LINUX Unplugged - 630: Google's Garden Lockdown
Episode Date: September 1, 2025Google's sideloading lockdown has us pushing Wes' Pixel further than Google ever dreamed.Sponsored By:Managed Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open...-source Nebula platform that we love. 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Unraid: A powerful, easy operating system for servers and storage. Maximize your hardware with unmatched flexibility. Support LINUX UnpluggedLinks:💥 Gets Sats Quick and Easy with Strike📻 LINUX Unplugged on Fountain.FMDECbot/nebula-cert-maker: Simple yaml and python script to create certificates for your Nebula Mesh VPN — The Nebula Cert Maker will create a new Nebula CA certificates and then generate and sign certificates for all hosts in the host list.Texas Linux Festival 2025JB TXLF Matrix RoomJupiter Broadcasting GarageLinus Torvalds Marks Bcachefs As Now "Externally Maintained" — Linus Torvalds updated the maintainers file for Bcachefs and now reflects its upstream state as "externally maintained" rather than "supported".Google will block sideloading of unverified Android apps starting next year — Google says that only apps with verified identities will be installable on certified Android devices, which is virtually every Android-based device—if it has Google services on it, it's a certified device.Android Developers Blog: A new layer of security for certified Android devicesAndroid developer verificationnixos-avf: NixOS for Android Terminal — This profile contains the necesarry services and kernel configs to get it running under the Terminal appnixos-avf-image-app releasesNixOS VM on my phone lol (Android Virtualization Framework) - NixOS DiscourseSetup SSH and Tailscale on Android 15 Linux Terminal Appdroid-nixos — NixOS VM on the Android "Terminal" appttyd: Share your terminal over the webIntroduction - Book of crosvmcrosvm: The Chrome OS Virtual Machine MonitorAndroid 16 New Feature Terminal (Debian 12) Actual Test: Network Configuration and Software Installation💻 How to Install Android 16 Linux Terminal with GUI Mode on Your Android Phone Step-by-Step GuideHands-on: We ran full desktop Linux apps on an Android phone!Android 16 Terminal Debian GUI Access Tool — This script is specifically designed for terminal environments on Android 16 systems, enabling quick configuration of graphical interface access for Debian 12. After configuration, you can access the native Debian 12 GUI environment within the Android terminal from your PC through the following stepswansview 2K Security Cameras Wireless — Outdoor-2.4G WiFi Home Security Cameras via Remote Control with Phone APP for 360º View, Color Night Vision, 24/7 SD Card Storage.Thingino — Open-source Firmware for Ingenic SoC IP Cameras.themactep/thingino-firmware: Open-source firmware for Ingenic SoC IP cameraspaperless-upload-thunderbird — Add-On for Thunderbird to upload PDF directly to paperless-ngxdistrostu's nix configFlameshot — Open source screenshot softwareHyprshot — A utility to easily take screenshots in HyprlandblendOS — Arch Linux made declarative, immutable and atomicFrigate NVR — Frigate is an open source NVR built around real-time AI object detection. All processing is performed locally on your own hardware, and your camera feeds never leave your home.Pick: Kvaesitso — A search-focused, free and open source launcher for AndroidJonas Hietala: I'll only buy devices with GrapheneOS — I use the Kvaesitso launcher.
Transcript
Discussion (0)
Hello, friends, and welcome back to your weekly Linux talk show.
My name is Chris.
My name is Wes.
And my name is Brent.
Hello, gentlemen.
Well, coming up on the show today, it appears Google is laying the groundwork to start
locking down side-loading on Android.
You can imagine we have some thoughts on that news.
So what we'll do is we'll push Wes's pixel
further than Google ever imagined or dreamed possible
though we'll round out the show with some great boosts, some picks, and a lot more.
So before we get to all of that, let's start by saying time of appropriate greetings
to our mumble room.
Hello, Virgiluck.
Hello.
Hello.
Hello.
Hello, everybody up there in the quiet listening to.
Got a good showing up there as well.
Of course, we're doing this here, podcast live on a Sunday.
We start around 10 a.m. Pacific time, but you can get that.
converted to jupiter broadcasting.com slash calendar or here's a pro tip use a podcasting 2.0 app and they'll
just be right there in your list easy peasy and a big thank you to defined networking at define
net slash unplug go meet managed nebula from defined networking they took the brilliant beautiful
fully open source nebula mesh VPN network and and built this product around that anyone can use
It's managed Nebula, a decentralized VPN built on what we think is the best open source mesh VPN platform.
And the entire stack is optimized for speed, simplicity, and industry-leading security.
Slack's been using it, I mean, Slack has been using it since day one, but we hear more and more stories from you out there in the audience using it to point it on your home labs or for work or whatever it is.
And as a result, and keep sending them in, we've been seeing some pretty cool tools sent into the network.
but this one was actually made by one of our own.
Deckbot, listener DeckBot, has made Nebula cert maker,
a simple YAML and Python script to create certificates for all of your mesh nodes.
So I think, Wes, the way it works is it looks at you have a list of all your hosts.
It'll walk through that list and create a new Nebula certificate
and generate and sign the certificates for each one of the hosts in that file.
Exactly, yeah.
So like Nebula itself provides the primitives for managing the certs and all that kind of thing.
And you can build on top of it, and deckbot has, which is awesome.
And we're seeing more and more of that, which is great to see.
Shout out to DeckBot for making something just real simple, but really useful.
And the nice thing about Nebula is when you deploy Nebula, you are in control.
You can run the entire infrastructure.
There's not bits of it that are kind of like this weird fork, and you can kind of run part of the...
No, you can run all of it, or you can take advantage of their managed product.
Go right now to Define.net slash Unplugged and get 100.000.
Hosts absolutely free.
Take advantage of top-tier encryption.
Take advantage of the leading industry product that is lean, mean, and fast on your host.
100 hosts absolutely free.
No credit card required.
Go to define.net slash unplugged.
Okay, it's on.
It's definitely on.
Texas Linux Festival, October 3rd through the 4th in Austin, Texas at the Commons Conference Center in Austin.
We're all road tripping.
Brent's coming down from the East Coast, coming down in the van to Texas, and Wes and I are going to load into my car and a road trip down on the West Coast.
So we'll be coming down individual coasts at the same time.
That's kind of cool.
So meet us there.
Why don't you?
The coast to coast.
Coast to coast, Texas Linux Fest.
We don't have swag yet, but we will probably midweek have some Texas Linux Fest swag in the Jupiter garage.
So I'll put a link in the show notes.
So midweek, after this came out.
out, go check that out. So, you know, the first week of September. And once again, I'm going
to be coming to you asking to help us get there with some boosts. We're in conversation with one
potential sponsor, but it hasn't really gotten anywhere yet. And I'm not sure it will in time
for us to make it to Texas Linux Fest. So we're going to self-finance this one way or another.
My hope is that we can get some boosts that come in and then what we're going to do and the reason
why the boost are going to be useful is I'll be completely frank with you. I'm going to throw them
into a loan. I'm not going to sell them. I'm going to throw them into a loan. And if
somehow for something happened and the price crashed and we got margin called, it's the same
of selling them then. But we're going to put them into a loan. We're going to do that to
finance our ability to get down to Texas Linux Fest. Now, Chris, why would you do something like
that? That's crazy. I am really committed to trying to cover these events. In a way, I know
this sounds sort of, well, you know, sort of self-self, I don't know, it's sort of, it's not a
brag but I just I feel strongly that if these events don't get covered and they're not streamed
online or anything like it's like they it's in a way they don't really happen except for in this
small little pocket and they don't make often a huge impact outside of that and these are
really unique to the Linux community these these fess that are put together by just
volunteers that care about Linux and free software and it's a real pain in the butt and they go
through all of the work, a year-long job every year.
Without the, you know, corporate style of it kind of budget or time allocation or anything
like that.
Constantly trying to juggle venues and budgets and networking and community expectations.
And they put together something that brings us together across different cultures and
different beliefs, but we come together around Linux and free software.
And the connections you make there are truly, like, they take something maybe like somebody
you've known online, you meet them in person and they become true friendships. And it's not just
about the networking. These are really special events and they're unique to our community. They're
unique to our culture. Other things they have their kind of community events, but nothing's like
a Linux fest. And I feel really strongly that it's one of the things the show can do as a
contribution to the Linux community at whole is try to document and capture these things as they
happen. And then they become part of the show's tapestry over time. So five years,
you listen back, you know, you can hear the 2025 Texas Linux Fest. It's a time capsule.
And then the difference of us going and not going is the difference of that getting covered
and getting captured. And plus we meet, we meet our fellow community members there. It's our
opportunity and our chance to actually convert numbers on a dashboard to real faces. And it
gives us this kind of motivation that you just don't get scrolling social media and reading the
email feedback. So it's probably
one of the most expensive things we do
and probably one of the most important things we do
and you know screw me if I have yet to figure out a way to really make a profit at it
but it's still something I feel is extremely important we do
and it's also a form of genuine unique content and journalism
I think that's kind of maybe don't call it that but it's in the category of
we're going there we're doing original reporting that isn't being covered anywhere
else we're capturing something that's unique to our community
and we have an inherent expertise and understanding
on the topic matter and on the culture and of the people
so we're perfectly positioned to cover it and capture it.
So it just feels like it's extremely important to me
that we actually do this.
And I felt this way for years,
but it's really been crystallized in the last couple of years.
But that doesn't mean there's commercial interest
and there's not a lot of companies
they're going to make a lot of money financing that.
now there's some that want to do it but it hasn't materialized yet but i think it's important and i would
like your help if you would like to boost in help us get there we're going to take those sats
we're going to throw them in a salt loan um there is a margin insurance there and then we're
going to use that to finance it to get us down there and then i'm going to pay it off probably myself
personally over the next year or so or we'll sell the sats whatever we have to do but it gives us
some optionality. We can or we have the option to or not to sell them. So it gives us flexibility
there. And when it's in that salt loan, we'll have cash that we can use to get our butts down
there and rent hotels and whatever else we have to do. So that's the goal. It's a bit ambitious
and we only have until the end of this month, really, the next month, September, to do it.
Because I think by my math, we need to hit the road by September 28th.
So the episode we do on September 28th, we basically, after the episode, we pack up and we hit the road.
Well, we got to get there because I got the good news that my talk was accepted.
So I'll be sharing an updated version of my mesh networking on NixOS talk.
Well, now we've got a mission.
We've got to get West to Texas Linux Fest so we can give us time.
And then we'll meet up with Brent.
He'll be there in his van at Texas Linux Fest.
and we'll hang out in Austin with you guys and with Brent and everybody.
And then we're going to caravan back up to the Pacific Northwest in my car and Brent's van.
Operation Homeward Band.
Yeah.
So it's super ambitious, but we hope, we hope, we hope you will help us with that.
You can send us a boost.
The easiest way to do it is Fountain FM.
Now, again, the reason why we're doing boost is because we're going to be using that in a particular way.
So Fountain FM is probably the most straightforward way to do it because they self-host all that infrastructure.
Now, if you can't do that,
or you don't want to participate in that.
Later in the week, we should have some Texas Linux Fest swag up in the Jupiter Garage
at JupyterGarage.com.
And, you know, inflation has hit the prices of swag.
I was complaining to the boys that even like before we price it, these things are ridiculous.
But we'll try to keep it reasonable, but something in there that can still put some fuel in the tank and whatnot.
And we'll have that up at JupyterGarge.com, which could be another way.
And just anybody that does even consider it, thank you very much.
So it's a wild thing we're doing here making a Linux podcast for a very niche audience,
caring about these kinds of esoteric things.
There's not a lot of people out there that get it.
So if you're one of them, we really appreciate you.
Well, we wanted to follow up on the Bcash FS saga,
as it has now been officially marked as externally maintained by Linus Torvald,
which means essentially Bcash has lost its seat at the dinner table.
and it's going to go sit at the kids table again,
which is a big shift since it was really, really close
to being declared stable.
But Linus has officially moved it from the supported category
to, quote, externally maintained in the colonel's maintainers file.
Now, you guys know, if you've been listening to the show,
this is after months of back and forth.
They sort of broke down after Linux 617 and have led to this.
Yeah, as Linus said, in his commit,
as per many long discussion threads public and private.
Yeah.
But we don't know a ton about exactly what that means.
I did take a little peek in the maintainer's file.
It has a self-description on like this status line,
which could be supported,
which is someone is actually paid to look after this,
could be maintained,
which is somebody actually looks after it.
Then there's odd fixes, there's orphan,
and there's obsolete listed there.
But then if you actually go grep in the file,
there's a few more things that you find
like an orphan slash obsolete,
some specific references to different architectures.
There's also one that's called Buried Alive in Reporters,
which is actually what is listed at the very bottom under the rest,
which has Linus listed as the maintainer.
What is buried under Alive in Reporters?
Does that mean air reports or does that mean media?
I think people, you know, talking to,
he's basically the person of last resort.
Okay, yeah, yeah.
But in there, there's only, right,
so standing out as a single entry is this externally maintained,
and there's no real other references I could find in the kernel source.
Really?
So at this point, I don't know what it means exactly in terms of, like, official status.
Obviously, it seems to be implied that Linus is not intending to accept any poll requests for B-Cash-FS, at least any time soon.
But we don't have any, like, official explanation as far as I've been able to find.
So it doesn't implicitly mean anything by externally maintained?
Well, I mean, it surely has some meaning.
We can seemingly infer that it's no longer being maintained in the kernel, but it did not come with, like, a description or update to the,
docks around the precise meaning.
I wonder if you picked up on this.
My sense was, so you read Linus and what he says, and it kind of sounds like there's been
conversations in public and private, he says, and you get the sense that maybe
everybody's on the same page.
But then when I went to see what Kent's reaction was, it seemed like maybe that's not
the case.
In fact, it seemed like maybe Kent didn't even really know what was going on.
Did you get that same picture?
Yeah, I mean, to look at some of his public comments.
Again, we should say the author of B Cash-Fest.
Right.
He says things like, I know as much as the rest of you.
We don't know what externally maintained means, though.
It's all speculation, as far as I know, it means,
what it means hasn't been communicated to anyone outside the inner circle,
certainly not me.
So it seems to say that, you know,
can't seen the update in the source tree and the reporting like everyone else,
but it wasn't what externally maintained, at least,
and what that implies for the future had not been communicated elsewhere.
I don't know.
Brent, do you think it's worth considering users taking action here?
Like, if more of us as users figure out whatever method it might be
to use this file system,
does that put pressure back on the Linux kernel developers to figure out a way to incorporate this,
even if it is through an ambassador or something?
Is there some action we can take in that regard, do you think?
I'm not sure the number of people using it as part of the decision here.
It seems like a lot of it is just interpersonal challenges.
We've certainly seen this, I think, on the show as maybe the worst case for the file system.
So I hope this is like a new status that maybe considers the project in some decisions
instead of being 100% external and maybe there's a chance for it to come back in a year or two.
But this feels like a sad day.
At least that's how I'm feeling.
I mean, it does make it harder to use going forward.
It does seem like Kent and team are already working on publishing some DKMS packages.
So that will definitely be an option at some point here in the short term.
expect. And, you know, there may be also distros that decide to just build custom kernel variance
with it compiled in or, you know, there's a few options for, and I think we'll have to see
exactly what that looks like on the ground as things move forward. Yeah. He did share recently on
Friday, he says, quote, I think we're approaching a month since the last critical bug report.
That's a milestone. Things have stabilized faster than I expected, at least from the look of things.
That's really good. I mean, a month since the last critical, that's a good milestone. It's nice
that he can keep those things in mind. I have a bad habit. I tend to completely ignore the successes
and just focus on the next big thing that has to be fixed. And it is good to recognize those kinds
of things. He did go on in that little update to kind of list a few of that. Like there's a
performance bug, an accounting bug, and a bug with some of the compression stuff. But they all seem
like normal things you shake out in a file system. It sounds like progress is ongoing. So it doesn't
seem like, at least on the development side, if you are willing to jump now through the extra
hurdles to actually get access to the file system.
It will be continuing to be worked on and hopefully stabilize.
I just find it interesting how different this go-around is with B-Cash-F-S than Butter
FS.
I think B-Cash-FS has benefited from having somebody who's out there articulating the point
of view.
And if you will, I'm sorry, the story.
Even today, if you go on R-Linix, you will see a thread that is extremely critical
of Kent.
continues to push the whole narrative of Kent tried to push features during an RC window and
he's a bad person. And it's really unfortunate because it's such a singular view in which
you take one event and you dismiss a decade of contributions. And I think something like
BcashFS would be actually a lot worse off right now if it weren't for Kent and his communication.
And while so much of that has been a focus of criticism recently, I think if you look at what Butter
F.S. went through and the damage to its brand and reputation, even now, even after six
or so solid years of continuous improvements, its brand is such that people still don't trust
it. And they still talk about, oh, I'm afraid I'm going to lose data. And I think in part, it's because
there hasn't been anybody out there that's a lead butt or Fess developer articulating their
point of view like Kent does. And if you're willing to focus in on the message from Kent and not get
distracted by click-baity headlines that tried to drive attention based on kernel drama and
you actually focus on the work, it's quite impressive what continues to happen over there.
And Kent's actually pretty good at articulating that to his community on Reddit and his
Patreon.
And I think part of this is because he is an independent developer.
So he doesn't have to go through a corporate PR communications, right?
If Kent goes and talks to somebody about it, he doesn't have to get it cleared first.
And so he's able to take direct response.
and direct action online and communicate directly.
And he's a good communicator.
And I think that's been criticized a lot lately.
But if you follow him and his community, he's very responsive and he's very clear.
And he's also up front about what still doesn't work and what he's not, he's not blowing smoke.
He's not hyping things up.
I just think it's interesting.
And I wonder if you agree, Wes, that if Butterfess had had somebody that was communicating
like Kent is now, if perhaps Butterfess's brand, if you will, or reputation maybe
a better way to go would be in a different state.
Yeah, that seems like a fairly plausible theory.
I think Kent is doing a great job of being, you know, for folks willing to engage and ask
for support of, you know, if you have a bug, he will work with you to fix your file system.
And that's probably goes a long way to getting people to actually try to use it for things,
you know, knowing that you actually do have some support and it's a sort of identifiable
human or team of people or whatever behind it that you can see consistently do that.
Brian, I have a question for you.
When it comes to defining a code creator being too toxic to be allowed in the Linux kernel,
do you think it's more or less toxic to murder your wife than to criticize Butterfess?
Well, one is related to the work that's being implemented into the kernel, and the other isn't.
So there's that way to look at it?
I suppose.
I suppose I'm just saying we kept a murderer's file system in the Linux kernel for years after he was convicted of murdering his wife.
I don't think that should be accepted in society in general, if that's really your question.
I'm just pointing it out. As far as I know, Ken hasn't murdered his wife.
But, you know, I don't know. Maybe Hans was great to work with on the list.
Yeah. Maybe. That's the closer to the issue, right?
Very polite on the mailing list. Even when Linus got nippy, he probably was still very polite about it. Yeah.
But it's interesting that, like, the Linux kernel is one of the most successful open source projects in history.
but this kind of shows that it's not necessarily open to everyone, right?
If you're creating friction in that, well, you might not have the opportunity to have your otherwise great code be implemented necessarily.
As much as it's software, it's also a human endeavor.
And speaking of benevolent dictators,
Google has made it official.
They are laying down plans to block the side-loading of unverified developers' apps
starting next year in their Android operating system.
It's big news, and I've probably been sent this link a dozen times this week, and I agree.
It's a big story.
So what they're calling them is is unverified apps, which is basically every app that you sideload right now.
And this is going to impact what are called certified Android devices, which is any device that gets any of the play stuff.
And so developers who distribute apps outside the Play Store will have to start verifying their identity through a new
Android developer console that Google is currently building.
So you can think of it as equivalent to the Google Play console that exists for Play Store developers right now,
but now they're making something they say will be more streamlined for verification.
So don't worry.
It's going to be streamlined, but they're going to let you now publish outside the Play Store
if you go through this new console that they're building.
Yeah, it's right there in the name, isn't it, Android developer console?
They're responsible for all of Android.
And they will ask you things like your legal name, your address, your email, and your phone number, just so that way you can have an APK that users can side load.
So this starts in October of 2025, and then it goes to broad developer access in March of 2026.
But the first user rollouts will be in Brazil, Indonesia, and Singapore, and Thailand, and those start next year in September of 2026, and then go global to all users by 2027.
So any Android with Google services, which is like basically all the ones sold in the West, will be impacted by this.
And of course, it is worth noting that this is likely Google's BS response to the courts ordering them to allow competing app stores.
This is what they're going to do is they're essentially taking a page from Apple's playbook, and they're going to make it worse while complying with the courts.
Because, you know, all of a sudden, side loadings is huge risk after all these.
years and we've got to clamp it down. Product VP Susan Faye said that in a recent analysis,
they found 50 times more malware from internet side-loaded sources than apps on Google Play.
I just, is there really this like epidemic of people enabling side-loaded? So, like, most people
don't even know that it's an option. And that statistics, like, they probably scanned all of GitHub.
Right. Every fricking fork of every legitimate thing. And then they compared it to like, you know,
the 20,000 apps in the Play Store.
Many people would also be totally fine with just making it harder to enable, put it behind
the developer menu or so. You know, like, there's a fair, fair options to make it, like,
where I don't think my mom is going to just do that, even when instructed by a malicious
actor, or at least has a lot of opportunity to second guess that decision.
That seems like such a reasonable solution, Wes. How dare you?
I know. I know. It's this, this is the worst, like, example of Google no longer following
don't be evil because it's a cynical response. I believe it's a cynical response to what is a
court order. They're like, well, if we're going to have to do it, we're going to do it this way.
and then they're going to accomplish a wider goal and say,
but look, we're just doing what we're told.
Yeah, I mean, and you can kind of tell, too, right,
they see the benefits that Apple gets from its style of ecosystem.
I'm sure there's been many internally for years who've sort of wondered,
well, maybe is that strategy we should be doing?
And I just think, you know, I was just recommending to someone who was, you know,
they wanted to watch YouTube, but they did not like what they were getting from the algorithm.
And I was like, oh, here's some apps that you can use.
Those are probably exactly the kind of thing that maybe even if they don't,
You know, maybe they violate a terms of service, but not the law, but if, you know, if Google is not incentivized to like them, will they stop showing up as there's something regular people can even try to use?
It, to me it feels like for years and years now, well, basically since the start of Android, we've all, for those of us who really value the privacy side of things and the ability to modify the software that's running on your own, you know, purchased phone, we kind of knew this was a possibility, at least I,
I did. And yet maybe it's arguable that we haven't done enough to give ourselves great options when this would come to pass, which sounds like we're there. We got, what, a year to go? So this feels like a huge loss in terms of what is possible for us to do with our own software on our own phones in the future. And I hope somehow those of us who are smart enough to be able to write software that can push.
on this little decision that we get there.
I feel like that's a super important thing from a privacy
and also software freedom perspective.
So we could have done better.
Here we are.
We should have known better.
As Jeff says, as much as this makes me angry,
I'm not that worried as long as we can still get rude
or ROMs one way or another.
And it is worth pointing out it does seem like, you know,
us graphing folks, this won't really impact in the same way.
So I think there is still an element of that.
But I'd kind of just worry about the, you know,
the more, just the ordinary folks using the platform,
even if they would never use this.
It makes things like F-Droid and Obtenium on stock Android,
perhaps unusable and untenable for some...
Or at least a very different experience.
And that's where I think it's like, okay,
even if this first version isn't the world falling apart for Android,
the philosophy and the change in that
and not sort of respecting that at the root is,
The trend is not our friend here.
I mean, our previous story, there was also a step backwards, was the news that they've removed pixel device tree drivers or whatever it is from the upstream Android source code.
And so it makes projects like graphing OS and others more difficult.
And so these things are in isolation kind of bad.
But when you put them all together, it starts to paint a picture that's real bad.
And you worry about the long-term viability of things like graphene OS.
Would any of us be shocked to learn
that the Pixel 10 is the last one
that you can never run Graphene OS on?
I wouldn't be.
And I know the project's concerned about
enough that they've been trying to work
with a hardware OEM
to add the hardware support they need
so that way an existing hardware OEM
could enable
Graphene OS support.
Please let it be Motorola.
I would love a Motorola flip.
I'm also a little bored with the pixel hardware.
This also kind of sucks in the middle ground too.
I was just thinking like,
okay, you still can use graphing,
But if more things, you know, use play integrity and stuff, like there's already kind of this like, well, if there's a certain set of core apps that you have, you might be forced to be on one of, you know, either iOS or upstream Google, Android.
And then now if you can't load the other apps that you actually want, that's rough.
This, to me, also seems like it's a trend that continues as long as Apple gets away with this type of stuff.
because Apple, what happens is, oddly and grossly enough,
Google's incentives are to align with Apple
because then they get more control and they set a standard.
They're the Coke and Pepsi of smartphones in the United States and in the West.
And if Google says, actually, we've done research and we concur with Apple's position here,
side loading is dangerous, that strengthens both their positions, right?
Google has no incentive to fight this.
And so I think they trend towards Apple's Walt Garden over time.
That's my main concern.
And if that happens, then why not just get iOS and use that fancy ICloud privacy mode that they have and just say, screw it?
It's really disappointing.
I don't like this trend at all.
And it seems to me that we're watching Android drift more towards the iOS experience over time.
Do you agree?
I think I would agree.
I'm wondering if for a moment, maybe we can try to find some kind of positive in this decision.
Is there a positive for end users?
Like, are there, is this an actual problem?
Is this good for somebody?
Other than Google?
I mean, there probably is some slight security benefit.
Maybe.
Sure.
You could make the same argument about Windows.
You know, if Microsoft would have done this in the Windows XP day, you probably would have had less people get malware.
and crap on Windows XP
but Microsoft chose
to keep it an open platform and let people
install their own applications. Because it does right
it means at least like okay if they do find
malware from a developer they can then
immediately filter out
anything else that developer's made or things like that
so in cases of breaches
of trust or bad faith developers
that is a new option
okay I want to bounce this to you guys
and also I'd say I'm bouncing this to the audience
boost! So if you have an opinion
and looking for an excuse to support the road trip.
Why is Google rolling this out to the smaller markets first?
What is the reason there?
Why not roll it out to the West first?
Well, it's not even small.
I mean, maybe smaller monetary, but it's, I mean, by people, it's got to be a lot.
Yeah.
Right?
I mean, Brazil and Indonesia.
Yep, yep, yeah.
I guess so.
Yeah, I mean, smaller, I meant an economic size.
But, yeah, you think it's, I just wonders it because if things go wrong, it'll get less attention in the West.
I just, what would be the reason for that?
I just don't really understand why.
Is this somewhere where they've seen more malware or more security applications?
Do they think that culturally it'll be more accepted there?
I have no idea.
Do they shape some sort of legal precedent first doing it this way?
I don't know.
It's interesting that they don't roll this out everywhere at the same time.
And it makes me wonder if they're hesitating about the decision.
You know, why would you not roll it out?
You can still do it in phases, but worldwide.
So it's interesting to choose certain markets.
I think the biggest takeaway red flag here is
the community this impacts the most as free software developers
free software developers that don't want a K-YC
just to publish an Android app.
Imagine if the three of us used an APK
for doing the show, like you put together some tiny APK
that does automations for us, we would now...
Now I have to go register and make an account...
Yeah, and you're on Google's map now.
Even if you just wanted to use Obtenium to fetch it from the GitHub
that I published as open source.
That sucks, and it fundamentally changes the value proposition of Android, because it was the, it was, this is going to be a huge deal in businesses, small businesses and medium and large businesses have vendors or create their own internal APKs all the time.
That's one of the reasons why Android was a little bit more successful, like on manufacturing floors.
That deal just got changed on you.
Surprise, surprise.
So, like, this is the user base that gets impacted the most.
It's free software and those types of users, and it stinks because in another five years, you know,
Google could slap a $25 fee on there
or they could say no for some reason
and they in the press release
they talk about one of the reasons they want to do this
is they want to be able to turn these apps off
so if one of them turns out
God forbid think of the children
if one of them turns out that there's an APK out there that goes malicious
even if you didn't get through the play store the core benefit
that Google gets they can still turn it off
because they can revoke
it's CERT, and when the OS runs the app now,
it's checking to see if it has valid certs for all these apps,
and its certification check will fail,
so your OS will refuse to launch the application you asked it to,
because somebody at Google HQ turned it off.
Just gross.
That is bonkers.
That's where we're at now.
It gets me questioning whether some smaller open source projects
who have chosen maybe not to be a part of this,
larger Google ecosystem at this point, if they'll just find a huge massive drop in users and
maybe the project can't continue because of these changes? That would be quite a sad thing for
these smaller projects that many of us rely on. This is one of those Google changes where
Graphene OS users and other, I think Graphene OS in particular, because on Graphene OS, you can
still have the Google Play services, but they're sandboxed and they run at user level privileges.
so here we kind of
we get the best of both worlds for once
we're not getting something really taken away from us
and this doesn't minimize the viability
of graphingOS. I think this makes graphenOS more
viable. Like if you're a small business
and you want to get a generic
Android device like a pixel
and you want something you can publish your own APKs
on, well maybe the solution now is just deploy
Graphene OS on there and then install the couple of
play apps you do need. I would love to see that
especially if we get some sort of critical mass
to be able to pressure some apps to
watch what they do with the integrity stuff.
OnePassword.com slash unplug.
Take the first step to better security for your team by securing credentials and protecting
every application, even unmanaged shadow IT.
That's OnePassword, the number one password.com slash unplugged.
And it's all lowercase.
Go learn more at OnePassword.com slash unplugged and support the show.
Here's something I can really connect with.
And if you're in IT or if you're in security specifically, you probably,
can too. The reality is there's a mountain of devices out there and more and more SaaS applications
all the time. And that creates a mountain of security risk. The reality is that's getting
harder and harder to deal with unless you check out one password extended access management.
That can help you conquer the mountain of security risks that are coming at us all the time.
When surveyed over half of IT pros say that securing their SaaS apps is the biggest challenge,
specifically for the reasons I just outlined.
Well, Trellica by OnePassword can discover and secure access to your apps managed or not.
It inventories every app in use at your company.
It has pre-populated app profiles that know where to assess and what to look at for different SaaS risks,
and it lets you manage access, optimize spend, and even enforce best practices across every app your employees use.
So you can manage the shadow IT stuff, which is something I used to struggle with so much.
You can securely on-board and off-board employees, have a real process for that, and meet compliance goals.
That's what Trellica by OnePass provides, a complete solution for SaaS access governance.
It's just one of the ways that extended access management helps team strengthen compliance and security.
I had so many clients over the years that I'd show up and they'd have passwords under their keyboard.
And this was a big battle for many years, was helping users understand the risks of that.
and then getting them tooling to solve that problem.
And, of course, OnePass came in and beautifully provided that tooling.
Well, we're in a new era now, and that's where Trellica and Extended Access Management come in.
So go take the first step to better security for your team by securing credentials and protecting every application.
Even the Unmanaged Shadow IT.
Learn more at OnePassword.com slash unplugged.
That's the number one password.com slash unplugged, all lowercase.
You check it out.
They have more information, and it's a great way to support the show.
Just go to OnePassword.com slash unplugged.
Well, that all being said in good Linux unplugged fashion, we've been doing, well, Wes, mostly, has been doing crazy things with this Android phone just to prove, I don't know, that you can.
Maybe it's your last chance.
Wes, what the hell have you been doing?
What's going on, Wes Payne?
Well, hey, I don't want to throw Chris under the bus here because we've both been mucking around with it.
But we sort of remembered that Android has.
that Linux terminal now.
And we did maybe mention it on the show or play with it a tiny bit, but all I had seen
is that, oh, Graphene offers it now, I'll install it, and then I saw it was a Debian VM essentially
and, oh, yes, I can install Nix in it, and then I didn't really kind of mess with it after that.
But we thought there's got to be, you know, more we can do with a full proper Linux environment.
Yeah, who needs their damn Play Store?
Who needs their Play API and their authorized apps?
This probably is something we should have tried earlier, honestly,
because it's been around since Android 15.
Yeah, they started plumbing up, at least the early bits.
Yeah, and then it was like a little bit later.
They had a graphical Linux application, so there's actually...
I think that's still pending, too.
Like, that's, and you need kind of bleeding edge 16 builds for that.
And you're going to need Wayland amps for that, too, right?
But I think it's kind of neat because it turns your Android device
into potentially a full developer machine.
No laptop required.
You can SSH into it from an existing machine
or bring it right up there on your screen.
and then eventually play Doom too.
Well, the community reaction has been pretty big on this one.
So finally, androids can do real dev work.
People are spinning up Node, no JS on their phones, of all places.
Love it.
But, of course, there's a caution.
Google has a history of kneecapping these community tools like Termux.
We've seen that.
So some see this as a co-optation rather than some empowerment.
Wessel let us know how he felt.
Drama privacy advocates, though, they do worry this funneles developers into Google-controlled sandboxes
and leaves open-source projects at a risk of being sidelined.
I guess it is technically a sandbox.
I mean, that is true.
Yeah, I mean, it uses the Android virtualization framework, and then it uses cross VM,
which is like a super security focused.
It basically takes the role of QEMU when you run it on top of KVM.
It's the virtual machine manager or the VMM, as they call it.
And so it's the thing that sort of sets everything up.
And it's organized around safety first and foremost, as their docs say.
So you can tell they are trying to get their sandboxing to be at least decent.
I guess you could say that's Google trying to control things.
But I think that's just good practices for something like this.
Yeah.
And it's a lot of how they, you know, the rest of this framework is built to support that.
And they've been using that tool.
They've made it in-house and everything.
Interestingly, though, as a result, what you actually see when you open
this terminal app is it looks like kind of like a regular terminal interface right you got a
couple tabs you can you can make tabs up at the top and then you get a basic terminal yeah and
if it's if it's been a minute since you've run it even takes it takes a bit to get like everything
started yeah boots it up yeah that's actually a web terminal what yeah uh-huh that's a web
terminal based on tty d so tty yd is running in the host serving that and then the app
connects over hcdps on port 7 681 although i think it has a client certificate to like
authenticate to do that, and then it shows you the T-T-Y-D web terminal.
Did you get it working in another web browser?
No, I have not tried that as yet, but that's, I guess, how, like, the plumbing works.
Okay.
That's cool, because that would mean that, in theory, be pretty straightforward for another
developer to come along and build a nicer wrapper around that, you know, a better, more
powerful user terminal.
Although it's not a bad terminal for a phone.
Yeah, I do recommend using something that lets you do external input, like, how do you
say it print our favorite tool? Is there a source copies or screws her screen copy? I don't know
screen screen copy what I just use kD connect guys you make it hard here just case you make it
hard here just kD connect well you get full like video mirroring too oh you get video uh-huh oh you
got to try it yeah I do you can just do like input control well I didn't need it for what I was
doing where I was going we didn't need roads but it's quaint that you got it working
it is kind of interesting you get presented an EXT4 root image
Can we put B-K-H-F-S?
I don't know.
Ooh.
I mean, it's Debian, so you're going to, remember, there's a little bit of a...
Yeah, you do have Debian.
I guess there's also, like, it runs a Debian service internally that talks over GRP.
And I think part of that is there's a...
They do have, like, a little demon running in user space.
It's like a helper, and it watches for open ports, and then it'll prompt you with what you want to do with those ports.
So it'll see apps, like, you can dynamically open a port or whatever you're running, and then the interface will pop down with no.
asking if you want to prove it.
And there's like a little,
it'll bring you to a menu
where you can toggle each port on it off.
Yeah, in the settings,
you can go in there and just see all of them listed.
Now, by the fault,
that just opens it listening to local host,
essentially.
Yeah.
So then if you want to do that,
wider you have to find another app
that can do the next layer of forwarding
to make it actually public
to like your local area network.
Or use ADB on your machine
and you can map ports using ADB
to local host
and then just connect to it that way.
Yeah.
Well, thanks.
That's really fascinating.
little breakdown of how it works under the hood, Wes.
I want to hear about what you did,
but I'll tell you about my short adventure
before you get into your ridiculousness
because it's great.
I decided why not go all the way?
And I found, I believe by a Chinese developer,
which I'll link in the show notes,
a really handy bash script
that you download in your Android environment.
And then inside the Linux shell
in the Android terminal,
it mounts your downloads folder
to slash mount slash shared.
And so you go into Mount Shared
and you Chmod Plus X, this shell script that you just randomly downloaded from a stranger.
But again, you're in a sandbox. Who really cares?
So I run this script, and at first it asks you for your language, the Chinese or English, and I say English.
And then the next, it's a menu prompt system of what desktop environment would you like?
And it has plasma, although let me tell you, it's not like a minimal version of plasma.
It's the full plasma goodness, so you better resize your disc image because it will fill that disc image.
But it's also got Mote, LXQ, XFCE, which is what I went with.
Yeah, worth calling out as you say that.
You can resize.
I think it starts at 8 gig.
There's a menu for that.
And then you can also recover and wipe it from that same menu if you screw things up.
Like I did several times.
Yes.
Because the plasma install was so long and I was barbecue and things like that,
I would walk away from the phone and I would come back.
And it took longer than 30 minutes and the screen went to sleep because I had like caffeine
running for 30 minutes.
Screen falls asleep and it kills the entire process.
Also, I once tabbed away to respond to a message, and it killed the entire process.
And because I'm an idiot, I was thinking, oh, well, it's a container running as a service,
and this terminal is just a front end.
So if I swap away, it'll continue to run in the container in the back end.
It does not.
You maybe want to tweak some of its settings, because I've had not 100% success,
but I've had a lot of reasonable success with that.
I've having to just run steady state in the background.
like I've been able to swap like if I'm at the command line
and I'm not doing anything I've been able to swap out
and then like swipe back to the app and still use it
but if I'm in the middle anytime in the middle of installing packages
with apt and I swipe out and swipe back
every single time I come back and the app process has been killed
and I'm just sitting back at the command line
I broke DPKG three separate times
I had to go in and do the whole configure repair
a three separate effing times because of this
So do be aware of that.
But is that unusual?
It feels brittle.
Brent, it feels brittle.
But the script continues.
It asks you a few more questions.
Like, you need to set up the password for the droid user.
And then you need to get ADB working on your local host, and you can connect it over USBC.
And then when the script is done, it spins up a VNC server that's running the desktop environment of your choice on your phone.
Oh, that's great.
It is really cool.
So bonkers.
So this is like an alternative approach, not using the updated...
It's like Whalen Blessed Path.
This is like, well, we got Linux here so we can just do VNC.
It works right now.
Cool.
And because you're doing it over USBC, the performance is great because it's local.
The only requirement, of course, is just when you plug in your phone, make sure that you have all your U-Dev rule set up and that you have USB debugging and all of that turned on on the pixel device itself or whatever device you're using.
And then you can run this on any Android device that has the Android terminal.
And you can get a little gooey running.
inside VNC to have like a little private desktop session in there.
And it's all outside the Play Store, other than the Terminal app, which comes with the phone.
So it felt pretty neat.
I broke it so many times that it, ultimately, I'm not going to use it and it felt more like a tech demo,
but I'd love to hear stories of people to get it working.
Yeah, I think even in the earlier versions than we're playing with,
like you kind of had to assemble some of the VM config and pass it to it.
That's gone a lot easier.
Really, it's very simple now because they give you all the commands on the GitHub.
Sounds like Minimek, you gave it a try?
Well, not on Android, in fact.
I bought second-hand Chromebook just like a week ago,
and I wanted to test out that Linux container thing.
By the way, there are some videos on YouTube.
If it's the same kind, these are simple LXC containers,
and it's really interesting.
So the base distribution is, in fact, Debien,
and you can install every kind of graphical applications,
and that will show up in the app menu of the Chromebook.
And that works flawlessly.
So I was pretty amazed.
I was pretty amazed.
Yeah, I have seen some speculation.
Maybe this is sort of pre-planning as they move away from Chrome OS and push more Android,
then now they have this functionality there as well.
That's exactly what this is.
You, though, US, you did the right thing and pushed it way beyond anything's reasonable
to the point of, I think it's actually almost hilarious.
Tell us what you've done in your Android terminal.
Well, you know, I heard about some of your apt problems, and I thought, I really got to get you a better OS in there.
And so I did some research to see if we could, in fact, get NixOS in our Android terminal.
And thanks to the brilliant work of MKG 20,001, we in fact can.
You got NICS packages running inside the remote?
I mean, you can get NICS packages itself easy.
Oh, you got NIC.
This is NICS.
Oh, my goodness.
With a regular configuration.
Nix that you can do a rebuild switch.
Oh, my.
Well done, sir.
And as a test, I am, in fact, running the Jellyfin server that I can connect to with the Jellyfin app on my phone.
And you can connect you over the Linux.
So you've got the Jellyfin server running in the Linux terminal, and the Jellyfin client, that's great.
And it's just Services.Jellyfin.
Dot Enable equals true on the next side.
And so I've pulled it up here on my machine.
On my computer, in my web browser, I have Wes's IP, which, how are you even getting an IP inside the sandbox?
So it gets its own.
internal IP, but it's the double port forwarding basically. So the app will forward it to local
host. And I got another app off the Play Store that can do port forwarding to your local network.
And so then I set that up. And so that means the phone is, yeah, it was pretty straightforward.
You can also, I have, like if you have nebula or tail scale or netbird or whatever running inside,
that works great. Yeah? Even like before the UI would pop up, it would connect to that under the hood.
And so I could just SSH in immediately from my laptop. And so then Jellyfish,
and was in the mesh network?
Yeah.
That's hilarious.
So you can watch it from your home TV
off your entry.
I did.
That was another test.
Oh, that's so cool.
All right, so let's see.
So I'm going to try to play
the Big Buck Bunny video famous.
I've got H-TOP over here,
so we'll see.
You'll see.
Yeah, I wonder if it does hard.
It probably doesn't do hardware decoding, right?
So we're going to see if it'll play
in my web browser, over the land off of the...
No, because I think we have like the Virgil style,
some sort of virtualized, maybe Virtio, GPU.
All right, let's see.
Tell me what, okay, here we go, I'm hitting play.
How's your, what's your resources look like?
Looking pretty good so far.
Really?
Load average is still 0.08.
What's your CPU usage?
Not much.
Really? Can I see?
Yeah.
Holy crap.
It must just really just be streaming it over there.
It is like whatever they had before was.
Okay, maybe, yeah, because the most...
We should get a weird web app or something.
You have one core that's like around four to six percent CPU.
One core out of...
sorry to take from eight cores. So he's got, of course, H-top running on there right now. And you can
see all eight cores of the Android device while I stream Big Buck Bunny from his freaking Nix OS running
inside the Android terminal running jellyfin. You know, what was really impressive about this setup is
like they have some manual instructions, but I think maybe some of that needed like you needed
to have root because you had like use ADB to copy stuff over to replace the stock image and
stuff. But they managed to set up a companion app.
that I just side-loaded, so, you know, that's super handy, that did pretty much all the work.
Like, you open the app, it would download their built image and then write it to the right
spot, and then they would kind of similar.
They would expose a script that you could run, and then that would do more work, and then, yeah,
and then the next time you close and open the terminal, it booted into NixOS.
It was really easy.
Yeah, you should try it.
So we're going to put a link to that in the show notes.
Absolutely.
Okay.
We should also put a link to that app you're using to do the port forwarding off of local host.
yes that's really nice
this to me
this makes me feel
a little bit better
right
this makes me feel
a little bit better
about the play store
changes
for external apps
because
or I should say
the outside play store
changes
because this is still
something you're
never going to be able
to do well maybe
I don't think you could
ever do this on iOS
maybe you could
I don't know
you know actually
even just when I was
on the Debian side
with Nix installed
I was updating
a flake
totally separate
unrelated and I realized
like I often
leave in the A
Arch 64 support
just because
you know why not
but I don't have a machine to test that except yeah now I totally do
wait so like so instead of having to like do a cross-compile on my machine
I can just do nix builds on my phone to test it just says like a smoke test
of like does it build on them I love how casually too you're just like SSH
into your phone all the time now and stuff and running especially with the mesh it's just
so it was so slick that is really cool it starts up on boot automatically I kind of
want that on my phone we should set that up that's pretty great well so there you go
that didn't require any kind of verification or signing we're going to have some
links in the show notes this week.
So head over to Linuxunplug.com slash 630 to get the stuff that we're talking about,
including that bash script that's pretty much just answer the questions and let it run if you
want to try getting that VNC environment going.
Yeah, I got to try that one.
Yeah, it's pretty fun.
Unraid.net slash unplugged.
Unleash your hardware, support the show, and check out Unraid at unrayed.
Atunray.comnet slash unplugged.
They just wrapped up the big birthday stream.
I checked it on it.
It was awesome.
some really cool rigs people sent in.
UnRade gives you the flexibility
to take advantage of the hardware you have today.
To build a NAS operating system
powered by Linux for those that want control, flexibility,
and efficiency in managing your data, deploying applications.
UnRade lets you mix and match drives of any size
and you can build with no restrictions
and it supports all the file systems you might want.
It has fantastic virtual machine and container support
and they're always cooking up something new.
In fact, Unraid OS 7.2.0, beta 2, launched just a few days ago.
Really nice refresh to the web GUI.
It's nice and fast and responsive.
Also, you can now do a single sign-on via Unraid or was it O-I-D-C.
O-I-D-C, I think, is I've never used it, but I can't remember.
But I think with a bigger deal that's coming in the new 7-20,
that people are really going to love to see
is ZFS, Rades the
expansion, one drive
at a time. Of course, you've still got
extended 2, 3, 4, NTFS,
XFS, all of the file systems.
Maybe not B-CashFS yet.
But if ever got accepted into the kernel, they would
support it because they're building on top of
modern Linux kernels.
They also have a built-in API for new tools
that I saw some people talking about on X
that look really cool, including new
possibilities for apps and things like
like that. But the thing I want you to really take away about Unraid is it lets you get started today
with the stuff you have and you can start deploying within a few hours the things we talk about
all the time here on the show. Inside containers, inside virtual machines, you can pass through
hardware. I recently talked about Frigate. People are using Unrated for Frigate like crazy.
You know you're always going to have the best virtual machine and container support possible
with a ton of flexibility for the storage underneath. And recently, you know, within the last major
release. They also built in wireless networking support. So if you're in a situation like me where
you can't run Ethernet, they have support for that now, right out of the box, and a ton of
great stuff. Unrate is always under active development, and they have this great path where you can
check it out. They have the betas and the RC process, so you can stay tuned and follow that
process. And then they have incredibly active community where the people, if you have a problem,
the people are there, man. They are there to help you. They are there to support you,
that work you through whatever it might be.
That was one of my, like, biggest surprise takeaways.
Besides the amount of applications you can deploy,
it's just how active and engaged the community is
because it doesn't just, I mean, it's not just support, right?
They're building things, too.
They're building a lot of things that make the Unraid experience
even more enjoyable for power users.
So it doesn't really matter your skill level, though.
Just get started by going to Unraid.net slash Unplugged.
You take it as far as you want.
Just unleash the hardware you have with Unraid.
And support the show.
Unraid.net slash unplugged.
Well, we teased last week
that there was one last bootleg promo membership
and listener Woody got it.
So congrats to Woody for grabbing that one.
And that was the entirety of the membership set up.
They love a deal.
People love a deal.
I understand.
Thank you, though, Woody.
Appreciate you.
Hope you enjoy the bootleg.
That's also an option to our new members
as well as the ad-free version.
It still has all the producer do.
who's a fan a touches and lovins.
And there's the Jupiter.com party membership
which gets you the supports for all the shows
and gets you the bootlegs of the shows
that have them bootlegs.
It'll make sense once you see it.
Now we did get some listener feedback this week.
Chris, you figured out how to pronounce this one, right?
This is Pousbaboon.
And he sent some great feedback.
He has been pushing Frigate,
which I mentioned is the DVR system or NVR system.
I want to set up.
He's been trying it on low-end hardware with a coral, or without a coral, I should say, and he's been making it work.
But this is the key thing that I loved is he says, check out the WAN's View W7.
You can put thing I.O or thing you know on there.
We've talked about this before, which is an alternative ROM, and you get solid performance, low-light visibility, low-cost.
I mean, that sounds nice.
This thing, Wes, this thing's ridiculous.
If you buy it directly from Wandsview.com, $299 for this sucker.
Oh, that's crazy.
And then you can put a firmware on there that lets you do the RTSB streaming all of that.
So anyways, just want to say thank you to baboon for sending that in.
I'll put links to the goodies he mentioned in his email in the show notes.
We also got a note from Sebastian here.
Hey there.
Last week, I finally got around to write a Thunderbird add-on.
Its purpose is to be able to upload documents directly to a paperless NGX instance.
And it might be something our dear self-hosted enthusiasts appreciate.
Oh, cool. That's a great idea.
Really good idea. I mean, how often do important documents and whatnot come in via email that you want to save?
I really think both of you and me are the prime target market for paperless and GX.
I agree.
Look at Brent over there with this freaking mobile lifestyle.
Yeah, who needs paper, right? I use it to start fires, and that's actually I don't even use it to start fires.
Paperless upload Thunderbird. We'll put a link to it. It's an add-on for Thunderbird.
It lets you upload PDF attachments from your emails.
It does local processing, no third-party servers,
simple config to just set up your paperless NGX instance.
And optional notifications.
Seeneless integration with Thunderbirds UI and it's MIT as well.
Well done.
Thanks for sending that in.
You know, Sebastian, we love it.
If you make something like that, you build something like that.
Send it in.
We'd love to see it.
And now it is time for the boost.
And we do have a batch of boost to get to
And Krell-94 comes in as our baller at 50,000 sats
Hey, Rich Lobster!
Well, I'll be dipped.
My Albi Hub was down for a minute while I figured out what was wrong.
Here's a boost for all the great information you produce.
B-O-O-S-T.
Thank you.
And coming in kind of last minute, too, helping bring up the average on this episode in a big way.
Thank you there.
Carrell, 94, appreciate that baller boost.
The dude abides boosts in with 42,000 sats.
Hey, isn't that the answer to everything?
The answer to the ultimate question.
Hey, I realized it's been a month since I last boosted.
Regarding the low boost amounts, I believe it's because of summer vacations.
At least, that was my case.
You know what they say?
Fun will now commence.
Summertime, it's fun time.
It's also very hard to keep up when kids are home 24-7, as I'm sure Chris can't relate.
Let me tell you, buddy.
Boy, can I.
Should have seen me trying to set up this,
run this bash script on my Android device
while I'm just trying to, like, you know,
talk to kids and feed kids.
And, oh, my God, it was a disaster.
As for the B-Kash-FS drama,
I think I agree with you.
In the end, it's the users that lose.
As far as I understand,
all the talks have been made
through the mailing list
and various blog posts, right?
If it were me,
I'd schedule at least a video chat
or even better, try and meet in real life.
I'm sure they could figure things out
while drinking a beer.
Oh, man, no kidding.
this had gone down at an in-person event, it would have taken 25 minutes, and we'd have
B-Cash-FS as stable in the kernel with this next release. Let that sink in. That actually
kind of feels like it hurts, just a little bit. Great point, the dude abides. Appreciate that
boost. Good to hear from you. Missed you. Excellent abiding. Well, Distroostoo boosted in,
what is this? A row of sticks? 11,100 and 11 cents. My Nix configs started from a
template I found online, many hosts, but all sharing a single flake dot lock. This seems like common
practice when I look at other people's setups, but why do you think that is? It effectively
means that when I update the package versions on one machine, I'll do the rest of the machines
too. I don't really want this, so I'm going to rework my setup, but am I missing something here?
Well, one of the plus sides and sometimes negative sides of Nix is there's a thousand ways to do
things, and you kind of get to decide the structure yourself. That is where things like those
templates come in pretty handy to get you a structure out of the box, but it does mean the template
imposes its own thoughts on how much that matters to their setup. I think for some people,
you know, especially maybe on the stable channels, those kinds of, you know, suddenly you're
updating everywhere. Sometimes it might be a big deal. Sometimes it might not be a big deal. You do have
some flexibility, I think. You could definitely have more Nix packages inputs if you wanted.
like you could have different ones for different machines that you pass through that they use
instead of all being, using the same, sharing the same input.
You could also do something with, you know, Git, where you, you know, you don't always necessarily
have to follow all of the updates, or you can maintain separate branches or stuff.
You can also have indirect flakes.
Like I have a single flake that I use just to pin stuff that I sort of want to keep shared
between a common set of projects, and I don't put all projects on that pin, so it's like one more
layer of indirection. So there's a few different options, or you can just split more things up.
Also, with NixOS configurations in particular, you can also move some of your stuff into their
own modules, and then that's a little easier to sort of share and pass between multiple flakes.
So I don't know, that's a long Nix ramble, so hopefully any of that's helpful. But I'm curious
where you go, and thank you for sharing your link. I always love taking a look at Nix Config
Links. Yeah, thank you, Distro, Stu. Good to hear from you. Superior Tom comes in with
3,333 sets.
Chunky cheese guy with it.
It said Flameshot is the way to go for screenshots.
I typically use Spectacle on KDE, but Flamshot works great on everything else.
Even Windows.
Oh, I didn't know that.
I didn't know Flameshot was still around.
I think I remember using it, but feeling like it had a lot of buttons.
It's got a lot.
There's a lot of functionality.
A lot of buttons.
And I want to draw a box.
I want to go to my clipboard.
That is the only functionality I want.
ideally it's a PNG
I can live with a Japug
or even a web P.
I don't know if you saw
a hyper shot?
Yes.
I tried that one.
I'm sending by the Matrix.
I think that might be
the one I go with.
I have not yet tried it.
But,
because I,
you know,
I got to play around
with like my buying key options.
Because I think I might want
one that's like a full
screenshot and then one
that's just,
you know,
check a box.
You mean you haven't vibed that in yet?
No.
Although I've made a lot
updates to the hyper vibe setup,
including a total re kind of tooling
of the way
things work so uh superiors tom i appreciate that i might use flame shot until i really lock it down
and then maybe you'll just end up keep you know maybe you should turn your vibe set up over onto
distressed use i know you probably muck it up for him i think so i'm down for that free kvh comes in
with 16,944 cents but but i can boost the bootleg feed and uh yeah this is in response
to us talking about well other folks not be able to boost the bootleg feed and castamatic is
delightfully, has a great
implementation that lets you do this
because they check the feed itself directly
and are not totally reliant on the podcast index
API. Right. Castamatic uses the feed
as a source of truth,
whereas Fountain is using the index
API and because it's a private
feed, there is no index API answer.
But whereas Castamatic can just read
it, it's right there in the RSS feed.
That's what Fountain would have to do is they'd have to implement
reading it right there from the XML.
And thank you for boosting us and for
being a member. Thank you for helping
us, help you, help us all.
Jordan Bravo sent in
a row of ducks.
A few years ago, I
started using distros that are atomic,
aka immutable, and I'm
never going back to the legacy way
of doing things. Unmootable
systems are a thing of the past.
I started with silver blue and then
moved to NixOS, of course,
where I have been ever since.
However, BlendOS looks
interesting. It would be great if you all
could review it. Immutable, declarative,
and arch-based sounds interesting
Hmm
Yeah, I think that is one we've had our eyes on over at time
Or at least been curious about
I haven't super tried it recently
The fact that it's still going
Yeah, that's a good sign
Probably a sign we should check in on it
Put it on the list boys
Bren, we put that in the future list
We should put that in the list
You know what I'm saying?
It's more of a grab bag than a list
But I'll throw it in there
Thank you, appreciate that
Thank you, Jordan Bravo
Fuzzy Miss Bourne comes in also with a Rodex, that's 2,222s.
Frigate is amazing.
I wouldn't recommend the corals anymore, even the PCI version.
They haven't seen updates in a while and are basically end of life.
Yet another product killed by Google.
Instead, though, you can use a GPU for object detection, and it works great.
Yeah, I've heard folks are even using Quixink.
Oh, that's neat.
I mean, I'm happy not to buy a coral, although it is disappointing.
It seems like it was something people really liked.
Google buys the company and then kills the frickin' product.
It's getting old.
It's getting old.
But that is really good to know because, honestly, the odroid, it doesn't have like crazy great quick sync,
but it's got passable quicksink for a couple of cameras.
I might give that a try.
If people out there say it's working, I've also heard from people that they're using Nvidia
GPUs, too, and that I won't be doing.
Well, not until you get your new framework.
I wish.
I got a Texas Linux Fest to get to.
Well, 8565 boost in with 10,000 cents.
All right.
I like you.
You're a hot ticket.
I am way behind on boosting.
Life has been lifing.
Just want to make sure you get some value from me.
Thank you.
Since I've ditched my smartphone and carry a flip phone,
I don't actually have quick access to boost.
Just a little update on my disconnect from society
Still rocking the flip phone since November
Wow
And my Zoon is once again my best friend
The Zoon! I love it! I hope it's brown
I upgraded the 30 gig
Oh, from a hard drive to a 64 gig SSD
Well that thing's basically going to last forever
As long as you have a battery that works
And the automatic podcast pole is a lifesaver
That sounds pretty great
I do remember, are you still using like the Zune desktop?
You got to tell us more about how you're making
managing this. I do remember using it for podcasts. I'll get roughly three days of
constant play. Honestly, aside from losing podcast 2.0 features, it has been the biggest
life-improving thing I've ever done. Thanks for being awesome, and I'm still here listening,
even if I'm crazy busy. I do. I appreciate that check-in. Yeah, totally. You know,
85652, when life isn't so busy, right, as if, uh, you could take a, take a Saturday afternoon
and set up Albi Hub and then you could boost from the podcast index. You don't need a mobile app at all.
I love the flip phone check-in, too, and the Zoom stuff.
Want more of that.
Come back soon.
It's good to hear from you.
Well, Dolarnail 7-8-7 boosted in 2,000 sets.
Coming in hot with the boost.
It looks like this one's just a whittle boost, they say.
A whittal boost.
Hey, I'll boost.
Just a whittal boost.
Thank you very much.
We appreciate it.
Domaz here with 2,000 sets.
Make it so.
You guys ever actually hit the watch all activity on the Nix Packages repo?
gave my inbox a workout.
Oh, yeah.
No way.
People don't appreciate how big that is.
It's a whole universe out there.
You maniac.
I love it.
And all kinds of automated stuff coming through.
And, oh, yeah.
Now what you need to do is throw it into some sort of filter to just sort out the stuff
you really care about.
Might be possible.
You never know.
W.H.
20,250 boost in with 8,000 sets.
I hate building PCs.
A few sets to help you get to Texas Linux Fest.
Hey, thank you.
Thank you. Thank you. If you drive jueps down and make an overnight stop in the panhandle, I'll throw a brisket on the pit if the timing lines up with my work schedule. Oh, my gosh, man. Now that's an offer. Well, we're going to be coming down in my car. It's going to be, Wes and I coming down the West Coast and Brent coming down the East Coast. And then we'll also be together coming up the West Coast. So we will actually have two passes at it. You never know. I would be down for that. You know, not having the RV, which was a tough decision, but it means we can, like, pull into driveways,
We can meet people at restaurants, at, you know, places where the RV couldn't pull into.
So there's some perks to it that I'm going to embrace.
So we'll try to stay in touch.
It's a great idea.
A dude is trying stuff for 10,000 sets.
It's over 9,000!
Did I hear the words useful and self-hosted?
Take my money.
Also, was that a sneaky self-hosted podcast sound effect at the end of the last one password ad read?
Never.
I'm on to you fellas.
Thanks for the nod.
And I'm attending my first Texas Linux Fest this year.
And I hope to see you there.
Oh, right on it, dude.
Yes.
We'll be there one way or another.
Very excited.
Thank you.
If you're making it and you boost in, let us know.
We want to shake your hand.
That's for sure.
Right now, virtual shake to everybody who boosted in,
including those of you who come in under the 2000sat cutoff.
We really appreciate it.
And, of course, our sat streamers too.
Oh, yeah.
We had 18 of you, sat stream.
As we did the episode last week, you just sat streamed, and you stacked 31,165 sats.
When you combine that with our boosters, we got a little low this week, but I'm still really grateful, 193,663 sats.
And here's the good news.
Sats are on sale again, boys, so go out, support the show, get Fountain FM, and get us to Texas so we can do our unique style of coverage while you support the show.
And, you know, it's also just a lot of fun to read your messages, above 2,000 sats, and we'll read them on the show.
I love that, too.
Of course, you can do it.
The whole self-hosted route with something like AlbiHub, and there's a whole plethora of apps at podcastapps.com.
If you're on iOS, Castamatic is really great.
Also, a brand new app doesn't support boost yet, but it has a bunch of podcasting 2.0 features.
Podhome.
There's a Podhome app now.
Is that right?
And if you pay, you'd love this, Wes.
if you become a premium member,
Barry has integrated podpings, live stream,
so you can, it's just a stream of podcasts
that are getting published.
Right there in the app.
Okay, I got to try it.
It's really, I paid just for that.
Anyways, thank you everybody who supports the show.
We really do appreciate it.
If it's a membership, if it's a boost,
if it's word of mouth,
it really does make a difference.
And it's why the show continues to go so many years later
and has become the world's largest Linux podcast.
It's because of your support.
I mean it, and we appreciate it.
So with that, let's get you a pick and get you out of here.
So let's say this is pronounced cavisto.
Cavisto, what do you think?
Cavizzo?
What do you think, Brett?
Cavacito?
You guys are missing that sits in there.
There's S-I-T-S.
Okay, let's go.
Kovis-S-O.
I'm sorry we have to do this.
But it's worth it.
It is a little bit different.
it is a search-focused approach to an Android launcher,
but with a bias towards beautiful placement of widgets in kind of a list view.
So this replaces the stock launcher,
and you can pin your favorite apps to the top,
and it also supports gestures.
And one of the things that I like about this,
especially if you're coming from iOS,
is it's competitive with Apple's integrated search and launch functionality,
which somehow baffingly so Google has yet to rip off.
It strikes me as user hostile that, A, you have to swipe from the bottom up in just the right way, because one way is your app switcher, and the other way is a call to home, and then the other way pulls up your app drawer.
And then, because they're absolutely monsters that design this UI, it doesn't default to the search being active.
So you have to tap the search and then start typing.
It's crazy.
I have in person seen your rage around this particular lack of feature.
It's very entertaining.
So you can imagine I have completely switched to this launcher now
because you swipe down briefly, in a natural jester,
and it brings up the launcher defaulting to switch or defaulting to search.
It's a super fast search.
Well, this is nice.
I just installed it.
Side-loaded it, in fact.
Yes.
I installed it through Obtanium.
Yeah, that was easy.
It also, the search, you can have it triggered a search for the web or Google or other things.
and I really like the combination of PIN favorite apps,
plus it figures out the apps you use most recently.
You can have multiple tabs in there,
and it has really great search.
And then when you go to the home screen,
it's all my heads-up information.
With my widgets, really nicely laid out,
you do have to kind of get them,
go in there and mess with them a little bit
to get them to look good.
When you do, it's just beautiful.
It's very fast,
and it actually gives me more information
just glancing at my screen than traditionally.
And so with this,
combined with Graphene OS and something like
Obtenium. It truly honestly feels like my phone. A lot of times when I use a modern phone,
it feels like I'm using Apple's experience or I'm using Google's products and I'm kind of like
renting it. But when you go with Graphene OS and you side load your apps with Obtanium and
FDroid and you replace the launcher with this thing, it is a unique experience that has nothing
that feels like Google on it. And this is a truly better way to launch applications, especially if
you're a maniac like me that really has five to ten core apps I use on the regular,
you know, maybe five, really, 10.
And yet my phone has nearly 300 apps installed on it because I might use them one day.
I might need that app and when I might need it,
I don't want to be in a place where I can't get it because of a low signal.
So I'm going to have it installed just in case.
This makes sorting through all of that so much better.
Also, focusing on the apps I do use, focusing on the information in the widgets I do use.
It's really nice.
You don't have to be on Graphene OS, but the combination,
it feels like true freedom.
And it's GPL 3.0.
That's great.
I think if you tried it and you really try it for three or four days.
I'm going to switch right now and just see if it stays.
I think you will like it.
It is a little different.
It took me playing around with it and messing with the widgets,
and now I've been using it, I think since like middle of last week.
I'm totally, I'm forever now.
What do you think, Brett?
Will you give it a go?
Come on.
You know, I think I've used this one in the past.
I was like very, very, very unhappy with, I think it was a launcher that came with like a, I don't know, Motorola phone or something like that.
And was doing the deep dive on basically installed every single alternative launcher.
And I think this was one of them.
And I think it made like the top three for me.
So I'll give it another shot.
I mean, it has Chris's blessing.
So it might not be that bad.
Give it a go.
I recommend, you know, you got to kind of, like, go in and, like, recrop the widgets and stuff for, like, some of the apps.
But I really like it.
What would you say is the minimum number of days to give it a proper try?
Probably three.
Oh, I'm in then.
Unless you use your phone a lot, but, yeah, I'd say probably three.
Give it a shot.
We'll put a link in the show notes.
I think you're going to like it.
I was surprised by it, and I'm, you know, I was like, I'll just give this a quick try because West shared an article where it just got, like, a really brief mention.
And it's just, and I was like, while I was reading the article, I'm like, wait a minute, I'm going to go try that out.
Yeah, I was someone talking about, I mean, really just why they were going to continue to be using GrafinoS into the future, which was great to see in general.
And, yeah, it turns out they had some good tips.
Yeah, just ironically, that was not the focus, but that was my takeaway.
Yeah, through in the end.
Well, the rest we kind of already agreed on.
Yeah, I suppose that's probably true.
And, you know, so from now on, that's my launcher choice.
And we'll put a link to it in the show notes at Linuxunplug.com slash 630.
All right. Well, that's going to wrap us up right there, boys. We're going to get out of here. And I want to remind everybody that we are trying to put together some funds to get to Texas Linux Fest. We may have news about like meetup locations and swag and things like that midweek. So keep an eye out on the Jupiter garage for that type of stuff. Hopefully be in the work soon. And then we have more details about like when we're actually going to be in Austin. I imagine we'll put something up on our meetup.com slash Jupiter Broadcasting page. So if you're going to be at Texas Linux Fest, I'd say right now at this stage,
The two top tips I would have would be, A, let us know.
And get in the Texas Linux Fest matrix chat room.
I think we have one of those.
We should probably put a link to that in the show notes, boys.
What else do they need to know if they're going on?
Oh, meetup.com.
com slash you put a broadcasting, I suppose.
That's probably it.
Not a probably it.
All right.
Well, I don't want to leave, but it is that time.
See you next week.
Same bad time.
Same bad station.
I hate to leave you.
But then again, I love sitting down and getting to do it all over again.
So, come back.
We will be here.
here next week. That's right, for 631. West, there's probably some power user features they should know
about. Yeah, do you not like some of the stuff we talk about? Or you just can't wait to hear our
take or bad take on something? Or did we name something and you want to hear what it was again?
Yeah, well, we have two things where you want is transcripts for the whole darn show.
So you can see everything we say, or at least what the AI guesses we said, which is pretty
close most of the time. And then we also have chapters, which get the more human touch
in our, you know, probably the easiest way to just jump right to the content you
Yep. All right. Thank you for being here. Of course, you can join us next week. We have the details of jupitabroadcasting.com slash calendar.
And we'll see you next Sunday. As in Tuesday.
I don't know.