LINUX Unplugged - 576: The Secret Server
Episode Date: August 19, 2024We reveal how we turned our humble LAN into a public server farm, all while keeping our IP address under wraps and our ISP blissfully unaware.Sponsored By:Core Contributor Membership: Take $1 a month ...of your membership for a lifetime!Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Support LINUX UnpluggedLinks:💥 Gets Sats Quick and Easy with Strike📻 LINUX Unplugged on Fountain.FMToronto Meetup — Thursday, Aug 29, 2024Berlin with Brent — September Meetup @ Nextcloud Conference, Saturday, Sep 14, 2024Check out Alex's "Building a Colo Server" video — Building a colo server for Jupiter Broadcasting using the 45Homelab HL15 server.Firewall - NixOS Wikinftables wikiThe netfilter.org "nftables" projectGentoo Nftables Examplesnetworking/nftables: add .tables property and disable ruleset flushing by default by mkg20001Example nftables configOlympia Mike on "verified only Flatpaks" — I'm curious your take on a recent update that happened in Linux Mint, and the possible knock on effect of it.Incus is a next generation system container and virtual machine manager.Incus - NixOS WikiMoving from Proxmox to IncusMembership Summer Discount — Take $1 a month of your membership for a lifetime!Referral Code eXchangeauto-tab-discardtab-session-managerOneTab extension for Google Chrome and FirefoxTubular — A fork of NewPipe that implements SponsorBlock and ReturnYouTubeDislike.
Transcript
Discussion (0)
Hello, friends, and welcome back to your weekly Linux talk show.
My name is Chris.
My name is Wes.
And my name is Brent.
Hello, gentlemen.
Coming up on the show today, we'll reveal how we've turned our humble studio land into a public server farm,
all while keeping our IP address under wraps
and our ISP blissfully unaware.
Plus, we'll get to a bunch of your feedback
and then we'll round it out
with some great boosts, some picks, and more.
So before we get any further,
let's say time-appropriate greetings to our virtual lug.
Hello, Mumble Room.
Hello, Mumble Room.
Hello, guys, and hello, brunch.
Hello. Nice to have you in there. And hello toumble Room. Hello, Mumble Room. Hello, guys. And hello, Brent. Hello.
Nice to have you in there.
And hello to all you up there in the quiet listening.
That's in the cheaper stadium seating, you know?
Free admission up there.
I mean, of course, we make everybody pay for the on-air, of course.
Yeah, there's like peanut shells on the ground, but it's a certain aesthetic.
Yeah, yeah.
You know, you've got to pay for somebody to sweep up those shells and then put the shells back down.
So somebody's got to do it.
And let's say a big good morning to our friends at Tailscale.
Tailscale.com slash unplugged, y'all.
It's the easiest way to connect your devices to each other directly, and you can try it for free up to 100 devices.
One hundy.
One hundy.
I'll tell you what.
We use Tailscale.
You'll probably hear a little bit more today about how we use Tailscale.
We use Tailscale for so much these days.
what? We use Tailscale. You'll probably hear a little bit more today about how we use Tailscale. We use Tailscale for so much
these days. Replace your legacy
VPN infrastructure in just a few minutes and connect
multiple cloud providers together
like it's one flat network.
Check it out. Tailscale.com
slash unplugged. Go there. Support the show.
And thank you to Tailscale for supporting this here show.
Just a brief
housekeeping here before we start the show.
We have two meetups just around the corner, August 29th in Toronto.
Did I get it right?
No?
You can work on it a little bit, but you're getting there.
Taruner?
Sounds like you'll have a chance.
Thursday, August 29th.
Yeah.
Tarana.
Toronto.
I'm trying.
Brent tells me I pronounce it wrong.
Well, when you get to Toronto, you'll get it right.
You just said Toronto. Toronto. Okay, I got it now. I got it. I'm never going to pronounce it wrong. Well, when you get to Toronto, you'll get it right. You just said Toronto.
Toronto.
Okay, I got it now.
I got it.
I'm never going to forget it again.
We just get a clip of Brent saying it, and we have to replace every time you try to say it.
Toronto.
And then Brenly's got a meetup, Berlin with Brent, September 14th, Saturday.
Don't use the times on our meetup page.
Those are all in West Coast, but they'll tell you the date.
Which is especially bad when it's happening in Europe because it seems like we're having meetups real early in the morning, but that is not the case.
Both meetups are in different time zones than the meetup page.
Really good stuff.
Really love it.
All right, so let's talk about our hidden infrastructure.
So the background here, we've talked about this in self-hosting a bit too.
We are migrating here at JB on the back end.
And we're going from most of our infrastructure in a VPS to most of our infrastructure in self-hosted systems.
The bulk of that infrastructure will be in a new data center in Toronto.
the bulk of that infrastructure will be in a new data center in Toronto.
And then there'll be a smattering probably here at the studio,
maybe even one day at Wes's place or Alex's place, kind of spread around.
Some of the infrastructure that isn't super demanding,
maybe it provides like a support role for other services but isn't directly audience facing.
Yeah, right.
Like there's the class of stuff that handles distributing, you know,
dealing with the podcast stuff. There's the live stream stuff. There's like website stuff. And then there's stuff that we just use as part of our production, but no one else really needs to interface with. public access either by some other service or maybe even by a listener directly on a rare occasion.
And for that type of stuff where the network performance isn't as important as, say, storage or compute,
we're going to put those workloads on our LAN.
And we wanted to do it in a way where we wouldn't expose our LAN IP address.
And Comcast, who's our ISP, wouldn't necessarily need to be aware of what we're doing.
You know, we're not doing anything wrong, but we don't really need them involved or in between.
Like we've had some early testing where some providers like OVH seem to have issues connecting
all the way into Comcast on certain ports.
Like Comcast just doesn't allow OVH machines to talk to certain ports to Comcast machines. Yeah, we've seen
instances to you where it just seemed like maybe the peering we were getting coming from the studio connection
just wasn't great. Yeah. So we wanted to be able to take advantage of something
that is well peered, that is well connected, that is public already, like a VPS.
And this isn't necessarily like a revolutionary idea. In fact, we've done different
iterations of this just for individual show segments where you spin up a node in the cloud, like say on Linode or whatever.
And then you open up the ports and have it forward over a VPN or we've even done like an SSH connection before.
But in this case, we wanted to work over a mesh type VPN network, in our case, tailscale, because it gives us some really neat optionality down the road.
If the front end, the front door to the public is a VPS,
and the back end is on tail-scale,
or it could be Nebula or NetBird or whatever,
you know, whatever your mesh choice is,
the actual physical location of the node no longer matters.
The node can be anywhere.
We could move it to different buildings.
We can change data centers if something isn't working right.
You can take it on the road with you if you need to.
Right, because the actual communication between the VPS that's in the cloud,
the front door, and the back-end node,
that's all happening over your mesh VPN.
And that IP, regardless of where it is,
or another example
is if, you know, maybe you have Comcast like we do, we do, and it's a dynamic IP and they
change your IP from time to time.
That does not impact the setup at all.
At first we tried, well, let's just set up our firewall and we'll, we'll open up some
ports.
You know, we don't like to do that, but we'll do it.
It was a minimal set too, right?
Like, yeah, like three ports.
Because there is already mesh networks at play in the background,
most stuff on the studio you can just get to over tail scale or whatever.
So in this case, it was like, okay, we're making some exceptions,
a limited subset.
We don't need public SSH or things like that.
But we do need to operate these services in particular a couple.
Yeah.
And so, all right, fine, we'll just let inbound traffic.
It's whatever.
We have plenty of other production gear here.
It is what it is.
But the reality is it just didn't work very well.
It just didn't work for people that were trying to use the services that we were intent that,
you know, that's why we were making them publicly available.
Like Wessig, Comcast had peering issues.
And then there is the concern of leaking our IP address just out there in general.
Somebody could, you know, be a jerk and troll us.
address just out there in general.
Somebody could, you know, be a jerk and troll us.
So when we realized using our Comcast internet connection was just going to lead to problems down the road, we kind of stopped what we were doing and retooled.
And that's when we decided to kind of split it up.
And we put, we spun up a Linode and we put, originally it was a Buntu system, and then
we reloaded it to a NIC system, of course.
Take your shot, gentlemen.
And set it up as just a minimum viable
VPS, kind of low specs
and doing a little port forwarding.
And Wes, I thought you could fill us in on some of the specifics
here because it's pretty nice,
little solid, minimum viable setup that
I think is almost appliance-like in its nature.
Yeah, I think we were hoping for that, right?
We didn't need, obviously a downside.
One downside of doing it this way is now you have an even more distributed system.
You have two boxes.
They both need to be online for your whole system to operate correctly.
So, you know, if you go and introduce a whole bunch of complexity in your forwarding node,
then okay, that's not great.
Yeah, just third-party risk essentially yourself.
And yeah, since, you know, we've been getting comfortable with NixOS for deploying the stuff,
and it didn't, you know, we didn't need to deploy any stuff that wasn't packaged in Nix
or was especially exotic or proprietary or any of the known, you know, kind of NixOS
common edge cases.
So it seemed like a good fit.
And actually, it ended up giving me a chance to play a little more with NF tables, which
I've dabbled with now and again, but never really put into production use.
Yeah. Why NF tables? Why not IP tables or, you know, something like that?
Yeah. So they all use a net filter, the actual like kernel sort of network filtering abstraction and framework in the kernel under the hood.
NF tables, I'm just using it 2024, but it's not new.
Yeah. It's been available since 3.13 oh really yeah that's uh 2014 jeez i still kind of think of it as new yeah i mean it's the new
kid on the block right like what was the first one was like ip chains right and then ip tables
and now we got nf tables and i know there's some stuff around using like bpf for firewalls too
um nf tables already has some of that kind of functionality in that it was implemented by adding a virtual machine
like is often done for right packet filtering type applications.
It added a simple virtual machine to the Linux kernel,
which is able to execute bytecode,
inspect network packets and make decisions on,
yeah, do I, you know, does this route,
do I allow it to come in or do I just drop it?
And that means speed.
Yeah.
So the main advantages of NF tables over IP tables,
besides it being sort of new, less
like this is the current slash future,
big simplification of the Linux kernel
ABI to make this work under the hood,
a lot of less code
duplication, so just simpler, cleaner
code, improved error reporting, which
is really nice for this kind of thing, more efficient
execution, storage
and incremental changes of filtering rules.
All of those are more.
That all sounds really good.
Yeah.
I know like some problems too,
some folks had seen is like,
as you had really long IP tables,
rule sets,
just the length of going through that
could be performance limitation.
I think NF tables does a lot better
in those kinds of uses,
which is not what we're doing, but.
I think a lot of people that are still using IP tables,
they probably have a much simpler IP table setup,
something real basic, just basic, you know, allow-deny kind of stuff.
I think that's why IP tables kind of survives still today.
Yeah, I mean, it kind of depends, too.
Are you doing it yourself?
You're like a sysadmin who knows their way around what you're doing,
or are you just using something like UFW or FirewallD,
which either uses IP tables or can use NF tables these days under the hood, too.
And we should note too,
like there's all kinds of different shims and layers in place, right?
So there's something that takes IP tables commands and just translates them
into NF tables.
You can kind of have both worlds.
That's nice.
Yeah.
So a lot of things end up happening that way too.
That way you don't necessarily have to have, you know,
everything in the world update its understanding all at once.
So NF table seems like a winner, an obvious choice,
especially when we're building a modern system.
Yeah, I will say, I had been a little skeptical just because, like,
I don't know, every time you have to relearn this stuff,
it's just another thing, right?
And IP tables is not super, I don't know, easy,
it's not the right word, scrutable?
Like, it's just kind of, it's got its own esoteric language
and, you know, ways you interact with it.
And I'd become familiar enough with that over the years,
not for doing crazy complicated stuff,
but just the basics of basic Linux firewalling and routing.
So when you're looking at a new solution, you're like,
well, how much better is it?
Is it worth relearning whatever I need to do here?
In the past, I'd used some things like Firehole was one,
which is kind of like a wrapper on top
of IP tables that kind of just made a lot of the
a little more robust, caught edge
cases you might not, and also just made it
a little nicer to interact with. So I was
skeptical of NF tables just because
I was wondering, like, is it enough of a percentage
improvement over the stuff I have used
to, like, really be worth it?
And it didn't help that, like,
there's two ways of interacting with it, sort of.
You can flush your rules
and then sort of declaratively
say what you want all of your rules state to be.
And you can make on-the-fly changes,
sort of like what you do with IP tables,
where you just run the command and it dynamically
modifies stuff. And you need that,
if you're operating in a firewall,
something happens, you need to make a change,
you're responding to an event. Ideally, you codify that and code or whatever else down the line or
you revert it and go restore to the regular operating state or whatever so i saw a bunch
of these examples that were just sort of like imperative commands to go set your stuff up
plus then it had a bunch of like quoted nf tables like expression language in there and i was just like i don't know it's a lot it's it's a
lot and then to make all of this sort of more complicated nixos itself comes with a basic
firewall right which can use iptables or nf tables under the hood i was wondering if that's what you
were going to use just do that and super useful um it lets you set up a deny by default system
right which which is often what you want in these kind of things. And then you can manually list the ports that you want to allow.
Or what makes it so handy is if you make a NixOS service, right,
like here's a Postgres or an SSH as an example, right?
I tell NixOS I want to run SSH.
There's an option in that service to just say, oh, yeah,
and also go tell Nix to open the firewall port, right?
And then so it all kind of works in its coherent system to, know which ports you need open based on the services you've declared so you
also then run into the area oh one other handy thing is you can have trusted interfaces which
just are like hey yeah this is my private tailscale network let all traffic coming from
tailscale handy into this that's nice so those are all features that i didn't necessarily want
to throw away and i'd seen you know, forums and various places,
like folks had gone as far because you have all of the firewall data as data in Nix.
You could implement your own firewall thing and read that data
and make sure that you open the ports that your config requests.
You can like kind of shim those together, which I think is really neat, powerful.
If you wanted a big custom system, I could totally see going that way.
We were not at that scale.
That was not what we were doing for this task.
We were not developing a firewall product
or a load balancer or anything like that.
Not yet.
So, but I saw, I'll say,
I saw that there'd been some changes
to how NF tables was handled in NixOS
that lets you have both.
You could let NixOS manage its side of the firewall,
and then you could extend that with your own tables,
and it would get applied cleanly,
where because Nix knows what your tables are,
when you go to reapply your rules,
it'll delete its rules,
it'll delete the rules you've defined through it,
and then it'll redefine them with the updated ones.
So you don't keep running extra rules
every time you rebuild,
you don't have weird contaminated states between versions.
So it lets us declare what we want to do with our routing,
and it lets us benefit from the built-in NixOS side,
and it's still just using sort of standard NF tables
that you could use on whatever distro.
That is a nice kind of halfway setup,
where the easy button you can press for,
like I'm looking at your config here, trust interface for the tail scale zero interface.
That's so slick.
Allowed TCP ports and you just define them right there.
Very simple to understand.
I like that.
It's interesting, like, I didn't really think of this as being a, like, a pre-thought out solution that they've come up with, but it clearly is.
It's a really nice default for most people,
and the fact that it's extensible like this,
just enough for us, is great.
Yeah, so the build and stuff mostly handles the node itself.
So you can have trusted interfaces,
and you can allow inbound traffic.
It'll allow all outbound traffic to happen by default,
and it doesn't do any sort of forwarding. So that's where
we were going to need to either do IP tables
or, in this case, NF tables.
Because
the basic setup we're doing is our
back-end box is going to use
the VPS as
its way to get to the internet. It's going to be its
default gateway. Then we're going to
allow the normal responses back.
So it goes and asks Google for something. The firewall is going to track that connection and allow the response back
to it. But we also wanted to forward ports, right? Because the whole point of this was to expose some
ports publicly. So we also then needed to do some NAT rewriting so that when we detected traffic
coming on whatever port we wanted to forward, we're going to say, oh, that's not destined for this box.
That's actually destined for an IP that you can only get to
over our tailscale network.
Yes.
And that has worked brilliantly.
And so what the end result is,
is that we can have public services hosted here on our LAN
and Comcast doesn't see the traffic
and the user interacting with our service
doesn't see the IP of our LAN, but they see the IP of the VPS.
Yeah, exactly.
And in our testing, I did not expect this.
In our testing, things work faster because of how well paired the Linode is, where it seemed like for folks that were outside the Comcast network, there was a lot more delay getting directly to the service.
So even though folks are now going through a VPS,
and that VPS is then forwarding the traffic over a tailscale connection
to a node on our LAN, which is then doing the processing
and sending back the request to the end user,
it actually feels faster, which is just unbelievable.
So that's a win, too.
I thought, if anything, it'd be a little slower.
Yeah, right.
We knew there'd be some trade-offs in doing this.
But in terms of actual operations and performance, I think it's mostly been a win.
I will say, you know, there are downsides.
One of them in this case is now all of the traffic that shows up on the service running on the back-end box looks like it's coming from the tail-scale address of our front-end box.
Right.
There's various ways you could try to fix this, right?
Like there's the proxy protocol, or if you're doing something that's like HTTP,
you could have a reverse proxy that you're running on that.
We just went the stupid simple route of just letting
the Linux kernel networking and firewalling handle it and forward the stuff.
You could also have logs on both sides and correlate based on various things.
But for us so
far that hasn't been too important it also means we'd have to then use you know like we want to do
firewalling or deny traffic or like shaping or any kind of that stuff we would have to do it on
that right box well and i think that you know kind of goes nicely with what i think the biggest
downside to the setup is and why i initially didn't want to do it so i'll tell a story here
in a second but i initially didn't want to do this and it just was i want things to be as reliable as possible and i
don't want to spend in our downtime managing systems and so every system you add is yet
another system that has to be managed and if that system goes down then it's as good as our even
even if the land's fine and yeah right your. The studio's doing great. Yeah. It doesn't matter if that VPS goes down.
Unlikely, but it is, again, it's just an additional dependency.
We're basically gambling, right?
We're basically saying we think that that is less likely than...
Comcast changing the IP or blocking traffic.
Or less likely to cause us the sum of the problems each path will take.
It's going to be less with this setup is what we're hoping.
So, funny story, kind of of sort of poor wes so we start working on this tuesday after the show last week
so this past week and by thursday we kind of have it mostly done and wes and i were up kind of late
especially for me and we're wrapping up and we're like okay well now we have nothing to do but just
wait as things kind of all you know little jobs finish up and things get discovered and propagated.
So let's just check back in the morning and see how it's doing.
And as we were signing off for the night, I sent a message off to a few listeners that were helping us test.
And I said, okay, the systems are up. Let us know how it's working for you.
And I come back in the morning and I realize immediately
that people are having issues
with comcast and comcast is going to be a problem and wes had initially suggested that we route
through a vps and i was like i don't want the extra dependency and so i get up in the morning
i see these reports coming in from the listeners that i asked to check on things i'm like oh
crap so i send wes a message i'm like good morning um so i think we got to redo everything after we
had just finished days of working on this right hours and hours and hours and hours of working on
this and the kind of thing too where you kind of get it tunes like it's okay well it's all running
and then now we got to make the tweaks and we gotta yep and like undo what we did and we already
had some people testing and um but you know it got you got you got it
together pretty quick you know and it was great because while you were doing on that where you
were working on the networking bit i was able to you know change the stuff here on the back end to
get it ready and like it it all came together pretty quickly and by friday evening i think we
had it retooled so it wasn't that big of an adjustment.
And I think anybody who wants to self-host that wants to make something public,
you should think about that.
Think about it real hard.
But if you end up deciding you do want to make something public,
I think this is a, especially if you have a dynamic IP or something like that,
I think this is an excellent way to do it.
And the nice thing about the Mesh VPN style is that the node on the LAN can have its IP change.
You can have your Comcast could give us a new IP.
I could move it to a new physical location.
As soon as I power it up, everything just starts working again.
Though you could also, like, if you don't have an existing mesh thing,
just stand up a wire guard or an open VPN tunnel between the nodes.
Yeah, you might be able to then base it on DNS instead of IP.
I think as long as the guy in the back connects to the front and that's public, it'll work the same.
Okay, yeah, you initiate the connection from the node on the LAN.
So I'd be curious to know, dear listener, how you would have solved this problem.
How would you have a hidden server public IP on your LAN?
Boost it and tell us.
Also, I'd love to know any cheap VPSs you have suggested.
Because it's like a $24 a month Linode.
Probably doesn't need to be that.
Right.
You know, we just want something that is performant and has good network pairing.
So if you have any suggestions, boost it and tell us.
Because it doesn't have to stay here.
We could move it.
This whole setup is pretty portable.
1password.com slash unplugged.
Okay, imagine your company's security is sort of like the quad of a college campus.
I know, stick with me for a second.
Because you can picture it.
There's these nice brick paths between the buildings.
That's the company-owned devices.
The IT-approved apps, all the managed identities.
That's the way the IT department dreamed it. But then you have the
end users that actually use the shortcuts, you know, the worn through the grass paths,
the actual straightest line from point A to point B that get them there the quickest.
That's kind of like your unmanaged devices, your shadow IT apps, non-employee identities
like contractors. Most security tools only work on those happy little brick paths,
but a lot of security problems take place on the shortcuts. 1Password Extended Access Management
is the first security solution that brings all these unmanaged devices, apps, and identities
under your control. It ensures that every user credential is strong, protected, and every device
is known and healthy, and every app is visible.
1Password Extended Access Management solves the problems for traditional IAMs or MDMs that they
just can't seem to touch. It's security for the way we work today, and it is generally available
for companies with Okta and Microsoft Entra, and in beta for Google Workspace customers. So go
check it out. It's getting better and better. 1password.com slash unplugged. Go support the show. Check it out.
They got a demo over there and everything. It's 1password.com slash
unplugged.
Well, it's been a while since we've done a feedback segment, but we have gotten
some great questions into the show recently that we thought we would kind of
explore. The first one here from Olympia Mike, dear Olympia Mike. Hey, I'm curious on your take
on a recent update that's happened in Linux Mint and the possible knock-on effects of it.
In the newest version of Linux Mint, they have filtered out all unverified flat packs from
Flathub by default. While this sounds like a good idea for security and safety,
this filters out a ton of Flatpaks,
and some of the most important ones, too.
The only way to re-enable them is to go into the settings
and check a box with a scary message telling you
that it's unsafe and very much not recommended.
Even though I'm a Nix man myself,
take a sip, boys.
Cheers.
Oh, cheers, cheers. Even though I'm a Nix man myself, take a sip, boys. Cheers. Oh, cheers, cheers.
Even though I'm a Nix man myself, Linux Mint is my go-to suggestion for most people just getting into Linux.
I also install it on hundreds of computers I donate locally here in Olympia.
This update, by default, filters out literally all the flatpaks I install by default for these machines that most people need.
Google Chrome, Zoom, SuperTuxCart, etc. are all unverified.
This deeply concerns me because it feels like a step backwards in time,
where people getting into Linux will just assume that there's no software for it.
Flatpaks and Flathub were a huge win and a step towards Linux becoming accessible for more people,
but now it feels like we're shooting ourselves
in the foot again. What
are your thoughts on updates like
these? In a way, it seems like
FlatHub is still paying for
the decision to just
get everything flat-packed, even if
it was just volunteers.
And now we exist
in an era where we want everything verified from the App Store.
And that model doesn't really work.
It does occur to me,
kind of in the same vein that you're saying,
is this is a problem that the proprietary systems wouldn't have
because you would never have been able to do
what has happened here.
You would not be able to submit, say, Chrome.
You basically have either it exists from the people upstream
or it doesn't.
So to bootstrap ourselves we've now yeah our strategy to bootstrap has now led us down a path
that is proving to have a lot of difficulties that's what i'm saying so this is the symptom
of those decisions but at the same time we are at a stalemate because the vendors could not be arsed
to flat pack chrome or zoom or SuperTux, I guess.
Right.
So.
And although I don't know if I've seen as much of this recently, you know, at least
for a while, I don't know, a decade ago, Canonical was pushing pretty hard to on the
snap side to work with those.
Right.
So I wonder if that took some of the air.
Right.
You're like, oh, we already maintain sandboxed.
Yeah.
New style Linux thing.
Yeah.
Yeah.
You're right.
They reached out kind of early on.
Yeah, that's true.
Why do I need to maintain it?
If I'm Zoom, why do I need a flat pack
if there's a Snap that you guys can install?
That's a good point.
See, I totally get the Linux MIT angle, though,
because generally if I have time and patience,
which I try to,
every single time I try to install a flat pack
or when I was using more
snaps, I go looking for who actually is maintaining this thing. And it's a tough choice. Sometimes it
was like trying to choose between different projects doing it. Sometimes it's trying to
choose between different communities, trying to make these pieces of software available so i would like dig in oh
this flat pack where's it coming from oh okay there's more than five maintainers or contributors
to this particular project okay maybe that makes me feel a little safer but i have to say like 50
percent of the time it's just feels at least to me like it's just throwing caution to the wind a
little bit installing these things you just assume caution to the wind a little bit installing
these things. You just assume they have the best intentions in mind because,
well, that's our experience. But we've seen some slightly scary examples of when, you know,
a smaller project can be easily taken over. And, you know, I'm not going in there and verifying
the code that's being run on my own computer. So I'm sort of trusting these communities to
be doing that. But that's a lot of trust. Yeah, so I'm sort of trusting these communities to be doing that,
but that's a lot of trust.
Yeah, it strikes me that we're, exactly, right? The trust stuff is just different enough
from how we do things in Linux.
We either have this, like, you know,
we didn't do it at the edges.
We had distributions, we had a semi-centralized,
like, okay, I've decided that my trust
is going to come from these repos
and maybe whatever the PPAs you add.
Your trust is really in the packagers and the maintainers of the distribution is where
you're putting your trust.
And for a lot of it, it's from users who can figure out what's trustworthy or not and draw
their own barriers.
And so now you've got the combo of trust at the edges for every single package being
maintained separately and being exposed to users who need some guardrails or we're trying
to figure out if we can give them guardrails
and how do we have guardrails that make any sense.
And because especially it seems like there is also now,
like these kinds of stores are known places, yeah, right?
Like whether it's crypto stealing stuff or ransomware or whatever else.
We see examples of it, yeah.
I think, I don't really know of any that stand out for the Flathub store,
but definitely we have some examples from the Snap store,
and I would think it would be possible at the Flathub side too.
I also kind of feel where Mike's coming from here though.
Like if he wasn't hand delivering these systems and solving for this,
the users that receive these systems would just assume like,
oh, Chrome's not available, you know, Zoom's not available. Like, that sucks.
And it makes it feel like old Linux where we didn't have this spoils of software.
So I don't really like it. And I almost wish, I know this is probably not scalable, but
you know, maybe the Mint team could have gone and vetted a handful of the most popular unverified flat packs and whitelisted Zoom and Chrome and, you know, SuperTuxCart, you know, a few things that are pretty easy to test.
I suppose it's an ongoing problem, though.
I wonder if they avoided doing that because it puts then the responsibility on them.
And it could change, right?
You could test it today and then in a year or two it could get compromised.
And you'd have to be constantly
testing, so I suppose that's not viable.
But it does feel like
these often punish
the end user, much like the patent lawsuit
stuff. It really just
screws the end user. It doesn't really impact
the distro maintainer. It doesn't really impact
the company with the patents.
It just screws the end user.
In the Mumber Room, PyCrash has an idea
about maybe something that would be better.
I mean, it will be better
to just, every time
you choose an unofficial flypack,
just say a scary warning.
Be careful, this is not
officially packed. I mean,
if you think so, all the
packages in our distros are not officially
packed from the source.
Right.
Yeah.
A warning message that says, hey, man, just so you know, like, can't verify that this was published by Google or whatever.
Can't verify this was published by the company that created it, but it seems to be packaged by the community.
Would you like to proceed?
Though I wonder, like, what – I think if one of my parents saw that the response
would be to call me yeah you know but then at least they'd know they could get chrome true but
but do they right because like they kind of still have to check like it doesn't help give them the
tools to resolve it themselves unless they are an experienced enough user to know what any of it is.
Yeah.
Yeah.
Yeah.
Definitely.
But it would work better for,
it would work better for folks who knew what they're comfortable with that
choice.
At least they'd have it.
Yeah.
We're almost applying,
we're applying the Apple model,
but without the platform or,
you know,
arm of Apple to be like,
you have to pass us $100 a year
and publish on our app store to reach our platform.
And meet all of these continuously capricious rules
that we change and tweak and enforce randomly.
Okay, that leads me to a bigger question here of,
you know, we're seeing these modern immutable distros
really leaning on flat packs.
Is this a massive problem for them?
You know, it really seems to be a problem.
You know, Fedora did this too for a minute.
Remember they had filtered Flatpaks for a while actually
for a few releases of a Flathub integration.
And then they kind of, it wasn't,
I don't think it was as dramatic as this.
They kept like a separate list or something.
But so this is something other distributions
have tried to crack.
I don't really think it impacts users outside of those new users who don't understand what
this is.
For the rest of us, we could just open up a terminal and install the Flatpak.
That's how I install Flatpaks.
It's better.
It's so much better.
It's cleaner.
Yeah.
So I feel like it just disproportionately impacts new Linux users that are unfamiliar
with the ecosystem and doesn't do much for people that are.
The more I think about it, the more I don't like it.
It does make me think, too, like how do we, and maybe we should,
but like we think about, it feels like we think about Flatpak, FlatHub,
differently than we do the AUR or Nix packages, for instance.
Maybe because the AUR and Nix packages
are more inherently technical users?
Yeah.
It just strikes me like,
is there a way where we can have unofficial packages
with more safeguards?
Because it's like, I'm okay that it's unofficial.
As long as there's like an easy way
and like with Nix or with the AUR,
it's pretty easy to see like,
oh, what does this package build do?
Oh, it pretty much just goes and downloads the deb file
and extracts it off the official upstream repo.
So I'm okay with this being unofficial.
So is there a way where you can have a little more
guarantees or signatures or
provenance traceability around this? Wouldn't it be interesting if on
Flathub there was a tab?
Like with statistics and stuff like that, one of the
tabs was like chain of custody.
And I don't know, I haven't actually built
a Flathub. I know like with a Snapcraft, right, you've got
one YAML file that's got most of that stuff, so you could probably look at that or have, I don't know, I haven't actually built a flatback. I know like with a Snapcraft, right, you've got one YAML file that's got most of that stuff.
So you could probably look at that or have, I don't know, CI stuff or other, you know, linting.
Something to add a layer on here that's like, yeah, this looks like it's not doing anything crazy.
That's an interesting idea.
That would be one way to solve this is like you'd still have to understand what the chain of custody is and all that.
But then you at least have the information.
Feels like with free software, we should always have all of that kind of information because the whole ecosystem is open from the time that line of code is written
till when it was packaged so show it to me i know it's always a pet peeve like you go to something
like like the python package index or docker hub or whatever and like there's no link back to their
git lab or github or anything you're just like what yeah no yeah it's weird all right i'll take hybrid hybrid uh in
matrix wrote in frequent booster too he says uh are you not worried about putting all of your time
and effort into learning nix when real risks with a real risk that it could just all blow up that's
my fear all the other distros work in a pretty familiar way i don't have to work too hard to
switch between debbie and red hat and seuss n, though, is a whole other animal, and it definitely lives and dies by the supporting community.
I'm concerned that they'll eat each other alive and there will be nothing left.
I we've heard I, you know, I don't want to invest too much effort into this because it might all go away.
We've heard different versions of that concern.
What do you think, Wes?
What's your take on this particular question?
I mean, I certainly get it on the outset of, you know, Nix is its own system. It's very different. Yeah, right. There's a sense like, OK, well, yeah, Debian and Red Hat do it differently, but I just got to learn how do I translate apt commands to DNF or, you know, whatever. And Nix is substantially different.
substantially different substantially i mean much more but don't you think if you're really getting deep into debian you're really like a redhead expert you are kind of out of water when you
switch to a debian or when you vice versa like there's enough differences with file system layout
or how you even add a user like there's enough differences that you do really in order to be an
expert have to have to spend time learning debian if you're coming from redhead or vice versa
yeah although i think you know that because the underlying
methodologies and system is the same, that you can accomplish your, like, there'll be parts to
swap out. Yeah. Right. So instead of AppBomber, it's SELinux, but they're playing the same role.
Yeah. But that said, I think there are enough folks in the community now, whether or not the
specific implementation is Nix as we know it now, I think there are enough people that have discovered and have found that way of leveraging open source technologies to have so many benefits.
I don't see that going away.
Whether that moves to a fork or another version or a version of Geeks or we've already seen several like TypeScript versions that instead of using the kind of weird Nixlang, they use Python or TypeScript or something to implement, but have
very similar underpinnings.
I don't think that the idea
of fixing how we build Linux in
a more reproducible declarative way
that lets us build composable systems.
Not going away. I don't think so. I agree.
And then you have organizations like Determinate Systems
that are making a business out of using Nix in the
enterprise, and I think they'd probably
fork it and carry it on.
You know, you'd have groups that would do that.
And then it'd be a matter of just picking the one.
I also see that, you know, there's NixOS.
And that I think is where especially, you know, like with Nix packages,
you need a lot of people who are maintaining these packages.
And, you know, we've seen great work like when Plasma 6 landed really quickly.
That takes folks like K9000 or K900 and others who are actively working on that. And I don't really want to maintain Plasma 6 landed really quickly. That takes folks like K9000 or K900 and others who are actively working on that.
And I don't really want to maintain Plasma.
But there's also the side of Nix that is just like a really nice build and development tooling system.
And for that, even if like maybe not all of Nix packages, but like a bunch of that stuff went away and I couldn't run a whole distro on it, I think it would still be a super useful tool.
And you could bootstrap your own set of packages pretty quick and then just use that to rely on. Well, I'd like to present some
objective data here if you guys take it. So Debian, yes, has been around a long time since 93,
it looks like. NixOS, been around since 2003. So that's 21 years. A bit of longevity there, I think. And if you're looking at Ubuntu, that's since 2004. So NixOS has been around longer than Ubuntu has. So I would argue it has some staying power if you look at its history there.
That's a great point. Yeah, it could totally go where, you know, you have less folks interested and the package quality gets worse or the package breadth of quality gets worse.
Right. And, oh, I don't know, Plasma stopped getting updated nearly as quickly.
And, you know, they kind of only support, you know, things like that I could totally see happening.
That would depend on who's involved and where those things are.
So maybe what use cases that type of stuff supports changes over time.
But that's just a question of is there a will?
Are there people to do it?
I wonder, too, if we haven't seen an unusually consolidated time of Linux.
Once SystemD came around, and Wayland, a lot of distros got pretty similar, and a lot of the tooling got pretty similar across distros.
And we've kind of existed in this time of distros having more in common often than they don't.
Yeah, how often is it sort of just like,
oh, yeah, well, it's about the default packages
and the desktop environment and the package manager.
That was not always the way it was in Linux,
and nothing says that's always the way it's going to be.
And when I look at Universal Blue,
I got to believe I'm seeing the future of Fedora there a little bit.
And when I look at Ubuntu Core I have to wonder
if I'm seeing the future of Ubuntu a little
bit and
maybe we are about to
enter the next decade
where Debian and
Soos and Red Hat are all
very different from each other
than they are today and it's a big
big shift when you move between them,
much like it used to be back in the day.
You know, I mean, switching between Slackware, Red Hat, and Seuss was massive,
and Mandrake.
And I could see that kind of happening again
as immutability becomes more of a standard feature set,
which I suspect it will as time goes on,
especially as corporations get into, like, serious recoverability. They internalize the lessons of the CrowdStrike
failure. They want workstations that are bulletproof. They're going to start looking
for these solutions. For our next piece of mail here, listener Chris sent in a little something,
says, hey, for a little context, I'm not actually in tech myself, but I'm in manufacturing. I'm tech curious and also a self-hoster.
I have a software suggestion for the show, InKiss, which is essentially a community alternative to LexD.
I'm personally running Proxmox, but like you, Chris, don't like some of the obfuscation.
I like to be confident that I can recover from any failure or nuke and pave.
And I don't have that with Proxmox.
It's a Docker-like CLI tool and a web interface to run and manage LXCs and VMs.
I only started scratching the surface, though, but figured I'd send it to the Lep Hive brain.
We have been talking a little bit behind the scenes.
How could we do a segment around this?
What could we do? Yeah, I'll throw out also recently over in our Matrix user,
UW admin was talking, I think, in the love blog.
So we need to talk about LexD.
I love it, and I think it's just amazing.
Currently in the process of switching from Proxmox
to vanilla canonical LexD.
So there's LexD, there's also Inkus, the community fork.
I used to be a lexd
user back in the day had a whole dedicated box with different systems and networking and vlan
it's neat and i've been meaning to check back in especially after ink is forked there's a ui
available now i saw that inkus added better support for running docker style containers
recently so you can not only can you do virtual machines and LexC-style system containers,
but you can also do regular old OCI application containers,
all with one thing that has a CLI UI and an API.
Man, there's a lot of good choices if you're ready to move off of Docker.
A lot of good choices.
I'm still pretty primarily heavy Docker,
but I've fantasized about kind of transitioning to a Podman setup.
But I wouldn't mind visiting LexD or Inus and kind of getting a feel for it.
Sounds like you liked it quite a bit when you used it.
Yeah, I mean, I used it in Anger then.
I haven't for, I don't know, seven or eight years.
So it's been a while, but I can't imagine it got a ton worse.
I've seen a lot of nice changes to it.
And I think it's one of those tools that it's, it seems like it's composable. It's light.
You can add it on and it has a lot of fancy features like an API and live migrations and
this kind of stuff. So you can use it in like a cluster mode or you want to like run a data center
or you can just be kind of like a demon that runs on your thing to let you
play with virtual machines or yeah, run containers.
or, yeah, run containers.
LinuxUnplugged.com slash membership.
Join the membership
with the promo code SUMMER
and take a dollar off
your membership forever.
Only while it lasts, though,
because summer's almost over,
my friend.
That's LinuxUnplugged.com
slash membership.
And then try out the bootleg.
You can also get
the ad-free version of the show,
get the lean, mean, droop,
perfected version of the show,
or get the sloppy longer one. Well, okay, sloppy's wrong perfected version of the show. Or get the sloppy, longer one.
Well, okay, sloppy is wrong.
It's like if you want like a whole other Linux podcast from your buddies, that's what the bootleg is.
There's like a whole other show in there, and I just would like you to know about that.
If I could, I'd have you listen to it because I think you'd really enjoy it.
If I could figure out a way to like make a limited time trial of the bootleg, I would.
Because there's a lot of good conversations we have in there with our community.
People stop by, kind of just hanging out and talking Linux.
That's in the bootleg.
Now, I understand perhaps you don't want to set it on monthly and just set it and forget it autopilot style.
Perhaps you'd rather do it on your terms when you want at the amounts you want.
You can also boost from the web now.
It's linuxunplugged.com slash boost.
And you just need an app that supports Lightning, like the Cash App, Strike, Coinbase. There's lots. It's linuxunplugged.com slash boost. And you just need an app that supports Lightning,
like the Cash App, Strike, Coinbase. There's lots. It's just a standard protocol. So anything that supports Lightning, you can boost from the web now or get a new podcast app at podcastapps.com.
Then you get all the new podcasting 2.0 features, and there's a lot of good ones in there,
including Lit Support, which is a live item tag. We update our RSS feed and it tells your podcast
client we're live. And you can listen to the live Sunday stream right there in your podcast player. And as time
goes on, we'll roll that out to the other shows too. It's really neat because you don't need any
other app. It just shows up right there in your list of available podcasts when we're live. So
that's podcastapps.com. Try out something like Fountain. Then you can boost in or you can boost
in from the web at linuxunplugged.com slash boost. We put that out there because this is now largely an audience-funded podcast.
More and more as time goes on, the audience has stepped up to fill in the gap.
The podcaster's has left as they've kind of moved on, I guess.
I don't know, you know, economics.
But we really appreciate it because it makes you one of our largest customers.
And if you think about it from a business perspective, that's how it should be,
especially in today's modern media landscape. It's nice to see that kind of thing actually
be possible. We're like proving it out right here. So we appreciate the support if you can
provide it. That's linuxunplugged.com slash membership if you'd like to just set it on
autopilot or linuxunplugged.com slash boost and get your message on the show and support at any amount you like.
And now it is time for Le Boost.
Well, that was a bunch of feedback from the old mail envelope we've been keeping around for a while.
But this here is a bunch of boosts from this week.
We have an absolute baller boost here from username Poop Loser.
Thank you, Poop Loser. Thank you, Poop Loser.
Hey, rich lobster!
That's 100,100 sats across two boosts.
Thank you, Poop Loser.
Really appreciate that.
It's going to get us every time.
You're Poop Winner in my book.
Poop says, that oh it's gonna get us every time you're poop winner in my book uh poop says uh just wanted to say hi and pay back some of the value i've gotten from the show over the last few years p.s this is a zip code boost if you subtract a five zero four zero seven
i think oh man you're making me do man oh live on the show actually i'm noticing here uh there's an
the second boost is identical except the the end says this is a zip code boost if you subtract
46407 so it's different i'm a little confused about which thing to do but i've got a number
and we're gonna run with it i i'm i'm you, we haven't busted the map out for a minute. I'm glad you still have it.
Yeah, thanks, poop winner.
Oh, it lives in my bank pocket, let me tell you.
Okay, so 100,000
generous sats minus 46407
is 53593
Okay, alright.
Which seems to be a postal code
in Dane County, Wisconsin.
Um, are there
any major places?
Hello, Wisconsin.
I don't know.
Near Fitchburg or Verona.
Hello, near Verona, Fitchburg area.
Thank you for boosting in, Poop.
Appreciate you.
Yeah, do boost back if you want and let us know did we get you right.
Yeah.
The dude abides also came in with an extremely generous 100,000 cents.
Hey, Rich Lobster!
Coming home with the boost!
And he writes, here's another one
towards the week off goal. Vacation is
essential for your mental health.
You should be able to take it two to three to four
times a year, he says. Also,
do you still play the Nick's Drink Game? If you mention
Nick's two times during a boost, do you drink twice?
Oh, here we go, boys!
It's once per segment. It's once per segment it's once per segment cheers cheers now um yeah we haven't really like formally
announced this yet but we probably will by next episode or so uh we are trying to negotiate a
soft landing for the podcast right now and figure out a little time to take off. I have some stuff coming up in September.
Usually that's probably when we kind of try to – basically we needed it two weeks ago.
But we're here.
Our spirits are high and we'll make official plans soon.
Next year we'll do it two weeks earlier.
Well, I think next year we might take two Sundays off or something like that.
I do think it's good every now and then just to take a breather.
The timing didn't work out
great this time because we have this big server
migration stuff going on. And it
just seems like, you know, we probably are going
to want to talk about that and all of that. But then once that's
all done and we have the server migration stuff
done, I think that's when it's going to be time for
a breather. But I think I know us.
We're going to use this more as a sabbatical to do
like some crazy cool project and bring that
back to the show after two weeks.
Oh, yeah.
I'm going to be working on the RV.
Brent's going to be switching to Gentoo.
Yep.
Yep.
Yep.
And I hope Wes cooks up some delicious, delicious, tasty meats.
I thought you were going to say kegs.
But yeah, meats.
Oh, yeah.
Yeah.
Sure.
Yeah.
Thank you, the dude.
I really appreciate that.
Lieutenant Murth comes in with 51,000 sats.
I hoard that which your kind covet.
But no message.
That's all right.
We appreciate the support just the same.
Thank you, Lieutenant.
Next up, Zenzilla94 with 29,500 sats.
Hey!
B-O-O-S-T!
Thank you, Zenzilla.
Linux unplugged meetup in Canada.
I've wanted to hear that for a while now.
Oh, good.
But unfortunately for me, I live across the prairies in Alberta.
Oh, I love Alberta too.
I won't be able to make it
to Toronto for this one,
but I hope you guys have fun.
Did you say that right?
No, not quite.
It's on the fly.
I haven't practiced
as much as you have.
Toronto.
Also, as someone
pretty new to Nix,
I wanted to show some support
in favor of the NixOS
and Immutable Distro content.
Hey!
All right.
Thank you. Thank you,. All right. Thank you.
Thank you, Zenzila.
Thank you, Zenzila.
You know, I don't have any plans to be in the Alberta area,
but I would love to get back there sometime.
I really loved my time there.
So maybe one day.
Edmonton meetup?
Is that in Alberta?
Yeah.
I think if the Toronto meetup goes really well,
for those listening who are attending, it's up to you.
Then we could do it more in Canada. You know, there are ways. Don't mess it up, Canada. attending, it's up to you. Then we could do it more in Canada.
You know, there are ways.
Don't mess it up, Canada.
Yeah, it's up to you.
Kusaria boosted in 24,690 sats over two boosts.
How'd you say that one?
Kusaria.
Put some macaroni and cheese on there, too.
And one of these is actually a boost of a one two three four five satoshis
so the culmination is one two three four five for mesh tastic your thought that mount vernon
to seattle should be doable is quite right i live just outside puyallup How do you guys say this? Puyolup. Oh, what?
I know.
Puyolup.
We got to feel like Toronto's way easier.
And on my Meshtastic repeater, I pretty consistently see Portland, Centralia, and Seattle, and I'm a bit in a valley, too.
That is fantastic.
Good to know.
So don't listen to listener Jeff.
Listen to Kuzuhira.
Yeah.
Let me continue here. You know, if you all got your ham licenses, you could always abuse something like JS8 call or Meshtastic over ham for out-of-band comms.
Oh, I like the way you think. I was wondering. Thank you, Curacía. Appreciate that.
The dude comes in with, and by the way, we are working on Meshtastic stuff in the background, so you'll hear more about that soon.
Dude comes in with, and by the way, we are working on a mesh-tastic stuff in the background, so you'll hear more about that soon.
The dude comes in with just, dude, not the, dude, comes in with McDuck's 22,222 sats.
Things are looking up for old McDuck.
It says value for value.
Thank you, dude.
Appreciate that.
Vamax comes in with Spaceballs Boost, one, two, three, four, five sats.
Yes.
That's amazing. I've got the same combination on my luggage.
Hey, Brent.
Hi.
I had a similar no sound input issue two weeks ago during Teams with their progressive web app on Linux.
If you happen to be running a similar laptop, it ended up being something permissions related in Chrome.
After some fruitless reinstallations, I ended up switching the Teams progressive web app to Edge.
I know.
Sigh.
But it works.
I like there's a conspiracy in here.
I don't know quite what it is, but it's there, right?
Yeah, a little breaking thing, so you have to use Edge.
Mm-hmm.
But that's a good tip.
Edge isn't that bad, especially if you just use it for comm stuff like this,
where you don't really care.
It's getting streamed through some proprietary platform anyway.
I hate to admit it, but I think you're right.
It's not that bad for this. And I wouldn't use it as my daily driver, though. But it's not streamed through some proprietary platform anyway. I hate to admit it, but I think you're right. It's not that bad for this.
And I wouldn't use it as my daily driver, though.
But it's not bad for just doing a call.
Clearly, the people making teams are testing it with Edge a little more than other things.
So you get that benefit, too.
Sadly.
Hybrid sarcasm comes in with $12,345.
The hell was that?
Spaceball 1.
They've gone to plaid.
Chris has his garden, his RV, and of course the family.
Brent has his mountains, canoeing, and photography. I like this summary.
I know.
But what are Wes's hobbies? Can we get to know Wes a little more?
Who exactly is Wes Payne outside of the terminal?
Who is that mysterious man?
You know, that's making a big assumption that I ever leave the terminal.
Yeah, right. Or that he isn't the terminal.
Wes doesn't talk about himself at all, even to people that know Wes.
So I'll tell you a little bit about Wes.
He's a dog father.
He's got a very sweet dog who's here today.
Yeah, I don't know where she wandered off to, but she is here.
He's a man about town, living in Seattle area.
Loves it down there.
Very nice and generous guy.
He's the nicest guy in the world you'll ever meet.
He is, right?
Don't you agree, Brent?
Well-dressed, too.
Yeah, he's a sharp dresser.
You know, like if I was, say, two hours out in eastern Washington on the other side of the pass and I had a car issue, I bet you if Wes was around, I could come up and Wes would come pick me up.
You remember how we didn't go pick him up when that happened?
Did that happen? Well, sort of. Oh, yeah we didn't go pick him up when that happened? Did that
happen? Well, sort of. Oh, yeah, yeah.
For the Spokane meetup? Yeah.
That's true. You guys were... What else?
What else should we share with the class about Wes? Well, I know
Wes loves a good thousand-year egg.
That's true.
That's pretty obscure.
He's a Star Trek fan. That's
also true. He loves a good brunch drink.
I like a nice cocktail generally, really.
What is it?
The Huevos Ramos?
What do you call that thing?
Oh, the Ramos Gin Fizz.
Yeah.
Delicious breakfast cocktail.
An expert with the sous vide.
I've had many a good meet that have been warmed by Wes's bath.
That's been nice.
What are we missing?
Oh, I don't know.
I mean, music-wise, I like a lot of things, but jazz probably stands out.
Also, big math science person.
Computer science I studied, but I also studied physics.
So physics was my first love before doing CS stuff full-time.
So I spent a lot of time thinking about those things, too.
Oh, I just remembered something.
We've got a great brunch with Brent with Wes, where we explored a whole bunch of crazy cool topics.
It was one of my favorite ones to do do and one of the earliest ones, too.
Yeah, I loved that brunch.
We'll have to link to that in the show notes.
Let's do it.
Another thing about Wes, he travels all over the world when he gets a chance.
And he'll travel with us when we can drag him with us.
I know.
I'm already looking forward to the next time.
We're going to have to drag him because it seems like his car isn't working out for him the last time.
On the topic of talking about Knicks, he said,
My take is do the show you want. Don't spend any more cycles worrying about how to handle the topic
doing a show handcuffed isn't worth doing well thank you uh mount dude 641 comes in with 10,000
sats how are you guys handling backups for image trying to figure out the database dump but having
issues are you just backing up the library folders instead?
Yes.
I'm sorry, Mount Dude, but that is all I do.
I do not back up the database yet.
I just back up the file.
So this is a question then, right, of backing up the raw photos versus the extra metadata that you're getting from image.
I don't use image much for that kind of stuff.
It's mostly backup and just view photos.
So I don't see a need.
I haven't really thought about it either.
I might change my mind on that.
Is it because to you the compute is not as expensive as like bothering to figure this
out?
Yeah, because it would be like face identification stuff and it'd be like discovering where
stuff is and the, you know, info for like GPS coordinates.
And that's all stuff that I could load the photos back up and then within a couple of
nights it'll all be done again.
If anything, the face stuff probably just gets better, right?
Yeah, right.
Exactly. And the compute gets cheaper. Yeah. And so what I have, and
again, it's not a super interesting answer, is
Duplicati pointed at the photos
sending an encrypted backup to
Google Drive. Because I have like terabytes
of Google Drive for whatever reason.
So that way I just
basically I double upload,
right? I upload once to my image server
and then I upload once to Google Drive.
And then I also have the copy on my phone, of course, as well.
Love image.
Fantastic Google Photos alternative.
Getting really, really good.
And now with the Fudo backing, I think they're going to be around for a long time.
Big Crypt Tech boosted in 5,150 sats.
This is the way.
Hey, guys.
I've been enjoying your shows and streaming sats after making the switch to Fountain.
Been into Linux and all things tech for years.
From memory, it was Slackware 0 something released on 386 back when I started looking at the alternatives to SunOS systems I was working on at the time.
I'm currently challenging myself by creating a referral code swap platform. If you could share it with some potential beta testers, that would be amazing. Ellen, integration is next.
Interesting. So it's like trade your promo codes. It looks like the URL is rcx.bitcryptic.com. We'll put a link in the show notes too. I wonder why I've never seen this idea before. This is pretty cool idea. So you could sell a promo code for a few SATs or a few USD or something like that, huh?
If you're open, let us know.
I'd be curious if you're building this.
What are the tech details?
Or maybe a boost into Coder Radio and share that.
We always love to know that stuff.
You know, my exposure back around that time to Sun Systems was on giant Xerox printers.
They had built-in Sun workstations with big color monitors on top of the printer.
CRT screens. I have seen those. Yeah. And they ran Sun OS with a desktop and everything.
Craziness. Nord comes in with 10,000 sets, which guys, I believe is over 9,000. It's over 9,000!
Regarding storing 2FA keys in Bitwarden, I happily do this. While it's not true two-factor, it also solves for my threat model very nicely.
The Bitwarden extension signs itself out, and then is secured with a true two-factor code using various FIDO2 devices.
I at least came to the conclusion that having Bitwarden 2FA secured, and all the sites using 2FA needing to also have the same model, would pretty much be too much of a hassle for me.
All public services banks and institutions in Denmark
require authentication system called MTID.
Anyways, it uses its own 2FA app
or they'll send you a FIDO2 device that you can use.
So I think what he's saying here,
and I think it's kind of clever,
it's like, okay, I'm doing two-factor in Bitwarden,
but I'm securing Bitwarden with an actual FIDO2 device.
So you got, in order to get into my Bitwarden,
that's where you've got like hardware two-factor.
That sounds to me like a completely reasonable approach.
Yeah.
The version I'm doing of this is without that fancy device,
the opening my key pass database.
So I really like this model because, you know,
you don't have to deal with everybody else's websites all the time
or like the, you know, my specific bank needs to do the 2fa
through their app and they don't let you to actually use like any of the standards or anything
like that so i hate that some of that gets solved here but also it's just like this is it seems very
reasonable and you take the 2fa sort of into your own hands and make it as secure or not as you want
yeah and for all your general services that you use that, you know, it's like, I don't want to
have the whole hassle. It kind of makes it a lot simpler.
I think that's the key part, right, is threat
model. Like, think about the things you're securing
and why and what you're worried about
and what the consequences are if it
gets into the wrong hands. And from there, you can kind of
decide, like, you know, what matters. And often,
as you're saying, right, like, maybe your workplace
is big on the, you know, 365
stuff, so you have to use the Microsoft. Like, you're going to end
up with this stuff anyway, so you're going to have to
solve a bunch of cases. You're right. Yeah, it's just the way it is.
It's the state of the tech. Daniel
Sibusin with 15,400
cents. You're doing a good job.
First time booster here.
Hey-oh! Congratulations!
Writing in to support
taking a break.
Thank you. Please recharge. recharge also just wanted to say thank
you for the excellent content i work with linux at work and i've learned so much from listening
to the various jb shows one last note boosting wasn't actually too hard to set up the biggest
point of friction for me was actually knowing how much a set is worth. At the time of writing this, a 15,400 SAT boost is about $9.
Hey, hey, hey.
Thank you very much.
Yeah, actually, one of the things
that I think is very interesting about the boost,
and it's true for this podcast
and all of the podcasts that are doing this,
which is about 15,000, 20,000 now.
It's a lot of them.
It's we're denominating everything in SATs.
And that is a big deal. It's
a transition in thinking about this. We don't ever really even do the math behind the scenes
because we kind of use these sort of more strategically. We'll either put these sats
to work in channel liquidity so that way we can do more things on the Lightning Network, which
is really, really great. It gives us a lot more optionality and connectivity and makes the service
even better. Or, you know, we can choose to cash them out if we want to like we did this for scale we can kind of be strategic about the timing and we
can cash them out for maybe even more than they were when you sent them in or sometimes less you
know it's just the way that works that you ride that vol because after all what do they always say
wes traders love the vol the traders love the vol so uh we always just kind of denominate in sets
until like that rare occasion where we actually move it out of the system.
Thank you, Daniel C., for taking the time to set it up.
I hope we hear from you again soon and appreciate the support.
There's a boost here from Podbun, 5,000 sats.
You sub-boost!
I didn't realize how locked in Authy was, so I wanted to try new apps.
It was though I couldn't be trusted with my own security.
They knew better, so I should trust them to keep
my keys safe. It wasn't a hassle, but I've moved a lot of my 2FA away from Authy to an open source
app where I have control of my keys. Nice, Podbun. That's definitely the better route.
You know, I got a lot of like, Chris, how could you have been using Authy? You know better.
And it is true. You are absolutely right.
I got that a lot last week.
The reality is I've been using Authy.
I looked it up.
I think Linux kernel 4 was in production when I started using Authy.
And it was working and other things came along, but I just never migrated off because the problem was solved.
Yeah, and it felt a little less locked down when it first came around.
And then things change, Wes.
You get bought by another company,
blah, blah, blah. Bobbypin
comes in with 3,000 sats.
I'd recommend the Archcraft
Hyperland spin. It's great
out of the box. Okay, thank you. I've been looking
for a good Hyperland recommendation. It's
one of the premium versions of Archcraft, but I'm
happy to support open source for such a good setup.
Oh, interesting. Yeah, that kind of makes
sense too, right? Like pay for the
pay for putting all the bits together in a nice way.
You can do it yourself if you want or get a curated
version. I mean, so you got a distro
where you can download it totally for free. I'm looking at
ArchCraft.io right now.
You can download it totally for free, but then if you want
some of the really cool like riced out ones
that like... And you do. I do.
They got Wayfire, they got wayfire they got
river they got sway they got like they're they call their archcraft archcraft prime and uh it's
like a like a one-time payment kind of thing that is really really cool okay i i think that has
slipped by my purview in general bobby so thank you for sending that in. Adev Reese 17 comes in with 17,000 sats across two boosts.
No, that's not possible.
That's not possible.
Nothing can do that.
Okay, we'll keep on the topic on two-factor.
Aegis is my go-to open-source TOTP app.
Works great so far.
Thank you for sending that in.
I also heard from several other folks that really like Aegis.
Aegis, I think, was one of the top, hey,
by the way, super solid, also
open source, go-to two-factor app.
Yeah, it feels pretty clean, minimal. It's nice.
Dev Rees comes back to say,
my vote is to take a week off.
Or two. I'll be waiting for your return,
and don't worry, my JB Party membership
won't go anywhere. Two weeks?
Oh, man. I think we'll
forget how to podcast. Yeah, I mean, I forget how to get to the studio.
You know, it's weird.
It's like a whole fortnight.
Weird.
What if something happened?
Thank you, 17.
Appreciate that.
And we'll have a final decision on the time off thing soon, I think.
We're still sort of sorting it out, but I think we're consolidating on a decision.
We have a bunch of, like, dates and a big bingo ball, right?
You keep spinning them every week
and we'll eventually choose some.
We're just waiting for Wes
to sit on the chair
that falls into the water.
And then depending on
how far he falls into the water,
that's how we pick the date.
I'm down!
PC Null Ref came in with 5,000 sets.
That's not possible.
Nothing can do that.
Howdy.
On the subject of two-factor i've been using key
pass xc on the desktops and key passium on my apple phone syncing the db with sync thing you
could even have two databases one for your two-factor and one for your passwords or mix and
match them works really well yeah plus one to keep past just a classic right xc also you should
mention because i know people hate it when I don't say key pass XC.
Got to have the XC.
Got to have the XC.
Solid recommendation.
Appreciate that, PC NullRef.
As you know, Chris, I've been doing the key pass XC thing for a real long time.
And I thought of doing this too, like keeping the two factors in a different database.
But then I just figured, like, I'm just going to store them in the same place for syncing them.
Is there an advantage to keeping them in a separate
database? I don't know.
Maybe then you need a new password.
I don't know. You need a new password, but
my passwords to get into my database is really
gosh darn good, I think. I keep testing it.
And so if there's
some vulnerability in KeepSXC
and someone gets those databases,
then they're going to get into both, right?
So I don't know.
My password's pretty good if I do say so myself.
Everybody thinks their password is good, right?
So what am I kidding myself?
You know, one way to test is just telling us.
Yeah, we can tell you.
Oh, okay.
I'll send it, yeah, in the chat.
8565 comes in with 15,000 sats.
Yes, sir.
Sir, sir, sir, sir.
Now, how much do we have to boost in to get a show hosted by the show's mascot, the Golden Dragon and Hybrid Sarcasm?
No reason to miss a week.
Just pawn it off on them.
I like that.
They could be our backup crew.
Also, for the next drinking game, I recommend a new mixer.
It's vodka and vernos.
I call it the V for V.
Yeah, I wasn't sure what that was. Vernors
is an American brand of ginger ale.
Oh, okay. That doesn't sound bad.
Sounds nice on the tummy, actually. Yeah.
Thank you. Appreciate that. Alright, we got
5,000 sats from Anonymous, but
no message. Oh. Well, how did that happen?
You're supposed! Thank you for the support.
And next up, Gene Bean comes
in with Double Ducks.
For a total of
4,444 sets.
First boost here, for what it's worth,
passkeys and 2FA are totally
synced with one password. It works great.
Good, good, good. Good clarification, thank you.
Gene Bean also comes in with an offer.
I'd be down to help facilitate y'all taking a week
off by helping with the backend podcasting side of things and or any other logistical stuff. Producer Gene Bean also comes in with an offer. I'd be down to help facilitate y'all taking a week off by helping with the back-end podcasting side of things and or any other logistical stuff.
Producer Gene Bean.
What a sweetheart.
How great.
How would we, could you imagine?
It would take weeks of training just because of all the custom back-end stuff.
The dumb stuff we do.
Yeah, yeah, yeah.
Yeah, the stuff that we've done to save ourselves time, which makes it impossible to hand it off to other people.
It's so true.
But thank you, Gene Bean.
Producer Gene Bean, come on down to Washington, spend a month down here and put a few shows together.
It could be a lot of fun.
Dexbot boosts in a row of ducks.
Row of decks?
First boost since joining the Jupiter Party membership, I think.
Hey-o! And as a tab monster, I just wanted to drop in a recommended auto-tab discard for Brent
and anyone else who needs to cut back on Firefox's or Chrome's RAM usage.
It's got some cool auto-discard rules, always keep rules, media playback detection, and manual discard options.
It also plays nice with tree-style tabs, though Mozilla is poised to Sherlock
that one soon. Sounds like you also
could see some battery life improvements using this.
Oh yeah, so on this,
you should definitely check this out and see if it works for you, Brent,
but then I've been trying
Tab Session Manager
for Firefox. Okay.
I've heard that one before. That rings a bell.
So previously, when I was
using Chromium more,
I was using Session Buddy over there.
It was a little more polished,
but the plus sides felt more like a product,
or downsides, I guess.
It felt like more of a product.
Tab Session Manager feels much more like a sort of community extension.
Okay.
But it's got good reviews.
It's been around for a while.
And the basic idea is just, you know,
you have the sessions of tabs.
You can save one window or all your windows and you can close those windows,
which I think it's like if you do the auto suspend,
everything stays in place.
Yeah.
But the downside of that is you still might have six windows each with 50 tabs.
Yes.
You have to sort through.
Yes.
So sometimes like for doing the show,
I might want to leave all that state and then have a clear laptop ready for just the tabs I need for doing the show.
And then later when I'm back to researching for whatever project.
Pull them all back up.
Exactly.
Yeah.
Yeah.
So I don't know.
Maybe that'd be useful for Brent too.
Could be.
Maybe one of these sticks.
I do like this.
Probably the one that's stuck the most for me up to this point, of course, I have new
recommendations to check out, is OneTab, which sounds like it works similarly.
I mean, but tab session manager, I see that a cloud sync function here tab which sounds like it works similarly i mean but tab
session manager i see that a cloud sync function here which sounds really cool and uh but it works
similarly like you just you know mash the button and all your tabs get kind of hoovered up into a
nice place that you can save them and sort through them and search them and bring them all back
or just bring a single tab it's been working all right for me. So if anyone's, you know, in the same situation as me,
one tab, you might check that out.
Devator boosts in with, what is this?
9,001 Satoshis.
Why, I think that's over 9,000.
It's over 9,000!
Just barely.
Hey, for an off week,
how about doing a best of episode one to 50 or something?
Then you can have eight or so more of these already
in the pipeline and ready to go spread them out over a few months and take some time off when you
need it an alternative idea is uh best of specific topics but i think that works better as i can't
ever become outdated you know the only problem with this idea which is a good one is the first
few episodes are so cringe so bad yeah i just, I was just thinking we're going to have to listen.
We'll do 51 and above.
Oh, it's bad.
But you know what would be kind of interesting is if there was a way we could do a supercut of all of the crap we got for talking about system D back in the day.
That would be funny to listen to.
All of the anti-system D stuff that we used to get hammered with.
People got really upset with us and triggered every time we talked about it.
Not everybody, but some did.
I wonder if we ever brought that on air, and if we did, I would love to listen back to that right now because history repeats itself.
And here Brent's about to switch to OpenRC.
I know, right?
Finally, too.
Squish comes in with 2,000 sats.
No message.
Just saying actually testing.
That's what he was.
He was testing out.
Well, you got it to work, Squish. Congratulations. And thank you for trying to boost. We really appreciate that. sats no message um just saying actually testing that's what he was he was testing out well you
got it to work squish congratulations and thank you for trying to boost we really appreciate that
i like it's fun we get to see the time stamps here so it's like oh 8 47 a.m first test okay
that worked all right now i'm going to send through a message at 9 30 yeah oh using fountain
web boosting from the web thanks for trying that that, Squish. Linuxunplugged.com slash boost.
Iroo boosted in with 9,700 Satoshis.
Coming in hot with the boost.
Oh, fun. Greetings from Poland. Well, hello
there. Encryption and secure boot
are a must in every computer for me.
When I want to buy a CPU,
the benchmark I check is CryptSetup
Benchmark. Interesting.
And here's a weird way to use Talker.
If you compile Go binaries without
using Cgo, you can wrap the program in an empty base image. From scratch, we'll put it in a totally
empty tarball. Weird. Like a phantom zone. Like a phantom zone. All you get, just go. Oh, and since
you guys are moving to your own lightning node, please properly read the LND disaster recovery
manual. Recovery is normally
pretty easy, but there are some foot guns along the way. Very good advice, IRU, and you sent that
in at a great time too. I was giving that a read. There's a few things I think we need to just
double check, but I think we did pretty good. Always appreciate avoiding the foot guns. You
don't want to lose your stats. Nope, thank you. Appreciate that. User 322 came in with 4,003 sats.
Fun will now commence.
I agree. There are some compromises to security when you store your OTP and passwords together,
talking about bit word and two-factor codes,
but it still protects against certain types of attack scenarios.
If your password is obtained by an attacker, the OTP will still protect your account.
For instance, it can't defend against password sprain, brute force attacks, or password captured in logs or packet captures. However,
as you mentioned, the added risk of storing the secrets together is that if your password manager
is breached, so will your accounts be fully compromised. If you are worried about that,
then you should store them separately. Yeah, that's fair, right? Like it's going to protect
putting your two-factor and your passwords together in Bitwarden is going to protect you from somebody remotely compromising your account, your Gmail account or your Facebook account or whatever it is.
It doesn't protect you from compromising the Bitwarden account.
But the most likely attack scenario is your passwords in some sort of leak database and somebody tries to log into your account.
Well, then two factor and Bitwarden is going to totally be useful.
You're right.
You know, if my password manager gets compromised, I think I'm just giving up on tech.
I'm moving off grid.
Right.
Ice is for me.
I like my password manager to be used with YubiKey hardware token for MFA, and I keep a second key in a safe with the same secrets as a backup.
Solid, solid setup.
That's one of the best setups I think I've seen people mention.
Solid, solid setup.
That's one of the best setups I think I've seen people mention.
Because you're getting the balance and ease of use,
but also you have that physical 2FA too.
I wonder about multiple because I agree with – I mean I love the YubiKey and having the physical stuff,
but there's occasionally a really nice certainty knowing that if I –
none of my devices are working or my checked bag doesn't make it or whatever.
If I get on any machine, I can still get access to most of my stuff.
So is it worth having two?
Definitely.
One you can get in that has not everything,
but the day-to-day stuff that isn't critical,
and then you keep banking stuff behind the physical.
You know what would be nice is if you could restore Bitwarden with a seed phrase.
And then you just memorize a 12-word seed phrase,
and then you just open up Bitwarden, and you put that seed phrase in, and it regenerates your entire password database.
That'd be slick.
It'd be great if you could have more flexibility too, right?
Like, okay, I have to do password and YubiKey or password and two-factor thing.
Or what about I put in three passwords, right?
It's for that case.
Like I don't have those things, but I still have a lot.
I still know extra secrets.
Yeah.
I don't know.
What was your high school?
What was your first dog's name?
Well, I was thinking kind of the opposite in that, like, if you think about backups, one is none, two is one.
So I would be tempted to keep even more Yubikeys around.
Yeah.
Two, three, four, is it?
Probably hard to manage at that point.
We have had buddies that have had it like around their neck as a necklace before too.
You then run into issues sometimes too where not every platform supports allowing you to enroll multiple YubiKeys.
Yeah, yeah, yeah.
Amazon didn't for the longest time.
I think like last year or two years ago they finally fixed that.
Did they?
Uh-huh.
Yeah, yeah.
That was some great, great boosts.
A lot to think about, a lot to chew on there. We really enjoyed those conversations. And it's a great way to support the show on your terms with no middleman, no company we have to go ask them money from. And the way the split systems work, it goes to each one of us, including Editor Drew, the network, and part of the podcasting 2.0 ecosystem. And that all happens at the moment you send the boost. So there's no like shenanigans going on behind the scenes or anything like that.
It's all documented and transparent to you in our RSS feed.
So thank you, everybody who boosted and supported the show.
Also, I'll just give a shout out to our members, as always, because I usually don't mention you till the end.
But I want to mention you right now, too.
Thank you to our members.
And let's total it up.
So we had 31 boosters send in this week. And we also had 32 folks stream sats as they listened.
So almost equal this week, and we also had 32 folks stream sats as they listened, so almost equal this week.
And the streamers alone brought in 70,978 sats, which brought our total, once you bring in all of the boosts this week, to 554,821 sats.
Wow.
Thank you.
Considering we were over a million last week, you know, and often you get a lot of boosts.
And then it's nothing for a while.
Which makes sense.
That's totally fine.
So this is wonderful.
Thank you, everyone.
It really is, too, as we're kind of planning to take a little time off, which would likely see a dip there, too.
And as we're planning to go out to Toronto, which is going to have a lot of expense, it is really nice to see the support step up.
So thank you, everyone.
We appreciate you.
If you would like to boost in, get a new podcast app at podcastapps.com.
Fountain, Castomatic, Podverse, all very popular. And we appreciate you. If you would like to boost in, get a new podcast app at podcastapps.com. Fountain, Castomatic, Podverse, all very popular.
And we appreciate you very much.
Thank you, everybody, for taking the time to do it.
I know sometimes it's a journey, too, and we had a couple of newbies in there.
Y'all are just so damn great.
Now, I got a pick for you, and I had a little pause before I put this in because I'm not a fan of stealing content.
And, well, Tubular is a fork of NewPipe.
This is an Android app.
It also works on Android set-top boxes, I believe.
And it bakes in sponsor block and return YouTube dislike into the app.
And it includes a few UI options for it
that just make this a very, very pleasant experience.
And the reason why I debated this is because
I feel like even YouTubers deserve to make a living, even if they're really obnoxious about the way they do it.
I think it's still their right to try to do it.
And I don't want to deprive them of that.
And I was very, very happy to see that when you're on a YouTube video, Tubular gives you a UI option.
When you scroll down right there, you can whitelist that channel.
And then you don't get the ad blocking there.
whitelist that channel. And then you don't get the ad blocking there. But you know, you'll see the community identifies these sections of like self promotion and you know, subscribe promotion,
all these little areas that they'll identify. They're all sort of right there built in a
sponsor block and tubular brings it all together. And then you can also watch videos offline,
you can download them, you can watch them picture in picture without having to be a premium YouTube
user. So for me, like when I'm driving, I prefer not to stream the entire time.
And I prefer to just play off of a downloaded video or a downloaded podcast or downloaded music.
And Tubular makes that very easy.
Have you tried it, Wes?
No, I haven't actually.
What about you, Brantley?
Have you tried Tubular yet?
I heard of this this week and I was tempted, but I haven't given it a shot yet.
But I think this is a vote that we should give it a shot.
It probably doesn't, but does it have Chromecast support? I don't remember.
I don't think so. I might. If NewPipe does, Chromecast support? I don't remember. I don't think so.
It might.
If NewPipe does, then it does.
I don't remember.
But it does make the APK available on GitHub, so you can add it to Obtanium, and you can download it with Obtanium, which is a new thing I'm always checking for these days.
And it is GPL3.
It's fully open source.
And it seems to have a little community behind it.
So T-U-B-U-L-A-R.
Tubular.
And if it's a channel you want to support,
just go in there and turn on the whitelisting.
You can do it right away.
Oh, and one other thing.
And this is true for New Pipe,
so I didn't make a particular mention of this,
but it is so nice to have YouTube without an algorithm
telling me what to watch all the time.
Agree.
And it makes a much more sane YouTube experience,
in my opinion,
because it's just the YouTubers I actually care about and subscribe to.
You can also export from new pipes.
You can export the new pipe database into tubular.
So I just took everything I had in new pipe and just pulled it right into tubular with
a little export import.
Very nice.
It'd be so nice if we could get to some sort of middle ground.
Like, I really don't mind having a recommendation engine put to work based on what I've watched.
I just want to control when that's injected and, like, how much.
And, you know, I mean, I'm not asking for a lot,
but maybe, like, in the settings there could be an advanced area
and just a few knobs I could tweak.
Oh, that would be killer.
A couple of knobs.
Nothing major, you know.
It just seems to go in one direction, Wes.
Yeah.
One direction.
We did have a request for licensing to mention which license the things that we recommend are.
This one looks like it's GPLV3.
I think Brent just crowned himself the licensor.
Yeah.
Yeah, he's our official license guy.
Okay.
Yeah, he's in charge of all licensing on the show.
That's true.
And then, you know, you needed somebody outside the U.S. to be impartial.
I don't know why, but you did.
Our system doesn't work.
Yeah, we can't.
Couldn't do it, so I had to be
proud. Alright.
Blame it on the state. We appreciate your sacrifice.
Alright, that wraps it up for us.
Remember, we'd love to know if you've
tried a similar setup with like a VPS
or some sort of external public face and then
forwarded the traffic to a land machine. How did you do it?
And what VPS service would you recommend?
Because we could probably do it a little cheaper
than we're currently doing it.
So please do boost that in and let us know.
And of course, you're always welcome to join us live.
We've got a couple of more of those, at least,
on Sunday at noon Pacific, 3 p.m. Eastern.
See you next week.
Same bad time, same bad station.
And if you'd like more show,
you can always become a member and get the bootleg version.
Right now, the bootleg version is clocking in at 2 hours and 51 minutes,
and we're not done yet.
It's a lot of Linux podcast.
Of course, links to what we talked about today are at linuxunplugged.com slash 5, 7, 6.
You'll find our contact page over there, as well as information about our matrix,
our mumble, all that.
Membership, boosting, everything we talk about.
It's a website with links, and we got it over there. Thank you so much for joining us on this
week's episode of Your Unplugged Program. We'll see you back here next Tuesday, as in Sunday! Thank you.