might be a little startling to see.
I think it always is
because, you know,
it's been in the kernel for so long,
but at the same time,
it's probably been plenty of time
to move on
and make things work under V2.
Yeah, I mean, the real delay here has just been distros really haven't changed their default.
But I think even that's kind of changed.
It's for many releases now, I think both Ubuntu, Fedora, and Debian that I can think of,
and probably SUSE have been using V2 for a bit.
Okay, so that's one kind of end of an era,
but I think this next bit is really the end of an era
because support for
System 5 service scripts is now deprecated. Now that seems like that's going to upset some people.
Now it's not removed yet, but it will be removed in a future release. Not yet chosen, I guess,
when they get around to it. The ask here from the Systemd folks is just please make sure to update
your software now. This is the time to include a native systemd unit file
instead of a legacy system5 script.
That way you are, you know,
compatible with the future of systemd.
I mean, or ship both if you want.
That's fine.
But like, you can no longer assume
that systemd is going to do the job
of converting a system5 init script
to a systemd unit,
which is something that has been the case for a long time.
10 years ago, I mean, that was a necessary feature to have your system still work.
These days, I mean, it's getting rarer and rarer to see a project.
If they are the kind of project that needs to set up a long-running service,
either them or the distro has made a.unit.
Yeah, it's probably going to be more like a vendor of some enterprise software.
Right.
Yeah, and they're going to be the last to even read these kind of notices.
They're just going to get a call from a customer saying, hey, my software doesn't seem to be
starting anymore when I reboot.
Thankfully, you know,.service files aren't too much of a pain to create.
No.
I mean.
Especially if all you need to do is tell it like what program to run and maybe some bits
about where to run it.
Yeah.
Yeah, for sure.
And maybe you do think about the audience, right, for these kinds of notes.
So there's obviously the audience is us,
the audience is end users, but it's also
software vendors and distros.
Yeah, at least you hope so.
One thing that's changing with 256
is the behavior of how systemd
sleep, also
how this interacts with systemd
homed, which is the sort of
new style of portable user home directories we've talked about a while ago on the show.
Well, now when you go to sleep, systemd is going to freeze user sessions.
It's going to freeze user sessions.
Whenever you're changing sleep modes, it's also going to lock the homed managed home area.
Oh, that's a good idea.
Yeah, these seem like good things.
The only issue, and you'll never guess where this is coming from,
but the thing is it's known to cause problems with those proprietary NVIDIA drivers.
Are you serious?
Yeah.
Because I guess it's, is there some sort of state for the driver that's in the user's home directory?
Do you know why?
I'm not sure, no.
Because it must be related to the home directory essentially disappearing.
Yeah, right.
The user session's frozen.
The home directory is no longer accessible.
Somewhere, something in the stack, maybe it is in the user space side that just kind of freaks out.
Yeah.
So the ask here is, packagers of the NVIDIA proprietary drivers may want to add drop-in configuration files that set some settings that basically turn those off.
So they could solve this on the packaging side?
Yeah, distros could solve it.
NVIDIA could solve it.
But distros have to know about this.
And so if they ship systemd256
and they have an NVIDIA driver package,
they need to make these changes.
Yeah.
I mean, you may want to, as they say.
You may.
You might.
Yeah, you may want to.
Okay, so those are some things that are maybe going to get changed or taken away.
But there's a lot that kind of seems pretty nice and kind of shiny about this new release too.
Yeah, and, you know, there's a ton of different features.
Not all of them are major components of future changes to how we interface with Linux.
Some are just, like, nice things to have.
One of those is a new VPIC.
It's both a binary and a protocol.
You know those.d folders that are all over Linux?
Sure.
You have like one main configuration file, then you have like a config.d, and you can
put extra config files that all kind of get merged in.
Right.
VPIC implements a.v, as in Victor, folder.
VPIC implements a.v as in Victor folder.
And instead of different configuration files, you can put different versions.
That's what the v is for.
And so things like Systemd and Spawn, let's say, right? You can point that at a folder or you can point it at like a root file system image.
With VPIC, instead of having to update in place, you can just make a
new version, stick it in that.v
directory, and the systemd
tooling is all now going to know how to just
select the newest version and automatically
use that. So essentially switch over. Yeah.
Yeah, so you can do it with like
root directory, root image,
I think a whole bunch of different
pieces of systemd are getting this functionality.
So you can imagine, like, on own, it's not immediately useful.
But if you want to be able to cleanly update things, especially maybe in like more immutable styles,
being able to just drop a new version in a folder, restart the unit and be done is pretty compelling.
It's kind of like, uh, uh-oh, is essentially the equivalent to a Nix switch.
Is that essentially what it is?
I know, I did it.
I did it.
I did it.
There it is, boys.
There it is.
Cheers, gents.
I don't know if I quite call it equivalent,
but it does provide some similar functionality
to be able to have separate versions
that get a little more cleanly picked.
There you go.
Grab your children's sippy cup.
You get yellow.
I get pink.
Cheers.
Cheers.
Oh.
We're drinking Amsterdam brand, which is probably just BS.
Oh, new Amsterdam vodka.
That's our – there you go.
That's not a good one.
But there you have it.
So it's sort of like, now I can say it.
So it's sort of like you could maybe like say restart the NGINX service and the next time it restarted, it would switch to this new V, this new version.
Yeah.
So in a bunch of this segment today, Lenart has been posting over on Mastodon some kind of like breaking down individual features of systemd. Yeah, like a 15 breakdown
thread or something. A lot of work to communicate this stuff
so he clearly cares, which is great.
And then of course there's some nice like release notes
in the changelog, so those are both the primary sources
but Lenart had something to say here
to summarize it.
Basically, you can now place multiple versions
of the same resource in some directory
of your choice, suffix that with
a.v,
and you get some basic version management in place. Delete or add new versions by just removing
or adding new files, and the tools will find the newest item dropped in automatically.
Uh-huh. That is really slick. That is really nice. A new command line tool,
importctl to download, import, and export disk images via systemd importd yeah
and this is one of those things that like gets vpick functionality i think that's one of the
themes here is because it's not just a set of scripts because systemd is kind of a whole suite
a whole system uh you see a lot of cross-pollination and integration between features all over uh so
systemd importd actually used to be just functionality that was in machine control
machine ctl which is a interface to manage things like system D and spawn containers.
It was only used for machine images there, but now import CTL generalizes this for all
kinds of ways to extend system D, including something that they call portable service
images.
Okay, so what is a portable service image?
Yeah, it's not new in 256.
This was just a moment where I was reading through some of the notes
in the docs and I was like, have we talked about this?
I don't think so. I don't even know if I've heard about this.
Yeah, so they basically
it's kind of like a container,
but they're not trying to provide a fully
isolated environment.
Instead, they're more like regular system
services. They can be controlled by
all the usual system tools for doing that.
They're exposed the same way in the infrastructure. The main difference is that they set things up to have a different
root directory than the rest of the system so kind of think maybe along the lines of something
like distro box where you get that like file system type of containment where you're like i
want to use a different distribution i want to have a different set of libraries and environment
available to this service but same home directory but i still want you to be able to talk to the
network services yeah without me having to explicitly to be able to talk to the network services.
Yeah, yeah.
Without me having to explicitly say that.
Yeah, I want to get to the internet still.
There's some folks out there who've kind of tried it.
And what I thought was interesting is the portable part, right?
Like it's, on one hand, it might just be useful for you on the system, but also the idea,
you know, that you could have some core pieces that make a new way that third parties could
provide Linux system-level software,
but like in a prepackaged, safe, and convenient way.
Sort of like, you know, Flatpak, Snaps, a lot of these type of apps,
but integrated right into systemd.
Yeah, so it's like interesting because you could also see a distribution like RHEL
maybe delivering components that way at the system level.
Yeah, and I mean, you know, these days we have all kinds of tools for OCI stuff, container native world.
We have OS tree.
There's regular old stuff like Pac-Man
and Bootstrap to get like root file systems working
or ways to get just isolated bits of files.
And having that built in without having to add
or pick another third party method of making that work,
just having it natively available seems pretty nice.
We should talk about that just for a really brief second.
You know, I think one of the advantages,
there's, I think, concern that systemd just seems to grow
and add all this functionality.
But one of the advantages of having some of these types of things built in
to systemd is it means you can start with a smaller and smaller footprint
of a system that is capable of doing more things.
And we've seen this kind of be useful in
some of our setups where we can deploy a very minimal, tiny environment. And systemd is actually
capable of managing a lot of these things like booting the system, where you don't need grub
anymore, and taking over some of these functionalities that would have otherwise required
individual components being stacked together and then orchestrated together. Whereas systemd is
one cohesive package that manages it and gives you an API and a set of
tools to work with. So there's a lot of advantage to baking it in, even though it means like we're
taking over things like system sleep. Maybe it's time though, you know? I didn't realize
SystemD had SystemD sleep, but of course it must. Yeah, it's new. So before there was SystemD
suspend, but as you might guess, putting a PC to sleep is a course it must yeah it's new so before there was systemd suspend yeah but as
you might guess putting a pc to sleep is a very complicated business there's a whole bunch of
different mechanisms available to achieve this especially on a linux system there's suspend a ram
and there's like suspend to disk and then you can have as brent has experienced like combinations
of this right where you might like suspend to both or you like suspend a RAM first. And then as your battery gets too low, change that to a suspend disk. So it's like sleep first,
then hibernate. With V256, there's now a new Dbus call and system CTL command, which is just called
sleep. And the idea here is instead of sort of a bunch of different methods that are all over the
place, and sure, we had systemctl suspend,
but I think the main part here is it's really a cleanup
in terms of like the abstraction
of putting the system to sleep
that is available over dbus,
is available in the system decode base.
So it's not just one particular entry point
that's doing all of the right things
to put it to sleep in a nice way.
You have like an extensible system
that is aware of the various components and options
and can actually do it the right way.
Aware of network connections and remote mounts.
Yeah.
Yeah.
The goal is to abstract a lot of the mess away, get the job done according to what's available.
And then also, of course, taking into consideration like whatever system level configuration you might put in Etsy systemd sleep.com if needed.
But for the end user, just rewire systemctl suspend to now be systemctl sleep.com if needed but for the end user just rewire systemctl suspend to now be systemctl
sleep actually kind of nice to have that it's kind of a hot mess like um what i would love and i don't
know i'll look into it is individual sub commands like sometimes i just want to turn off my monitor
but i don't want the system to sleep and i just want a quick command line to just turn the screens
off yeah i know how to do that with X. I don't know if I know
how to in the Weyland era.
If you're on Plasma, there is a command you can
do through like KWIN essentially.
But it still has a little bit of
problems. So
I mean, clearly we all agree. SystemD
is doing so much. There's probably nothing with
SSH or anything that it needs to be bothered
with, right? We don't have to concern ourselves.
Oh no. Oh no, my friend. SSH, don't worry. It's not eating SSH or anything that it needs to be bothered with, right? We don't have to concern ourselves. Oh, no. Oh, no, my friend.
Uh-oh.
SSH, don't worry.
It's not eating SSH or anything like that.
But there's been some developments, right?
Okay, so SSH, super useful, like the primary mechanism most of us use to get onto Linux boxes that we're administrating,
transfer data sometimes, make configuration changes.
SSH, it's super useful.
make configuration changes. SSH, it's super useful. There's also been, and I wasn't super aware of this, but there's been a development of something in Linux called a VSOC, which is like
a type of socket that is designed to facilitate communication between virtual machines and the
host. And systemd is adding a bunch of plumbing around VSOC and SSH in particular, somewhat powered
by a new unit generator called Systemd SSH generator.
It checks to see if SSHD is installed on the system, and then it kind of wraps that up
so it adds VSOC support.
It should make dealing with stuff like local virtual machines and NSPAN or LexD style full
operating system containers, not like the Docker application type containers,
but when you're doing a whole system with systemd in there,
a lot easier.
Basically, think about when you're spinning up a virtual machine
and how you got to get access.
If you want to SSH into that virtual machine, right?
It's got to be on some sort of network I can communicate with.
And network has to come up in the virtual machine and start,
and maybe there's DHCP, and is that on a bridge? Is it on some sort of network I can communicate with. And network has to come up in the virtual machine and start, and maybe there's DHCP.
And is that on a bridge?
Is it on some user space networking where you've got to manually forward ports in your hypervisor?
There's also been some cool developments.
We've talked a little bit in the past about Systemd Notify.
It was involved in the XC recent backdoor.
Right.
But it's basically a protocol for System system D units to notify when something happens,
right?
You can submit an event into the system to say like, oh, I'm finished booting up or this
piece is done, which lets the next piece to start.
There's also been developments where system D can now do that from a virtual guest to
the host system.
So you can monitor these SD notify events from the system D running in your
virtual machine to see the progress of how that virtual machine is starting and
booting or running.
So the combination here is,
that's actually kind of nice.
A lot of times it's just sort of a,
it's a black box,
you know?
Yeah,
exactly.
Cause it's,
I mean,
it's a whole separate system with a separate kernel.
Yeah.
At least for a bit,
you're always kind of wondering what's going on.
Yeah.
Um,
so here's the idea. Leonard's kind a separate kernel. Yeah, at least for a bit, you're always kind of wondering what's going on. Yeah. So here's the idea.
Lennart's kind of talking here.
This automatic SSH via VSOC logic
is particularly useful
in conjunction with the notification mechanism,
SD notify,
between PID1 to the virtual machine host.
Because basically it means
a virtual machine monitor,
something like QEMU or VMware, whatever is playing a virtual machine monitor, something like QEMU or VMware,
whatever is playing the virtual machine host,
it can start up a VM,
and then it can wait for the SSH access dot target event
that SD notify says like,
hey, we've started the SSH unit.
And then because it's set up to do it over this new VSOC,
which is like a virtual machine specific socket,
reliably, without wasting time, without retries, Because it's set up to do it over this new VSOC, which is like a virtual machine specific socket. Right.
Reliably, without wasting time, without retries, without network config and setup, without preparing the guest much besides adding SSHD to it, SSH into the VM just works.
That's really nice.
Whoa.
That's going to make things so much quicker.
Yeah.
And you can do it so that it's set up to work to virtual machines.
It's also set up to work with NSPON style containers. Ah.
Now, getting into containers
is a little bit easier,
but still,
having the same mechanism
in place is neat.
Standard, you know?
Yeah.
You know,
get your Ansible scripts
going, boys.
Nice to see some improvements
to HomeD.
Now supports unlocking
the home directories
when logging in via SSH.
Yeah, that was a big one.
And so these home directories,
they're supposed to be,
like, encrypted and secure, and you can have, have like an encrypted home directory that you're moving with
you. Maybe that's mounted over the network or you brought it with you on a USB drive.
But if it's encrypted, you got to unlock it. And that's fine if you're doing it just, you know,
on the machine because you can plug it in and type your password in to unlock it.
But what if that's plugged in and you want to connect to the system over ssh yeah how are you
gonna you know there's kind of a race condition here where you're trying to do ssh but ssh kind
of relies on your user having a home directory set up with like the ssh config and you know
whatever other stuff it needs in there i don't think a lot of the world has moved to systemd
home d really yeah but these are the kinds of quality of life things right when you discover
you can't really ssh into them you're going to oh, well, that's why I'm not going to adopt that right now.
You need this to be solved before you can get adoption.
I saw that and I thought,
oh, I'm kind of glad I haven't tried this yet.
But I do think we should give SystemD HomeD a try in the future.
I don't see it scheduled for Fedora Workstation,
which was kind of where I think it would land first.
Or maybe like Silverblue.
If anybody knows what the plans are there, let me know, please.
But yeah.
We might be able to rig it ourselves, too.
I'm thinking we should once this is solved.
I mean, I could just bring my Home D from home and run it on the studio machine.
Yeah.
It's the promise of portable profiles, which Windows tried to implement a decade plus,
20 years ago, and it was just a total crap show.
But this actually looks like a total crap show. But this, you know, actually looks like
a pretty reasonable approach.
Okay, so what is Systemd Nspawn?
Yeah, we've talked about it before,
but it's been a little while.
Systemd Nspawn is Systemd's built-in
sort of container spawning mechanism.
But it's targeted at system full OS containers, right?
So in Docker, we're really used to having things
where we're running a single application.
Yeah.
Right?
You're running Nextcloud.
You're running basically one tool
and maybe a couple tools inside.
Yeah, okay.
But there's also the idea of running
just like what you would run in a VM,
but without a new kernel.
So just run that system, run that user land,
run that systemd.
So it's not just an application,
it's the entire machine.
Yeah. And so NixOS containers So it's not just an application. It's the entire machine.
Yeah. And so NixOS containers.
It's worth saying for this, but something to recognize, NixOS declarative containers, they're using NSPON under the hood.
You can also think of it as like a cheroot on steroids.
Well, so I could see how, like, if you had a vendor that had specific application compatibility requirements, a kernel is usually one of those compatibility requirements.
So you could basically stand up a duplicate environment that is
just for that application, but it's using the same host
kernel. Oh yeah, for sure.
It's also a nice way if you want
to do maintenance on one of your, say you've got
a couple systems on there, you want to do maintenance on another
partition, you can boot it up, which means it starts
the whole init process, it starts the system
to be associated with that system, or you can just do like a fancy cheroot into it all right
time for a drink west said it cheers boys jaws cheers gents
okay moving on so tell me where vm spawn fits in here oh yes okay i this is new to me and with v256 uh leonard suggests that
vm spawn is actually relatively complete i saw that that's what caught my attention here um and
okay so n spawn's been around for a while lets you run these sort of system style containers yep
vm spawn has basically the same interface but it spins up a virtual machine okay like think quick
quick quick a mu right like systemd is doing it what i what i think is pretty neat about that but it spins up a virtual machine. Okay. So think like QuickMU,
but like systemd is doing it.
What I think is pretty neat about that
is you could see where
you could kind of just have a VM on demand.
You know, like maybe the application needs to spin up,
say you're testing.
You have a script that's doing some software testing.
You could just spin up an entire VM on demand,
do a build test in there,
and then just destroy it.
Yeah, okay.
So it now registers with machine control.
It supports credentials.
It supports the SD notify stuff we were talking about.
At this point, Leonard writes, for my daily work, it's now as trivial to boot a relatively
fully featured VM, including TPM support, secure boot, all that fancy newfangled stuff,
as it is to run a full OS container.
And all I have to do is replace n by vm in the command I use.
So before when you're doing systemd nspawn, you just switch that out.
It's systemd vmspawn and boom.
So this is working so well that they've started to switch over a bunch of systemd's test suite
to use vmspawn.
You know, as we kind of plan to go co-locating for
some of our infrastructure,
I wonder if we could use these for our VMs.
It does seem pretty promising.
You know, you've got to be aware of all the various security
considerations and other container
platforms by default do more to sort of
try and protect you. So, you know, think about
your risk profile and all of this and what you're exposing.
Is it internal? External?
We're lunatics. Yeah. But I think having the same interface is neat because you could you know you
can start with doing lightweight containerization for stuff and move to virtual machines for where
it makes sense or do it vice versa where software you trust you run more containers stuff you have
less trust you run on the virtual machine or things that need a different kernel versus stuff
that works well with the current system you know it's funny one of the things people always say
about proxmox they love is that you can do a VM
or you can do something like LXDC or you can do these different, you have these different
options depending on the applications.
Well, now SystemD is building that in.
And it's like, okay, this, that's just an application.
We want to have its own environment.
That could be an Nspot.
And there's, I mean, the OCI formats and systems are all great.
And I think there's some stuff to have import CTL work with that.
But it's also neat because like a lot of these tools, SystemD Nspot and VMS all great, and I think there's some stuff to have import CTL work with that. But it's also neat because, like,
a lot of these tool systems, the nspot and vmspot,
you can just point them at a directory
or, like, just a raw
file system image, and they'll happily
use that too. Oh, yeah, that's nice.
It's stuff you could make easily,
like you're saying, like a script or a backup of a system
or another partition or whatever.
It's stuff that if home users
got their head around, they could start really kind of testing and ver another partition or whatever. It's stuff that if home users got their head around,
they could start really kind of like testing
and verifying their own backups.
One use case I can think of immediately for you, Chris,
is Home Assistant.
It really loves running in their VM environment,
but you've always tried to keep it separate
or have a different dedicated machine for it,
and this sounds like a really nice solution to that.
Oh, you're right. You're right.
Imagine if you had something like Home Assistant that was using these primitives to build all of their different isolated applications instead of like this crazy Docker orchestrated environment.
Yeah.
And then you can just move that to any system running a new enough systemd, right?
Yeah.
Because that's all it is.
Yeah.
Yeah.
Once everybody is on 256 and up, it will just work.
That's pretty nice.
Yeah, once everybody's on 256 and up, it'll just work.
That's pretty nice.
So there was a lot of notes in here about the XZ incident follow-up.
But the kind of vibe that I got just reading your highlights of what you did the research on, Wes, is it seems like they're really trying to get ahead of these problems.
They're trying to think about this stuff.
Yeah, and we covered this back when we had that whole breakdown of the incident, right?
when we had that whole breakdown of the incident, right?
So a quick summary here,
SSH is patched on some distros to include support for SD notify, that protocol.
So the idea is you can have SSH as it starts up.
After it's done, it can tell systemd,
hey, I'm ready, SSH is up.
So various distros patch that in.
And a lot of the patches rely on linking
directly against lib systemd.
And for not SD notify reasons, for like other reasons like init ramfs or other things systemd includes lib lzma
which is the library behind xz but because lib systemd hard links against that anything that
imports lib systemd even if they only need a tiny bit of it pulls that dependency in that isn't
really necessary.
And one thing that was nice to see is the SD Notify man page has now gained examples,
both in C and Python, that shows it's a really simple protocol.
You don't need to pull in the lib systemd library to implement it.
Like you can just do it in a couple stanzas of code yourself,
and then you don't pull in any extra dependencies you don't need.
So that's the way to go if you can.
The example has been improved.
The example has been improved. The example has been improved
because when this all happened,
the systemd folks were quick to say that.
But then people were like,
hey, okay, that's true.
You're right.
But nowhere do you tell people that, right?
Like if I'm coming here and like,
oh, this is a systemd interface,
the first thing you think is like,
I'll pull in their stuff
so I make sure I do the interface correctly.
Like it's their implementation.
It's going to work.
But at the same time, as the XZ stuff was happening,
this complicated mechanism of, you know, indirect dependencies being pulled in,
system D was actually already going down this path. And this is just shipping that work.
But they've changed things. So a bunch of compression libraries in particular, like LZ4, Z standardandard, LZMA, they've all been changed from
regular shared library dependencies to dynamically opened ones with the DL open syscall. Okay.
So that's the kind of change we wanted to see, which means like it's only going to open it when
it actually needs to use it. Right. One downside of that, like you're used to be able to run
something like LDD or other, you know, stuff to analyze, like what does this Linux binary,
what libraries does it depend on?
It's not going to show up there anymore
because it's not pulled in statically.
It's pulled in dynamically at runtime.
To try to get ahead of that problem,
SystemD is adding new metadata to stuff
that basically says like,
here's some metadata in a new standard format
that describes what dependencies
we're going to open at runtime.
So that other tools,
if they choose to implement support for this,
I mean, it's all new. Nothing works with it now.
They can read that ELF file and still get the same information,
albeit in a different place in a different format,
which doesn't matter right now,
but it's nice to see if we're going to make these kinds of changes.
Yeah, that's a clever solution.
It doesn't mean they have to pick it up and they have to incorporate it,
but if you're playing around in this field,
you probably should consider it right exactly okay so before we
get to the pseudo replacement which is the one that caught my attention is there anything else
you want to talk about anything any other features that just sort of stood out to you that we should
mention no but i will suggest if you're at all interested in this like there's a bunch of more
complicated stuff complicated it's maybe not the right word but there's just a bunch of more complicated stuff. Complicated is maybe not the right word, but there's just a bunch of other stuff that didn't make sense or is a longer story to tell that we couldn't include
in this segment. So it's worth checking out the release notes or we'll have links to all of
Leonard's Mastodon posts because he does a very good job of talking about these features and
telling that story. And there's a bunch of stuff around like secure and system credentials that I
think could be very promising, especially
for cloud environments, but also any kind of
automation that we'll probably be playing
with and exploring. It just
didn't fit in the most. The top
10 is the top 10, and there's just so too much good stuff.
Well, I get excited
by these because it means this is going to be
something that's just table stakes across
Linux once everything gets adopted. It's a
common interface, common commands, common feature set.
There was one small item we skipped back talking about systemdnspawn.
You know, spinning up a new container, most of the time, depending on how you do it, requires some privileges.
Right.
That's a whole conversation we've had about like rootless Docker containers and Podman.
They've added a mechanism where if you have a disk image that you want to spin up in a container,
you can enroll a key to the system. Like as root, you tell the system to trust this key.
And then if that disk image is signed with that key, you can spin up containers with it unprivileged. You can like pre-trust it. And then users who don't need root at all to say like,
spin me up a container of this blessed root image oh that's
cool so you can get some of that without having to give people root access or sudo or there's also
been some work around like per user secure credentials so you could have stuff that that
user encrypted that then no other users could get access to that then gets fed into that container
to like log into your tail scale or something oh that'd be nice there's just a lot of primitives coming together that you like we've kind of only had either you roll it all yourself
or it exists in some like proprietary platform that enables it for you yeah and now it's getting
at the system level exactly baked in yep um okay so let's talk about system d run um or also known as systemd run zero which is kind of being positioned as a potential
pseudo replacement one day yeah um replacement alternative i think alternative is probably what
we should call it okay right just to not be clickbaity background pseudo is super useful
right it's used all the time but it's kind of used in multiple scenarios.
So maybe you're familiar with using it in
a large enterprise environment
where it's integrated with PAM
and then talks to your LDAP server.
You can have all kinds of complicated stuff.
Or you use it just on
one machine where it's configured to trust
one traditional Linux group
that you're a part of, or you're a user specifically.
It's definitely its own config.
It's its own thing.
Yeah, there's a whole separate...
There's vSudo to edit its config file
in a special way to make sure you don't mess it up.
Yeah, I use that all the time, sure.
I always use that.
It's also a pretty big program.
Like, there's just a lot of code in it
because it has all this functionality.
And it's a set UID binary.
The thing about that, if you're not familiar,
it's kind of a weird bit of, of like plumbing in Linux and Unix world.
It's special permissions that you can set on executable files.
There's one set UID or set GID for the group.
These permissions allow the file being executed to be executed with the privileges of the owner or the group, not the person running the program.
Right, so my user is Chris.
I run that, but because root owns that file,
it's running with root privileges.
Yes, and of course the whole point of sudo
is to let you change to a different user
or run a command as root,
and you're going to need root permissions to do that.
But you didn't want to give root permissions to everyone.
So the sort of weird compromise is
root can specifically bless
this one file to say like, yes,
I trust you to be my proxy
and not mess things up.
Those issues, a lot of people think
that that is one of the bigger problems with
sudo. That has led other people
to revisit that problem and try to come up with
other options. Probably
most well-known, OpenBSD
has a replacement called doz, which is a pretty
great name. Yeah. It really simplifies the tool. It's like a lot less support, much cleaner. You
know, OpenBSD usually has pretty neat, clean C code. So it's a good code base. Yeah. But it's
usually something that just solves their problem. Yeah. It does remove a lot of the attack surface, but it doesn't change that key part.
It is still a set UID binary.
Oh, it is. Okay. Yeah. Yeah. So it does less. So it's less to attack.
Yeah.
But same problem.
Yeah. And Leonard kind of goes more into this saying that, you know, it's a weird concept.
Set UID binaries are invoked by unprivileged code and they inherit the execution context intended for and controlled by
unprivileged code right like you were still all all of your like your user environment
comes with you most of the time with sudo so like by execution context we're talking about like all
the different properties that a process has on linux uh environment variables process scheduling
properties c group assignments security, all the open file
descriptors, and a bunch more stuff. So that's the motivation behind systemd updating the run
command. So there's already systemd run. The idea with systemd run is instead of writing a service
file to run whatever, you know, Postgres or whatever your background is, you can do a one-off
service. You say systemd run, you tell it what to run,
and it like spins up a quote-unquote transient service for you.
Hmm. Right.
So we're trying to get to a world where there's no suid or setuid.
There's no like you run this program out of context all of a sudden.
What would I do like functionally as a user?
How would I run?
I guess I wouldn't need to prefix things with sudo.
I would just run the binary or the command or whatever it is,
and if I was in the right group or whatever,
I would just get root privileges when I ran it?
Like, how does it work practically?
Yeah, so before there was systemd-run.
Now there's systemd-run0.
It's not a new tool.
It's the same thing.
But when it's invoked under that run
zero name it behaves basically like a pseudo clone okay um but it has one key difference it's not
set uid right it asks systemd to invoke whatever command so let's say you want to do like pseudo ls
right you just you're at some protected directory you want to check it out instead of executing the
pseudo command which gets root permissions by the weird set UID stuff,
which then kind of does everything.
And has its own weird config,
which has been nice,
but is its own little world.
And pulls in whatever environment you've set up
in your unprivileged shell.
It's going to ask systemd to run ls
in the directory you're at.
So it kind of links up just the stuff that makes sense,
right?
Like making sure it knows what directory, what command you're talking about, and then what terminal you're
using. Instead of like an exception list of what you don't propagate into sudo, it's an allow list.
It only propagates the few things it needs to run that command on your behalf. So then that
spins up a transient service that runs the LS you want, and then systemd handles sort of piping the input back and forth
so that your terminal now displays what that service running under systemd is doing,
and you can pass your own input back to it.
And I guess instead of having something like a sudoers file,
we end up with like policy kit that's managing this, right?
Yep, exactly, which is kind of, okay,
it's not super friendly to the end user necessarily,
but PolicyKit is what we're already using.
Like when you get prompted to do something in your desktop environment,
that's where it's all happening.
So it's already the same language we're using to give permissions to users
in a bunch of other areas.
Yeah, like updates and just all kinds of things.
So that makes sense to kind of include it in there.
Now, it's not just more,
more secure.
Uh,
Leonard wants to say it's also a little more fun than pseudo.
What?
Yeah.
That's because it's actually going to tint the terminal background on
supported terminals.
Um,
when you invoke a root service,
so you're doing your pseudo LS,
you get like a special,
you're doing dangerous stuff,
son.
Yes.
Your terminal will have a reddish tinted background.
I love this.
Of course, there's switches and environment variables if you don't want that.
I want that.
It's kind of a nice touch.
That is a nice touch.
That's a lot, Wes.
Well done.
Thank you for diving into all of that this week.
256 is massive.
Also, shout out to Lenart for doing like that 15-ish thread on Mastodon,
which was a lot of the source for this.
We should say too, systemd isn't perfect.
There's extra complexity.
There's a whole system to learn.
There's bugs.
But there are also a lot of neat ideas from people who are thinking a lot
about the primitives and how to compose them together on the Linux,
in a Linux system.
And there's a lot you can take advantage of. Indeed. Yeah. I think there's probably more
than I realized, especially with 256. Amen. You know, it has been a minute since we talked about
system D. It feels good to get back to our roots. When we first started talking about system D on
this show, it was very controversial. And, uh, you know, I think we started fairly kind of
skeptical when we first
started covering if you go back into our back catalog we were a little skeptical and then as
time went on we kind of became a little more pro system d and uh now it's just i don't know it's
remarkable i think if you were to time travel and go back and tell us around you know episode 100
and forward about system d and where it's at now, I still think we'd be on board.
I don't think our position would have changed.
There were clear signs, right? I mean,
macOS has launched it,
which has a lot of these ideas.
Canonical decided that
change was needed enough that they created Upstart.
And then SystemD was kind of the
thing that ultimately stuck.
We don't have it now, but I'll add it.
I think we should, it'd be a good time to link to the tragedy of system D talk.
Okay.
If folks haven't seen that, it really tells the story well.
Yeah.
I'd like to ask everybody listening a question.
Are you ready to give up on sudo?
How do you feel about this?
Have you changed your opinions on system D over the years one way or another?
It's been a long time since we've had a good system D chat.
So boost it and let us know.
Are you ready to give up sudo?
Do you think differently about SystemD?
Are you running DevLon?
Yeah.
Does this kind of stuff actually concern you?
I'd love to know that too.
Send us a boost and support the show directly.
1Password.com slash unplugged.
You know, in a perfect world,
end users would only work on managed devices with
IT-approved apps. But every day, employees use personal devices and unapproved apps that are
not protected by any MDM or IAM or any other security tool. The reality is there's a giant
gap between the security tools we have and the way we actually work. 1Password calls it the access trust gap,
and so they've created the first-ever solution to fill it.
1Password Extended Access Management.
It secures every sign-in for every app on every device.
It includes the password manager you know and love
and the device trust solution you heard about here on this podcast
back when it was called Collide.
1Password Extended Access Management
cares about the user experience and privacy,
which means it can go places other tools can't,
like personal and contractor devices.
It ensures that every device is known and healthy
and every login is protected.
So stop trying to ban BYOD or Shadow IT
and start protecting them
with 1Password Extended Access Management.
Check it out at 1password.com slash unplugged.
Go over there, request a demo, or scroll down a bit and they got a video that explains a
little bit more.
It's 1Password.com slash unplugged.
Now, living in the middle of the woods, I'm always concerned about power usage.
Chris, you are too, living sort of independently, let's put it,
sometime of the year in your little home there. And so ARM had this massive promise of less power
usage, which we have all been excited about. But there's a new wave of ARM-esque devices coming out,
and I think there's reason to be excited about those too.
It does kind of seem like we may be on the precipice of Linux graduating
from the small board computer ARM world and MacBooks, if you want to try
it, to like full-fledged ARM ecosystem. Which would be
a big change because, I mean, you have stuff that's targeted, right? Like there's been the
Raspberry Pi. And as we've seen with ARM especially, up until kind of
recently as like ARM UEFI
things and other standards have kind of
proliferated, it's been a
you got this particular ARM device
and hopefully there's
someone else besides you who uses it and can
make sure that the packages build for you
and work. That's why even when the Raspberry
Pi wasn't the most performant, so many people would be like
well, it's got a good ecosystem. Yeah, people
figured out how to make it work. People built the stuff. And for the proprietary
apps, right? Open source, at the end of the day, if you've got LVM or GCC, you could probably make
it work. But for proprietary apps, you're reliant on being enough part of an ecosystem that they
care to ship it for you. Yeah. And apparently Qualicom and Arm care enough now.
Pharonix has a great article we'll have linked in the show notes about a two-year journey that has been funded by ARM and Qualicom for improving ARM Linux laptop support.
They have been spending that money on ARM kernel development for the last two years, working on improving Linux laptop support for the ThinkPad X13S and other laptops powered by that Qualcomm SoC.
Now, this is, I think, the same one that these CoPilot Plus PCs.
Yeah.
Isn't this a fascinating story?
Because on one hand, you've got Microsoft obviously working and partnering with them to build in custom pieces, AI hardware to run their spyware as a service system.
And then they're taking that Microsoft money and they're funding open source development.
Yeah.
They love open source, Chris.
Like this is worth calling out.
Qualcomm has been working to have upstream Linux support.
This isn't even like a weird custom kernel that stuck it to LTSs ago.
They've got to use their image.
This is upstream support.
And I mean, they clearly have sponsored or hired the right people that get how to work with Linux.
And that is exciting.
That is a great point.
hired the right people that get how to work with Linux.
And that is exciting.
That is a great point.
How would you go hire somebody right now today that you knew could actually get the code submitted upstream?
Like they figured that out too.
Like that took a deep dive.
And it's felt like outside of those kinds of things, specific boards, the weird phone
market, the ARM model and the Linux kernel upstream model, there's been a lot of tension.
And now they're getting ahead of it.
This is a big transition.
That's like the Intel style.
Yeah, it is.
They're doing the Intel thing instead of like the three-year behind thing.
It's really nice to actually see, right?
Because what we're seeing right now is things have actually been landing
since Linux 6.5.
Now we've got, I think, probably the key things.
Like we've got audio, we've got I think probably the key things like we've got audio, we've got
GPU support, but
there's still some things that are not
yet fully working. Display
port audio, HDR,
maybe some video
acceleration, some of the power
optimizations. Yeah, you don't need that.
But they're working on it. Those are the kinds of things that
Linux users are good at dealing with. That is true.
Yeah. That is true.
Yeah.
That is true.
Like, you wouldn't believe what I put up with on the Asahi side.
So I honestly.
Who needs speakers?
Yeah.
That's one of them.
Microphone or webcam either.
Like, just doing a meeting.
It's no big deal.
It's fine.
Don't mind me.
I'm on Linux.
But it's actually, you know, solvable problems, right?
Getting the camera working with the web browser, all that kind of stuff.
So they have been landing in 6.5.
6.9 is kind of getting out the door right now.
So some of this stuff is actually going to be working.
But we're talking about pretty reasonable systems here.
In benchmarks, in real-world benchmarks, they're beating the Apple M1 and M2 processors.
Really?
Yeah.
And they're nipping at the M3 in several scenarios.
This is a class of hardware besides Asahi we've not had access to.
Exactly.
Exactly.
Like the ThinkPad X13S, it's got the Snapdragon Gen 3 in there, preloaded with Ubuntu if you want.
I mean, I think you have to reload it.
Actually, I don't think it's preloaded.
Oh, it's preloaded with Windows 11 ARM.
Yeah, I was a little wrong on that.
But you can format.
I don't know.
Or repartition.
We'll get there.
We'll get there.
Also, wouldn't it be interesting, just an aside,
wouldn't it be interesting if Asahi eventually expanded
to be just the ARM distribution?
Wow.
Like really nail MacBooks, because that's probably a very large ARM distribution. Wow. Yeah, like really nail MacBooks
because that's probably a very large ARM population right now.
But eventually, wouldn't it be interesting
if it was also the distribution to go to for the ThinkPad X13?
I don't think that's where it's going, though.
I actually think it's going to be a lot of this stuff gets upstreamed
and it's every distro will just work.
It is kind of, I wonder, like, will this spur another wave of needing or wanting to distro will just work. It is kind of I wonder like will this spur another wave of needing or wanting to
distro hop? Like
x86, x64 support
hammered out a while ago.
Use whatever system it's going to run on
you know at the end of the day you get the right
glibc and you have the right processor
it'll probably run. Alright I'm going to ask you guys
a question and I want to open it up to the boosters
and the emailers too. So please
write in and let us know.
But Brent, say for some reason something happened to your laptop today.
It fell in the lake, fell in the river, whatever it might be.
TSA lost it.
I don't know.
What would it take for you to consider buying an ARM laptop instead of an x86 laptop right now?
Yeah, I think there's a couple things.
Like number one is software availability.
That's been a big one.
I think that got solved in the last couple of years.
You've mentioned even your own personal experience
that you are running less and less into applications that aren't available.
So that's good.
That's probably passed.
Or you got to be kind of okay using like the web version.
Oh, well, you didn't say that.
So that would be one, you know, checkbox for me.
Okay.
But the other one I get into is like there has with ARM, as I mentioned, been a promise of less power, at least more efficient power usage. A silent computer or near silent computer. That would be pretty amazing to me because, you know, we've tried hard for me and run into some systems that were otherwise excited
about,
but that are super loud.
So if you can tell me that it's like super power efficient as well.
And on the silent side,
you're starting to like check all the boxes for me.
But also just that I can choose the distribution I want, which is kind of like the big dream.
Right.
And, uh, having to choose, uh, very specifically, I think in the early days is fine for those
of us who are pretty ahead of the curve, let's say.
Um, but I would, I would hope that time period would be pretty short.
What do you think Wes?
Could this almost lead to like a, a new period of distro hopping?
And I'm also curious for you, if your ThinkPad died today, what would you be looking if you're
going to buy an ARM machine?
And why would you maybe not buy it today?
I was thinking about this.
You hinted at this question before the show.
So on the drive up, I was kind of mulling this over.
And I think for a long time, application availability was probably my primary concern.
But web apps, I've grown a lot more comfortable just running a bunch of the kind of proprietary web apps that would be electron apps anyway, just in browser tabs.
At the end of the day, I'm used to it.
It doesn't bother me.
I do weird things with my computers sometimes.
Yeah, you don't say.
So I have this sort of like back of my mind worry about constraint.
But on the other side of that,
I think I would learn a lot.
So like one of the things is
I like messing with how it boots
and different boot environments
and multiple partitions and k-exec.
Like, does that work?
I probably need to learn a lot more
about things like u-boot.
But at the same time,
that's where it's like,
I think I would kind of,
I grew up late enough
that x86 was already dominant. So like that's where it's like i think i would kind of i grew up late enough that
x86 was already dominant so like that's been my primary interface to computers i did some stuff
with mac so like you know i got a bit of that before they transitioned to intel but it's important
to understand the vast diversity of the ways computers can function to like really fully
appreciate what they can do so that part excites. It does strike me as you asked there,
like about distro hopping,
or we might be back at least for a while at another age
where like what distro you choose
isn't just what desktop you get.
It is seriously impacts,
like what can you do with the computer?
Yeah, I was thinking that.
It feels like we are right there right now with ARM.
That's where we're at.
Well, I have a question for you then
to spin this kind of the opposite
way what is the arm like elevator pitch selling point like why should i get our faster and
battery life yeah i think it's battery life yeah maybe fast not that word performance per watt
and maybe a bit of price yeah performance per watt maybe the better yeah because it is
battery life considered i don't know um it's kind of the i mean this is maybe the slower move you
already see this happening in cloud services right like amazon has their own custom arm chips and if
you want to get your best bang for your buck running a postgres server on aws you're probably
going to switch to running it on their ARM chips.
Maybe, yeah.
I mean, that's what people are doing right now. I think on the cloud, especially where vendors are building their own systems, yes, you're
absolutely right.
But Brent brings up a good question.
This is the one I'm going to put towards the boosters because we got to move on is, why
the hell should I move?
x86 seems better than ever.
It's doing more than I ever wanted.
CPU to performance and power ratio seems to be getting better and better.
Compatibility is still great.
Why should I switch?
I mean, I think I'm going to become the arm skeptic here on the show for a bit.
And I wonder if others agree.
Let me know.
Linuxunplugged.com slash membership.
It's the summer discount.
Use the promo code summer.
It'll take a dollar a month off your membership for a lifetime.
For a lifetime, bro.
That's like forever.
Well, at least as defined by you.
At linuxunplugged.com slash membership.
One dollar a month off forever.
It's valid also for the Jupiter Signal Network membership if you'd like to upgrade and get all the shows.
And of course, it means you get access to the nice, refined,
no ads version that Drew produces,
or the early release, totally raw bootleg version of the show,
which usually has double the content as well.
It's for our members,
and you can sign up at linuxunplugged.com slash membership while you are supporting the show,
helping to stay independent and on the air,
which is really appreciated during this ad,
winter, continued winter,
linuxunplugged.com slash membership. $1 a month off the lifetime when you use the promo code summer, or if you click the
link in the notes, we probably already put it in there for you. So you don't even have to type in
the word summer and you get the buck off. Isn't that something? Man, technology and hyperlinks,
I just love them. And I think you're going to love it too, linuxunplugged.com slash membership.
hyperlinks.
They just love them.
And I think you're going to love it too.
Linux unplugged.com slash membership.
So here's a little Jupiter broadcasting phenomenon that we predicted, which was we had this crazy like springtime meetup plus conference season and all of us at Jupiter broadcast and we're
like, okay, we're done.
No more.
We don't want any more of this.
We love everyone out there who we got to meet
and see but like that was a beautifully exhausting time period uh but then we went and did it and
launched all these meetups because we just like you know a month later we're rebounding yeah yeah
so uh we've got a list of meetups going on, including one Alex threw today in Norwich because he's on the other side of the ocean.
And he described it as perfect.
And it was fantastic.
So I think he had a good representation out there.
Thanks to everyone who could make it.
I wish I could have.
Chris, you also sprung up like a special Spokane meetup coming up.
Yeah, on my way out of here, on my way to Bozeman and taking a little summer vacay in July, I figured we should make good
and have our Spokane meetup. And I'm trying to talk Brent into
coming down and west to caravan with me over on, we haven't actually picked a location
yet, but in Spokane, Washington, July 13th, 2024.
We should probably, actually, if anybody in the Spokane area has a suggestion, please
do let me know. Yeah, you know better than we do. You know, the last time we did have the Spokane area has a suggestion, please do let me know. You know better than we do.
You know,
the last time we did have a Spokane meetup,
it was many years ago,
but it was at a brewery and we ended up with a pretty sweet tour.
That was nice.
So if anybody has any suggestions,
please do let me know.
Meetup.com slash Jupiter Broadcasting.
Please do sign up so we can tell them how many to expect.
I will also officially raise my hand and say,
I will be there.
I'm going.
Chris, you can count on me. I bet you didn't realize you couldn't count on him last episode. I will also officially raise my hand and say I will be there. I'm going. Chris,
you can count on me. I bet you didn't realize you couldn't count on him last episode. I didn't.
You're right. I mean, just to officially put it out there, right? I mean, yeah, now it's on there.
Now it's on the record. I also have a meetup coming up that I wanted to plan well in advance because it's in Berlin and it's in combination with the NextCloud conference that's happening September 14th and
15th. Now, the original meetup is set for the Friday, September 13th. I might move that by
just one day as a warning. So by next week, I will know. But for those who want to both join
us for this meetup, which we've been doing in Berlin for, well, about a year now, and that's
been such a fun, amazing place to meet people from all over Europe, really.
But in combination with the NextGal conference,
which I think is our listener audience's
perfect opportunity to meet a community
they really care about.
So if you're interested in coming to meet me
and a bunch of really great JB community,
that is also at meetup.com
slash jupiterbroadcasting.
And now it is time at meetup.com slash jupiter broadcasting and now it is time for the boost
oh we have some boost to get to
if you're listening
and we didn't cover your boost
that could be our bad
Albie did have some receiving issues throughout
the week apologies if we missed your boost
that means
it didn't land in my account, but we did land
for the node early days.
Yeah. Right now we're checking some of
the wallets and not all.
Keep boosting and we'll make sure it works later.
Yukon Cornelius comes in
with 55,000 sats.
Hey, Rich Lobster! You're our lobster!
UsenFountain.fm
He says, Hey JB,
have you covered the iPod modding and, in general fun, Rockbox OS?
Thanks for all you do.
Also, he sent us a live boost from the road.
Aw, thank you, Yukon.
So I didn't, not to sound like an old man, I didn't know Rockbox was still going.
I covered Rockbox in the very early days of Linux Action Show, almost 17 years ago is
when they talked about it the first time.
Oh, so it's safe to say you're familiar.
And, you know, when you go to their website, it looks about 17 years old, too.
It's actually – it's a fun idea, though.
It's a free replacement firmware for the iPod.
And it works on the iPod 1G through 6G Classic, iPod Mini, iPod Nano 1G, and Nano 2G.
Also, several other devices like the Olympus devices, Philips devices, Samsung devices, a bunch of other ones.
Now, do you think if you asked a youngin these days, would they know what an iPod is?
I don't, you know, I don't know.
I will try that.
You know, I feel like that was such a defining device for many of us.
It wasn't necessarily for me.
I never owned one.
Can you believe that?
Yes.
Oh, that's not true.
Actually, that's not true.
Someone gave me an iPod Nano.
Yeah, I believe that too.
But it wasn't the classic like scroll wheel sort of the thing that.
With spinning rust inside.
What an idea.
Did you ever have a spinning rust?
Yeah.
Click wheel.
Yeah.
Huh?
Yeah,
I did too.
I had,
I think I had one,
you know,
it's just like an iPhone,
but without the phone,
I got a,
I got a zoom too.
Oh,
the zoom.
I did.
I didn't see too many of those.
No,
they were there.
I mean,
you did see them.
I got a Brown one.
I had a Brown one.
Yeah.
For a minute. I just wanted a device. I could watch the monsters on for my honeymoon.
I think after that, I got like a Samsung phone that you could put an SD card in and play MP3s.
That was way better.
So that was like my podcasting medium, you know, before podcatchers.
devices that I'm actually always on the lookout for in
anything I buy is like the
ones that are so deeply
well loved that you end up with
these modding communities and these
alternative OS's that
just increase its lifespan
because like some people are still
rocking iPods and it's impressive
it makes me think of you know
XBMC on the original Xbox
becoming Cody
well it's better than putting these things in the trash It makes me think of, you know, XBMC on the original Xbox becoming Cody.
Yeah.
Well, it's better than putting these things in the trash, you know?
Put a new OS on them and get a whole new life out of them.
Hybrid sarcasm boosts in with 41,000 cents.
I hoard that which your kind covet.
Here's a Father's Day riddle.
Two pairs of fathers and son go fishing.
They catch three fish, enough for one fish each.
But how can this be?
How can this be?
So two pairs of fathers and sons go fishing.
They catch three fish, enough for one each.
How can this be?
So three fish total, but also two pairs of father and son, which sounds like four, right?
My first way of imagining this when I read it was exactly my experience,
which was go fishing with my father along with my twin brother,
who is always in every single experience in my childhood.
So it's like, would that be considered two pairs of father and son?
Because it's like me and my father and also my brother. I so it's copy on right father yeah exactly the youngest son and the answer is
the youngest son went fishing with his father and grandfather happy father's day thank you sarcasm
and we got a boost from a runaway 21 015 satoshi's from fountain coming in hot with the boost squid i recently found squid running on
an airplane for the onboard wi-fi which i thought was an interesting use case that's brilliant
actually yeah right are the airlines paying like you know per per byte for their providers and i
bet just cash it if you can yeah exactly everyone's. Everyone's looking at the New York Times or whatever else, right?
Here's a boost about dead battery and secure boot as well.
Possibly replace the CMOS battery to stop secure boot from turning on.
The BIOS could be resetting to defaults if both batteries are dead.
This is in response to a booster last week who had this strange issue of when the laptop battery would go dead.
Wasn't it secure boot would turn back on, which is a strange problem.
This sounds like a reasonable solution.
Ah, they were having a good experience with Linux.
I think Papa West otherwise, but not that bad.
And we did see folks have boosted in.
And then also, I think some folks in the matrix were chatting.
This was a common suggestion if you haven't tried it already.
Now, this is a zip code boost, gentlemen.
Prepare yourselves.
Oh, there you go.
Good job. Okay, 21015.
Zoom it in.
Enhance.
That is a postal code in Harford County, Maryland,
including cities of Bel Air South, Bel Air North, and Creswell.
Right now, the weather is 83 degrees.
The wind is southeast at 6 miles per hour with 40% humidity.
That's a fancy map you've got there.
That's nice.
Yeah, that's really nice.
Yeah, hello, and thank you for boosting in.
Faraday Fedora comes in with a row of ducks.
This next drinking game is going to turn the studio house into a frat house.
That's one more, isn't it?
That's our boost drink.
Oh, you're right.
Oh, no.
If we're playing by the rules.
You know, I shouldn't have said Nick's OS container.
It was just the most apt analogy.
I forgot. I forgot.
Here you go, Wes. Brent, you ready?
That's my bad.
That's the first one with the boost segment.
At least we got a chaser this time.
Alright, cheers.
No, this tea is a little more interesting than it has been for the last hundred episodes.
Oh.
Alright.
Yes, now thankfully
it does turn the studio into a frat house but we have hours of post-production to sober up.
Ain't that the truth.
Zack Attack comes in with 3,985 sets.
All right.
So then WireGuard.
WireGuard.
WireGuard.
He writes, everyone swapped to Linux due to privacy and ethical concerns with Mac OS and Windows.
But I switched because Microsoft moved the start menu button.
Thank you for listening to feedback.
I'm still kind of surprised they did that.
Yeah.
Like it's such a Chrome OS copy.
And Chrome OS is clearly a fly-by-night strategy tax victim itself.
And so they're just following somebody else who's following.
It's so funny.
And so much of your user base doesn't – they're not going to get excited about that kind of – they're not trying to buy into new models of interfacing with their computer.
You're right.
That's not why they have a computer.
We had a great comment in our Matrix chat and I've never vocalized this on the show before, and I completely agree.
Somebody was talking about the reason they switched from Windows was because they don't like it that when you install Adobe Acrobat Reader, a.pdf file is an Adobe Acrobat file.
And when you install a JPEG, like it's the photo viewer file.
And this guy's like, no, these are open standards.
These companies do not own these.
And I don't like that Windows
implies that.
You're right. That's probably a symptom of the proprietary
mindset. You got it.
Sneaky marketing. I know.
Oppie 1984
comes in with 4,000 sats.
Even though I have no interest in actually
trying Nix at the moment,
I get the Nix frustration.
My employer could switch to Linux and save a ton on Windows licenses,
and I've mentioned it a few times since we're 95% browser-based anyway.
Oh yeah, that is frustrating.
Now, when a barnacle IT has added to Windows borks our system,
everyone thinks I can fix it because I'm the Linux guy.
And when I can't because it's Windows, I don't have any admin privileges. They said something like, oh,
I thought Linux was better. Not understanding that it's different.
Oh, I've been there. I have been there.
Yeah, I feel a little triggered right now. That's rough on me.
Yeah, I've definitely been in those positions before. It will change, but it takes just, I don't know, time, I guess.
Yeah, especially when it's browser-based.
You just think to yourself, gosh, they could just do this so much cheaper, so much better.
Now, dear friend of the show, Gene Bean came in with three boosts for a total of 5,468 Satoshis.
B-O-O-S-T!
468 Satoshis. Regarding the Nix discussion as it relates to Omacube and Omacube being targeted at Mac users, I thought it would be worth pointing out that my enjoyment of Mac OS these days
is really tied to being able to make it my own via a Nix flake that utilizes Nix Darwin. This
became especially true when I had to switch to a new machine and it took care of pulling all my CLI stuff from Nix and all my GUI apps from Homebrew and the App Store VMS.
You know, since we've broken the seal on the Nix stuff, something that was really, really cool that we continue to iterate on since I've been out in the woods is I really love this model that we developed where Wes was creating
a flake for Bitfocus Companion so that way I could do the automation stuff.
Wes was working on that while I was like solving problems with
standing up a new B-Link and getting that resolved and getting everything configured.
We're kind of working at the same time in different areas
because you were able to pull my config
and stand it up in a VM.
Yeah.
I was showing the lady like, oh, look, I'm logging into Chris's computer.
Of course, none of your data is there, but it's my setup.
I kept your account on there.
It was easier to just change your password.
You took my config and brought it up in a VM.
And so he and I are able to, at the same time, solve two different problems.
So I'm solving like pipewire problems.
Wes is solving companion build problems
and repatching it to support emojis
and then giving me a flake.
And then I check it out from GitHub
and I rebuild the whole thing.
And both of our work has been merged together,
even though we're on separate locations,
on separate systems, doing separate things.
It's really great for production software,
especially if you're trying to iterate quickly,
you know, because we could,
okay, we could try this.
All right, I'll try this.
I'll try this.
And all I do is I just check out,
go get the new configuration
that Wes has just upgraded and merged in
and rebuild.
And, you know, we ran into a situation
where it wasn't rebuilding
and you were able to just easily,
like, comment it out for a bit and rebuild
and then we could iterate from there.
Yeah.
Yeah, so you want to post that? That flake? Add it in right now. All right. And you were able to just easily like comment it out for a bit and rebuild and then we can iterate from there. Yeah. Yeah.
So you want to post that?
That flake?
Add it right now.
All right.
So there.
We'll put that in the show notes.
Now Bean continues here.
For the person out on the farm last episode doing the rural carrier route, one suggestion I have is to focus on pre-downloaded and locally hosted content.
In both scenarios, you can let them download slowly overnight
and enjoy them lag-free during the day.
I will plus one that.
You know, I'm a big fan of using SyncThing,
so I download things somewhere where I have a wired connection,
and then I use SyncThing at night to move it over.
And then I also set Steam to do all of my downloads and updates
between 12 a.m. and 5 a.m.,
and I set Duplicati to do all my backups in the evening.
So all that stuff is happening overnight where it doesn't impact the user experience at all.
Great advice, Gene Bean.
Thank you very much.
Appreciate that.
Now, Gene has one last question.
Hey, what are those magical Nix lines you were speaking of last episode to get better
Bluetooth audio?
Oh, that's just on the wiki for Bluetooth and NixOS.
If you go look it up, it's on there.
I actually did not implement it on my system.
I'm still a big fan of those Logitech, I think.
I think they're Logitech headsets that use RF,
and it's just a little USB dongle you plug in.
But it is in the Bluetooth wiki post.
Now, Ian clearly comes in with 4,444 sets.
That's not possible.
Nothing can do that.
He writes, regarding the dev shells,
check out Derv, or Derv environment with Nix.
We'll put a link in the show notes.
He says, I prefer to use the local flakes
due to the update mechanism.
Nix flake update versus, say, using a tag or a hash via the remote URL
pattern. It's linked in the article.
Yeah, I think they're talking about if you don't do flakes,
a common pattern was
manually fetching the Nix packages repo
with a hash in your configuration
because flakes kind of do that for you
with the flake.lock. So that's
what that's talking about.
Combined with flakes is very powerful for
dev work.
We get different versions of tools.
You can declare them with source code.
I think what I'm jiving with here is going back to DHH and Amacube, you could say, I don't know, have some sort of screen where you say,
I'm a Ruby developer, I'm a Go developer, I'm a.NET developer,
and then it just maybe would build an environment for you
using these tools. Yeah.
The Durham stuff in particular is neat because if you have
Durham and Nix Durham installed
and Nix on your system, then
when you enter
a directory that's a repository
that's set up for this,
it's like running Nix develop
or Nix shell. So you get basically put into the development environment
just by CDing into the folder.
And then he comes in with another row of ducks here.
And I thought this was a good point.
You could, you know, think of this as another way
to maintain separation of installations.
Like Windows Subsystem for Linux does this really well.
You have a total separation.
You can get in there, you can work,
you don't have to worry about messing up your main system.
He says, it lets me keep my Ubuntu install extremely focused towards the goal of being a solid base for dev projects.
No spray and pray here.
He says, I had not heard that before.
It's what it feels like though, right?
When you install some of this stuff, you're just spraying it all over your file system.
So I call it spray and pray.
In the pre-show or the the pre-pre-show,
on the live stream, or the members edition,
you were talking about how when you do updates
on a system, on most distros,
it does them in place, right? And so,
if you don't reboot for a while,
slowly your system
degrades, or the thing that's running
is no longer linked, or it tries to
pull in the library that's a newer version.
Yes.
That just doesn't happen.
No, you just keep going about it and then you switch over.
That's what's so great.
I mean, and that's true about Silverblue and some of the others too.
And I think it's something people will come to appreciate.
There's a reliability to it.
The system remains entirely consistent until I reboot and choose the new environment.
And if that doesn't work, I choose the previous environment.
It's huge.
ForwardHumor, who comes in with two Rosadux.
For a total of $4,444.
Okay, well, responding to Kdenn's boost about the Pop!OS laptop and Secure Boot issues,
I wonder if the BIOS config is reverting to factory defaults due to dead CMOS battery.
There we go.
Yeah, I think that's a pluss due to dead CMOS battery. There we go. Yeah.
I think that's a plus one on the dead CMOS battery.
If the clock is getting reset as well, that might confirm it.
Even if not, it might be worth swapping a $20 battery as a test anyway.
Yeah.
You know, that's a good, solid little layer one bit of advice.
Thank you.
And then in the second row of duck, responding to squid proxy.
Yeah, I asked if people are still using that.
I like the concept of web caching.
In low bandwidth or very large networks, it can still be kind of worth it.
But the majority of the web being HTTPS now, it's become a lot of labor to decrypt that traffic,
get root trust certificates to all the devices that are using the proxy,
troubleshoot broken domains that don't like decryption.
Anymore, I would only recommend it with a commercially supported squid solution like Appliances, who does all the heavy lifting.
I hadn't thought about the fact that even the images now are HTTPS.
So there's very little a squid proxy is going to actually cache for you.
What a shame.
I mean, you'll get some stuff.
Yeah, that's a real stuff. Yeah. But.
Yeah, that's a real shame.
Not.
Yeah.
Well, Torp sent in a nice boost here with 5,150 sets.
Fun will now commence.
I've got an idea for a challenge for you boys.
It's the create your own network time date server challenge.
You'd get to create your own time zone and see what it's like when your device runs off its own private clock.
Okay, this is brilliant.
I am so in.
We have jokingly had JB time for a long time. Right? Plus, I don't
know, like time zones and time, it's perennially
like, you know, something that bugs
computer people, developers.
Yeah. And as we were
looking at Rock Toolkit, we realized all these
machines need to kind of be synced up.
Yeah. Having a shared source of time that understands how complicated time is.
I'm not quite sure I totally understand how this would manifest into an episode, but I'm loving this idea.
But I don't know how we go from idea to episode.
Boost it and let us know.
Does this also mean the audience can join us on our time zone as well?
I guess so.
You know, I think if we did this, we should have a public time server that everybody could sync to.
Right?
Wouldn't that be fun?
That sounds like a lot of responsibility. Anytime a show is live.
Yeah.
No, we should think about that.
Right.
The LUP live time should be a very, very quintessential part.
It starts the week?
I don't know.
Yeah.
Yeah.
Huh.
Okay. Something we will consider. Thank you. know. Yeah. Yeah. Huh. Okay.
Something we will consider.
Thank you.
I think it's at least a starting point.
VT52 comes in with 2,000 sets.
I love XScreensaver, but I'm stuck staring at an Android device all day.
Great news.
XScreensaver is available in the Play Store and Android.
Wow.
He says, imagine the thrill of lime green glow of GL Matrix.
I'm going to install this right now.
Chill out to the creepy vibes of Chompy Tower.
It's available as a screensaver and live wallpaper.
For bonus points, you can chuckle at the privacy policy.
Uh-oh.
Uh-oh.
You know what's funny about this is,
so I have this Samsung screen connected to my machine at home that doesn't have a power button.
So it's on all the time.
So I thought to myself, hey, wouldn't it be great to have a screensaver like the old days since the screen's on all the time?
No, man.
In Plasma 6 and Wayland, no screensavers.
Nothing.
It's all gone now.
It's all gone.
So it's funny that you can do this on Android, but you can't do it on Linux.
It's a 50 meg download in F-Droid, but let's –
What?
Well, there's a lot of tubes and flying toasters in there, dude.
So you know what I mean?
You know what I mean?
Yeah, you get that installed and report back.
By the meantime, you got a boost to read.
T-Boy Nomara comes in in with 12,345 cents.
So the culmination is 1, 2, 3, 4, 5.
Okay, this is in response to the next drinking game.
Uh-huh.
Maybe this is a proposal.
I'm interpreting this as a proposal for the audience.
How about we take a drink each time you mention our favorite distro?
Enjoy the show.
I mean, you're welcome.
Drink along.
Just be sure you can sober up.
Don't do it while you're driving, I guess would be my only advice.
For sure.
I'm not going to tell you how to drive.
I'm from the 80s.
I'm not going to tell you how to drive.
But just consider that.
Leaky Canoe sent us 11,266 sats.
This is the way.
I just heard a podcast with a dynamically inserted local advertisement for the local town festival, which is about 10 miles from me.
Frankly, it was jarring to hear a local ad inserted into a global podcast.
Thank you for your approach to advertising.
Honestly, vetted and relevant to your audience.
JB content is top tier enjoy the sats
they're well deserved thank you leaky canoe i saw your boost come in live like i do many of them
and i read it to my wife after i did a little demonstration so there's a podcast i've been
listening to that is doing the same thing and they're doing locally inserted dynamic ads and
i had the wife hit play and it played an ad for something nearby.
And it was so creepy to her.
She said it was as creepy as like if Facebook was listening to your
conversations and advertising to you,
like it was a violation.
She felt like I might be crazy,
but I almost feel like,
okay,
I don't like it in the podcast domain,
but as display ads,
I kind of think this is better.
It's like,
I don't care about the global thing.
I agree.
But like I do want to know
what if I had never heard of the festival?
I might go to a town festival.
Like that seems pretty reasonable
and I know that my IP from my ISP
is geolocated to anyone who wants it anyway already.
Right.
I think it's the in-your-face aspect of that
that was a shock to her.
She's like, that makes sense.
Whoa, whoa, whoa, whoa.
Like that is very geolocation specific. That felt like a violation to her. She's like, whoa, whoa, whoa, whoa. That is very geolocation specific.
That felt like a violation to her.
And she didn't really quite appreciate that that's
how the dynamic ads work.
I don't like that either
as a form of advertising.
I do think, I mean,
as web ads maybe.
It's not going to be bothered at all.
As a Google ad, maybe. Because it's already Google.
They already know everything about me. Yeah.
That's one thing.
In the podcast, that means like there's a lot going on
when you hit that play button
that I just am not super comfortable with.
I don't like that.
I think I'm going to test you here, Chris.
Like why should you be okay with Google having all of that on you
and be okay with the ads being so targeted?
It's just because it's a battle we've already lost.
That war was won by Google before it was ever fought.
So it's a loss.
I can't just snap my fingers.
But as a podcaster who's making podcasts,
I can actively choose not to embed advertising that uses geolocation.
So it's like it's a battle I can still fight.
But the Google thing's gone.
There's probably two issues that get tangled together,
and one is like the amount of targeting
and locality of the advertising,
and then also the like, is it a host read or not?
How native does it feel?
Right.
Is it well-integrated, or is it just, you know,
a terrible quality piece of audio
that gets slammed in in the middle?
What you're saying is we need AI to use my voice
and just do location-specific reads. What you're saying is we need AI to use my voice and just do location
specific reads. Now you're talking.
As long as they license it from you, yeah.
Thank you, Leaky Canoe, for the idea.
Noted.
We kid, and I agree with you.
Purple Dog comes in with 5,000 sats.
The traders love the vol.
Thank you.
We use Squid at Work as a whitelist rather than caching.
Our servers don't have internet access unless they go through Squid
and it only allows domains on the whitelist, which is a fairly short list.
We also have alerts set up for Squid denying any request to suggest something is running,
which we were not expecting.
Wow, Purple Dog.
I don't want you to tell me in a booth, but I'd love to know to meet up exactly what you do.
As somebody who ran the Squid server, yes, we do know everywhere you're going.
And we know every URL, even down to the.jpg and png.
I love hearing this because I think this is, folks are being more security conscious generally.
folks are being more security conscious generally.
And having this implemented via Squid and open source tooling
seems really neat when a lot of folks are going with
proprietary quote-unquote zero-trust
vendors that do a lot
of the same stuff but are totally proprietary.
So thank you for telling us
about it. AutoBrain boosts
in with $12,345.
Yes, that's amazing.
I've got the same combination on my luggage.
Happy Father's Day, everyone.
Pop open your favorite local brew and savor some Rainier cherries.
Kick back and enjoy.
I guess substitute with the in-season fruit of your choice near your locality.
Yeah.
Thank you.
What a nice sentiment.
Thank you, Outer Brain.
Appreciate that.
Podbun sent us 5,000 sats via fountain.
Everything's under control.
I never got tired of the boost sound effects.
It feels like a part of Linux Unplugged and JB in general.
But if they do go, I guess I'll still listen.
Thanks, Podbun.
That is nice.
You know, I think it's been an equal amount of haters and lovers,
so it's kind of nice to have that signal.
Appreciate that.
Simon comes in.
We're on next.
On the topic of YouTube taking podcast ads, why not add the pod on YouTube?
Maybe a clip per chapter, much like how Jim Concrete does it.
Side note, your ad reads are great, but Jim has the R-rated flavor, which gets me a good laugh.
You know, you should listen to the members version. There's some R-rated flavor, which gets me a good laugh. You know, you should listen to the members version.
There's some R-rated flavoring
in the members version, Simon.
So YouTube,
as far as getting on YouTube,
I think the show would die on YouTube.
If you look at the
open mouth phenomenon
that is YouTube, I think that shows you
that people are chasing the algorithm game.
And could you imagine
trying to make a show about SystemD
work on the YouTube platform?
I don't think it's a winner.
Now, that's not to say we shouldn't cross post,
which we're going to work on and do that pretty soon.
Yeah, we used to and we questioned if it was worth it.
And we'll do it again as a distribution
mechanism.
But as a distribution mechanism. But as a
distribution platform,
the incentives are wrong. But
the worst part is
if we are successful,
then we are stuck at the
teat of Google for
all of our revenue. So
the success is
a failure. There is no winning
the YouTube game. But I am happy to publish there for people who want to take advantage of their fantastic CDN and distribution.
Yeah.
Maybe you pay for premium.
You want to sing a duet.
Whatever.
They got a good platform.
They got a lot of apps.
I have listened to some other podcasts via that platform in the past.
There's that too.
There's that too.
I know.
PC Null Ref comes in with 5,000 sats.
Everything's under control. Hey, that Null
didn't break the boost scraping script. Hey, yeah. I've been on and off many years with Linux, but
so far it never clicked. But then a year ago, I got fed up with Windows 10 running random processes,
ads, slowdowns, and my mind was set. Yeah. I wanted control back of my hardware.
I always felt that it really wasn't my hardware.
It was Windows.
But with Linux, it's mine.
That's what free means to me.
And now I'm more happy than ever.
Arch, Manjaro, they're my current selections,
but I'm keeping an eye on NixOS.
I think with more software going cloud, there's just less reason for Windows.
And now they're just bundling junk and AI on everything.
Yeah, well said, NullRef.
You're right.
That is a great boost.
And welcome to the Linux world.
We're glad you found us.
And congratulations on setting up a podcasting 2.0 app and setting a boost too.
You're at the cutting edge already.
Well done.
I want to pull one boost up from our under 2000.
Sure.
It's 1,999.8 sats from 8565 saying, the unplugged thing has gotten so out of hand.
There's a poultry podcast called The Fell Frontier Poultry Science Unplugged.
Unplugged!
You know which one gets my gears kind of up in a cackle?
Is that a thing?
Can I combine those two?
It is there.
And then grinds them?
There's an RV Unplugged YouTube series.
RV Unplugged.
And they kind of use our font.
Oh, no.
Yeah. I know. is there a rocket?
no no no rocket but it's like
a reality TV show
but for YouTube about Arveen
it's hilarious
and I swear not what Arveen is really like
but kinda is so if you want to check it out
thank you everybody who boosted and we had
22 boosters like Wes mentioned
wench over there, message.
I thought it was Russ. Oh, boy, boys.
Oh, boys.
Russ.
Russ.
Nice.
Oh, boy.
The old Nick shots are kicking in.
But we had 22 boosters.
We had a few under the 2,000-sat cutoff, but we read all of them.
We have all of them in our document.
Like, open-source accountant came in live during the show to wish everybody a happy Father's Day.
We stack 208,238 sats.
Thank you, everybody.
And thank you to our sat streamers who are sending those sats as you listen.
We do see you.
We do appreciate you.
This is a value-for-value production.
If you got some value from that breakdown of System D or talking about the ARM systems
or you just enjoy keeping us around and want to listen more,
we appreciate a boost to help support the individual production.
A split goes to each of us.
It goes to the network.
It also goes to our editor, Drew, and the podcasting 2.0 ecosystem.
It's also a nice way to kind of, sort of have a conversation with you.
That's true. I get to read them in the show.
And that is one of our favorite moments.
Alright, I got a pick for you boys.
And this one is kind of
well, it's a little
selfish because I actually installed it this week
and set it up for the wife. Oh.
It's called Iotas. You're giving her
the picks before us now? I know.
That seems fair. That seems fair. I know. I'm sorry. You know. She deserves picks before us now? I know. That seems fair.
That seems fair.
I know.
I'm sorry.
You know.
She deserves it.
You know how it is.
Happy wife, happy life.
IOTAS.
I-O-T-A-S.
It's a note-taking application that does kind of, well, I'll tell you the killer feature
in a second, but I also appreciate that it's marked down.
But its killer feature is that it has syncing with NextCloud notes using the REST API.
Oh. Not WebDAV the REST API. Oh.
Not WebDAV.
REST API.
So it's nice and fast.
And then you can go check those notes in the web version of NextCloud, which is really nice.
It has focus mode.
It also has export to PDF, ODT, and HTML.
It also follows a lot of the modern genome design guidelines, including if you use Genome and you want to search, you know, when you hit the meta key or the super key, you can actually search your notes with this, which is really nice.
It has some nice CLI tools and some backup retention tools.
But it's, you know, for me, its big feature is the Nextcloud note sync is via the REST API and not WebDAV, which makes it really nice and snappy.
So it's been working well?
For the three days I've had it installed, yes.
And it looks totally fine on a Plasma desktop too.
It is definitely a modern GTK application
with a focus on that.
Are you using it via Flatpak?
No, which is good.
How did you get it installed?
Oh, for her, yes. I guess it is via Flatpak for her machine, but for me could. How did you get installed? Oh, for her, yes.
I guess it is via Flatpak
for her machine,
but for me, no.
I have it installed
on a machine
that's running Ubuntu.
I think.
I'm making you
question everything.
I think I did for her
on the Flatpak.
You come in with a hot pick
like that, I'm just...
I don't remember.
I did for her
a Flatpak.
There's a cool feature here
that looks like
it's in preview.
Export to PDF,
ODT,
and HTML.
I already said that.
I already said that.
This episode's going
off the rails.
I said that.
I said that.
Hello?
You guys are wrecking
the show.
Yeah, for sure.
I know it is.
Markdown notes.
It syncs with NextCloud
REST API.
That's all you need to know. That's all you need to know.
That's all you need to know.
Set it and forget it, okay?
So check it out. We'll have a link in the show notes.
It's Mark... Nope, should not show notes.
What is that?
Alright, we're done with the drinking game.
We're done. We're done. It's over.
Oh my gosh. We have to change the rules.
If you like Markdown, if you like NextCloud,
if you want something that's a modern GTK application that looks fine on Plasma 2,
IOTAS, I-O-T-A-S, we'll have a link in the show notes.
And, yes, it is on Flathub, which is how I installed it for her.
All right.
Thank you, everybody, for joining us on this week's episode.
We would love to hear from you if you're ready to give up sudo or if you've changed your opinion on systemd one way or another over the years um i feel like i've doubled down on my position but i'd love to know how you feel boost
in and let us know we'll talk about that next week also if you want to help contribute to our
next drinking game um you're welcome to boost in i'm ready to cut it off i feel like by the end of
the show the wheels are barely on the car yeah maybe we like earn demerits that then have a conversion scale to drinks. Something like that.
See you next week.
Same bad time,
same bad station.
We will be live
next Tuesday,
as in Sunday,
at noon Pacific,
3 p.m. Eastern,
over at jblive.tv
or in a podcasting
2.0 app of choice.
It'll be live
and in your podcast app.
That's kind of handy.
Links to what we talked about today,
they're at linuxunplugged.com slash 567.
Of course, over there we have the contact page,
the RSS page, and more.
Then if you go over to Jupyter Broadcasting,
that's a podcast network.
And over there, yep, we've got more shows
like the self-hosted podcast,
the Coder Radio podcast,
This Week in Bitcoin, and more.
Thank you so much for joining us on this week's episode of the Unplugged program.
And we will see you right back here next Tuesday, as in Sunday. Thank you.