LINUX Unplugged - 586: Kexec with Determination
Episode Date: October 28, 2024We're hot-swapping our rigs to Fedora 41; then Graham Christensen gives us the inside scoop on a new Nix distribution, and Determinate Systems' big week!Sponsored By:Jupiter Party Annual Membership: P...ut your support on automatic with our annual plan, and get one month of membership for free!Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Support LINUX UnpluggedLinks:💥 Gets Sats Quick and Easy with Strike📻 LINUX Unplugged on Fountain.FMdracut-loopbackReboot Linux faster using kexecLinux.com :: Reboot like a racecar with kexecLinux 3.14 To Support EFI Kexec CapabilityByteDance Working To Make It Faster Kexec Booting The Linux KernelDefeating Secure Boot With Linux KexecGoogle Engineers Get Windows Booting When Kexec'ed Under LinuxThe Future is Nix — Today, we still find ourselves sitting on the most powerful technology of our lifetimes and we can’t even decide on small steps in the direction of making it easier for folks to adopt it.The future of software is Nix. — Today, we still find ourselves sitting on the most powerful technology of our lifetimes and we can’t even decide on small steps in the direction of making it easier for folks to adopt it.Announcing Determinate NixDeterminate Nix documentation — With Determinate Nix, our goal is to transform Nix from what it is today—a tool with great potential but with too many hard edges to be ready for prime timeIntroducing Determinate - YouTubeNix at work: FlakeHub Cache and private flakes — Today, we’re delighted to announce a new chapter for FlakeHub with the general availability of two new features: FlakeHub Cache and private flakes.Graham Christensen on X — Yesterday at work we launched a binary cache that goes beyond bytes in a bucket. This launch means you can deploy to brand new cloud environments with two lines of userdata:Annual Membership — Put your support on automatic with our annual plan, and get one month of membership for free!lobe-chat — an open-source, modern-design AI chat framework. Supports Multi AI ProvidersDnote: A Simple Command Line Notebookplastic — NES emulator in rust with egui and TUIcool-retro-term: A good looking terminal emulator which mimics the old cathode display...plastic-flake
Transcript
Discussion (0)
Hello, friends, and welcome back to your weekly Linux talk show.
My name is Chris.
My name is Wes.
And my name is Brent.
Hello, gentlemen.
We have a really fun show coming up.
I will admit, Wes was right.
Kexec is a blast
to play around with. I'll tell you how it came in
super handy last week.
And then for a little fun, we're going to try to do
a hot swap into Fedora 41 Beta
using a raw file on an
existing installation image.
If you don't know what we mean, don't worry. We'll explain it and why it's a ton of fun.
And then later in the show, Graham Christensen
from Determinate Systems is joining us
to give us the inside scoop on a new Nix distribution and a whole bunch of other announcements that came out
of Determinate Systems this week. It's been busy. And you know we're going to round that show out
with some great boosts and picks and a lot more. So before I go any further, I got to bring in that
virtual lug time. Appropriate greetings, Mumble Room. Hello, guys. Hello. Hello, Brian. Jolan Drew.
Hello.
Hello.
We got a good show in the honor.
We got a good show in the quiet listening.
Even though the daylight savings has already bestruck our European friends.
Good work, everyone.
Nice to have you on board.
I also want to say good morning to our friends at Tailscale.
Tailscale.com slash unplugged.
Go support the show and get it for free for up to 100 devices and three user accounts forever.
Not a limited time thing.
That's the plan I'm on.
It works so great.
You can build out a flat mesh network across complex infrastructure. I'm talking like machines behind DoubleNet, your mobile device,
a VPS,
a colo,
a doggie with a smart collar could have a Mesh VPN.
It is super functional, super
fast, and very intuitive. You got a few minutes,
you can get a couple of nodes going. Go try
it out. Support the show and replace your
legacy VPN infrastructure.
100 devices for free at tailscale.com
slash linuxunplugged. And a big thank you tailscale.com slash Linux Unplugged.
And a big thank you to Tailscale
for supporting the Unplugged program.
Last week on the show,
I tried out Ubuntu 2410
by installing some new hardware in my system.
So you guys might recall,
I got a B-Link a while ago off of Amazon,
like a $280 AMD Ryzen box. Just a little thing that's like a size of a nook
and when you open it up it's got an open slot for a standard two and a half ssd and you can
even go a little bit further and replace the ram so uh of course i did both and i finally took out
the 16 gigs it came with and and I put in 32 now.
A little breathing room.
Yeah.
Yeah, I was running like around 8, 9 gigs just doing my thing.
You know, so you do anything kind of demanding, I'd run out of memory.
So I had to upgrade that, and I thought, well, I'm in there.
I've got this terabyte Samsung disc here.
Let's slap that in there too.
And I wanted to put Ubuntu 2410 on this machine so I could experience it with physical hardware and AMD video acceleration.
But I didn't want to take off my perfectly functional primary OS installation.
And so I did the right thing and finally started listening to Wes and thought this could be my KExec moment.
Now, if you're not familiar with KExec, it's a system call that was introduced in Linux 2.5.46.
So it's been around for a while.
And I feel a little bad
that I've never really gotten around to playing with it until now.
Yeah, I mean, you can also see that, like,
people are actually using it.
One of the main things it was introduced for is,
you know, you can load a new kernel image,
but you don't have to redo all of your hardware initialization
because especially on those big server boxes, that can load a new kernel image, but you don't have to redo all of your hardware initialization because especially on those big server boxes that can take a couple of minutes or more.
Yeah, it's a way to boot into another Linux system without going through the whole post process.
Which, you know, maybe there's like a CVE that drops.
You need to do an update for security reasons, but you don't want to introduce downtime.
And it's it's no joke on actual server-grade hardware that takes forever to post.
It really is minutes, and if you're doing that at scale.
But there's no reason why we can't play around with it too.
Yeah, I mean, there's even been like bootloaders developed
where the whole idea is like first you boot Linux
to boot your actual Linux with Kexec.
Yeah, it's essentially, it's a system call
that lets you hot swap Linux kernels.
There's a user space utility
called kexec, and you run
it with the dash L flag, which
tells it you're going to load in a new kernel. You can also
load in an inner RAMFS at the same time,
and you can specify the kernel command line.
So you basically have everything you need. That's
basically what Grub does, or whatever bootloader
EFI setup you might be doing.
So you pick the
things, you get those all right, that loads it up, nothing happens, but it's there in memory.
And then you run that system call that actually jumps to that new kernel. And you can do it
with the user space tool. You can do a kexec, I think it's dash E, but that just jumps.
That's a hard cut.
Yeah. It doesn't do a lot of cleanup or shutdown.
No, it's just an immediate cut over.
What you probably want to do is use system CTL K exec, which is kind of like system CTL
reboot or whatever, but it'll do everything like it's doing a reboot or a shutdown.
But instead of telling the hardware to power off, it does the K exec.
So it does a proper end process.
It shuts everything down.
Try some unmailed stuff. Yeah. And that the KXX. So it does a proper end process. It shuts everything down. Tries some unmailed stuff.
Yeah.
And that is a lot cleaner.
So it's nice that SystemD has that.
But you got to get the OS you're going to boot into.
And what we're going to talk about today here in a moment is a much simpler way to do this, theoretically.
But what I did is since I had this new SSD with nothing on it, I started up an Ubuntu QEMU VM on my existing install
distribution. And I passed through that new raw disk as the primary disk for the QEMU virtual
machine. Let's just call out here too, you copied my style, which is raw dog and QEMU on the command
line, which it's not that bad, right? No, it's all one line. It's like one line and it all fits on the first line of your terminal.
Like, don't get me wrong, libvert is great,
but if you can skip the XML files for simpler setups, maybe you should.
Well, and where I kind of draw the line there,
and I'm glad you brought this up,
is I'm running this once just to get through the installation.
It's not a virtual machine I'm running all the time.
It's not one I'm duplicating and backing up
and making snapshots that I need to manage. Right. It's just to virtual machine I'm running all the time. It's not one I'm duplicating and backing up and making snapshots that I need to manage.
Right.
It's just to run the installer.
So fire up old QMU, pass through the new SSD as a raw disk, attach the ISO, and I just go through like I'm installing Ubuntu inside a VM like you would any regular old VM experience.
The installer sees the disk as the only disk, dev SDA as far as the installer is concerned, and it installs Ubuntu.
Then I tell it to shut down, and that's when I actually start doing the keg-exec process, and I finish up the firstistine Ubuntu installation on my SSD that I can K exec,
I can hot swap into and run on physical hardware.
And this is so much fun for just flirting with a distro for like a week or a couple
of days or trying something without mucking with your bootloader, without having to go
through a whole installation process where you can't use your computer at the same time,
because while that thing was installing in a VM, you know I'm still doing chats. I'm still browsing the web. It's
so great. Maybe worth adding too, it's super easy if you have a spare disk, but if you
carve off a spare partition, you can do it with that too. Yeah. Or, and this is what we're going
to try today, could you just do it with a raw disk image? So you don't got to slap a disk. You don't got to have a free partition.
You just need enough free space to create a couple of, like, what, 20 gig raw image.
What did you make for this experiment?
Yeah, well.
Somewhere in the big enough that it doesn't complain size, right?
Let's find out.
Depends on how long you want to live in it, too, I suppose.
Okay, so I have a partition on my system.
It was previously a Cosmic installation,
so it still has that name.
It's mounted under run media west cosmic.
We can take a look at what I did there.
Yeah.
Let's get some actual file system details.
Okay.
Yeah, a 21 gig just raw image file, you know, pure bits.
I used F allocate dash L 21 g or whatever to make the file.
So it's just a raw nothing.
Yeah, not a special virtual machine image or anything.
And it's living on your existing file system on an already formatted and partitioned spot.
And what we're going to try to do now in a moment is we're going to try to k exec hot swap
into this raw image. So why? Why do this?
Simply, the experience when you're testing things or trying things out on physical hardware versus a virtual machine, it makes it so worth this effort.
Because ultimately, you're doing just three things.
You're creating an image, you're installing the OS into that image, and then you're hot
swapping into that image.
It's really, it's what we're about to go through might sound complicated, but when you zoom out, it's no more complicated than setting up virtual machines or virtual box or whatever it might be.
It's just a different way to go about it.
And at the end of the day, you get raw performance without even messing with your local installation.
So where are we at right now, Wes?
We're ready to go.
I got Fedora 41 installed into this image last night,
so that's already set up.
Yeah, we can start.
All right, Wes Payne.
Yeah, okay, so first things first.
We're going to set things up with a LO setup,
which sets up a loopback device,
and that's what lets Linux treat this raw disk image
as if it is a real block device.
And for that LO setup,
you're passing through the Fedora 41 raw image that you created.
Yep.
And then I'm passing the flag dash dash part scan,
which tells it to go, like, that tells it, hey, I have a partition table on here.
Go take a look at what partitions exist and then go create the device nodes for me.
Okay.
Oh, that's nice.
Okay.
So dash dash part scan.
And you have to do that with pseudo privileges.
Yeah.
So now you should see that we've got, well, we can look more precisely here.
We have a new dev loop device.
Yeah.
We've got, well, we can look more precisely here.
We have a new dev loop device.
Yeah, so we have a dev loop there,
which has the contents of f41.image, and then we also have partitions under that,
loop 0p1, loop 0p2, loop 0p3,
and I just let Fedora 41 do its automatic installation.
So it created, I booted it with EFI support in the VM.
So it created an EFI partition.
Then it created an ext4 slash boot partition.
And then it created a butterfs for like the actual operating system root.
So for this next step, all we actually need is that boot partition
because that's the place that has the kernel in the inner RAMFS.
Okay.
So do we get that out of that loop device that you've created now?
Yeah.
So I'm going to do mount slash dev slash loop 0 p2,
so the second partition on that loop device.
Which we know to be slash boot.
Yeah.
And I'm just going to mount that over to slash mount 2.
So it's on your local host.
It's just slash mnt2 on the root.
Yeah, and then...
So if we were to ls that,
we would actually see the file system contents
of that Fedora slash boot raw image now.
Yep.
Boulders like EFI, Grub2, and then VMLinux, InitRAMFS.
But I'm going to want to be root for this just for convenience so I don't have to keep typing sudo.
Okay.
There we go.
So now we can see our boot options essentially here, what we're going to actually load.
Yeah.
There we go.
So here's my kegsec command.
Ooh, look at that sucker.
Okay, that's a decent command, Wes.
Uh-huh.
Okay, so kegsec dash L to tell it to load a new kernel,
dash dash init rd to tell it we have a specific init ramfs
we'd like to go along with that.
And that's one.
These were all built, you know, normally sort of inside
with a little special sauce inside the VM.
And then the command line, this one's important.
So the first part of the command line is specifying the root device
via UUID.
So it's root equals UUID equals and then a long UUID
that corresponds to the butterFS partition inside that image file.
Yes.
So that is telling the boot system, this is your root device,
and it's just a UID equals,
and then you put the UUID of that device in there.
And then there's a couple more things that came along
with what Fedora wanted for the command line.
Ah.
Specifically, root flags equals subvol equals root,
which tells it that we have a ButterFS subvolume
that should be mounted for our final root.
And then I've added some debug things.
So when you're using Draka,
I don't know if that's how you say it,
but the system that Fedora uses to build the Internet RAMFS,
you can pass it rd.shell,
and that means if there's a failure to mount your root file system,
it'll drop you into a shell.
Okay. You can also do rd.debug, which just prints debug messages as you go along.
And then there's some other stuff like rd.retry and rd.timeout
if you want to tweak how long should you wait for the root device to show up.
So standard stuff that Fedora has set.
Yeah, it's part of Drakkat.
Yeah, exactly.
And then we're specifying the kernel image.
Yep, and that's a 6.11. Yeah, it's part of Drakkat. Yeah, exactly. And then we're specifying the kernel image. Yep. And that's a
6.11.5.
Because, you know, Fedora's
brand new. Yeah, they're hip. It's not even out yet.
41's not even out yet. So if you hit enter now...
Why don't you hit enter? You're connected. Oh, yeah, I will. Okay.
Alright. Okay, I'm going to hit enter. Get ready, Brantley.
Get ready. I do have both of you in a root shell
on my laptop right now. Yeah. Alright, so
nothing happens, which is exactly what you
want. It just returns nothing, which means it is now, the command is now loaded into memory
Westpain.
And I'm just, I was expecting fireworks or something.
Well, that comes next.
Yes.
Okay.
So I am going to clean up a little bit myself here.
Like I'm closing my Firefox browser, which y'all can't see, but.
Okay.
Yeah.
Getting your system ready to get hot swapped.
Yep.
All right. So you're unmounting the partitions we mounted.
You're closing the Firefox web browser,
getting your applications cleaned up.
And probably you don't have to do really any of that.
Modern file systems have journals that are pretty robust.
But in particular, like the loopback setup,
sometimes system doesn't always figure out, like,
oh, I needed to delete that loop thing
before I could unmount this other partition.
So it's just a little cleaner this way.
But here is the magic command.
I'll let Brent do it.
Do you want to hit enter this time?
Go for it, Brent.
Do it.
Hit enter, Brent.
Do it.
I'm going to do it.
All right.
Are you ready?
Is there a countdown?
Yes.
Oh, my God.
I'm so excited.
Three.
Let's see if this works.
Two.
One.
We're going for liftoff here.
Where are the fireworks?
Okay.
There we go.
Hey, okay, it's rebooting.
Or actually, shutting down is really what it's doing.
Let's see.
Yeah, and then it prints reboot into K exec.
Will we see Fedora 42?
It takes a little bit,
and then it takes a little bit for the i915 driver to get loaded.
And survey says...
We've got a black screen screen pure black right now come on
hot swap come on hot swap we're waiting oh now it's got really light text hey wait a minute
though that looks like fedora oh fedora 41 workstation i saw that printed on the command
line yes oh and we got brightness again.
Great.
So didn't have to repost the hardware.
And now we are running off of a raw image file on the file system of the already existing
Linux installation.
Yeah.
So under the hood, the Interam FS is mounting that off my NVMe hard drive, mounting that
partition, and then setting up the loopback device, making sure it finds the partitions.
And then that means that Linux will detect that there's a UUID block device available that matches what we put on the command line for the kernel, and the rest can boot normally.
That's so great.
And now, so you can spend the day in the latest Fedora without ever, ever having to worry about messing with your primary installation or the bootloader.
But you get physical performance.
You get a real feel for what Fedora is like on your system.
Yeah, right.
And it's a full installation.
It's not a live environment.
Nope.
You can make persistent changes because you could always Kexec back into it.
I'm still Kexec-ing back into my Ubuntu installation occasionally.
And if you do it this way, I mean, you could easily back up your setup as well, just with, you know, rsync or DD or part clone.
But if you do have it all bottled up in a raw image already, then, you know, if you didn't need it for a while, you want to like stick it away and come back and check it out in a couple of years.
That's really just a CP command.
Yeah, that's a really cool idea, too.
I like that.
OK, well, thanks for doing that, Wes.
You're doing a good job.
You're doing a good job.
I should add in full disclosure. So the setup you did because it was just like a regular block
device, you didn't really have to mess with anything. But in my instance, to make it work
with the loopback, that was some custom code I needed to add so it would happen at the right
time in the interim MFS. And to do that with Drawcut, you got to make a Drawcut module.
Oh, geez. A little extra work there. Yeah, I'll post that up somewhere
and put it in the show notes
so folks can see.
It's really not that bad.
You make two bash scripts.
One of them defines a couple functions
that run when you are building
the inner MFS.
So it calls your bash function
to do whatever you want
and has some like helper commands, right?
So it lets you install a hook,
which says like,
hey, I have a script.
I want to run at a particular time.
You can also like add binaries
to the inner MFS
if you need tools that are installed on the host system
at that early boot time.
So all I did there was I said,
I want to install a hook that runs my custom script,
and then in that script,
that's what runs the loopback setup stuff.
So it knows, I've hard-coded in,
you can make it customizable on the kernel command line
or whatever if you wanted to.
I've told it, like, look for this particular partition,
mount that somewhere, set up this loop device,
and then let everything else continue.
So disclosure, using a loopback image does take a bit more work.
Yeah.
But, you know, there are multiple distros that use DropCut,
and then you could surely do the same thing for, like,
Ubuntu's update interim stuff or Arches making it CPIO stuff.
And who knows?
More things might converge.
And once you've figured it out for a family of distros, it usually keeps working.
So.
All right.
I would love everybody to boost in with their favorite version of SUSE or slash OpenSUSE,
whichever it was for you.
Maybe it's currently the version that's out.
Maybe it's a previous version.
Boost in for next week's episode and tell us if you've had a particular version of SUSE that just you
loved. Maybe it's one of the older ones that came in a box. Maybe it's Tumbleweed and it's the
latest update. But it will be on topic if everything goes as planned for next week's episode. And well,
we'd love to hear your take on that. So boost in and tell us.
We'd love to hear your take on that.
So boost it and tell us.
1password.com slash unplugged.
I have a question for you.
Do your users always, and I mean without exception, use company-owned devices and IT-approved apps?
You've got a job to do.
You've got to keep the company secure.
You've got to keep things all compliant.
And your end users have a job to do.
I've seen it happen. And It creates a rift between IT and
the end users. And in today's world, it's probably worse than it ever has been. It's like herding
cats trying to get everyone to stick to just company approved devices and only use company
approved apps, especially when an app is just a single sign on away on the web. It's tricky.
And then they have their own phones, their own tablets or laptops, maybe even their own smart fridge.
I actually have seen that.
So what do you do?
How do you keep your company's data safe when it's sitting on all these unmanaged apps and devices?
Well, 1Password has the modern answer to this question.
It's extended access management from 1Password.
Extended access management helps you secure every sign-in for every app on every device because it solves the problems that traditional IAMs and MDMs just don't touch. Thank you. It's the number 1password.com slash unplugged. That's 1password.com slash unplugged.
Well, this has been an especially exciting weekend with a lot of very interesting events happening around the world.
One of which I'm feeling like I'm missing out is happening in Berlin where a bunch of JB members have been, well, attending NixCon this weekend.
And there's been some really exciting news coming out of NixCon.
And, well, you boys had to get it straight from the source.
Yeah, Determinant Systems has had a big week.
And Graham Christensen, he's the CEO and the co-founder of Determinant Systems. He's also a Nix and Rust developer himself.
And he has really over the years demonstrated a focus on reliability and on making Nix work for the enterprise.
And that's really been the focus of Determinate Systems over the last couple of years, too, is getting Nix adopted in the enterprise workspace.
But he's realized, I think, there's a couple of fundamentals that we haven't solved around Nix yet,
and they have a couple of different ways to solve them.
And that's what their announcements were around this week.
So we had to get him on the show and just talk to him about it.
Graham, welcome to the Unplugged program.
It's great to have you here.
Well, thank you. I'm really glad to be here.
It's been a really exciting week.
We've launched a ton of stuff this week.
We finally talked about our vision for what we see as the opportunity for Nix and just super excited to talk to you and get it out there.
You really have been busy this week. So Wes and I have been doing our homework before the show,
and I wanted to start with a post that you made this morning on the Determinant Systems blog,
and the title is The Future of Software is Nix. And you kind of lay out your journey to discovering Nix and what made it click for you, what didn't work, what has worked, but some of the challenges that still face Nix adoption.
I wanted to start there.
This is a really great post, so I encourage the audience to go read the entire thing because I think it is worth a read, especially if you've tried and haven't really quite understood Nix.
I think some of this will really click for you. You were talking about the problems. A lot of people say today, you could solve that with Nix, not you can solve that or it's solved with
Nix. And I kind of wanted to start there with you. That just right there seems like a huge problem.
Yeah, absolutely. It is a huge problem. There's that phrase, Nix fixes this, and it could fix it. If you spend the time to write the bash scripts, integrate it into your workflow, set up a binary cache, set up CI, all of these steps that you have to do every time you want to take Nix somewhere, and until you have, Nix has not fixed it.
it. Right, right. It's like, there's, I guess, another way to put it is there's just,
there's so much, you know, pre requirements or dependencies, if you will, that you have to set up to get in and get it all working. And then especially if you're using it across multiple
systems, or in an enterprise environment. Yeah, yeah. And actually, so that's been a big focus
of my work for years now is, you know, once you get into Nix, and once Nix is set up, it's a dream.
But once you get out of Nix, like you're trying to get into Nix and once Nix is set up, it's a dream. But once you get out
of Nix, like you're trying to get into Nix for the first time or bring it somewhere it's not there
already or deploy it somewhere and actually make your software real in production, it's really not
easy. It's really not nice. And my work on that started in, I don't know, years ago, I rewrote
the Nix installer to be better. This was the upstream Nix installer before the determinate Nix installer. And we really see a ton of work to be done at the edges, right? By making the
edges better, you can get in and out and get the utility, do your thing, and then keep focusing
on what is making your work valuable. You spent time as a consultant. And in this post,
you talk a little bit about that.
And you say, this is where I realized there are rough edges.
There were issues I ran into trying to deploy Nix in various environments.
Can you talk about that a little bit?
So when I started as a consultant, I was aware there were problems and challenges with using Nix.
But I wasn't quite so familiar with how it was a problem
and what was hard about using it for a business, right? And as a hobbyist, or if you've got a home
lab, the puzzles are sort of the point, I think. And it's kind of fun to have to figure out how to
connect two pieces and make it work. And I think, you know, the Nix community has really benefited
a lot from that for a long time.
But once you're using it in a business, it really changes. You need to be able to get it done and
move on, right? You need to have the ability to be flexible and deploy to a new environment
without having to recreate everything from scratch. And what I mean there is the scripts
and the process of actually
installing Nix and configuring your environment to work for your company.
Yeah, it strikes me too, you know, a lot of folks kind of get into Nix and you discover
all of the wonderful open source upstream stuff where some of this stuff, to the extent that
makes sense in the open, kind of has been solved. Nix packages has CI, there's build servers out
there that take care of things. And if you're going to get that all going for yourself and your internal organization,
that is a lot of stuff to set up.
Yeah, it is a lot.
And some of it is really not very nice to use, right?
And I don't, like I'm not picking on Nix or the community or project.
Overall, the ecosystem has done amazing work.
The focus has not been on sort of the corporate uptake or the business environment uptake. It's really a
large amount of the focus has been in the hobbyist space. But the technology and the work they've
done is really ready and good enough for production. It's just the remaining pieces about
making it possible to consume it. Yeah, isn't that something we see a lot in the open source world,
right? There's a lot of things that get itches that get scratched from the community. But
sometimes there are real needs that come up, especially in
businesses, and someone's got to get paid somewhere to make that happen.
Totally, totally. And that's such a good point in that open source developers really pride
themselves on building great software. And in general, like people do, right? The community
and the open source community in general has built
great software that powers the world. And the place where it stops being fun is usually where
that great software stops being great. And one way that manifests itself is in the onboarding
process and the getting started process, those sort of documentation pieces that are not so
much about tech and more about people.
So in this post, you write that a world needs Nix. And there's a line in here that says,
the next 100 years of computing needs to start with Nix. Our world's infrastructure should not be stuck in a don't touch it, it works mode. But it is. I love that sentence because that's kind
of put into words what I've been trying to articulate and why I'm why we've talked about Nick so much on the show and why I'm rather passionate about it is I actually do think it could improve the state of technology in the entire world.
smooth some of these rough edges that we just talked about over to make it more appealing to the businesses or the innovators that are creating these devices or building platforms that run
industrial systems or IoT devices or car software. It's critical infrastructure would extremely
benefit from something like NIC. So, Graham, how do we get to that phase where we get the next 100
years? You know, we start today working towards these types of systems using NICs. How do we get to that phase where we get the next 100 years, we start today working towards these types of systems using Nix? How do we get there?
maturity doesn't have to mean it works all the time or every commit is perfect.
Maturity is often more about how do you communicate with your users and how do you let them know when there's a problem or what to do when there is a problem or expectation setting. Frankly,
a lot of this is expectation setting. And then finally having a place and a person or a company
that stands by and says, this is good and we're going to stand by you. And if you have a problem, you can call us and we're going to help you. And that's company that stands by and says, this is good, and we're going to stand by you. And
if you have a problem, you can call us and we're going to help you. And that's something that's
traditionally and frequently missing in open source communities. So I talked about maturity,
but there's another aspect here, which is making it easier to start, which is to say, if it takes
basically a full-time dedicated employee to go set up all the little problems, all the little
pieces of infrastructure and binary caches and credentials and how to install Nix and keep it
updated. If you have to hire somebody to do that, or you lose a full-time person to that,
it makes it a lot harder to justify really digging in and investing in Nix as a solution.
Sure. If you have to have a Nix team or a dedicated Nix person,
that's just not going to happen.
That's a non-starter
for so many operations.
It seems like you maybe too need
to be able to bridge the gap
across departments.
I imagine there's a lot of sort of,
you know, development teams
who maybe start dabbling with Nix
for solving some of these
day-to-day development issues
in terms of like reproducibility
and availability of tools.
But then do they have the ear
of the folks who control the systems
that maybe just got,
you know, set up in the cloud to deploy Docker images and now you're trying to get them to shift to a different methodology?
That's a lot.
Maybe you need an ally.
Absolutely.
And we've seen that, too, especially in IT teams.
Basically, every team at every company is resource constrained and busy and just trying to get their work done and not cause like a catastrophic security vulnerability, right? If they're
struggling to find out how to reasonably manage NICs, they're not going to want to support it.
It's going to be a struggle. So this week, you guys announced, I guess it's determinate NICs,
and I'm struggling to kind of fully explain it. But my understanding is, is it's a downstream
distribution of NICs that is trying to, I guess, soften some of these edges.
Can you tell me a little bit about it and help me understand it better?
So to start with, Determinate NICs is a downstream distribution of NICs.
It's not a fork, right?
That's the most important part.
It's a downstream distribution.
That means all of our patches and changes are going to be submitted upstream directly.
Our hope is to get them merged upstream. We think our patches are good and of high quality and that they'll make
people's lives better. At the same time, we don't control the Nix project and Ilko doesn't control
the Nix project. He can't merge whatever he wants. There's a team of people that all have to agree
and work together to decide on what merge is and is released, which is good. That's
a healthy place for a project to be. At the same time, some of these patches we've made are over
a year old and we have customers that want it. And so by creating Determinate Nix, we've number
one, released the pressure from the upstream. They don't have to merge our patches. We don't
have to try and pressure that to happen. And we've relieved the pressure from us. We can release determinate Nix updates
whenever we want with patches that we think are important. And ultimately, it remains our
responsibility to stay compatible with upstream. Sure. Okay. So in this sense, distribution is
quite similar to like a Linux distribution where you've taken the upstream code,
y'all are building it and then
adding on bits that you think will make things better or solve particular problems.
Absolutely. And then the flip side of that is communicating clearly with our users about
security vulnerabilities and about updates and being able to ship updates to them that we know
we've tested for their use cases. And then finally, the last piece is what we call Determinate NixD,
which is a management daemon around Nix. It takes care of things like garbage collection. If you have enterprise certificates, it sets that up. If you're deploying to a Mac and Amazon, it will support a hands-free, touch-free, fully automatic process to install Nix and be ready to run.
That is not something that can be simply fixed in a bash script in the installer. That requires actual changes to how the software runs.
Those are the sorts of improvements we make to Determinate NixD.
I'm just curious, at a technical level, what are the licenses or open source status of
these various components?
Almost all of our software is open source.
We have two proprietary components.
The first is flakeup.com, the backend web server.
And then the second component is DeterminateNixD. DeterminateNix itself is open source, just like the LGPL requires.
We're not going to restrict the source just to our customers. It's all going to be public.
And in the long term, as a team, we see a future where DeterminateNixD is open as well.
We said that at one point about FlakeHub, but the complexities of managing back-end server software that's also open source is hard, not something we really want to do.
Doing that for Determinate NixDs would be a lot easier.
So that's much more feasible.
And then practically speaking, there's like a new command, right?
I can do Determinate-NixD upgrade, or I could do Determinate-Nxt-log in GitHub actions. So for some of the system administration components, it's now replaced with a new determinant-nxt command.
Can you tell me a little bit about that?
So this comes from a position of making it possible to work in a team.
Basically, the first thing a team needs is a binary cache that works across their team.
A typical way to solve that is to set up something like S3 or something similar and copy credentials
around.
Yep.
What?
I've never done that.
Right.
That's not the typical way people like to manage credentials anymore.
And that adds challenges to things like GitHub Actions or GitLab Pipelines or other CI systems.
And doubly so adds challenges when you're deploying to production, because you need to
figure out how to get that secret in place. What we've done is we've integrated Determinate NixD
with FlakeHub, and FlakeHub offers a private binary cache to its users, as well as hosting
private flakes. And so when you run Determinate NixD login, you can log in using a token you get
from your personal account on the website. It can log in using the credential
made available from GitHub Actions or GitLab Pipelines. And we have support coming for
other services like Circle and Semaphore. And the point there is to make setting up CI as easy as,
yes, number one, yes, install Nix. Yes, use Determinate. Number three, yes,
use your team's binary cache. That's all you have to do.
You don't have to juggle credentials. It just works. Yeah. Okay. Can we transition then to talk about FlakeHub cache and private flakes? So I think it's like a few days ago as this comes out,
you announced a new chapter for FlakeHub with the general availability of two new features,
the FlakeHub cache and private flakes. And I have a couple of questions around that, but maybe explain what that is.
Yeah, so Flake Hub Cache is as straightforward as it sounds.
It's a binary cache for Nix projects.
The magic in it is that you log in using your environmental credentials, like I said, from
GitHub Actions or Pipelines or using your Amazon IAM role for your machine.
And then the second
piece of magic is every project and every flake gets its own little slice of cache. So when you're
building in CI or when you're deploying, you have confidence that you're not mixing dependencies.
Or if you split up access control to different flakes and projects on your team, people on one
team can't access the builds or the flakes from another team's project.
Yeah, I got to imagine that's the sort of thing that has come up in security reviews or other
sort of compliance requirements, right? Absolutely. Yeah. So we've seen a number
of users of binary caches sort of have a very fluid security posture around their binary cache,
where a lot of teams will just make it so anybody can
push to the binary cache from their machine. We really don't like that. That's very uncomfortable
for us. We think builds should happen in a well-controlled environment like CI,
get pushed from those jobs and be reusable by everybody, but only CI being able to push.
Are there any thoughts around, I guess, either sort of folks that might be using
entirely private infrastructure and or, you know, operational break glass situations where,
you know, things are down and maybe you do need to do a manual push?
Yeah, we have plans to support fully offline or fully air-gapped deployments of FlakeHub,
for one. Number two, the design of FlakeHub and its policies are really built around a policy
engine. So it's similar to how AWS IAM roles and policies work. We don't currently let users define
their own policies, but we've implemented all of these restrictions using that policy language.
And so what that means is that over time, eventually we'll be able to let you write
your own policy about the conditions of who can push to the cash and when.
And so if you do have a break glass scenario, you can change that policy, push your stuff,
restore that policy and get out of the bad situation.
Neat.
Yeah.
Okay.
Sounds like you're thinking ahead on this one.
We've talked to a number of users of Nix in environments where they do have air-gapped environments.
These users are around the world in all sorts of environments and all sorts of corners of industry. And it's clear that these customers are looking to adopt Nix.
They need these security requirements that are hard to get unless you're designing for it from
the outset. And that's really a key part of who we're designing for. I think the other thing that's
wonderful about it, just my limited experience is, again, you don't have to be a Nix expert.
You can just be familiar with your existing workflow if you already use GitHub and GitHub Actions and all that.
You can pretty much figure it out, which I think is – it's a lot less scary to approach for people that are especially working in a business environment.
Right.
It fits in the same framework you're using to deploy your stuff already.
People on your team probably already using it.
Yeah.
If we could shift gears just for a moment, Graham.
Very important question. I'm encouraging Wes Payne to deploy NixOS on his mom's new laptop. And I'm imagining you've probably deployed Nix on a few family members
and friends' computers. Do you have any advice for Wes's mom's laptop?
Sure. So number one, you should absolutely install Determinate Nix.
There you go. All right.
You know, one of the reasons for that is it really is designed to just be happier out of the box.
It's possible to get into an environment where Nix has accidentally taken up all of the disk space.
You can't even garbage collect because your disk is basically that full.
Determinate Nix is designed to avoid that scenario from the outset and handle that scenario if you get yourself into that bind.
I noticed that the Nix Demon, I'm not sure exactly what the proper name for it, but the Determinate Nix Demon seems to be aware of critically low space scenarios and gets a little bit more aggressive with the garbage collection.
There's like an oh crap moment there.
That's right.
Yeah.
It's a mode for when you have five bytes free or something and you really need to get some
space.
And so the design of that is if it does really run out of space, it will do a progressive
garbage collection of free 10 bytes, free one megabyte, 100 megabytes, a gigabyte.
And then it continuously become more aggressive to get you out of that bind quickly and get you back to a working scenario.
And that's completely automatic.
Wow.
So it's not just calling the next store command.
It's working at a finer detailed level than that.
That's right.
Yeah.
And we have some plans and some draft pull requests to make that better, especially for
users of macOS.
And that's not because we necessarily prefer Mac, but they provide some really nice APIs. You can get an event for when there's low space. You can ask the operating system if you're,
say, on an airplane or you have low power or these sorts of scenarios. And so we're looking
to tune the garbage collector to behave more appropriately. Like if you're on an airplane,
you probably don't want to garbage collect your store if you're working, if you don't have to.
So let's not. If you're low on space and you don't have to garbage collect your store if you're working, if you don't have to. So let's not.
If you're low on space and you don't have to garbage collect and you're low on battery, we don't have to garbage collect right there.
So why would we?
We can defer that later when your system is in a more normal state.
That's a brilliant feature.
See, mom definitely should have that.
Yeah, I don't think I could explain to her how to clean up her garbage.
And then we'd have to get in a whole conversation about what that meant.
Yeah, yeah.
She's got enough chores to do anyways. Well, Graham, is there anything in particular we
haven't touched on that? I know it's been a really busy week. So is there anything dropped
through the cracks that you wanted to talk about? I think the major thing here is we jokingly,
seriously, non-seriously talk about vibes-based development. And that sounds like a joke, but some of our earliest
team members are people really familiar with developer relations and really understand how
a lot of developers think that aren't steeped in Nix already. And so when we think about how
our software should work or what it should do, our first question is, well, what would feel best,
right? Or say I'm a brand new user trying to get started.
What's the most obvious way we could do this that feels like the way it should?
And if it doesn't feel right, we try to find a way that does feel right.
And so that really permeates our entire experience.
And one example of that is we have a GitHub workflow called Determinate CI.
It's not a big thing.
It sounds like it's a big product announcement, but it's not.
It's a workflow. It's designed to be something you can copy paste into your project on GitHub.
It'll find all of the flake outputs. It'll build all your flake outputs. It'll push them to flake
up, push them to flake up cache, just out of the box in about five lines of YAML. That's really
inspired the design. The second thing that we really haven't talked about here is FH apply.
The second thing that we really haven't talked about here is FHApply.
And FHApply is a command that makes it possible to do rolling pull-based deployments from FlakeHub.
FlakeHub married with FlakeHub Cache, they come together, means that you can do things like run FHApply in your user data on a NixOS machine on Amazon, and it'll just boot up and instantly deploy your software.
It doesn't have to evaluate any Nix expressions. It doesn't have to build anything. It queries the Flake Hub API
and downloads everything to run. Nice. Is that ultimately just pulling like a closure of whatever
the Flake was defining? That's right. Yeah. So you use a familiar feeling Flake reference.
It queries the Flake Hub API. The Flake Hub API tells you what that store path is,
and it downloads and activates it. Wow. Yeah.Hub API tells you what that store path is, and it downloads and
activates it. Wow. Yeah. I mean, you know, behind the scenes, we've kind of talked about some of
the potential for, there's a lot of, you know, push-based solutions in the Nix space already.
And just, it seemed like, yeah, pull could work well, but obviously you're going to have to set
all that up yourself. So this is just baked right in. Yeah. Yeah. So that's using two features of
FlakeHub that are really notable. The first is that Flake Hub supports semantic versioning in Flake versions. So you can bake into your user data, download 0.1 of my Flake. And when that runs in the user data, it will resolve to the most recent version of that Flake in the 0.1 series. And so you can use that for repeated deployments over
and over, and it will always pull the most recent. And then the second thing is it takes advantage
of something that we call resolve-only tokens. And what that means is when you do that FH apply step,
it queries and resolves what that flake graph means in terms of store path. And then it gets
a flake hub token that can only be used to download exactly that path from the binary cache,
that path and its closure.
And so you can make a machine
that can only deploy exactly that Flake reference
and has no other access to any other Flakes.
It can't get any source code.
All it can do is download exactly that closure
from the binary cache.
It's an incredibly powerful primitive.
I think this is a bit of what you were talking about before when you said, you know, designing
with security from the ground up, right? That's exactly right.
Talk about a minimal system that you could control. This is why I'm just, I'm really excited
about what Determinate Systems is working on. It's why I wanted to get you on, Graham, because
personally, I'm out of, you know, I look at all the Linux companies. I'm, some of the stuff you're doing is what I'm the
most excited about out of all of the companies out there. I think Determinate Systems has a
terrific future. And we'll put links to all the announcements, including your most recent blog
post. But I guess I just wanted to say, pass around some high fives to the team from the
Unplugged podcast, because we're big fans of the work you guys are doing. And I wanted to thank you for your time too. Absolutely, Chris. Thank you so much for
having us. You know, we've always been big fans of the podcast and we obviously, we really like
the Knicks ecosystem and we're really glad that your community does too. So keep up the good work
and, you know, I'd be happy to answer questions. I'm in the matrix and just be available for chat or help or anything.
This ad space could be yours. Reach out. I'll make a great deal for somebody in our community,
chris at jupiterbroadcasting.com. Or you can support the show by becoming a member at linuxunplugged.com slash membership. And I'll have a link to the annual plan in the show notes.
And if you're ready to step up to the Jupiter party, you get all the special features for all the shows and your contribution supports every podcast on the
network. That's at jupiter.party. And that's what the annual membership is for, too. So the annual
membership will sign you up for that and you'll get one month for free. But if you're ready to
get your message out to the best Linux audience in the world, I'll make a great deal for a listener
of this program. Email me, chris at jupiterbroadcasting.com.
And this very spot could be yours.
Or send us a nice big generous boost with your message.
I'd love to just support small businesses in our community.
Send a boost and we'll read it too.
We hope we can use this space to promote people out in our audience and in our community.
So it's linuxunplugged.com slash membership for that.
Or if you want to get your spot right here, right now,
chris at jupiterbroadcasting.com.
Well, this week, Chris, I get the sense you've been working on some stuff and you've got some questions for our audience.
Oh, I'm in a hard spot, Brent.
And I've tried, I have tried, I have tried not to take this step.
But I'm going to put a call out for anybody within the reach of my voice that could be maybe in my area and be willing to help me install a diesel heater.
And if you know what I'm talking about, then you're the right person.
I've been looking for a local shop or a contractor that can do it, but it's been looking for a year.
I'm looking for a year.
I thought that was on Jeff's list.
I had this thing in a box since last Christmas.
Went through all of most of last winter. Didn't use it. Now we're entering next winter. I'm like, I got to get this thing in a box since last Christmas. Went through all of most of last winter.
Didn't use it.
Now we're entering next winter.
I'm like, I got to get this thing installed.
Email me, chris at jupiterbroadcasting.com.
If you are handy and could help out, I'd be willing to pay.
I can't pay a lot, but I'd be willing to pay and cover travel.
But you can't travel that far.
That'd be crazy.
And then I'm also looking for a tool we can use here at JB.
We've looked at several of these in the past,
and I would just like to crowdsource a state of what's still really good. And I'm talking about
these self-hosted AI chat apps that can either be connected to a local LLM or use the API of
something like OpenAI or Anthropic or something like that. I know we had someone on The Matrix
just recently chime in with LibreChat.
So that might be one to add in.
But if you've tried it, please boost in and tell us.
Yeah, I've been considering LobeChat.
It has a lot of nice features, including a bunch of different backends it can plug into and a pretty nice, seemingly pretty nice app that is also progressive.
So you could use it on the phone.
I'm looking for something so like JB could have one centralized tool.
And if you could boost in or write in and let me know what's worked for you, that would really help.
Because I've kind of been overwhelmed by all the options.
And some of them don't look like they're actually as great as they used to be the last time I looked like just six months ago.
The thing is moving fast.
I have a question here.
Can you sell me on the idea?
Like why self-host it for yourself?
A couple of reasons.
So number one is if we have one performance machine, we could put a local LLM on that and then you could access that from all of our machines. But secondarily, if you look at the pricing structure of some of these tools and we use some of these tools to do either transcription or summarization, there's lots of various things we can use it for. tokens or they offer memberships. So like Anthropix Cloud AI is 30 or 20 bucks a month and you still have to buy API tokens.
So why not just buy a handful of tokens and use different API backends as you needed as
needed or use the local LM in one single app.
And that one app can query OpenAI, Anthropic, Perplexity or like something like Lama.
Yeah.
And the other thing is you can store prompts.
You can have prompt shortcuts.
I've recently been experimenting with different types of prompts
to generate sort of summary things we need on some of the news we collect
so that we can go and dig in further.
And it could help with some of that.
I was going to say, Brent, if he doesn't have an LLM to ask,
he's just going to ping us about it.
We haven't been that reliable, have we?
No, it's not that.
It's just like an efficiency thing, really.
And I want to play with some of these out there, but there's so many.
And some of them are like this thing.
The thing about LobeChat that turned me off is that it's like six containers of different things.
It's another database and another Redis.
We're going to do a whole bunch of stuff.
So I'd prefer to avoid the complexity, but I'd be willing to put up with some of it.
And now it is time for the boost.
Well, Lieutenant Murth is our baller booster this week, and they came in with 126,100 cents.
Hey, rich lobster!
And they write,
first boost after migrating my wallet from Breeze to a self-hosted Albie Hub setup.
Wow.
Oh, cool.
Okay, yeah, and then they used the podcast index
probably then via Albie.
Neat.
Yep.
Now, listen to this.
So they had an old helium miner.
I think that's a coin.
And they then generated enough of Sol to then buy Sats to support the show.
So they did it all without actually buying the Sats.
Amazing.
That is really something.
But also, I love the Meshtastic coverage they write.
I've been dabbling with it myself for a few years.
A Raspberry Pi with a Waveshare LoRa hat is running my Meshtastic D service on my root.
Cool.
I gave my parents and my brother a couple of T-beam devices and custom 3D cases printed to go with it.
They have them on their kitchen counters.
It's a small network between the three houses.
It's end-to-end, so maybe we're talking like 15 kilometers as the crow flies.
But it's nice to know that my brother will always be able to reach my aging parents no matter what.
And my brother and myself.
That is really great for family, especially family that's in a range like that.
Yeah.
Don't depend on the internet.
Don't depend on the phone systems.
Use Meshtastic.
That's pretty great.
Thank you for the boost. And congratulations on the Al Meshtastic. That's pretty great. Thank you for the boost.
And congratulations on the Albie Hub setup.
That's really cool.
Bamam 182 boosts in with 50k sats.
Bam ham.
I hoard that which your kind covet.
Throw in more sats towards JB and Jeff's Meshtastic adventure.
I have done a cursory search, but I haven't had the time to really do a deep dive for a good answer on.
I've done a cursory search, but I haven't really had time to really do a deep dive for a good answer on. I've done a cursory search, but I haven't really had the time to do a good deep dive for an answer on this,
so I'm hoping you gents might know it off the top of your heads.
How does connectivity work when you don't control all the nodes?
From what I'm reading, I believe the nodes need to be assigned to the same network in order to relay data.
Do you need to have a group of nodes on the same network if you wanted to talk to someone on the other side of the state?
Is there some way to link up geodisperse networks
so an East Coast JB network could talk to a West Coast JB network
without a ton of nodes?
That's a good question.
Now, Jeff, jump in if I get this wrong,
but you got channels, and your channels have passphrases,
so you can have secure channels,
and if you know the passphrase, you can join that channel.
And then there's public channels.
And so that's how you can have... I still wouldn't put anything too private in any of this stuff.
But that's kind of how you could separate it out.
So we have two private JB channels and then we have a public channel on our nodes.
But you're not going to really see a west coast and east coast until there's like an IP bridge, I think, or something like that.
If that was a thing, maybe that could do it.
Or MQTT is the way that that is being solved.
Yeah, so that would be your IP bridge.
I saw Jeff Gerling's dad put a Meshtastic router on a drone, on like a DJI, sent it up, and it actually worked.
So you can always do that.
You know, when you want to communicate with people, you deploy the drone.
And then when you're done, land the drone.
Kasuria sent us a trio of boosts here, and the first one looks like a Spaceballs boost.
Hey, look at that. It's been a minute. That's nice.
So the culmination is one, two, three, four, five.
Just a pro tip for people running public stationary nodes.
Set a static location that is a little off of where you are.
Mine, as an example, is set to a local police station.
It was set to a local school for a while,
but people have been getting crazy lately.
They both are very close to me, so I get the same data.
Good tip.
Yeah.
Our second boost here looks like a Spaceballs boost.
Yes.
That's amazing.
I've got the same combination on my luggage.
Also, I am a Framework 13 owner.
I run mine mixed, but when docked, it's connected to two monitors, a bunch of sound devices, and more. I appreciate the upgradability. I started with a 12th gen it goes from silent to whisper with the AMD boards.
It was the best upgrade yet.
By the way, that framework uses Nix and Hyperland.
Ha ha, very nice.
We got to get Brent an AMD framework.
Well, I'm wondering, Brent, have you ever considered
maybe your next MoboSwap?
Have you considered swapping out to an AMD board?
Well, how'd you know I was thinking of that just this morning?
Oh!
I'm starting to get some votes here on the show. You get a little bit better graphics card? Have you considered swapping out to an AMD board? Well, how'd you know I was thinking of that just this morning? Oh!
I'm starting to get some votes here on the show.
You get a little bit better graphics card.
You get a little sounds like, a little quieter.
You get the same laptop as my mom.
Yeah.
Well, yesterday I was doing a whole bunch of work, and at one point in the day I was like,
why is my computer silent?
I got all these things open.
So it was like strange that it wasn't making noise, which is not a good thing. Not a good thing.
No, no, it's not good.
I think I'm pushing it a little hard. Yeah.
Maybe one day. Maybe one day. Maybe one day we'll talk about it on the show and it'll be
really surprised and we'll be super excited.
Kassuria's third boost here looks like a duplicate, but it is also a Spaceballs boost.
All right, let's do it.
The hell was that space ball
one they've gone to plan thank you carousel appreciate that hybrid sarcasm came in with
34 567 sats and i'm not sure guys but i'm betting he wanted some mac and cheese on that put some
macaroni and cheese on there too he came in with in with an app pick. It's called denote.com.
Get denote.
Denote.
Denote.
Thank you.
I don't know.
I think you're right.
It's awesome.
It's a simple text editor for the terminal, and it looks so cool.
Effortlessly capture and retrieve new information.
Okay, well, that is a compelling pitch.
Put this in the old Uwake slash Uwake drop-down. Quick commands,
full-text search, bring your own editor,
SQLite format, free and
open-source, cross-platform.
Heck yeah. Let the eagle out on that
one, please. That sounds... Come on, get the eagle out.
That's a great pick.
Thank you, Hybrid Sarcasm. Is that our...
We don't give very many app picks, but
I welcome that as a boost. That's fun. That was a lot of fun.
Our buddy, our pal, VT52 boosts in with a row of ducks.
While listening to the latest show over breakfast this morning,
I got to the boost section, and then one of the boost amounts was announced,
and my four-year-old son said,
You sub-boost!
I guess that means it's time for his first Linux machine?
Yes.
And a boost, VT.
I'm glad you thought of it.
Thank you very much.
It's good to hear from you.
And shout out to the family.
I would love to know if you go the route of setting up a Linux machine, how it goes and what you decide to do.
Definitely.
You know, you could make a really good case for endless OS as a first kids machine, I think.
But I'd love to hear what you decide to go with. You know, speaking of family and our boost sounds, this morning I got a series of notes from my brother that were just quotes of all of the sound clips that we do during the boost thing.
And we had a conversation back and forth just with our, like, boost quotes.
It's maybe a thing only twins do.
But the immunologist came in with 5,556 sets.
This is the way.
I am using Linux daily since about two years.
The longest for me has been Tumbleweed for a year,
partially Leap, Aeon, and Kalpa.
Winner would be the Raspberry Pi OS for three years, though,
although not a daily user interface.
Hmm.
Hmm.
So I'm impressed.
Are you saying that you were using Linux on a desktop,
on a Pi for a while?
Is that what I'm getting there?
Is that what I'm getting?
Not daily, but...
I think the way I understand this is more than one device at home.
Yeah, the longest running Linux,
which is answering one of your previous questions, Chris,
is that, yeah, the Pi is running Linux for three years, you know, Pi OS
and Raspberry Pi OS,
but that the daily desktop is
running either Tumbleweed
or some other. Well, I would love to know,
immunologist, what's your favorite version
of SUSE's? So do boost that in
if you would, because that'll be relevant in next week's episode.
Thanks for the stats. Yeah, and thank you for the boost,
too. What do you think? It's KennetRunner?
Yep. Nailed it.
Kennet Runner comes in with a Jar Jar boost.
You suppose.
5,000.
Yeah, could be.
Could be.
Hey, guys.
Love the Meshtastic show.
Set up a node here in Berkshire, UK, but no other nodes are around.
Well, the bad signal's up.
Come on, UK mesh folks.
Yeah.
We got to get this solved.
Get going.
Have you yet going?
Can we ship Jeff Over there
Just install some
Around the town
Have you considered
What's the frequency
Kenneth
Whoa
You think it's a
Different frequency
I don't know
Frequency problem
But it also
Made me happy
Also just
I will mention
That if you listen
To the Meshtastic
Episode
And you boost in
Jeff is in the splits
Like some of these people
Some of these folks
Are boosting from that episode
They still go to
Producer Jeff A.K.A. PJ Thank you everybody Who has boost in. Jeff is in the splits, like some of these people. Though some of these folks are boosting from that episode, they still go to producer Jeff, aka
PJ. Thank you,
everybody, who has commented on the
Mesh-tastic coverage. I'm very glad to hear the follow-up.
Anonymous comes in with
2,101 Satoshis.
Boost! Ubuntu is
hands down the distro I've spent the most
time on over the years.
A little more than a year ago, however,
I switched to Fedora Silver Blue, and I've been enjoying that flat pack lifestyle.
Fascinating.
That's a pretty big switch.
Yeah, I could see, though.
I could see I could see that kind of like stepping it up, kind of riding the leading edge of
Gnome, as it might be, and trying out the immutable lifestyle.
It's a good way to go.
Thank you, Anonymous, for telling us that.
We didn't get enough people.
I've told me about that,
but that's two boosts.
Now that at least gave us their long,
their longest running Linux install.
Yeah.
I'm so curious with these.
If you,
if you switch recently to something else,
tell us why.
I want to know why.
Yeah.
Yeah.
Me too.
Me too.
Well,
scuba Steve boosted in 10,000 sats.
It's over 9,000!
Yes, I'm boosting in to announce my candidacy for theoretical New York meetup coordinator.
I think having simultaneous meetups in different locations is a great idea.
And as much as I love chatting with you guys, my favorite part about JB meetups is getting to know other interesting people in the JB community.
New York JB fans, assemble!
Yes.
Plus one to that.
Love it.
Regarding my longest running distro, Fedora has been my solo desktop distribution for
the past four years after switching away from Ubuntu.
I love having access to a recent kernel and up-to-date software in the repos, and I've
never had a single issue with an upgrade.
Interesting.
Seen a trend there.
All right, Scuba Steve, stand by.
We'll see how many other takers we get.
We may only end up being able to do like one or two meetups.
I'm not sure, but we've got a couple other things planned for 600.
But I'm writing you down, Scuba Steve, as somebody who's down to clown.
Thank you for that boost.
Aladim comes in with 2,100 sats.
I've been using Artyx,
or Artyx,
A-R-T-I-X,
Artyx,
since 2017,
which I guess at this point
stretches longer
than the five to six years
I used Arch before.
Wow.
If you're willing to do
a follow-up boost,
I'd just be curious,
like a little,
you know,
yeah,
TLDR,
what do you love about it?
Yeah,
that is a nice long stretch boost. I'd just be curious, like a little, you know, yeah, TLDR, what do you love about it? Yeah, that is a nice
long stretch, though.
So I did a little
quick live research here.
Artix looks like
a Linux distribution
based on Arch
without Systemd.
Oh, interesting.
Okay.
I would really love
to hear more about that
and why.
Very, very unique.
Thank you.
Aldum?
Aladum?
Aldum?
Appreciate the boost.
Dexbot comes in with a row of ducks.
Oh, answering my ask for a USB-C or Thunderbolt dock.
Yes.
I use the CalDigit TS3 dock at home and the Dell WD22-TB4 at work.
Both are excellent, but I prefer the ports on the CalDigit.
Occasionally, the Dell needs a hard reset, but those are fewer and further between than they used to be.
The WD-22 USB-C is also good for non-Thunderbolt machines. Neat.
Yeah, I've definitely, definitely heard the CalDigit mentioned before.
Same.
And 87 watts is a pretty good amount of power. $209 on Amazon, US Greenbacks at the moment, but you get seven USB 3 ports,
you get USB-C,
you get DisplayPort,
you get SD card reader,
gigabit Ethernet,
and of course,
it's Thunderbolt 4 connectivity
back to your computer.
It works with anything
that supports Thunderbolt 4.
That's, I mean,
it's the one I've probably heard
the most commonly mentioned.
Again, that's the CalDigit TS3.
That does look like a good way to go.
I think, Wes, one of your considerations should be native Linux firmware updates.
Ooh, okay. I like that. Yeah.
Now, for humor boosted in, 4,444 sats across two boosts.
I think that makes it a row of ducks.
Affleck!
It's a big bird. It's Affleck duck.
I'd love to hear more
about Olympia Mike's
Chrome OS style
NixOS project.
How can I learn more
about this
and borrow from his work?
By the way,
I love the sound bites
from Wes's framework
set up with his mom.
So authentic.
Great.
Yeah, that was nice.
You know,
Olympia Mike,
he might be a man overboard.
He hasn't sent us any feedback for a long time.
So I just actually got a message from him recently.
It sounds like he's deleted Twitter, so props.
Okay.
But it is still on Mastodon.
Fostodon, he's at CodemonkeyMike.
So you might be able to reach him over there.
I think some of this stuff, I'll see if I can dig up,
I think at least some of it's up on GitHub too.
All right, there you go.
Yeah, and Mike, if you're out there, get in touch.
You know, we miss you.
I hope we're okay.
Now this next one is definitely a row of ducks.
Shaka Kaka comes in with 2,222 sats.
And they write, thanks for mentioning Beos and Haiku.
I will try out that new version.
What do you think about Fountain not being open source?
You know, I just had a conversation with them about not last Thursday but the Thursday before.
And it is not an impossibility that that might change one day.
That's not where they're at right now, right, because it's a really small company with just a few core people that have a massive task they're taking on.
And they're still occasionally in the conversation of funding or not funding.
And these things all have ramifications on the licensing.
So I have learned.
Long story short, though, that could be a thing that happens one day.
But I'm not really too concerned ultimately because all of the podcasting standards are open source.
And Podverse is currently getting a rebuild from the ground up to be better than ever.
That's a GPL3 podcasting 2.0 client.
Castomatic is, I don't think, open source.
It might be, but it's just another option that's out there along with Podcast Guru and a bunch of other great apps, some of them which are open source, some of them which are not.
They're just kind of a mix.
Intendapod continues to be great and slowly adding more podcasting 2.0 features as time goes on.
That's nice to see.
It's kind of like, you know, like a lot of folks like Obsidian, which is also not open source,
but, you know, it's all powered by Markdown. So similar here, we have RSS feeds that we tweak,
we control, and Fountain plays nice with those. So it's at least a pretty good situation.
I think a lot of times with things like this, what Fountain offers is the smoothest onboarding
process. And they are also very aggressive with the features and they have kind of brought it
all together in a really nice tight package. And they have a real clear vision on what they're
executing on. And I continue to have, I'm now doing bi-weekly consultations with them on stuff.
And so when listeners have issues or something like that, I'll bring it up to them or just help,
you know, talk to them about future directions and stuff like that.
So it is something that could one day materialize, especially if I continue to consult with them.
Thank you, everybody who boosts in.
We have the 2,000-sat cutoff for time, but we do read everybody's boosts, and we save them in our doc.
And I'll give a shout-out to our sat streamers first.
We had 39 of you out there just streaming them sats as you listen to our mouth holes, and we really appreciate that.
We stacked a total of 104,578 streaming sats this week.
When you combine that with the boosts that we received, we had a grand total of 390,347 sats.
That's a pretty solid number.
Thank you, everybody, who supported the show with a boost or who is a member and just puts it on autopilot.
It means the world to us.
The show continues.
Despite the ad winter, because of your support, we are going to probably enter another year of pretty poor ad performance for podcasts.
And it's nice to know that we have an audience out there that when they get value from something that we produce, they return the value to us.
You can do that with Treasure.
That's what a lot of people have available,
but we also are totally, totally happy with time or talent.
So if you have time or talent, you can contribute to the show.
We do have a GitHub.
We have an active Matrix community.
We have a live stream at a Mumble room.
We have meetups that we're trying to organize.
You can recommend the show to people.
There's a few ways you can participate that aren't monetary.
Whichever way you do support the show, we really appreciate it.
If you get some value from it, please do consider exchanging that value back.
Whatever amount you feel appropriate, however you feel appropriate.
Now, before we go, I got an app pick for you all.
You ready for this one?
This is actually recommended by Editor Drew Drew and it's called Plastic. It is an
NES emulator that is written in Rust. And Wes has got it running right here. And like a true
retro baller, he has it in a cool, what is it? Cool retro CRT? A cool retro term. That was also our dear editor Drew's idea.
So you run the NES emulator
in something that makes your screen look like a CRT monitor,
and it's actually really great.
And the nice thing about Plastic
is that it has a graphical interface,
but it also has a 2E interface,
a terminal user interface.
So that seems pretty neat.
Yeah, here's the regular...
It looks great! Yeah, supports Wayland, opens up a window. It's neat. Here's the, here's the, like the regular, it looks great. Yeah. Supports Wayland opens up a window. It's, it's neat. It's pretty minimal,
you know, and you kind of got to figure out what the controls are, but, uh, totally works that.
I mean, I, I'm just happy with how clear the picture looks that, you know, sometimes they
look a little less clear. Is it, is it? Okay. Well, it still looks really nice. It's under
the MIT license, so you can go grab
it we'll have a link to the github plastic an nes emulator built from scratch using rust you could
really stretch it oh that's in your console yeah oh my god that's cool so it's rendering all of the
graphics to the console again you probably want to to use the regular graphics mode if you're actually playing the game, but
it's pretty neat.
Oh my god. That is
a great picture. Thank you.
I'm going to be playing around with that one after the show. Hey kids,
look at this. Dad, what are you doing?
It's a classic. Yeah, it's a Rust app.
I have a work in progress little
flake for it, so I'll put that in my GitHub too.
Oh, right on. Well, there you go.
Check this out, kids. There you have it. So I'll put that in my GitHub too. Oh, right on. Well, there you go. Check this out, kids.
There you have it. So if we've
left you with anything this week, it's that KegSec
is a ton of fun. There's a bunch of things that
are developing in the Nix community
and Determinant Systems seems to be
a company to watch. Hopefully there's something
in there for you. We'd love to hear from you. Of course, we
have the contact page and we have the boost.
And remember, we are asking what your
favorite version of Seuss is or was boosted in for the next episode, because it's probably going to be topic relevant if everything goes as planned.
See you next week.
Same bad time, same bad station.
Yeah, you could join us live if you'd like to.
Make it a Tuesday on a Sunday. noon Pacific, 3 p.m. Eastern over at jblive.tv or in a podcasting 2.0 app of choice
where we will mark it as pending ahead of time
so you don't have to worry about the time math
and then we go live in your app when we're live.
You can always catch what we talked about after the fact
with links or previous episodes or, I don't know, RSS feeds.
So you just get it like a podcast whenever you want.
That's all over at linuxunplugged.com,
specifically linuxunplugged.com slash 586.
Thanks so much for joining us
on this week's episode
of Your Unplugged Program,
and we'll see you right back here
next Tuesday,
as in Sunday! Thank you.