LINUX Unplugged - 656: Why KDE Linux Surprised Us
Episode Date: March 2, 2026We take KDE Linux for a spin and push it a little too far. Plus, a friend of the show stops by with a fresh tool: Nebula Commander.Sponsored By:Jupiter Party Annual Membership: Put your support on aut...omatic with our annual plan, and get one month of membership for free! Managed Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love. Support LINUX UnpluggedLinks:💥 Gets Sats Quick and Easy with Strike📻 LINUX Unplugged on Fountain.FMSCaLE 23x | Registration — Get 40% off registration with promo code "UNPLG"PlanetNix 2026 — Where Nix Builders Come TogetherPasadena Linux Party, Fri, Mar 6, 2026, 6:00 PMKDE Linux - KDE Community WikiBeta (Enthusiast & Stable editions) · KDE Linux · GitLabInstall Software Not Available in Discover - KDE CommunityKDE Linux / Kapsule · GitLabsuikan4github/Using-tailscale-client-on-an-Immutable-OSxuars/kdelinux-tailscaleNix - KDE CommunityFitting Everything Together — TLDR: Hermetic /usr/ is awesome; let's popularize image-based OSes with modernized security properties built around immutability, SecureBoot, TPM2, adaptability, auto-updating, factory reset, uniformity – built from traditional distribution packages, but deployed via images.Nebula CommanderDEMO Nebula CommanderNebula Commander GitHub — Nebula Commander is a self-hosted control plane for nebula overlay networks.Star Trek Comm Badge for Home Assistant Voice ControlPick: hcloud-upload-image — Quickly upload any raw disk images into your Hetzner Cloud projects!Pick: Launcher Studio — Launcher Studio is a GTK4 desktop application for creating and managing .desktop files on Linux.Launcher Studio on FlathubPick: tinyproxy — A light-weight HTTP/HTTPS proxy daemon for POSIX operating systemsPick: socks-to-http-proxy — An executable to convert SOCKS5 proxy into HTTP proxy
Transcript
Discussion (0)
Hello, friends, and welcome back to your weekly Linux talk show.
My name is Chris.
My name is Wes, and my name is Brent.
Well, hello there, gentlemen.
Here we are getting ready to head out.
But before we go, we're going to tell you how KDE Linux surprised us
after we gave it a little recent run,
and then a friend's going to stop by the show and tell us about his really handy new open source tool.
We'll round out the show with some great boosts, some picks, and a heck of a lot more.
It's a big show.
So before we get there, let's say time-appropriate greetings to our virtual luck.
Hello, Mumble Room.
Hello.
Ford.
Hello, everybody.
Hello, everybody.
Hello.
We don't know for sure if we'll have a mumble room next week because we will be in our Airbnb or on the floor of scale or something like that.
So you just never really know.
Because we don't know.
Can we do it in the car?
Maybe.
Maybe.
I'm thinking about bringing some mobile connected internet with us and just, yeah.
I was thinking about it.
It's just big.
But that could be handy for going down the road.
Yes.
And you know what we would do?
hook up our Nebula network.
We'll talk more about that later,
but go check out Nebula. Define.net slash unplugged.
Go meet Managed Nebula from Define Networking.
It's a decentralized VPN built on the open source,
bulletproof Nebula platform that we love.
Optimized for speed.
And this is a quick way of saying
it's going to use less battery and less network resources
than the other mesh network tools you use.
It's really simple.
I love how simple it can be.
We just want a couple of nodes.
But it's engineered for serious security
and a global mesh network.
originally built for Slack's infrastructure
at a scale to their worldwide data center immediately,
just systems all over the place, you can imagine.
And how important Slack's data is.
They got all of the company's data in the world, basically,
and there has to be bulletproof.
But unlike traditional VPNs, Nebula has a decentralized design.
So there's no fragile control plane
or a hub-and-spoke choke point.
And your network always stays resilient.
You can be in complete control of that,
or you can use manage Nebula and let them manage it for you.
It's a kind of control and flexibility that I think our audience expects from their infrastructure.
Originally built for something that's massive but can scale down to just a couple of nodes.
It's really great and you can get started for free and support the show.
You just go to define.net slash unplugged.
Sign up 100 machines absolutely free.
No credit card required.
And gentlemen, they just added always on VPN mode for Nebula on Android and iOS.
Oh, nice.
Boom. Boom. Defined.net slash unplugged. Big thank you to Define for being our sponsor of the Unplugged program.
Well, we're just one day away from hitting the road to go to scale 23X. It's happening.
The largest Linux and open source event in Northern America, I'd say. Maybe not in the world, but definitely in our neck of the world.
For sure. And long running. Yeah. Great mix of communities. Yeah. And you can get 40% off registration when you use the promo
code UNPLG on Pledge.
We'll be at Planet Nix, too, which is bringing all kinds of engineers and builders from
around the world, Microsoft, Anthropics, Jopify.
I mean, the list is crazy.
Way more companies than you think using Nix, it turns out.
Planet Nix is a great way to find that out.
Yeah, FLOX is making it possible.
They're making reproducible dev environments actually usable, so they're just in the right
place at the right moment, and they're helping us get down there.
And to that end, and this is the last housekeeping update you guys have to listen on,
any of this.
We are making a meetup super combo deal.
We have decided since our meetup was on the same day
and the same time as the Planet Nix after party,
it was silly to split the crowd.
Instead, we're going to do one giant planet Nix after party meetup.
So FLOX and J.B are hosting happy hour for the community.
I'll have the details now.
It's all updated at meetup.com slash jupiter broadcasting.
It's going to be Friday, March 6, 6 p.m. to 8 p.m.
instead of two events at separate times,
we're going to do one awesome event on Friday night,
combining our powers into one giant meetup.
So come hang out.
We also in this got roped into appetizers.
So if you're listening and you would like to help your other listeners have a good time,
we would love some boost support for appetizers.
We're going to be probably feeding over 100 miles,
and it's in California.
So you can imagine that's going to be expensive.
But I think it's the right thing to do.
People are going to come out.
It's our way to contribute to the Nix After Party.
And we'd love some support.
We'll be on the road, but you could send a boost our way,
and we'll add it to the boost to bite pipeline, if you will.
Thank you, everybody.
Who's going to meetup.com slash you've been broadcasting to and signaling their intention.
We really appreciate that.
It helps us plan.
And we're really looking forward to the Planet Nix after party.
And seeing everybody down there.
It's getting close.
Well, this year, KD is having quite a moment.
Plasma 6.6 just dropped with HDR support, better whalen performance, and is finally stable enough to daily drive.
Woo!
The desktop Linux market, as you know, last year hit 5% desktop chair, and, well, KD has been right at the center of that.
And KDE Linux, as you remember, is...
Not plasma, but its own thing.
Not neon either.
Right.
It's this new project by...
the KDE crew that we've been super excited about because, well, it's brand new.
It's throwing in some super modern technology and is very actively under development right now.
It aims to be one of the best ways to get the front row seat to KDE and plasma.
And well, it's just its code name Project Banana.
So what is there not to like?
You see, this is very much a Brent pick, right?
Plasma bananas.
I mean, did he force us to do this?
Maybe.
You know, also, it's a great time to check out because plasma is in such a great space.
Yeah.
It's, oh, man, you know, being on Hyperlin for a little while now and coming back to absolutely modern plasma is looking so, so good.
And it is a bit of an adjustment.
We've talked about this before and we're going to get it more into this, some of the weeds here with this episode.
There's no package manager traditionally here, right?
You got flap pack, you got app images.
is this is an image-based immutable whole OS idea.
They have built it on Arch,
but Pac-Man is not on this thing.
It is a self-contained single 4.8 gigabyte.
Is it E-R-O-F-S image?
Yeah.
E-R-O-F-S.
I'll let you come up with your own pronunciation,
but...
Ur-O-Fs.
I'm just going to say E-R-O-F-S.
Yeah.
So that's the image layer,
and that's like, these are the image,
and that's like almost five gigs on its own.
And then you layer on the flap packs you want up to that.
It's really meant for a user space.
And KDE's goal here is to create what they say is, quote, a bulletproof OS that showcases the best of KDE.
And we've also talked about Nome's creating GnomOS.
And what you get to see is something if you're a plasma fan that is really, really nice.
It's very lean, mean, and focused.
The beta is coming along, right?
This is still very early.
They're about 65% complete right now.
They're in some refinement areas.
I know they've been working on Wayland.
stuff, I couldn't say exactly where they're at with that.
But it looks like multi-monitor stability was a priority and high refresh rate, which I love to see.
But the technical details, Wes, are, I mean, that's what I think is maybe most appealing to KD Linux to us,
is some of the practical decisions they've made because they could have gone off in the weeds and done some really crazy stuff.
But I think part of what's making this distribution so solid this early is they made some really sound practical technical decisions.
Yeah, you know, it sounds a lot kind of similar to maybe like the U-Blue type.
immutable service. We've talked a lot of different shades of immutable
Linux versions, but this one is very lean, and it feels
conceptually simple because it really is relying a lot on a bunch
of stuff that has been developed in a lot, mostly the system D, but
slightly wider community than that, especially after, if you remember,
Leonard had a blog post in 2021, putting things together, I think it was called.
It was kind of like a lot of modern ideas. That's where we got maybe like the
ideas behind system D Home D, and like a lot of stuff we've seen develop over the years,
including unified kernel images, UKIs, which KD-E-Linix does use.
And so as part of that, you get what's called M-K-O-S-I or M-K-O-S-I or M-K-O-S-I.
I like there.
I like M-K-O-S-I.
Yeah, so this is a tool to make operating system images.
And the core philosophy is building an OS image should be reproducible,
declarative, and unprivileged.
Right?
Because often when you think about this, you think about like, oh, loop devices
and like F disk and formatting and like making new file systems,
all of which sounds like root permissions.
All needs root, yeah.
Yeah.
So what's great here is instead you run this.
You give it a single config file.
Okay.
And it uses System D repart under the hood.
And it's got some clever stuff.
There's also, of course, because of system D,
C groups and namespaces and unshare and basically it's able to look like it has root
inside of a specially crafted namespace that has the permissions it needs to do.
A whole bunch of clever, modern Linux plumbing engineering under the hood.
so that at the end of the day, you can create stuff like raw GPT disk images,
EROFS images, squash FS, container directories, UKIs, tarballs,
all from just something that can run without crazy permissions,
run in CI or run right in your terminal.
And then, of course, there's a bunch of other stuff that layers in there.
So you do get EROFS, which we'll go more into, but, okay, you use MKOSI,
to make yourself like a disc image, maybe an EROFS,
but what do you do with that?
Well, there's more tools.
There's System D, SIS update.
Okay.
And this is the thing that actually handles the cool rollback and, like, slot sort of A, B functionality that's going on.
So when you want to do an update, you're not pulling out app packages.
You're not, you know, there's no DNF, there's no Pac-Man involved.
You download a whole big new disc image.
We'll get to the Delta Update story later.
But you download a new image, SystemD puts that in the right spot and,
hooks up all the bootloader stuff for you so that like automatically you've got you can boot
into the new version if it doesn't go well it can boot back to the old one and it understands that
all at the system d layer well and to the point earlier they didn't invent that tool nope they didn't
have to roll that they didn't have to iron out all the logic to make sure it was robust and reliable
that's an example of a practical technology choice where yeah they could have invented their own
system and maybe even have like a nice little plasma integration and all of that but instead they
chose to go with something that's already been built and in production.
So it's already stable, that aspect of it.
And then, you know, you get to layer on stuff too.
So then there's system D system extensions because in this model you have slash user that is hermetically sealed.
That is this EROFS that you can't touch that has a bunch of nice cryptographic properties.
So maybe that's your base system.
And then on top of that, like in the testing edition we've been playing with, you can layer in all the plasma stuff as its own system D system extension that you can update that you can swap in it out.
and you don't have to mess with all of the arch packages underneath necessarily.
Do you want to talk about system extensions more later,
or could we expand on that right now?
Because SystemD, Sys extent, seemed like at the announcement of the project,
well, this is the way I'm going to layer in my mesh networking,
or this is the way I'm going to modify this otherwise immutable distro
to have this particular customization I want.
And it does work for that, but it's a little heavy weight.
It's still getting kind of ironed out,
sometimes like, especially like services that are served in there
can be a little bit flaky, which is a little unexpected.
considering the origins of all
of this stuff. But what it works really well for is
something like plasma or libraries,
frameworks where you don't just have a single
file. Like if you're just trying to install something like
a, you know, that has like a single binary download
from some Rust or Go project or whatever,
you can do it, but it's more work than you need.
There's already places to just stick that like
opt or user local or whatever.
Or what about like the case of nebular tail scale?
Yeah. So those are too easy to distribute, basically.
But if you're trying to add something that needs libraries,
it needs PNG assets, it has all the stuff
that is expected to be under
those normal slash USR, like stuff that a Linux operating system expects, that's where system
extensions really shine.
So it's really for the core system extension and not as much of the story necessarily.
You can do it, but for like user apps.
But if, yeah, if you could get a user app that's a go binary, you just go that route or something.
I got you.
So let's talk more about this EROFS, which stands for enhanced read-only file system.
It came out of Huawei for Android.
We've had it in Linux since Linux 5.4.
So again, it's been around since 2019.
it's a technology that is stable.
It's in use in Chrome OS.
It's actually required for Android now.
All the system partitions are using it.
And they're using it in KDE Linux.
So I think the obvious question,
because if you're going to ask a Linux user,
how would you do this?
They'd say, well, I would use SquashFS.
It's been around forever.
SquashFs has been in Linux since Colonel 2.6.29.
Wow.
Yeah.
Yeah.
But there's a difference, and it matters here.
So SquashFS takes a fixed chunk of uncompressed data,
like, say, 128 kilobytes of data.
And it compresses it to a variable-size output.
and the blocks land arbitrarily in offsets,
and reading one random bite
means loading and decompressing
that entire 120-kilobit chunk.
Yeah, so the whole point for SquashFS
is maximizing the compression,
which is great, right?
Especially when it was made
and the internet was super slow.
Back in the two six days when you're squashing.
Yeah, right?
But it kind of means that the output is variable,
which means you can't easily,
like you have to unpack out of everything
or at least big chunks.
If you want just one file, you can't get that.
Right.
So this is where the enhanced
read-only file system flips it. It has fixed output for compression. Like, you know what you're
going to get. The compressor is told, give me exactly four kilobytes. Every block is page size,
block-aligned, and indexed. And then so, I guess to your point, much easier to extract the exact
piece that you need. Memory overhead per block drops, in this example, from, say, 128 kilobytes
with the squash-fs to just four-kilobytes with the enhanced read-only file system.
And it kind of just directly maps to memory because it's meant to match the page size?
And so instead of having to like unpack stuff and copy stuff, you can kind of just go mounted into memory and get reading.
And you can imagine that matters a lot.
Like at boot time, you've got a chain of trust.
You're trying to get everything from secure boot signing to the UK.K.I embeds, all this crap that I barely even understand, to actual like kernel loading.
And you want it all done as fast as absolutely possible.
And you're using these images.
This is the exact kind of scenario where you need a solution where you know the predictable size of the compression and where it's going to be.
And it's just a really neat technical idea that's worked really well.
It's also kind of neat because SquashFS has been hard to work with cryptographically
and work with DMVarity and kind of all the nice stuff that people want when you are taking
the time to use Secure Boot and to use signed UKIs and all that kind of stuff that you might want
for like Enterprise Trust at scale, right?
And EROFS works really well with that, which means you can have nice cryptographic checksums
and actual DMVarity protection so that if someone does try to mess with your root file
system, the kernel can detect it immediately.
That's great.
It's not all roses, though.
No?
Well, I bet you're feeling this one, right?
One of the bigger friction point is, it's not a,
you're going to say.
It's not a scientific limitation.
It's more like an engineering problem that is being worked on.
It is a problem, though.
But there are no Delta updates.
It sucks, man, on the...
So, you go change a couple little bits.
That's a whole new 5 gigabyte download.
Yeah.
They'll get there, though, right?
I mean, that's on the roadmap.
And, right, you do have this layered ability,
and especially right where with like EROFS and other things,
you can keep all the nice cryptographic signing for the bottom,
even if you add some system extension that isn't itself signed.
So you don't have to go like break the whole trust of the system
just to add on some stuff at the top.
That's elegant. I like that.
Composable things.
So there's some hope that like maybe you don't have to update the core tiny layers
like all the time for that rebuild.
And there are things in progress upstream.
I think even there's been some work from like various parts of the community.
I think Leonard had one at one point.
So I expect this will get solved.
It's just early days.
So we all had a little chance to kick the tires.
And I thought, let's start with Brent's observations.
Because Brett, you're probably the most act.
We'll actually Wes your own plasma all the time too.
But when we think of our biggest plasma fan, I think, of Brent.
So I'm curious what your observations of KDE Linux were.
Well, I was fully expecting like the reference KD implementation.
I've used many spins and such over the years.
And it always feels like there's, of course, opinions thrown into spins, which is the whole purpose.
But it never quite felt like, unless you were running neon, that you had the reference that the KD software developers were building plasma to work perfectly with and to see, you know, the future of plasma.
So as soon as I installed and booted KD Linux, that's the feeling I got.
It was like, oh, wait, I'm learning, like even the tour for the first boot-up tour that you,
you get, which I, you know, over the years have seen them and don't really click on them now.
I was like, wait, this is teaching me new ways that the developers intended for me to use plasma
that I haven't been doing.
And it made me realize, like, even though I'm a huge plasma fan, I don't know that I understand
how they want me to use it.
And I'm learning new ways to use it just through booting for the first time, KDE Linux,
which was a nice feeling to have because I felt like, well, I'm a big fan, but I could become
I'm even more of a fan if I understand all of the different paradigms that they're building into plasma that I don't even know about.
Did you get that feeling too, Chris?
Because I think I saw you mention something about that.
I think my takeaway was more like, it's just so well done.
It felt smooth, clean, professional, polished.
I don't know how you strike that tone with an introductory wizard, but I got there.
Like, I was like, I made a note in my, like, this is a great introductory wizard.
I've seen versions of this with other distros,
but this one felt particularly polished.
Wes, what did you think?
We all went through it.
Well, and it was just so light and clean and solid and fast.
I mean, the install was super fast.
I did only try it into VM this time,
but it was a great virtualization guest.
Oh, super great, yeah.
Like, less than five minutes had it installed,
rebooted.
Snappy the entire time.
It had all the vertio drivers and, like, graphics support.
So it was almost just felt like using my native plasma.
And it was visually.
consistent in a way that feels like some of this stuff in plasma maybe hasn't been visually
consistent too. I think maybe that was...
This was the first time I didn't turn off the light theme. I'm a big dark theme guy.
Yeah, yeah. Part of it was like, I'm running plasma in plasma here, so it's a little less confusing
if one of them's a different theme. But it was also like, the light theme just looked really good.
I was instinctively went to switch and I was like, wait, this looks great. I don't need to.
I know. I feel like with the latest plasma and the stuff they're doing with Breeze, I'm a light
theme guy again. It just looks, the light theme looks better than the dark theme. It does. As you guys
are mentioning this, I'm realizing I didn't even realize I was in a light theme and I never
changed it. And that is like the first time that ever happens. It looks good. It really does.
I'm redefining my identity all of a sudden. Brent finds himself in KD.E. Linux.
You think by now I would have figured that out. So yeah, I think that was a very good first
impression, right? When that comes up, it's good. It was good. Clearly made an impression on all of us.
I found the installer too was just simple and straightforward.
I, of course, did my usual test of trying out the encryption,
which worked perfectly fine, except for on first boot,
I forgot the password that I put in.
No.
More because I've adopted our, like,
J.B. Studio temporary password in my own home lab now.
No, no, we never have that.
We're a lot of certified.
We always generate unique passwords for every temporary thing.
I usually put Cosmo as a password, to be honest.
But anyway, so I like briefly, you know, I was having breakfast and it was early.
So I put the wrong password in at the encryption screen when you first boot just to unlock the disc.
And I was like, oh, no, okay, right, right?
I put the wrong one in.
So I'm going to get to try again, right?
And it just dropped to a rescue shell, which I hadn't.
That's not the usual flow.
Usually it lets you at least try three times.
So that was interesting.
But once I, you know, put in the right password, everything worked just fine.
And so that was nice.
But what surprised me the most was, I think, what we talked about earlier.
And what I would like to bring even more attention to is, like, the underlying technologies that are making this image-based distribution work for the KDE team.
And I discovered some software under the hood in their docs, actually, which are pretty light.
But answer all of the most important questions when you're first booting into KD Linux.
One of them was like, well, how do I get other software on here?
Of course, flat pack was built in to discover, which was nice.
But they list a bunch of other options for geeks and nerds like us because, well, that's who they're building it for.
So I discovered, of course, Nix is a first class citizen for how to get additional software on your KD Linux.
Now, hold on.
Let's pause here for a minute.
Because I know some of the audience is going to roll their eyes.
Sure.
But I actually think this is a very notable.
differentiation between the bluefin crowd and maybe KD-E-Linix here.
What KD-E-Linix has done is just made sensible steps to make it possible to sideload Nix.
What that does is that gives you the world's largest package repository on an immutable distribution
that doesn't have a package manager.
In Nubu's defense, they do have some more difficulties because they're doing a compose-FS thing
that sort of makes an EROFS and that's for the whole route.
The root of the file system, right?
Whereas here it's just slash user right now mostly that's like...
So you can create a new root directory, which in this case is slash Nix.
But it did stand out because, like, right away, there is a fair amount of stuff.
Actually, I was kind of looking at it.
And you get, by default, like a bunch of development utilities and a fair amount of common file system stuff.
So it's not totally Spartan, but it doesn't have everything.
And if Flatpacks are your primary way to get, like, user app, that doesn't really get me Netcat very well,
which I need on every system I have, apparently.
And Nix kind of, especially if you have this whole, like, I want an immutable rock solilo.
it the way Nix works, then you can just sort of ephemarily summon a tool, and then you don't have
to worry about it and it didn't pollute your system and it's not going to get in the way of future
updates. It really makes a lot of sense. And they list a few different options. I know we were
looking for Nix as one of the options. So certainly it's nice to see it there in the official docs,
but they do list other options for software that might not be packaged in a flatback. So
Distrobox, of course, is an option, which I think we would expect to see. But I did discover a project
called CPSL, which KD is working on as well.
And its description here is InkaS-based container management
with native KD in plasma integration.
So it's a distro box-like tool using Inkis as the container
or VM backend, and it's designed specifically for KD Linux.
I love the name capsule, of course, with a K.
It's cute, yeah.
But it perfectly describes what it does.
It's one of those good names where it's got branding
and it describes what it does.
Capsule with a K.
Use of Inkis is interesting.
I'm curious.
That one especially,
seems very early, but I'm curious to see where they take it.
This is exciting.
I mean, I think the takeaway I'm having, when I tried it, and it sounds like when you guys tried it, is there's more here, there's more meat on this bone than we thought, and there's a real contender in this distribution.
Because they've managed to strike customizability and flexibility with that image-based immutability for some of the sections of the system that matter.
And if you're a plasma user, you're getting super fresh plasma.
we decided to try to set up nebula between our KDE Linux instances
just because how easy it is to just set up a mesh VPN
and some of these basic services on an immutable distro
is actually a decent baseline test
because it turns out that's often one of the first couple of things
end users want to do.
I need to get it connected to the rest of my stuff.
And so like the UBlue folks have made this really easy to get tailscale going,
but what if you wanted to get Nebula going?
And could you get Nebula going on KDE Linux?
And I think you and I both took a different approach to solving this.
Yeah, true.
Because I was going to experiment with Nix anyways, I installed Nix, just using the, you know, like the curl command from the NixOS website, then proceeded to use Nix to set up NEPA, which I found to be very straightforward and worked flawlessly.
You went more like blast in binaries and setting up configs and stuff like that, but I liked it.
It was like you could do either approach.
Yeah, you know, Nebula provides just regular releases you can go download and you basically just need.
need the two binaries that they ship. One's Nebula that actually runs like the VPN service and
the other is Nebula cert, which handles dealing with all the certificates and handling your CA if you
need to do that. So you might not even need that one necessarily, but they come in the same little
tarball. So yeah, I just had an LLM buddy whip up a little install script to go download the latest
release and go drop it. I think I did var. It looked like the like Var-lib area was writeable and Opta was
write-able and Etsy as well, which I didn't know it first. I wasn't sure when I was. Yeah. So
So I was able to have it, like, just stick the binaries in a reasonable location.
Yeah.
I think I went with Varlib Nebula bin in this case and then set stuff up with, like, a default config under Etsy Nebula,
and then also add in a SystemD service to start it.
And then after that, it worked pretty well.
And this is what I'm saying.
Like, it's the balance of it's immutable, but Wes can write System D units and to Etsy,
and when he updates and reboots, it persists.
So you can do that kind of customization you need to actually make it a functional.
workstation. And I like that. I think that's very approachable for most Linux users today.
They got something real nice here. What was your experience overall? I found it surprisingly
workable and refreshing in the simplicity. Like I really like what UBlu is doing and they're cooking
on some good stuff over there. Yeah, yeah. I mean, I'm running it right here in front of me.
But it was cool to see sort of like, like, you know, Yubo's come out a lot of the like the Bootsie
and Upstream Red Hat and Fedora work, which is excellent, but has its own heritage.
and this being sort of a fresh attempt which uses Arch,
but not at all at runtime, entirely just as like a base for the software to put together
like the core part of a distribution,
and then is otherwise sort of embracing a lot of the Lenart and SystemD ideas.
It's just, it's neat from a technical standpoint,
and it's cool to see it working pretty darn well.
We should try to dig up that original blog post because it really did inspire a lot of this from Lenart.
And it's a lot of great ideas there combined with a lot of technologies that already exist
and work today.
And so while they are
very much still in the testing and building phase,
this isn't a daily driver yet.
This isn't production ready yet.
The fundamentals are pretty solid.
And I, you know, I think early adopters,
it's probably getting there.
I think it's probably getting there
for early adopters.
It is kind of funny they mention, right?
Like it is a terrible place right now mostly.
You kind of use distrobox or containers.
If you want to actually develop on plasma,
but if you just want to use it, it's great.
Well, we have no sponsor for this slot,
but we would very much appreciate if you wanted to become a member or send us a boost to help support the appetite budget, the appetizer budget.
I am I'm hungry, though.
We would very much appreciate it.
We've been running lean these days, and so every little bit of support absolutely matters.
And Fountain FM makes it really easy to boost.
And, of course, we have the meetup that is coming up in just a couple of days.
So if you can support us, that'd be great.
And a membership is also very much appreciated.
LinuxUmpug.com slash membership for just this show.
You get the bootleg or you can get the totally ad-free version that still has.
all of Drew's edits, which is always a great option.
And jupiter.
Dot Party, if you want to support the entire network and get the launch bootleg and all
of that.
Thank you, everybody who supports us.
Appreciate it very much.
Well, Mr. Bearded Tech joins us from the sunny state of Alaska to talk about his
project that he's been working on called Nebula Commander.
Mr. Tech, welcome to the show, sir.
Thank you, Chris.
Glad to be here.
So tell us a little bit about Nebula Commander.
I know it's self-hosted control panel to get Nebula going, but that's kind of where my knowledge ends.
And I'm just kind of looking for an overview of what the project is and what it can do.
And kind of like, you know, a elevator pitch up for it, if you will.
Well, there's a little background to start off.
This all goes back to when you made callouts for NixOS configs to be rigged, to be made fun
of on air.
Yeah, the config confessions, of course, yeah.
So I started that NixOS router project because of that prior to the
Confessions.
And you guys roasted the fact that there was no way to configure your nebula or
tail scale.
So I created a Nebula commander.
Oh, my goodness.
That's a bit of a response, man.
That's a bit of a response.
Wow.
That's incredible.
Yeah, because this is really turned into, I mean, possibly a,
It could be something people want to go grab and deploy right now because it's a way to manage a fleet of a nebula overlay.
Explain what it's doing.
It's more than just like what Wes and I are playing around with, which was like kicking keys around.
So not to go against your sponsor or anything like that, but to find out net, I love it.
I think it's a great way to start building out your nebula network.
But there's a bunch of features that were important to me that weren't quite available yet.
So I started seeing if I can make something work.
And instead of it only being able to use the client that's provided, you can actually use this just to manage your nebula setup by itself.
Oh, that's great.
You go and create a network.
You can create groups which are similar to their roles and create firewall rules for inbound and outbound traffic between different groups you have.
and each node you can actually download the config directly and just run it on Nebula raw.
And I'm actually still working on the client.
It's extremely experimental.
There's a lot of things I want to keep going to make it work reliable.
Okay.
So the stack that I understand it, right, is what it's doing essentially is it creates networks,
it's managing mesh nodes and IP allocation, right, and certification.
and certifications.
And it has a WebUI, which is like a React dashboard front end.
And you are also integrating with authentication.
Can you talk about the authentication piece for a second?
Yeah, I'm using key cloak in the back end for authentication, which is nice.
You can do everything from enabling email verification and registering your users.
And that's how it's set up.
When you first go on to Nebula Commander, there are no user set up.
You go in, register your first user, and that user eventually will become the admin.
Right now, I ran through a little roadblock and trying to work through that.
And each user independently can have their own networks, their own nodes,
their own group rules, and it is completely separate from any other user.
So you could potentially go in and have five users for yourself for five different network setups,
and they don't step on each other.
Oh, that is really, that's really.
a clever idea. Okay, so if I want to run this, I'm looking at like probably deploying a Docker
container, I assume. Yeah, that's the preferred method right now is with Docker. And if you go on to
the Nebula CDR.com, I have full documentation of how to get it up using Docker. There's also a
NixOS flake and modules up there as well to integrate as you guys like. Yeah, you've really
clearly spent some time on the on the docs. There's a lot here at the website. Nicely done.
You know, Cursor is a wonderful thing.
You know, people, you know, and the pre-show you guys were talking about AI and AI agentic things.
And I've used Cursor extensively in this project and has been a godsend trying to get everything online and going working the right way.
As long as you use it the way it should be used.
Yeah, I've noticed.
I was reviewing your commits and I saw that you're like actively finding some security things and patching those and finding little issues like that too.
So you're taking some kind of audits and security passes at this project as well, it looked like.
Yeah, I've used a couple different tools, along with the code QL up on GitHub.
I've also used SemGrep, and I can't remember the name of the other one for Python that I was using.
But yeah, I've done as many security scans as I can to make sure that I have no critical bugs in this thing.
Because, I mean, that's the biggest problem with a lot of these vibe-coded projects is that they have so many security holes.
Everything just slapped together, and there's no project management involved.
Yeah. Are you using this to manage your own networks yet or not quite at that stage?
At this point, yeah. I've got my own personal nebula network and I'm hoping within the next month or so, I'm going to roll all my clients onto it as well. I run a small IT consulting business up here.
That's what I was thinking is this would be perfect for an IT consulting firm. That's where my head went.
As I could see, a little network management for your clients, you're using this to back up their data. It's completely private. No big tech involved at all.
And, you know, just to circle back to your vibe-coded comment, Beardotet Tech, because I think, too, this is an example where I think there's nuance.
Because your application is sitting on top of Nebula and, you know, Python, a bunch of stuff that are primitives that are good and sound that are working and secure, right?
You didn't invent the encryption here.
You know, you didn't invent the Nebula aspect of this.
You're orchestrating the Nebula mesh network, but the actual security is, you know, is solid.
It's Nebula.
So that's where I think there's a nuance and vibe-coded stuff.
I think actually running it too, right?
Like having something doing testing on the other side to make sure it does fit together
and like there aren't weird holes in the project, that kind of stuff adds a lot too.
The scope of this is pretty ambitious.
I don't think we're really communicating to the audience the scope of this thing.
That's what impresses me, Bearded Tech, is how you managed with kids running around
and two hours of daylight in the winter there, how you managed to create something this already comprehensive.
Well, you know, it's just I end up spending way too.
much time on it than I should. Dishes pile up when they probably shouldn't.
I understand that, but I did see somewhere on your page some, some ideas for things that
you have in the future, like some DNS stuff and exit node stuff. Can you tell me a little bit about
that? Yeah, and that was kind of the one big feature that defined that net didn't really
do for me, was being able to put in my own DNS server. Right now with my clients, I'm using
tail scale and I have split DNS set up to be able to reach all the machines inside my
tail scale network and I'm trying to integrate that into this so you can actually run your own
DNS node essentially that'd be great do like a magic DNS type set up for nebula that you
control oh that's so cool it's under your own control so we should also mention the front end is
licensed in MIT the back end also licensed at MIT
and the client is GPL version 3.
So the entire stack is free software.
If somebody else out there would like to take a look or help.
And then I think you started the Matrix community,
if people are interested maybe in checking it out or discussing too, right?
I did.
I'll leave the link in the chat here.
And also I've got a documentation site up at nebulouscdr.com.
And I've got a node live right now that people can go and bang on and try out
and test out the actual software.
for itself at nebulous cdr.net and I'll leave that in the chat as well.
Oh, fun. It's up right now. You're not going to leave it up for too long.
So it depends on what you're listening to this, but nebulouscdr.net if you want to see a live
demo of it. Isn't that great?
This is so cool.
Beardite tech, thank you for taking some time on your Sunday with the family running around
and all of that to tell us about this. We just think this is such a cool project. Well done, sir.
Thank you very much. I appreciate it. Chris. You guys have a great day.
Yeah, and thank you. Thank you very much. And we'll put a link to all that in the show
notes. And if you're working on a project like this, drop us a note. Tell us about it. Or come in
the Matrix room. You know, that's West spotted bearded tech was talking about this in our
matrix chat room. And then we decided to pull it forward because we just love seeing the community
to build tools like this. Y'all are so smart. You build awesome stuff.
Well, we got a little bit of feedback this week about an ad that was playing at the start of the show.
Did you do that? Was that you? Was that me? It was me. Well, I might have been.
involved in some of their pieces. But not that part. Yeah, our bad. So that was intentional,
but not yet, I guess is the way to put that. I was going to let you know about, I have made a
decision behind the scenes to change the approach to ads. I guess in full disclosure, like this,
the situation is that I thought this as long as I possibly could. I have not been paid for
last month. I'm not going to get paid this month. And I might not get paid next month. So I may
going three months of the year so far without getting paid, which is okay. It's like I didn't do this to
get rich. And the members are keeping the infrastructure paid for and the boosters are, you know,
sometimes I get a sandwich. So it's good. And it's okay, but I have to make some changes. And so
what I've decided to do is work with a group that is fairly aligned with the way I look at ads.
It has to be an ad that for a product that I like. I get right of first refusal. And
They really work hard to make sure that if it's a company that I'm going to do a sponsorship with, that I get a chance to try the product first before it goes on air and all of that.
So I like where we're going.
And part of that, because we are in a very bad situation, the reality is I've just fought the change in the ad market for as long as I possibly can.
And since COVID, really, it's not really anything to do with COVID.
But the way the market dynamics changed with the increase in rates is that it became more expensive to do direct marketing.
It just was an area that companies needed efficiency.
And I went on about this for years when it happened.
So I don't need to recap all of that.
But the structural changes in the market are such that companies no longer have time to engage in a three-month conversation with a single podcaster to do a bespoke ad agreement for one quarter.
They're used to the YouTube model, right, where they can just do ad buys that are targeted or Facebook.
They want to buy large markets at a time.
And so there are now companies that sit between the ad buyers and the podcast.
and I've been working to try to find a good one. And I have, at great personal expense,
walked this line for as long as I possibly could to make sure it's gone right. And because we have
no ads beyond defined networking right now, who is the only sponsor we have at the moment,
because they were, you know, by my model, the only ones I was willing to have on. And I know
that you have an expectation. And one of the reasons we've gone value for value is so I could say no.
And I have been saying no for a very long time. And so I think we have found a middle ground here.
But essentially, I'm going to let them cook.
And one of the things that we're going to do, why we have no other sponsors on board to try to get some survival money is we will play an ad at the beginning for some locations at some times.
I expected to roll that out over the next couple of weeks, but we need to move quick because we're going to scale.
And they communicated the expectation to me.
I just, I missed it.
It was my bad.
So I will own that because I wanted to communicate it to you beforehand.
But we're busy and that slipped.
So the plan is to have them find some good sponsors that can bring on, you know, some good reoccurring revenue to make the show sustainable so I can get paid again so we can keep going and invest in more production.
And hopefully over time they will do that, but it will take a little while, even with working with a group that specializes in this, it still takes time to find the right sponsor.
If you have standards, it just takes time.
And so the dynamic ads running.
And now that that seal is broken, I'm likely to leave it for a while just because we have such a good.
cap. And it's not, I don't really have any of the details on that in terms of, you know,
what I should expect or how it's going to perform or anything like that because I've never
done anything like this before. But that's where we're at now. And I'm hopeful that if people
seem to have an allergic reaction to it, they'll consider becoming a member at Linuxunplug.com
slash membership. We'd often do discounts. And we have a fantastic ad-free version of the show
that editor Drew puts together or you get access to the bootleg. And if you don't mind the ads,
well, then you can help monetize just by listening to it
and support the show that way.
And I think a lot of you don't mind.
Because ironically, when we were purchased by Linux Academy
and we dropped all ads from all shows,
we never got a single comment about it.
Nobody said anything.
The wildest thing, like it was the biggest issue for us.
We thought it was this massive unlock.
We thought it was this huge thing.
We were going ad-free.
And behind the scenes, I mean, it helped a lot
with some of our production stuff.
Yeah.
Oh, yeah, massive time savers.
but nobody cared really.
So that was a big lesson.
And I think also we'll still do a better job than the average bear out there.
It's a wild world and video and all of that is also eating at it.
So that, I'm sorry that wasn't communicated ahead of time.
That was my intention.
And we definitely still need the support more than ever because all these things take time.
And it was really your support that made it possible to survive this long.
without having to compromise two years ago, really.
Because this has been something developing since 2019,
since 2020,
something we talk about frequently behind the scenes,
something I've talked a lot about on the launch.
I've talked about it on office hours.
We've talked about it.
And so this is where we're at.
But we will continue on.
We've got another, you know,
we've got another 12, 20 years in us or so,
but we just got to make sure we adapt.
And this is the state of,
of the internet, as it were.
But I do hope that those of you who, like I say, have a problem with it will consider
a membership because the show quality remains high.
In fact, hopefully this continues.
Helps us keep going.
But I'm sorry we didn't communicate it differently.
That's my regret.
It was not supposed to be a surprise.
Yeah, I wasn't meant to surprise you.
I was also surprised.
But that was on me.
It was communicated to me correctly.
I just am a busy guy.
And emails are easy to miss sometimes.
I got to get something on that that's watching that inbox.
But I'm not ready to do it just yet.
Just, not just yet, but one of these days.
Four score and seven boosters go.
But gentlemen, we do have some great support this week.
And this is the wild thing about the value for value system is it's such a swinger.
Well, we went from like, oh boy, this is kind of going to be a rough one to like one of the best weeks in the shows in the year so far for the show.
So let's kick it off with our baller booster.
Hey, rich lobster.
Because that is the one, the only.
hybrid sarcasm and he comes in with one million Satoshi.
Yeah, I said one million Satoshi.
Are you sure that's not a typo?
Hey, my script doesn't make typos.
That's got to be almost the entire appetizer budget right there, I think.
Thank you.
Hypert sarcasm.
I don't think Ballard quite covers it.
Yeah, he says enjoy California boys.
Well, we will.
Boy, I tell you what, like
this boost came in this morning while we were in our group chat
and I was having a mild panic attack about expenses.
And this landed.
It changed your mood completely.
It totally did. It totally did.
It really was something.
Thank you hybrid sarcasm.
Thank you very, very much.
Appreciate you.
You are a good guy.
He's a good guy.
He's a real good guy.
No, you're a great guy.
Not the One comes in with 68,000, says.
All right.
toward that which your kind
coveted. Also, not bad.
Thank you for helping us. Help you, help us all.
Keep up the good work.
A little something to help with the trip.
He gets it. Thank you very much.
Right? We're going to turn that right around and spend it on your fellow listener.
So thank you very much for this one.
That's great.
Well, the dude is abiding with 22,222 sets.
Things are looking up for old McDuck.
I've never used an agent locally.
The first I want to try is the home.
Home Assistant MCP.
I've always used the web-based versions of chat Jeopard or Gemini.
I'm feeling kind of left behind.
So here's a little something for that trip.
Thank you, sir.
Appreciate that very much.
This old duck still got it.
You know, this is a great question because you can tell he's locked in to the change.
The change is like they've gone from novelty chat bot that does theatrical typing to like actual
useful open source agent that's using the LLM to leverage intelligence.
I just set this MCP up over the weekend.
It's so good.
It's so good.
It's so good.
It doesn't quite do everything.
So I think I also had it do some direct API access, but it has a lot of stuff.
It's great for working with automations.
The MCP is the way you want to go if you're working and troubleshooting your automations.
Two quick examples.
So I use the API with an agent because there was electrical work being done down the street for me.
and I expected the power to be cut,
but I needed to go to the studio.
So I had my agent check in every two minutes,
and if the power went out,
I had the agent cut all the electric heat off
and then send me a telegram message.
And then I had if the power remained off for an hour,
turn off the remaining systems, right?
Like I had like this cascade system.
I could have built an automation for that in Home Assistant,
but I did it in 30 seconds with one prompt
as I was going out the door realizing this is going to be an issue.
So that's one way you can use it.
I also just using the MCP, so that was using the API.
Using the MCP is really great because I have automations that have probably been sitting around for three, four, five years at this point.
I built them a long, long time ago, and things have changed.
So I had my agent go in and audit the top five most frequently fired automations and review them for logic or improvements.
And with each one, it found something small to major that I could do to improve them.
And it's just because I haven't looked at them in so long.
And that was done via the MCP.
And it's really nice.
I didn't, you know, I didn't.
And then, you know, I just rode, okay, do, do this, do this.
All right, go fix that.
And then poop, boop, bo, bo, goes off and fixes it all up.
It's really, it really is a great unlock for Home Assistant
because Home Assistant is essentially an API for your entire home.
I will also say the FOMO feeling can be very real.
Don't feel too bad about that, but also don't let it, you know,
it's good to try and be curious.
But you don't have to go too crazy because things are moving fast.
And like you can overinvest in it and spend waste a lot of time on
stuff that's just going to change out from under YouTube.
I mean, Home Assistant API and MCP is pretty solid.
Yeah, that's one of the more solid parts of the whole thing, really.
But that is good advice.
That is good advice.
Tomato comes in with another row of Mick Ducks, 22,22 Sats.
Affleck!
Looking forward to scale in Planet Nix coverage.
Here's some Sats to help with the Travel Boys.
If you see any of the NICs or BSD people down there, I'd love to hear about it.
I find that particular combination to be rather intriguing.
Yeah, the idea of using Nix on top of a BSD.
Okay, yeah.
Might sound insane, but then again.
But I have done that exact thing in the past with a Perl script.
Oh.
Yeah, right.
I mean, FreeBSD.
I mean, all these bees, they're nice tight systems, right?
Clean.
So if you get a declarative interface on top, could be very nice.
Yeah.
Oh.
I mean, I would definitely play with that.
I mean, it makes immutable distros.
Got all these packages available for it.
It'd really probably be now down to what could you actually install.
Yeah.
Well, Distroostoe comes in with 13,100.
49 sads.
Well, I'll be dipped.
See you at scale.
Here's some juice to get you there.
Oh, thank you.
I'm bummed to miss the meetup for the third year in a row since I'll be giving an upscale talk on pen testing.
Nicks of the world.
Well, that's a great excuse.
That is a good reason, though.
I'm sure we'll bump into each other, some other time, though.
I hope so.
Yeah, I hope so.
It was great seeing you before.
I don't want to see you again.
And I always love it when people, like, they remember like, oh, I should introduce with my handle.
Right.
Like, oh, no, I'm distros too.
Like, oh, distra's too.
All right, looking forward to that.
I believe we have a new booster here,
The Facial Hair with 4,000 sets.
This is a tasty burger.
That's good. I like that.
Apologies for the delay in response.
These sets are freshly mined, hence the delay.
I wanted to follow up on the D&D and open source question.
It works because open source removes barriers to entry,
whether it's physical, financial, or otherwise.
It allows anyone to join us at the table.
This is also my bump for JBD&D special sometime.
That does sound like a lot of fun.
I kind of like that idea.
I could see doing a member special maybe or something
because I don't know if anybody would actually want to listen to that.
Find an audience member who's an experienced DM?
Perhaps a volunteer here.
It'd be great on a trip.
It would be great on a trip to do like a little D&D meetup
where somebody teaches me how to play
because I've never played before.
Maybe I could play like a video game version to learn up.
I don't know.
But that's a great idea.
Thanks, if that's your first boost too, really do appreciate you.
enough time and mining them sats directly.
Fresh. Well done.
Well, T.R. Belly comes in. That's not how you say it at all, but I like it.
15,000 sats.
You make me want to be a better man.
I'm going to say it's T R.S. Elby.
No? What do you think?
T.R. Selby.
There you go. 15,000 sats.
Point your car south to the sun away from the atmospheric river and the polar vortex.
Yeah, looking forward to that.
No lobes down there.
It's going to be like 75 degrees in sunny in Pasadena.
That sounds impossible.
That sounds so wonderful.
Well, W.H.
2250 comes in with 2,000 cents.
Boy, they are doing a lot with mayo these days.
Oh, this one is for Brent.
Hey, Brent, I'm curious as to why you didn't try Unraid since you tried TruNAS scale.
I was wondering that, too.
I haven't tried it yet, but Unraid does have an open-clock container template in the community apps ready to go.
One install and you can have your agent do the rest of the server setup for you.
You know, we didn't solicit this, but, you know, we didn't solicit this,
Just a full-time case.
This is a very good question.
Very, very good question.
The main reason is that for years now, I've had some close friends tell me,
you have to do Trunaz.
You have to do, hey, can I back up my stuff to yours across the ocean using Trunaz, et cetera?
So that's partly why I leaned that direction.
And also, I mean, I probably should, but I haven't had time to try every single offering.
But Unraid is certainly at the top of the list for the round two since everybody has been asked in this question.
I think out of the two,
and they were a former sponsor, no longer sponsor,
I would strongly consider Unraid
because they've done a lot of improvements
in the last version with the UI.
They have a really nice API now,
which has all kinds of advantages,
more than ever, I realize now,
and they have a massive up-to-date application library
that makes it super easy to deploy stuff.
And I like all those things.
And it's Linux-based, which I also like.
So I say plus one here to WH's boost.
I think Unrate is worth a consideration too.
I don't want to speak up because everybody thought I'd be shilling, but that's my honest opinion.
I just gave away the milk for free.
Well, Spooky Satcom came in with 2,000 sats.
Make it so.
There's no message on this one, just a little bit of value, so thank you very much.
That's always appreciated very much.
Thank you much.
Spooky, good to hear from you.
Hey, there's Gene Bean coming in with 2,66s.
Fun will now commence.
He sure will.
He says, I'm sad that advertising is so lean right now that you've had to start using pre-impostral ads.
But I'm also glad that you've got the option to get you through.
Here's to doing what you need to get things running.
My 7-year-old son wanted to tell you that he really likes the sound effects,
especially the Tetris one.
Aw.
All right.
Thanks for sharing.
Do you all have any suggestions for local models that work well with open code that I can run tools?
That's a great question, Gene.
That's the key question you need to be asking, buddy.
Can they run tools?
I have a Mac with an M3 Pro in 18 gigs of RAM and a several-year-old Lenovo P-52 with an M-Binion.
Oh, fun.
one of the P series.
I wonder how far he could get with Mini Max
2.5.
Probably needs to look more at
Quill, right, Quinn or whatever it is, Quinn.
Yeah, that might be.
I think Quinn's probably, because they have a couple
versions of Quinn that are...
Yeah, really, so can you fit it in whatever?
18 gigs of RAM is very tight, but it might be
possible with Quinn.
So, Gene, I think right now
you might be a little tight for really good reasoning,
but you have a lot of room
for like vectors,
memory embedding and things like that.
So if you wanted to have LLMs take care of local transcription like with Whisper,
and you wanted to have all of your memory managed with an LM that does embedded memory with
vectorizing, you could do all of that with that hardware very successfully.
And then you could punt some of the more challenging stuff to a larger frontier model
through something like OpenRouter or a direct API subscription.
Yeah, because there's oftentimes stuff where you might be able to run a model say that can do,
like, work on individual coding tests pretty well, but isn't quite up to like complicated
tool call and orchestrating other agents.
So sometimes it's a mixture
of models that it filled the whole thing out.
And so another way to put that, right,
is you could have the frontier model
running the orchestration agent,
who is watching the quality of the output,
monitoring the sub-agent.
And the sub-agent could be using, like,
a Quinn optimized coding, smaller model.
Or a deep-seek or something.
Yeah, or a deep-seek.
Maybe Deep Seek-4.
It could come out any day now.
And that maybe isn't quite as comprehensive
with tool calls and all of that,
but could do that specific job.
and then your higher-end model is actually watching the output and managing it.
And that actually is a pretty token-efficient way to go about it.
But hopefully we'll have more options,
especially as we get more hardware built for this,
and as models get down smaller and smaller and smaller.
Let us know what you try and how it works.
Thanks for the boost.
Yeah, keep us posted.
That's a good one.
Antoine comes in with 2,468 cents.
Everything's under control.
In case you have not seen this yet,
someone came up with a home assistant voice control
that is a Star Trek
Com's badge.
Want.
There's an instructable for it.
And we get a link.
Did you look at this?
I have not yet.
I'm pulling it up right now.
So I think what they're doing
that's pretty clever with this
is it looks like the Com badge
from TNG.
Ooh, yes it does.
I think the front part of the Com badge
I don't know how much is actually happening there
because there's a little computer
that I think you put under your shirt on the back end
and they maybe I think magnetically clip together
through the shirt.
That could totally work.
And so you have a...
Like a tiny little ESP or something?
Yeah, exactly.
Yeah, a little Arduino kind of thing with Wi-Fi and, you know, the little tiny ability to essentially run a home assistant assistant and use the home assistant conversational pipeline through your Star Trek com badge.
Now, obviously, the use case here, gentlemen, I don't think I need to say it, but in case you're listening, you're like, why the hell would you use this?
So that way you can walk around your house, slap your com badge, and order the lights to turn on or whatever, right?
That's the end state here, right?
Slap in your chest.
See, this can work with some models, gene beans running.
I want, I want.
Thanks, Antoine.
Appreciate that.
Oh, man.
All right.
Well, Bobby Pins here with 10,000 sets.
It's over 9,000.
Well, I'm just about ready to finally dive into Nix.
My question for you, nerds, Nix, nerds.
Should I start with a general use PC and hypervive,
or an appliance level of media server,
or the coveted Nix?
Bitcoin Node.
I probably wouldn't start with that one.
I mean, it might depend on how familiar you are with the Bitcoin stuff.
If you've run Bitcoin nodes before, then it might be totally doable.
If you're learning both running a node and using Nix to do so, that's a lot to do at once.
So maybe the media server is a pretty tractable.
I think media server, right?
Yeah?
Why?
Well, because it's something that you can build up, like, slowly.
You can build one service, build another one, build another one.
Right.
And it can just, like, iterate.
Whereas if you're trying to get a desktop system that you need everything to work right away, there can be a large learning curve.
So just having a little computer set up as a media server where you can just poke at it whenever you have time.
And if it's not completely online, 100% of the time, well, maybe it's not at the end of the world.
That would be a good way to try some things and break some things.
I also think the expectation is different there.
When you're using it on the desktop, you have certain expectations if you use Linux before about the way package installation works.
and what, I have to update this file
in order to make this change persist.
Like it's a bit of a, it's a bit of a gear shift.
But when you're using a headless server,
all these things that kind of seem confusing
on the desktop are actually strengths on the server
and really are great.
And you start, I think,
since you're coming in with a different set of expectations,
I think you can appreciate,
especially in a server context,
Nicks a lot more.
And then once you learn to use it
in a headless environment with a couple of services,
you're going to be,
you're going to be just absolutely itching
to deploy it on your desktop.
But you'll have a greater appreciation understanding at that point.
I think, you know, the desktop thing could be fun,
but high probability goes sideways, you know?
Yeah, and then just longer debug cycles
and maybe you break the thing you're trying to work on.
If you have a bunch of spare laptops or desktops or whatever,
then go forward.
Yeah, go for your comfy dual booting and all that.
But whatever you can find the lowest friction way
where you're not going to get frustrated
because you don't know how to do it in Nix yet is usually the best.
Also, your question specifically said,
I'm just ready to finally dive into Nix.
We are assuming you mean Nix OS.
of course that the rest of your question suggested that,
but it's an important realization
that Nix OS and Nix are distinct,
and it's even more fun
when you realize you can run Nix on any operating system
and get some of the benefits.
So that's like, I don't know, level three
when you get to do that.
Peanut, but it and jelly right there.
Is what that your favorite distra with Nix is better and better?
All right, thank you everybody who boosted.
We have the boost below the 2000 set cutoff.
We'll keep them in the dock for prosperity,
and we read them.
We appreciate them.
to and thank you to everybody who streams those sets.
22 of you streamed collectively 31,237 sets.
Not too bad at all.
It's a nice little boost in itself.
Now, of course, Mr. Hybrid Sarcasm, he brought it in, and he brought the power and the strength.
So when you bring it all together this week, gentlemen, for episode 600, 656, before we hit
the road to scale, before we go by the appetizers and all that, this episode stacked
1,195,353 Satteronis.
Thank you to our members to everybody who supports the show
from, you know, just a few SATs or a few Fiats to, you know, a million.
It makes a difference, especially right now.
If you would like to make this episode or next episode a winner,
you can boost with Fountain FM.
They make it real easy.
They have a hosted option or a self-hosted option.
There's a whole plethora of applications over at new podcast apps
to bring new features and the ability to boost.
If you want to just stick with the simple autopilot,
LinuxUMPLug.com slash membership.
Thank you everybody who supports this here episode.
Gosh darned mean a lot to us.
And we do have some picks for you,
and there's some good ones,
so let's get to those before we get out of here.
First up is one that Wes found
that I could see being very useful for folks out there
that are trying out Hetsner.
I think Hetzner's getting a little tick up
and usage with all the open-cloth stuff going on.
Do watch out. They have a price increase coming in April. So just be warned, you know, they still have reasonable rates in the industry for sure.
Well, it's coming. Yeah. And you can maybe understand why given what all is happening in what it costs around a computer these days.
But tell us about H-Cloud upload image. You found this this week.
Yeah. So the backstory is Hetsner already provides an MIT licensed CLI to interface with them.
Oh, yeah. So it's just H-Cloud, which is great. But one thing they don't make especially easy is dealing with,
disk images, especially if you just want to be able to take a disk image that you build locally,
upload it to Hetsner, and then use that to spin up new VPSs from. You can do a lot of other stuff
with the CLI, but not really that exactly in one step or something. So HCloud upload image is a little
Go app that does exactly that. So it creates a server with the right type, it enables the rescue
system, it boots into the server, then it downloads the disc image that you're trying to
upload to it into the rescue system, which then lets it just drop that and overwrite the
existing disk, right? So it just takes your image and overrides the disc via the rescue system.
Right, okay. So it's destructive. It's quite destructive. Yeah, this is for spinning up a new
one. It spins up its own little. Okay. So then it shuts down the server and then it takes a snapshot
of that. So it's still like spins up a new server, puts it in rescue, overrides it,
snapshots it, and then deletes the actual server and all you're left with is the snapshot.
And then you can take that snapshot with the H-Cloud CLI itself and stamp out VPSs.
That's great.
So you could essentially have, from your machine, you could upload a custom cloud image that you can
then use as a template.
Yep.
And so I was doing that.
And I was running something as a local VM, but it was getting to take up more resources
than I could allocate on the machine.
I was running it on.
And so for the moment, I thought, okay, I'll spin up a VPS and offload it there.
And so I was able to, it's an XOS system.
So I was able to add a new build output that built with the stuff.
ready, which it's really just like a KVM virtual machine.
So there's not a lot of crazy Hetsner specific stuff you need to do
and then have NixOS output a raw disk image.
And Hetzner even supports like Z standard and GZIP and BZip and similar.
So then you can just compress it and upload it and away you go.
So you just built it from the package manager and sent it up to Hedstner.
Yep.
Stupid easy.
It did.
I did kind of, I did hit some confusion because you need to look out apparently,
depending on which data center you use
and if you use one of their dedicated performance
or like the standard shared CPU ones.
The shared ones seem to be MBR legacy booting.
And you need to be EFI, I assume.
Well, I could do whatever.
Oh, but the image needs to be ready.
Versus if you're on the dedicated ones,
those are using EFI.
I got you.
And I don't know how universal that is.
So maybe do spin up a test one
and check out what the default Hetsner image does
for that whatever VPS model you choose.
And this is MIT licensed.
HCloud.
upload image. We'll have it linked in the show notes.
All right. So my pick is
Launcher Studio. If you
find yourself downloading the Go binaries
as Wes suggested or whatever they might be,
so that way you can run them on your mute's distribution,
well, it is kind of a
bummer that you don't get a
icon in your menu or if you use an
application launcher, you can't just easily type the name.
Launcher Studio is a GTK4
open source desktop application
that lets you create applicationlaunchers.
Dot desktop files on modern
Linux desktop environment.
So if you got a custom app you've written or a download or something like that that didn't get a proper menu entry for your launcher or your menu, you can use Launcher Studio, which is the latest and greatest in what has been kind of an ongoing series of applications that do this kind of functionality that have kind of come and gone over the years.
It's MIT licensed and it is Russ-based.
I mean, despite being GTK-4, it does sound like it could be maybe handy on something like Katie in the next for your random side-loaded stuff and you want a nice...
Oh, it was.
No, it works.
That's what I used it for.
via Flatpack. It's available on FlatHub.
But it also works on Hyperland because it's
creating dot desktop launchers
in your dot local share applications
folder. It's already a standard. It's already
a standard. So any desktop environment that looks
at that for dot desktop files will support this
which as far as I know is like all of them today.
And so that is Launcher
Studio. Now Wes, you've got a
couple of handy little proxy picks, if you will.
Yeah, well, as I offloaded this VM,
now it was on a Headsner IP address. And there's some stuff like, you know,
I like using YTDLP to pull down
some things and it can get fussy about IPs sometimes. And so I thought, well, I have a residential
IP. I'm not trying to do anything crazy. What about just a proxy? Of course, they're already on a
mesh network, but I didn't really need to route the whole thing. And I could do like forwarding
individual stuff. But for the use case I was doing, it made a little more sense to just set up a proxy
because I really didn't need everything to go through it. It was just some specific requests.
So first, I found tiny proxy, which is a lightweight HTTP and HTTP proxy damon for POSIX
operating systems, written in C, it's a classic GPL2 license, but still seemingly actively
developed and it has a NixOS module. So it was super easy to set up, enable equals true, of course,
and then for the settings, you can pick the port, you can pick what address you wanted to
listen on, timeout options, and then what's really nice is they let you configure, like,
insider format what networks you want to allow requests from. Okay. So I could say, like,
only allow my local land and my mesh network, you know, or local host, too, or whatever you
want, but you can have it
listen globally and then further segment it if you
want. So it's quite flexible for whatever security
strategy you might want. Okay.
So that's one option. That's just if you can
just work with a regular HTTP proxy.
But wait, there's more. There is more.
This one doesn't have a license, so
beware on that. Maybe we should get an issue
going for that, and there might already be one, but it is
Rust. Okay, all right.
And it's
SOX to HTTP proxy.
An executable to convert SOX5 proxy,
into an HTTP proxy.
What are we using this for, Wes?
Well, maybe you need an HTTP proxy.
Something doesn't support socks, right?
I do. I often need an HTTP proxy.
But maybe you don't want to go stand up a whole proxy infrastructure.
I do not, Wes.
Right? But everyone has SSH.
And SSH has dash D, which can run a SOX proxy.
Yes, it can.
So if you combine this project with that, now you have an HTTP proxy.
Oh.
So now you can go use SSH to funnel your HTTP requests without having to have specific socks support.
easily over maybe your mesh network.
All right, you got me.
That's pretty cool.
So, I take it.
You're using this?
No, well, I just set up to tiny proxies.
So I did try this out.
I thought out of it too.
I was trying to guess which one you stuck with.
This seemed really nice.
But for me, I was like building something
I was just going to leave as infrastructure
for ad hoc stuff.
This seems like it would be very handy
because you already have SSH.
Yeah, very much.
SSH is my, you know, it's with me everywhere.
KD Linux, turn it on.
Turned on SSHD.
In fact, we were SSHing into each other's KD Linux boxes.
That was fun.
That was great.
Powered by Nebula.
Katie Links is really coming a long ways, and I can't wait to their future releases.
And I think if you're a plasma fan, it is worth your time to dip back in and try it.
Like Wes said, it is an excellent VM citizen, too.
Snappy, smooth, resize the VM window, you know, my spice window, whatever,
resizes inside there perfectly, no complaints at all.
That kind of stuff used to crash these things, you know.
It's come along so far.
It's also a nice place to check out some of the latest in thinking about,
ways to put together Linux systems if you like that kind of thing.
And plasma.
Yeah.
All right.
Well, if you're going to be in Pasadena around March 5th to the 7th, come say hi to us.
We do have meetup.com slash jup broadcasting.
We'd love to say hi to you.
Of course, you can send us a virtual message with a boost and be there in spirit as well.
And then, if everything goes as planned, we'll have an episode for you next week from
Pasadena, either from the scale floor or from our Airbnb, something like that,
with all kinds of fresh takes from Planet Nix and from Southern California's Linux Expo.
the largest in the Northern American area.
Wes, one last pro tip before we go.
Tell people where they can get more metadata around the show.
Yeah, well, if you want chapters,
sure.
You know, but what if I want them in a really good consumable way
that the machine might like?
Oh, well, then you want JSON Cloud chapters.
Who's been had?
Who's been like two, three years we've had those now.
Yeah, that's right.
Just a JSON file.
Well, you've got to read the XML file that is the feed,
and then you get a JSON file.
Then you get the JSON file.
Don't let that bother you too much.
Don't think about it too much.
Just read the chapters and enjoy them
and skip around the file as you like.
or if you want the full complete story, for whatever reason, we have transcripts.
Yeah.
ETT and SRT, and we attempt to diarize them so that you can actually tell which of us said the silly stuff.
We give it a shot at least.
We hopefully will be live next week, no promises.
We never really know.
Sometimes we do have to pre-record.
But if you have a podcasting 2.0 app, we'll try to make it pending in there.
And I hope to see you next week.
See you next week.
Same bad time.
Same bad station.
Links to what we talked about today are over at Linuxunplug.com slash 6.
5, 4.
LinuxUnplug.com or all the great shows at jupiterbroadcasting.com.
And if you'd like even more show, you have the membership options or the Mumble Room.
You can show up like lots of people have.
Dozens of people have shown up right here in our Mumble Room this week to listen to a low-latency opus stream.
And we love it.
It makes it a live by.
That's great.
Details at LinuxUnplug.com.
You never would have guessed.
Thank you so much for joining us on this week's episode of Your Unplugged Program.
And we'll see you right back here next Tuesday.
As in Sunday