LINUX Unplugged - Episode 155: Snappy Collaboration | LUP 155
Episode Date: July 27, 2016The devil is in the details & we dive right in when Martin aka Wimpy returns from the Snappy Sprint & shares his experience from his recent trip.And in light of KeepPass getting an audit by the EU, wa...s ask our Virtual LUG to sound off on the projects they’d audit if given the means & why.Plus great updates from all around open source & the Starbound server challenge!
Transcript
Discussion (0)
Okay, so Mr. Wes.
That is me.
Mr. Wes, should you choose to accept it, I have a challenge for you to take place during this episode.
What?
In episode challenge.
Yep, and in episode challenge.
You can say no.
Feel free to say no.
In this episode, I thought it would be particularly cool if we set up a server for Starbound.
Now, I've linked instructions.
It appears to be a pretty straightforward process
to install on an Ubuntu server.
The only tricky thing is,
and this might be the hard part,
is it requires a Steam login
to download the binary
on an account that's already purchased.
Now, I could provide my credentials.
Ah-ha.
Because I've bought...
Oh, but I didn't buy it on Steam.
I got it on GOG.
Hmm.
This is like...
How much does it cost on Steam?
It's like 15 bucks.
This is, this is Minecraft, but way cooler.
It's space travel.
You go to a planet.
There's multiplayer co-op.
You collect resources.
You build tunnels.
That sounds awesome.
Caves.
And we could set up a Jupiter Broadcasting server on the jupiterbroadcasting.org domain.
And we could all play.
That would be awesome.
This is a time sucker that makes Minecraft look like child's play.
And it just came out for Linux Starbound.
It was actually at Kickstarter for a while.
Oh, that's where it sounds familiar from.
I saw it on Kickstarter. So take a look at the link, and let me know if you want to take the challenge.
We'll find out at the other end of the intro.
This is Linux Unplugged, episode 155 for June 26, 2016.
Oh, welcome to Linux Unplugged, your weekly Linux talk show that's making sure to drink all of its water and still leave room for beer.
My name is Chris.
My name is Wes.
Hey there, Wes.
Hey, Chris.
Boy, these look like some great brews you brought in on the show today.
With a fun name.
Oh, yeah. The Narrows Brewing? That's not it. That's not the fun part. What's the fun part?
The fun part is it's the Galloping Gertie Golden Ale.
That is great. That's not what we're here to talk about, though.
Coming up on this week's episode of the Unplugged program, we're going to go a little bit down history lane.
Talk a little bit with Mr. Wimpy about his travels to the Snappy Sprint event.
Later on in the show, we're going to talk about a very important open source project getting audited and ask the Mumble Room if you could audit any open source using
a set amount of money. So there's certain
limitations. Which projects
would you audit to see how secure they really are?
We'll ask them when we get to there.
Ooh, I'm curious. Got some really interesting
new code open source this week from a company
you probably wouldn't think is open
sourcing code. OpenBSD
says they're even more secure than ever
now because they're getting
rid of Linux compatibility, aka the Linux vulnerability, as they say.
Yeah.
We'll talk about that coming up in the show.
A friend of the podcast here has got a new release.
We'll talk about that.
And last but not least, at some point, we're going to find out if Wes can complete the
Starbound Challenge. Now, he's already begun, ladies and gentlemen. out if Wes can complete the Starbound Challenge.
Now, he's already begun, ladies and gentlemen.
So, Wes, you have accepted the challenge.
Challenge accepted.
I think this is going to be great.
Now, I haven't played the game a lot because as soon as I saw the multiplayer, I thought, well, how do you do this?
And there's just not a lot of servers out there yet.
So, we'll see if it's possible.
Wes is working right away over there on his Sputnik laptop.
You know it.
With a nice unplugged sticker, too.
Yeah, I like that.
It's looking good, Wes.
That's looking really good.
All right, well, let's bring in our virtual lug so we can get into the stories.
Time-appropriate greetings, Mumble Room.
Hey, hey, hey.
What's good?
Hello.
Hello.
Hi there.
Well, it's good to see you.
It is good to see you.
So I have some good news I want to start with because it's good news from the least likely source,
and it happens to be right on the heels of us talking about this last week, which is always a lot of fun.
West spotted this particular story.
It's called Surround360.
It's a project by Facebook to make software pipeline, an entire rendering pipeline to do VR360 images.
pipeline, an entire rendering pipeline to do VR 360
images. And also
they have in here, they have the code up on GitHub, but
also in here, they have some really cool
specs. It looks really cool.
And a super cool video of the camera
that you need to do this with.
And that is all very
fine, and you can watch the video. It's got a great soundtrack.
Yeah.
Yeah. Super inspirational.
And they're building the camera and they're
putting it all together and it does look really cool it's like a dome with a whole bunch of image
sensors on there their stitching software takes the images captured by 17 cameras in the surround
360 and transforms them into a stereoscopic 360 panorama suitable for viewing in vr the software
vastly reduces the typical 3D 360-degree processing time
while maintaining 8K per eye quality,
which they think is optimal for VR.
They say the rendering stereo 360 video is a hard problem for a variety of reasons.
It takes a ton of RAM, roughly 120 gigabytes of data per minute of video.
So that's even double when you go to 60 frames per second.
There's little room for error because any inconsistencies in the stitching really look
bad and stand out.
In order to create VR video practically, we need to be able to process all this data as
fast as possible, which is often in exact opposition to maximum quality.
So this thing, this software, it's really amazing.
They talk about the acquired tangular.
I don't even know how you say this.
Equatorial?
Equatorial triangular?
Equatorial triangular.
Basically, the Earth turns out as a globe and it's that when you start, they have a die, they have a die.
I can't even bother to get into it because I would just fail horribly.
I'm already beginning to.
But that's not the important part.
What's the important part is, yeah, they can figure all that spatial stuff out for the camera.
But check out some of the interesting details.
The cameras output raw pattern images right onto like a Linux box.
Then the image signal processor, which is part of the surround 360 rendering code, converts the raw sensor data into a standard RGB PNG
image.
Oh, cool.
It applies gamma and color correction.
Then the rendering system reads the camera images and builds the projections from each.
The projections cover a whole sphere with a rectangular structure and texture.
Each camera captures only a portion of the full sphere, but this can then be represented
on the projection.
They put it all together.
Equirectangular.
Equirectangular. Equirectangular?
Okay, thank you.
I don't know why I can't.
I can't.
I just simply can't.
But I like this.
And also, remember we just recently talked about how GStreamer is building in stuff to support.
So the timing on this is rather perfect because GStreamer just put in a whole bunch of infrastructure stuff and is beginning to work on more.
And then Facebook comes along and specs out the camera and releases a whole rendering
pipeline.
Yeah, exactly.
Good guy, Facebook.
I don't get to say that very often.
I don't really.
We were getting into a pre-show topic.
I can't even remember exactly what it was that Wimpy said that made me think of it.
But it essentially came down to my time is very valuable and I have to be selective about
how I spend it.
Oh, that's what it was.
It was about setting up more service.
Yeah, we'll put that in the post show hopefully.
Boy, that – boy, have I – if I said that maybe a million times, how many times I can't
even think.
Even in this show, I've said that. And that's why Joshua Drake's post
over at Command Prompt Inc.'s blog
really made me
think. Now, he's part of the Postgres
SQL community,
and he's writing
a post that he titled
The Fall of Open Source.
Once upon a time, he says, FOSS was born
and it was about freedom.
It was about exposing quality within source code.
It allowed everyone equal rights and equal access to the technology they were using.
The idea was if you were capable, you could fix code or you could pay someone to fix it.
It was an ideology that there was something greater than yourself and there were an inherent right to build what was human.
I sat in a bar slowly nursing beards with other community members over a period of hours.
We spoke of many things.
We spoke of never ever doing a new post-sequel website.
We spoke of my disdain for Amazon Web Services since reformed with the exception of S3.
We spoke of life.
We argued.
We had honest discourse, and that's excellent.
There was nobody complaining of political correctness.
There was nobody claiming to be offended. There was nobody leaving because feelings were hurt. There was a
community member who passed out in his chair and dropped his phone. We walked him back to his room
to make sure he was safe, and all was good. This retrospective has been digging around in my gray
matter since that night six months ago. That is until I began to itch, and like any good community
member, I think I'm going to be scratching that
itch. And that itch was, my time is precious to me. It seems like a harmless thing to say.
Of course your time is precious to you. I would say that's probably true of most people. I know
that my time is precious to me. I make a point of working part-time from May to September so I can
take time for my family. The problem within the statement is context.
The statement came from a well-known contributor and a very smart guy.
The reference was in relation to why someone would use software as a service,
and the general idea was software as a service is awesome
because it allows me to have more time for me.
Then he says the great compromise.
A lot of companies have come up through the ranks
to become dominant players in the open source industry.
Meetup.com for user groups,
GitHub for development,
Heroku for software as a service,
and Slack for communications.
When considered independently,
there's nothing wrong with these services.
They offer a great value,
they increase productivity,
and more code gets developed. The problem is that not one single with these services. They offer a great value, they increase productivity, and more code gets developed.
The problem is that not one single of these services are open.
The use of these services creates an intrinsic advocate position
for closed-source software.
In turn, you will see the use of these services increase
whilst the use of open-source alternatives decreases.
Consider Slack, which widely is considered the hot new collaboration tool,
yet it doesn't adhere to open standards.
Its network is closed, as is its software.
And he goes to argue the worst part is that we had Jabber, which is open source, has a similar environment as Slack, supports voice, video, plugins, external protocols, bridges, image embedding, video sharing, file sharing, and yes, chat.
It also supports federation and allows communities to communicate between each other using XMPP.
He says the Postgres community hosts their own code repositories, websites, and mailing lists.
We collaborate in a true version and vision of open source and actively reject moving our project to an externally hosted facilities controlled by services which are not open source.
The community puts forth the effort for the community.
not open source. The community puts forth the effort for the community. The moment that open source becomes primarily about my time is the moment that open source is no longer a movement.
It's no longer an ideology. It's no longer about fairness, freedom, equality, rights,
or the greater good. Damn. Wow. Nemo, I'll let you jump in first. I see you tagging me.
And then I'll let Wimpy jump in there. Go ahead, Nemo.
Right. I mean, okay, so what I say is the value of open source is not, you know,
your time is no longer wasted by or you can no longer trade money for time.
It's that no one has a monopoly on support so if
uh if someone else can't support it you can in which then you're definitely using your time as
valuable to you yeah that's definitely a value of open source i completely agree good point
um wimpy uh you think maybe this is a little clickbait your thoughts sir um yeah a little
bit i mean there's there's a point there but all of the projects that he cites so slack and github
for example there are open source alternatives to those matter most and rocket chat for slack
for example yeah and git lab instead of github, well, Gitorius has sadly died, gone into bit rot.
But, yeah, I mean, the code is somewhere if somebody wants to resurrect it,
which, of course, is what open source is great for.
And, you know, Mattermost and GitLab integrate very nicely now.
So it is convenient.
You know, we were just talking about this earlier on the show.
You know, having to do more of the thing you do as your job in your spare time is not very appealing.
So I'm reluctant to do service stuff in my spare time because that's what I do all day.
But to say that these closed services are the death knell for open source, I think is a little bit off the mark because the development platform, the development infrastructure is all open source.
So all of the tools and platforms that are used to deliver those proprietary services are all open source.
So consequently, while you have the likes of Slack and GitHub creating their proprietary software, they're also inevitably going to be contributing back to a number of open source projects along the way. services and one of the alternative you know one of the alternatives like matter most or git lab
is out there and not quite doing it for you then you can contribute to those projects so
i felt i felt the title was a bit clickbaity and i also felt that the prose was a bit sort of
flowery and meandery in that article could have got to the point could have got to the point in
about four sentences rather than four pages yeah i, I do see what you're saying.
And I think it's – Well, once you've started, it's just so hard to stop.
I think what – partially it is a failure to recognize a division.
Like so for myself, there are moments where I would opt to go with a hosted solution.
Slack might be an example of that where – and then there's other moments where I'll opt to host and roll on my own.
Like we were just having a sync thing conversation a little bit ago.
And those are just different priorities and sometimes it's for ideology and sometimes it's simply for practical reasons.
And I feel like we sometimes in this conversation forget that there is room for both.
There is actually – we can have both sets of users and it doesn't mean one thing is dying or one group is defeating the other group
both sets of groups exist and coexist and use the software for different reasons and that's what
that's how i look at it what proprietary software is unethical well there's that uh well then you
can choose any other camp but that proprietary software can also spin off
open source software so for example i was looking for a tool like slack for the ubuntu mate team
and in the end we went with hip chat because i don't have to host it myself you know there's
we use big bucket for pretty much all of our source control so there's a lot of good overlaps
there now as it happens i've ended up taking some
existing open source code and improving it because i've created some irc bridges from irc channels
into hip chat rooms so that we can see what goes on in irc within hip chat so consequently i've
taken something old and busted and made it work and that's now some open source
that's out there that wouldn't have been had i not been using you know hip chat admittedly it
supports hip chat so it ties into their apis but open apis are better than closed apis yeah and you
could make the same argument for a lot of services there uh that's interesting so i wouldn't be just
totally side sidebar did you try out matter most and rocket chat and just i thought or was it just sort of
the i don't really want to spin up another server was that the barrier um it's i'm perfectly capable
of running the server infrastructure sure but my time is limited in what i do in my spare time on
open source projects and i would rather that that time was focused on development and pushing the project forward
rather than adminning servers.
Yeah, and that's why it's not the death of open source right there.
That's just such a good point.
And, you know, why don't we take a moment?
And I want to thank DigitalOcean because when it comes to spinning up systems in record
time, nobody beats DigitalOcean.
In 55 seconds, you can have a rig deployed and you can be ready to go.
And if you're going to work with something like Docker, there's so many things that are
Dockerized now, containerized, I guess.
They have such a nice stack.
They have an Ubuntu LTS with the Docker software installed, with the repos added, and there's
also one with Nginx.
With the Docker software installed, with the repos added, and you can – there's also one with Nginx.
For me – and I think I've told you guys the story.
But for me, I was working on evaluating RocketChat and Mattermost and evaluating how they stood up to different testing.
Like how do I use it from the mobile?
How do I use it with the IRC bridge?
All the things people are going to ask once you make them use it.
Exactly.
And you know what? It's funny.
All the things people are going to ask once you make the music.
Exactly.
And you know what?
It's funny.
We almost went with one system I put in production at one point.
And the thing that was really nice to know was that I could revert back to a core system and reset it up within seconds to make sure it was done right.
I didn't have to put together some sort of hacked solution.
Ultimately, Sean set up a Mattermost server for us on DigitalOcean that's available right now to patrons. And that
has been running really great. It's a
really good system. It's super straightforward to set
up. And so far, it's
scaled brilliantly. So if you use our
promo code over DigitalOcean, you'll get a $10 credit.
The promo code is SnapOcean. It's one
word, lowercase. You put that in
your account control panel, it'll apply $10
to your account. Their pricing is really
really straightforward and the value
is crazy high. So that $10 will get you quite
a ways. And they got data centers in New York, San
Francisco, Singapore, Amsterdam, London, Toronto,
Germany,
and India. They have a really nice
interface that backs it all up. So if you have really no
experience, or if
you're an expert, you're going to actually be pretty satisfied.
Also, their API is really nice to work with.
We integrate it in with our workflow.
A lot of people do.
There's some good open source code already written, like an applet where you can add
it right to your menu bar and get the status of your droplets.
I love that.
Lots of nice mobile apps, too, that make rebooting on the go nice and easy and straightforward.
Your client's calling, ah, the thing's down.
Boom.
Actually, I've just used it, too.
My Quazzle server locked up on me one time, and I just opened it up on my Android app and just reboot the dro down. Actually, I've just used it too. Like my Quazzle server locked up on me one time.
And I just opened it up on my Android app and just reboot the problem.
It's also nice if you're like, well, is it a problem on my end or is it a problem on the server?
Okay, no, the server is fine.
And then the other thing that's really cool and gives you a lot of power if you know how to use it is their HTML5 console that watches it from post to login.
It's how you get certain things done that are really
cool and advanced at DigitalOcean. I just think it's
a great service. Use the promo code SnapOcean.
It's not like an advanced feature you have to
innate. It's right there. And it's just part of
the service. Part of it is
they're just really, really, really smart
about when they implement a feature, they do it right.
And what they focus on, like they're just rolling
out right now, block storage. You can get up to
16 terabytes of SSD storage.
They do SSDs for everything.
And, man, when they roll it out, they roll it out with just really good documentation.
Check out their community section.
Look at their – they have – speaking of Postgres, they have the article on setting up Postgres.
Here's Docker Composer or Docker Compose, I guess.
I've just been part of Docker, so it's fun that you can just deploy it so easily.
Look at this.
How to protect your server against HTTP proxy vulnerability.
Boom.
Right there.
Man, that's good timing.
Check it out.
DigitalOcean.com.
Just use the promo code SnapOcean.
And a big thank you to DigitalOcean for sponsoring the unplugged program, SnapOcean.
Gets you that $10 credit.
ArchStrike has an ISO app.
That's all I really had to say on this.
Just, you know, we've talked to these guys back when they were ArchAssault.
They sent me a shirt, which is pretty cool.
And for those not familiar, ArchStrike was ArchAssault.
It's still based on Arch Linux, which is totally as Morris says here,
renowned and lightweight and highly customizable distribution.
However, the goal of the project is to be a security layer on top of Arch.
It has 1,200 security-oriented tools for ethical hackers and security researchers.
But the thing that's newsworthy here is they've actually released their first ISO.
It's available for download today. It's 64-bit and 32-bits, and it's the first of its kind.
So congratulations to the ArchStrike team for getting your first ISO out the door.
Wes, you knew this was probably going to get me riled up when you linked this one in our chat thread earlier today.
I do like to rile you up, Chris.
Oh, man.
That Theo.
So OpenBSD 6.0 tightens its security by losing Linux.
That's the pitch.
Most significantly amongst the latest security-related changes for OpenBSD is the removal of the Linux emulation support.
Prior versions of OpenBSD made it possible to run Linux applications
via a compatibility layer.
But the release notes that OpenBSD 6.0
indicates the Linux subsystem was removed
as a security improvement.
If I recall from our
friends over at BSD now, I think it wasn't much used
and hadn't been actively maintained very well.
Makes sense for them to cut it.
You don't have
to do all the poking, though.
They've been making some fun on Twitter.
Yeah, right.
OpenBSD also has ditched the Systrace system policy enforcement tool for the security
and the removal of the user mount option,
which if enabled, allowed non-privileged users to mount file systems.
It's yet another security enhancement.
OpenBSD project lead Theo Durat stated that the user mount option allows any non-privileged program to call the mount and unmount system calls, meaning
there is no way any user can be expected to keep their system safe or reliable with this
feature.
No user mount for you.
My theory is that since Windows started doing Linux emulation, OpenBSD was like, no, we
can't.
We can't be in the same camp as this.
And they're out.
That's a good theory. That's actually pretty solid. I like that a lot. All right. I don't really have a lot to say about this, but I did actually feel like it was a little tiny teensy
bit antagonizing with the harassing on Twitter. And then they tweeted out and said the distros,
what'd they say? Operating systems that now have the Linux vulnerability.
And they listed FreeBSD, Linux, and Windows or something like that.
Yikes.
Yeah.
I just made my computer more secure.
You know how?
I removed wine.
Yeah, yeah.
It's kind of like that, yeah.
Not quite, though, because it's something that's required by the kernel as opposed to wine.
Sure, yeah.
You can use it in user space under your own user account.
But they can just reimplement it in user space.
You know how BSD loves reimplementing things in user space, right?
Is it, though?
But is it not installed by default?
Is it installed by default in OpenBSD?
And why the hell would that be?
I don't know if that's true.
Because it's not installed by default under FreeBSD.
So, I mean, I don't understand how those BSD.
You know what?
I've got to watch the BSD Now program
because they'd probably
set me straight.
I'm sure...
Like, it sounds like
they've already been
covering the story
for a little bit.
You know, they see
that stuff coming.
They sure do.
But I did feel a little
like, ha-ha, we gotcha.
We gotcha.
There's been a lot
of interesting security
news today.
There's a security
vulnerability that
supposedly bypasses
HTTPS on Mac,
Windows, and Linux.
Did you see that?
Yeah.
So security is,
you know...
Makes me glad that TechSnap exists.
Makes me glad that I've got my Linux Mint updates installed.
That way I know I'm secure.
There you go.
Off topic, does Alan allow you to set up?
No.
No, I don't think he does.
He should offer that as a hosted streaming solution.
So something happened.
And I feel like I should probably mention it on this show because it's relevant to the audience's interest.
You guys will want to know.
Six months after it happened, I finally – I have finally gotten off my butt.
I finally have spent hours putting together a new episode of the Roverlog of my trip to scale.
Yeah, and you can see some highlights of Mark Scholderwer's keynote where he's talked about – this was back in January where he was talking about snap packages.
And also Cory Doctorow's keynote kind of made me rethink my stance on DRM.
And I talk about that.
So that's where Overlog 16 just came out.
And I was watching this.
Man, that scale thing is a huge – looking back at my classroom, that is a huge event.
It is a monster.
Wimpy, are you by any chance going to make it to scale next year?
I don't know.
Here's hoping.
Yeah.
I would love to.
I haven't made it in my mind, but I think I'm going to go.
Anyways, if you guys want to see just a little taste of it, you can check out Roverlog 16, which went up recently.
And Roverlog 17 is already posted for our patrons at patreon.com slash today
which is the one where I drove into the tornado
which was a lot of fun.
I would check that one out.
So speaking of snap packages
Mr. Wimpy is here
and
he was not here last week.
No, no he was not because he was at
a sprint event
held by Canonical to bring people together to talk about Snap packages.
So why don't we – let's tell you what.
Let's open up the next block.
I'm going to mention real briefly here Ting.
Go to Linux.Ting.com to get the discount for the Linux Unplugged show and support the show.
Plus you'll have Linux in your URL history.
So that way when somebody starts typing L into your browser instead of your dirty porn
habit showing up, Linux shows up.
So linux.ting.com, go there to support this show.
Ting is mobile that makes sense.
It's my mobile service provider, has been for over two years because I just pay for
what I use and it's $6 for each line.
My minutes, my messages, my megabytes, which means if I'm smart and I do stuff over Wi-Fi
like I pre-download my podcast and I listen to downloaded and like my favorite Spotify playlist, catch those local suckers over Wi-Fi.
I do extreme quality too, which is when I'm like guilt-free extreme quality.
It's nice.
And then I just basically pay for the little bits of backup data that I use when I do go on the cellular network.
They have two networks, two GSM and CDMA.
You get to pick from what you want.
All their devices are unlocked.
They have really great, phenomenal customer service.
They're backed by 2Cals, which is an internet
company that's been around since before the dot-com boom.
AKA forever.
They're really in it for the long haul, which is super nice,
especially when you want a mobile provider
that's going to be around for a while when the deal's like this.
They have a savings calculator you can try.
Go over there and check them out. I was just mentioning the
Rover Log. That entire Rover trip I did down
to scale was off of Ting MyFi.
It's really nice. And when
you are traveling, it's nice to jump around from GSM
and CDMA. It's a little tricky
because you end up having two numbers,
but since it's only $6
for the line, it's not...
It's weird. I mean... Plus you get
to put a SIP number in front.
Give that to everyone. Or what I do is I do
Google Voice. Yeah, but actually I would prefer the SIP thing, I think, these days.
So check them out at linux.ting.com.
Thanks, Ting.
So I wanted to go ahead and do the Ting spot right there so we could just sort of open up because I have so many questions for Wimpy that I didn't want to have to interrupt him.
Prepare yourself, Wimpy.
I guess I want to start with what the hell is a Sprint event and how come I didn't hear about this and we're only certain like Linux elite invited to this thing?
What is a snappy sprint and how did you find out about it and why didn't I hear about it?
Right.
It was publicized.
So it was publicized through the Ubuntu Insights and a couple of the online.
I think Softpedia picked it up, right?
Yeah, Softpedia.
A couple of others picked it up as well.
So I was aware of it from that.
But then shortly afterwards, the Ubuntu community team contacted me and asked me if I would be interested in taking up a place at the Sprint as a community contributor.
I guess what I was kind of getting at is I kind of had the sense that this thing came together pretty quick.
You know, there was a brief announcement about it, but all of a sudden it's boom, let's do this.
And it seems like they were pretty proactive about reaching out to certain people to make sure they could make it.
Yeah, I think I heard about it about a month before it happened.
Oh, okay. That's fair. Okay.
Yeah. So I think it's probably best if you have questions you ask, because obviously
I was there. I went to a lot of stuff. My head is full of things to do with snaps.
I could fire off in all directions. But it's probably best if you've got questions,
you focus the conversation.
I have – in front of me, I have a Trello board with the Snappy Sprint topics on it.
So I have plenty of things to get into with you.
But if you don't mind, and you can only – you share as much as you feel like sharing.
But probably 99 percent of the people listening have never been to something like this before.
And so, I mean, could you just kind of paint a picture? Probably 99% of the people listening have never been to something like this before.
And so, I mean, could you just kind of paint a picture?
You flew somewhere.
There had to be like a ticket purchase.
There was hotel space.
What is sort of the setting like and the experience like going to an event like this?
Okay.
So the very first thing that happened is I was asked if I wanted to attend. I talked to my wife and daughter and said, can I take a week off work, not with you, and go to this thing?
Right. I didn't have any thought of that angle.
Yeah.
And they said, yeah, all right then.
So then I let the community team know that, yes, I wanted to attend.
And then I was contacted by Canonical's travel organizers.
And they basically sorted out flights
and accommodations in the room so I didn't have to I didn't have to pay for anything in that
respect so I had my ticket sent to me and a couple of days before the event a full itinerary of
you know what was going on you know everything you needed to know uh the one uh the one thing is that all of these events
uh canonical have a policy of room sharing so uh i was sharing with poppy
so yeah that was nice um uh so yeah flew out there on sunday uh sunday morning i left the uk
uh got to the event hotel mid-afternoon sunday uh the first evening that
sunday evening there was a drinks reception in one of the rooms so all of the people
attending had drinks and snacks get a chance to mingle a bit yeah yeah get to meet people
um the first thing that struck me is i knew there was going to be about 60 to 70 people at this thing and i reckon about
about 18 or so were from outside of canonical um so that was quite surprising you know and
they weren't just flavors they were you know from other distributions and projects completely outside
of canonical so that first evening was nice and uh i got to um you know obviously over the course
of the last couple of years working on ubuntu mate i've got to um you know obviously over the course of the last
couple of years working on ubuntu mate i've got to know a lot of the ubuntu devs through irc but
i've never met them um and the only drawback of attending this event is you know as that as they
do you favors and help you out you idly say you know if we ever meet i will buy you a beer yes well i was but i ended up buying a lot of beer
last week which is absolutely fine yeah i don't have a problem with that yeah yeah yeah so uh so
yeah my my investment in the trip was to make sure i i paid down my debt of beers to all of the people
i owed beers to good man wimpy um yeah and so in terms of how the event works so you're in
it's a large hotel uh i think there was five or six rooms in total there was one very large room
which could accommodate everybody uh and then uh four or five smaller rooms which could take
between i think about 20 people or so in each room this is legitimately a mini conference
yeah yeah it really was um every
morning starts with an opening session that says what we're going to do this day so you've got the
trello board there they basically explain where the rooms are what's going to happen and throughout
the day there are three tracks running and uh each session runs for about 45 minutes to an hour.
So it's very fast paced and it's sort of an introduction to a topic and some discussion around a topic and actions and proposals are taken at the end of each of those sessions.
There's a mid-morning break and Canonical provided drinks and refreshments and snacks in the mid-morning break and the mid-afternoon break.
And they provided lunch as well and breakfast.
So, yeah, they looked after everybody.
And then mid-afternoon, there was the option to go into the larger room and participate in a two-hour hacking session. So if you'd learned something or taken an action
or wanted to progress something,
you had a couple of hours each day
where you could collaborate and work on that stuff.
Was this one of the times Frank showed up
and talked to people about NextCloud?
Frank actually turned up sort of at the end of one of the days.
So I just happened to see him sort of wandering around the hotel looking slightly lost and i just overheard somebody say oh no frank from own
cloud should be from next cloud should be turning up in a minute and i bumped into him so i said i
said i introduced myself and then said i know where you need to be so i escorted him to the
right room and introduced him to whoever he needed to talk to did he have a camera with him
not that i noticed he'd have a camera with him?
Not that I noticed.
He did have a bag over his shoulder, I imagine.
That could have held a camera.
So very interesting.
So it sounds like a pretty high-rated event in terms of a nice room, nice accommodations,
some room sharing, but drinks and all can't be ignored. I look at the list here of Trello stuff, which is nice that it's public, and I'm not getting
a central theme or a central sense of this was with a big focus towards Unity 8 and mobile
or a big focus on cloud.
I'm getting kind of a lot of different priorities here from individual Internet of Things type
devices to full desktop applications.
Did you walk away with a sense having attended that there was like a core theme um there wasn't a core theme
um because as you can see from the trello there were lots of different topics you know the the
things that are marketing red that's the community and cross distro stuff and that tended to have a desktop focus so um
that was more desktop focus the plan for a runtime uh exactly desktop snap issues interesting okay
and and gnome uh runtime was part of that session and arch linux and the open suza obs snap
integration was in there as well and in the yellow sessions those were more specifically about
the evolution of snapd itself and snapcraft um so the sort of the fundamental tools and there
was a lot of interesting discussions there and then there was some new tools um announced i
don't know if these exist pre-existed but there's a thing called snap web now so that is
a um uh a web ui that talks to the um unix domain socket of snapd and presents a complete ui of your
snap environment so that you can very install that access the store, see featured apps,
and it even does clever stuff like if this is on a device,
it will show you the components that are specific to that device.
So there was some examples of router switches and stuff like that
that look very interesting.
Wow.
So there was a few things that did come out that surprised me. You touched on it there
just for a moment. You said GNOME runtime. I thought that was a Flatpak thing.
So the thing about, so runtime, I think is the Flatpak terminology. I think the terminology
that's going to come out of snaps is these will
be called platform snaps but you asked if there was sort of a general theme no but one of the
key concepts that cropped up all the way through the week is what they called content sharing or the content interface so that's a new feature and that is the mechanism by
which shared runtimes or platforms or things like artwork snaps can be created so that if you are
creating application snaps for the gnome desktop you can now use the gnome 320 platform snap as a dependency
and through bind mounting in the way that snaps you know integrate that will be a common platform
available to all of the things that require it so from an end user implementation would i have a gnome 320 runtime mounted file
system squash fs file system and whatever the application squash fs file system mounted at the
same time two different mounts for one application it would appear as one but underneath the yes it
would be two oh okay yeah yeah so it handles the magic behind the scenes and also things like
taking the artwork out so taking the themes and the icons set out of the applications and even out of the platform snaps and making those separately available.
And then there are mechanisms to then create trust relationships between those snaps so if they need to move in lockstep you can uh use assertions to actually
say these things have to move at the same versions if that's if that's the requirement
being very helpful yeah yeah not just in desktop but also in server deployment oh absolutely
it was it was a particular the particular conversation around is called gating in snap speak but that
that was particularly for devices where you may have a kernel component and an application
component that requires another and then the interaction between those three and to make
sure you can't accidentally have a snap upgrade in that chain that is not compatible.
I hadn't really thought of that particular problem.
That is interesting.
So did you get a sense of what is the application that can't be snapped?
Or what is the piece of software delivered for Linux?
I'm thinking of things like NVIDIA drivers.
Oh, yeah.
What are the limits?
Where do snaps stop and you have to use something else well there's there's two sides to this so there is the classic system that can install snaps
for example and you obviously have some host um requirements and the host can be a combination of the classic system and the core snap
and then you have a fully snapped environment where the whole device is a series of snaps that
build the complete environment so you only have snaps um i don't think that anything was discussed
that was an outright it can't be done an outright, it can't be done.
There are things that can't be done now, but, but all of those, all of the things that were
discussed were, this is the plan and we will, you know, cross that bridge when we get to
it sort of thing.
So there's, there's some more complex interactions to consider when like full desktop environments are snapped in their entirety and
how things like display managers and session managers and setting demons interact with one
another yeah you know so that's a little ways out but um in general i didn't what about something
though that requires like a kernel module at boot you know know, like a ZFS snap or NVIDIA driver snap
or a VMware snap that has a, you know,
the VMDK kernel module.
Yeah, so on devices at the moment,
you can have kernel snaps and gadget snaps.
So I think that, you know,
in that fully snapped device platform,
that's a possibility.
That's something that's been, you know, solved.
So I just want to throw just as an example, a question at you that might illustrate
maybe the variety of people in attendance. I see a card here for integrating SnapSupport
into the OpenSUSE build service. Is that actually going to happen, or was it just theoretical code
that is never going to be integrated upstream to the build service?
No, it was demonstrated. It's there already.
Whoa.
And in fact, that work, one of the screenshots I saw
was a build log from three weeks previous.
So they'd actually done some work prior to turning up.
Wow. Okay. All right.
So then the other thing that seems to be perhaps an olive branch
to the Fedora camp is I see entries in here for getting SELinux confinement.
Now, just to recap for the audience, one of the ideals behind snap packages is that they are confined to their own space and that they're – not only they're a little safer for the end user, but maybe isolated from security vulnerabilities a bit more.
And that confinement is currently, I guess you would say, created or done by AppArmor.
I don't know exactly what the term is, but AppArmor is used to create that confined environment, which is not really the paradigm that Fedora uses.
Red Hat is really behind SELinux, and so is Fedora.
And SELinux is also capable of delivering confinement like that, but I don't think Snap was created with that intention.
So how likely is that, do you think,
that maybe they could get SELinux support?
And did you get a sense from people that were there from Fedora
that this is something the project might actually adopt?
I got the strong impression that SELinux support is coming,
and there was some discussion around how that can be implemented
and one of the lead developers from Canonical had done the initial discovery work and was
confident that it could be implemented and I don't know what the schedule for that will be
but it was definitely considered doable and something that will be done at some point.
considered doable and something that will be done at some point.
The speed at which the Snap package, I don't even know, you can't even call it one thing,
but the whole ecosystem, Snap ecosystem is evolving, seems to be really fast.
Faster than AppImage and Flatpak.
It already seems to be more feature complete, especially when you take in some of the additional stuff that's coming out.
When you arrived there, was there anything that changed in your mindset after you left?
For example, is there going to be perhaps a shift in how Ubuntu Mate implements snaps?
Is it going to be maybe a greater snap investment?
Is it going to be still only certain applications?
Is anything in that regard changing?
So when I went out there, I'd got like three or four things that I wanted to understand so that I could better, you know, think about how Ubuntu Mate could benefit.
All of those questions were answered on day one.
So I was thinking, well, this is a good start because everything I came here for is now being, you know, I know what the road ahead is.
So I've now got four more days to find out all this other stuff.
So to give you an idea, one of the things I want to do is integrate Snap support into the software boutique.
And I wrote a prototype Python client that enables you to install and remove packages using you know the snapd api
but whilst i was there i was talking to um robert ansel one of the ubuntu developers and he's
talking about actually making a lib snapd c library and then exposing that via gobject and
qt object so that all of the other projects can wrap it and use it.
So, you know, things like that are just terrific
because that's a way that anyone can then exploit the facilities
of the Snap API within their applications
pretty much irrespective of what language you're implementing in.
Right, everything's got an interface to see.
Yeah, exactly.
And other things that I wanted to understand
was particularly this concept of runtime or platform snaps.
And you can see that was the first session on day one.
So after one hour, it was like,
oh, right, that's how we're doing it, fine.
So then the rest of the week was starting on some of that work.
limited access to things on the file system. And it looks like from the docs that I was reading from the elementary team, when they're looking at how to integrate snaps with elementary OS,
is there could be certain some of their programs that they make in-house for their desktop
might need special access in ways that maybe snaps don't facilitate now. I only briefly skimmed the
documentation, but it sounds like there's limited ways Snap software can access
the system currently. And some of those might be limiting. Am I tracking at all?
Yeah. So they're called interfaces. So when you use Snapcraft to create your package, you
tell your software what interfaces it can connect to. So one example is the home interface which exposes some of your
home directory and i'll maybe we'll talk about what that means in some expect some respects
and that interface is auto connected so what that means is when you install a snap package that uses the home interface it automatically connects that up
and that snap has access to those areas of your home directory that are available to snap packages
there are other interfaces that do not auto connect so you can install the snap package
you can look at the status of the snap package and see that is requesting that it
has this facility and it's down to you to actually establish that connection manually that's how it
is right now there are there quite a lot of interfaces and that's where a lot of the focus
has been if you look at the change logs on snapd and snap graft it's really been about interfaces and they're being added at a
lightning rate and will continue to be added to support the various use cases but the end goal
is to have mediation so if you've used ubuntu for devices on a phone or a tablet when that has
permissions that it requires it actually tells you oh uh this application wants
to connect to your camera do you want to allow that and you say yes or no there's an interface
to facilitate that question not at the moment but that's what's going to come so so you will tell
your snap what it can request and then it's down to the user whether or i don't know if there's an
override because for example some things you just absolutely have to be able to tell your snap
it can have this thing otherwise it won't work at all so i'm not you know i didn't see i didn't sit
in on all of these sessions so i don't know all of the nuances but the idea is that there will
be prompts to actually guide the user that Snap is requesting this thing.
Do you want to approve that?
So hardware aside, it sounds like it automatically has connection to your home directory, like any user space application might.
So yes and no.
Okay.
When you install a Snap that has access to the home interface, it actually has access to a directory, which is slash snap slash the name of the snap
slash the revision of that snap and that's where the uh the data and the dot files and things like
that so that's the equivalent of dollar home as far as that snap package is concerned um but it
can actually see all of the other directories in your home directory with the exception of any.directories or.files.
So snaps can't see any.files or.directories except for those that exist within their own data directory.
Okay, so that actually answers most of the questions I had around the security of it it and I'm sure I'll play with it more as it comes along.
So I don't – any other thoughts you want to share about the trip or about the event itself? When I go to something like this is the unexpected collaboration that happens sort of in the hallways, getting to meet people like you mentioned earlier and paying off beer debts.
I'm just kind of just kind of picking your brain as far as any other experiences you want to share on the trip and sort of any elements about that, about rubbing shoulders, anybody you got to meet or anything you want to share in that regard.
Yeah. I mean, obviously, the social track is just as important as the getting stuff done track during the day it is it is totally it really was and um so uh a group of
people that i got to meet and spent the week with most of the week actually because we were in the
same room a lot of the time was uh three of the guys from elementary so daniel foray uh cody garver
and cortan sorry i've forgotten your surname so those three guys from
elementary were there all week and yeah Daniel and I exchanged some notes on you know stuff he's
doing on with elementary and low-key coming up and I had a look through what they've been working
on and I showed him some of the new stuff I've been working on. So here's a little tip for you, Chris. You were talking about
the nice high DPI support in Linux Mint 18. You really want to have a look at Loki.
Oh, okay.
Because their high DPI support actually knows that it's on a high DPI capable machine.
That was my complaint. And it's just automatic high dpi capable machine that was my complaint automatic
yeah i will definitely check that out and and although daniel showed me the bits where it needs
um you know there's a few icons that aren't scaled correctly in spots yet but by and large it's there
and it's looking very polished and very complete now so So, and because all of their applications are all, you know, use that same design language
and they've been through the process of making sure that, you know, it's all high DPI,
they're out of the box default applications that are all high DPI and it looks the business.
You know, I completely agree with ReaCode in the Re-iCode in the chat room.
Elementary OS with those potential nice touches to detail combined with snapped applications
could make elementary OS a much more viable platform for me.
So I'll be really interested to try that out.
Good for them.
So three different reps.
I'm sure you're probably just too busy to talk to Clem.
I'm sure he was there.
Yeah. It seems like he was there. Yeah.
It seems like there was an intention to reach out to OpenWRT as well.
That's really interesting.
Yeah.
I think that was cool.
So I think it's fair to say that I've talked about the content interface sharing, and you're asking for a theme.
Definitely on Wednesday night, there was a meal.
Everyone that was there was in the big room together.
We had this fantastic outdoor barbecue and then did lightning talks.
And most of the people doing lightning talks were from the community contributors that had been invited.
very clear that that community participation and involvement um was important to developing snaps and making snaps work for everyone so you know it was it was very much a um bring this to
the wider ecosystem don't just focus on ubuntuuntu. It was clearly a strong message that came through this last week.
That's really great. Wimpy, thank you for sharing your trip with us. It sounds like the exact kind
of event that needed to happen. And it sounds like a lot of great people were invited. And it wasn't
just a big Ubuntu echo chamber, which is brilliant. And I think one of the metrics that I use to measure that is reading the blogs of people
from Arch and Fedora who came back and said, this is really something.
And that's pretty cool.
It's exciting to see that kind of on the verge.
And from an end user's perspective, you know, eventually this is going to work our way into
our desktops.
And when developers and others and packagers are excited to use something yes get software to us yeah that's awesome i know and it's going to give it a clear path for people
who want to bring software to linux which is really something to tell mike finally yeah i will
and so on on that point one of the last things that was discussed on the last day was talking
about proprietary software and the actual discussion was if i've made a snap for a
thing i can't redistribute what do i do about it but then the conversation evolved into there are
these companies that are basically dodging packaging their software in the appropriate
way for the various linux distributions because it's hard and there's too many things to target
so you get these dot run files or you get a deb file for
one architecture that maybe only works for one particular version of ubuntu and there was this
whole discussion about how we could potentially create snaps for those proprietary applications
and then send them to those organizations and say you could do it this way yeah really um and you
know that seems like that it's too hard excuse with things
like the shared platforms and Snapcraft going cross distribution is going to be a weaker and
weaker argument. And then on the end user side, GNOME software version 3.21.4 will have support
for installations of Flatpak repository files in the Flatpak repo format
and installation of snaps.
And this is going to make the end user perspective, at least on the GNOME desktop,
and anybody using GNOME software.
This is going to make this really straightforward.
Also, which is kind of neat and now a relevant thing,
sandboxing information will be shown for the certain apps along with the origin information when the apps are available for more than one source in GNOME software.
Which is, I mean, I can't wait to see that.
I'm getting really excited about the direction this is going.
And I don't even, I'm still happy if we end up with Flatpaks and Snaps.
I'm not necessarily pulling for one, but I think it's really brilliant what Canonical has been doing with snaps,
and I think it's really great
that the momentum they're building behind it
is likely to lead to success.
It feels like they're really on a good trajectory right now.
So that makes me excited.
We're going to check.
Thank you, Wimpy.
Thank you very much.
That was a great...
That was actually...
You painted a great picture.
I know. I'm excited.
It's almost like we were there.
You're welcome, thank you.
We are going to find out if Wes was successful in the Starbound Server Challenge,
which he was just, I like that you were down for it,
because I didn't warn you at all that I was going to be throwing this at you.
Not at all.
And, you know, before we reveal if Wes was successful and get to our next topic,
this would be a great spot to mention Linux Academy, where you could go to get the mad
skills to learn how to set up a server when you are thrust into a situation to do so.
Linuxacademy.com slash unplugs, where you go to support this show.
Linux, Azure, AWS, OpenStack, DevOps, they have great courseware on all of it.
Linux Academy is constantly improving their courseware.
The existing library and all the new stuff, super fast.
They have a great staff now working on all of this,
a great community full of Jupyter Broadcasting members
and instructor mentoring when you need it.
They got on-demand servers that spin up with the courseware
that match the distribution you've chosen from.
They have availability planners that are just the perfect touch
when you're super busy.
And last but not least, one of my favorite things about Linux Academy is they put you in a hands-on, real-world scenario so you get actual experience,
which there's nothing, nothing that gives you more confidence when you go to take the test or when you're just trying to improve your skill set.
Check out all the different features.
Go to linuxacademy.com slash unplugged.
Also, did you know they have a blog?
They have one of their new content creators,
Terry Cox, is sharing his experience
working at the Linux Academy.
Yeah, which is very interesting.
And you kind of see some of the passion behind it.
linuxacademy.com slash unplugged.
Go there to learn more and to level up your skill set.
Linux Academy, thanks guys for sponsoring the Unplugged program. And that's linuxacademy.com slash unplugged. Go there to learn more and to level up your skill set. Linux Academy. Thanks guys
for sponsoring the Unplugged program and that's
Linux Academy dot com slash unplugged.
Okay.
Alright.
Wes.
Were you
or were you not successful
in setting up
the Starbound server?
I believe so.
Oh!
Yeah!
But here's the thing.
I've only just got the client installed,
and I'm a little confused on how to point it at the dedicated server.
There's that problem.
Do you have it as well?
Do I have Starbound installed?
Yeah, I think so.
I think I have it on this machine.
Yes, I do.
Oh, so there's a... Oh, I see.
I see there's a separate server that got installed
when I downloaded this from Good Old Games.
Let's see here, Wes.
Checking in now.
Well, do I just join a game maybe?
Well, I was trying to start one as well.
So I have a character.
Oh, yeah, it's got a server address.
You have to create a character first.
Okay, I see.
So maybe what you need to do – yeah, so create a character.
Hmm.
Now, do we want to give out that address?
Because once we give it out, people are going to be playing on it.
That's fine. You think? I mean, we can always tear it down
when we... And move it? Yeah. Okay, so
chat room, if you want to test it, I'm going to give out the server
info, Wes. Okay, so how do I...
Where do I... Where'd you get that server info?
Well, so I already have a character,
so I don't know if mine's a little different. Okay, I made a character.
I went to join game at the front page.
Okay. And then I checked Starkbolt or Star K Bolt, whatever it is.
And then it just brings up the server info after I select my character.
Oh, yeah.
Okay.
All right.
So the server is starbound.noblepain.com, and it's port 21025.
I'm going to paste that in the chat room, too.
Noble Pain.
Oh, you have to have accounts?
How does that work? Oh, well, we'll have the chat room tested for us. So I'll drop it in the chat room, too. Noble Payne. Oh, you have to have accounts? How does that work?
Oh, well, we'll have the chat room tested for us.
So I'll drop it in there, because I want to play with some folks.
I think that'd be... I do, too.
Yeah, I know.
The binary's totally running.
Okay, so good job, Wes.
I mean, if you got the binary running, you're probably
pretty close. Nicely done, sir.
Well done under pressure, too.
I think that's pretty great. Alright, I'm pasting it now in the chat room.
So I had a topic while people are trying that out that I wanted to throw at you guys.
I'm so excited.
I just want to play the game now.
I was noticing that the EU is going to be auditing a couple of open source projects that some of us may be familiar with.
The KeePass project is one of them.
And I think also the Apache web server is going to be audited and WinSCP is being audited
and I think VLC.
I mean, there's several other projects that are getting audited in all of this.
Here's the background.
The European Union just announced that it will give the source code of the password
manager KeePass and the Apache web server a security audit. The idea is to audit
the open source code, and it started around December of 2014 when two members of the European
Parliament suggested an audit for free software used by EU institutions. All right. That seems
like, you know, anytime we want to audit something we rely on, I'm all aboard that train. Put me on there and take me to audit town. So I started thinking, what if the EU came to us, Linux Unplugged Show, said, okay, guys,
sat down with us, and it said to us, oh my gosh, it's Angela Fisher. No, no, it said to us,
we're going to give you a million dollars, and you can spend this on auditing an open
source project or two of your choice.
So we have a limited budget to work with and we have to be responsible in how we spend
it.
How and what projects, I guess is the better question, which projects would we choose?
How would we spend it?
And I wanted to kick it off.
So I was kicking this around.
WWE?
All right, WWE.
I'll answer my, I'll go last. WW, what was
your idea? How would you audit? What would you
audit? How would you spend the money?
I would spend the money to audit SE Linux.
Oh, to see if the NSA
put a backdoor in there?
Well, there's that concern,
but if you're a
security distro, you need to
be audited. You need to be known
is this secure or not? And then maybe,
you know, publish that information or use part of the money to audit it and make sure it's done
right and throw and just, and then just publish the information. This is what we found or we
didn't find, you know, so this can be trusted for now because it could all,
something can always change. So. Yeah. I was trying to think too, would, would I wanted,
when I want to audit something like Telegram or something like Firefox, and I don't think so,
I think I'd want to go myself. I'd want to go more infrastructure. I think if I was going to
pick a project, it would be something that I rely on and think of as secure. Something like OpenVPN.
Or OpenSSH,
right? I would love to get a real good...
Although, OpenSSH has a lot of eyes on it.
And maybe OpenVPN does too.
But the other thing that
would sort of crop up on my radar,
and I don't know
how feasible this would be, and it's not like it
hasn't... It's not getting looked at all the time, but I
am just not 100% solid on Tor.
And there's been a lot of changes.
There's been a lot of news recently.
Mm-hmm, mm-hmm.
There's been a lot of attacks against Tor.
There's been a lot of changes in the board.
Just like True Crypt,
I would love to have more eyes on Tor.
Yes.
From a third-party auditing standpoint.
And a lot of WireGuard.
Yeah, WireGuard.
Totally, that would be good to get just done right away.
Yeah, yeah, WireGuard.
And Tink, too, really. That would be good to get just done right away. Yeah, WireGuard.
And Tink, too, really.
That would be good. Oh, yeah.
WireGuard has such great performance, though.
It's awesome.
Oh, Wimpy, you have a great one.
Which one?
GnupG.
Yeah.
Yeah?
Oh, yeah.
That's one we all rely upon.
We've been told by folks like Snowden that it's solid, but, I mean, who really knows?
We've been told by folks like Snowden that it's solid, but I mean who really knows?
Not to be paranoid, but there are – if you listen to TechSnap, I mean we talk about it quite a bit.
There are entire industries now around finding these problems and selling them. And they have like Silk Road type markets where vulnerabilities go for certain prices in Bitcoin and whatnot.
In Bitcoin and whatnot.
Well, yeah.
It really is a growing market where people are finding these things and holding on to it and then there's people out there that know about vulnerabilities and then sell them.
So these kinds of things, I don't know.
They just freak me out.
It doesn't have to be an NSA conspiracy theory where the NSA is hacking you.
It could just literally be some jerk hacker who figured something out.
And like part of the benefit of it being open and it's kind of everyone.
And so we can all take responsibility, get things audited, and have a really solid base to build from.
Do you think it's worth auditing desktop environments?
Like the GNOME desktop or Plasma desktop?
Do you think it's worth that or is it just really rely on the tools underneath?
I could see it maybe for the enterprise case.
Yeah.
But you'd have to be careful about versions, right? to pick like a fixed point and yeah yeah and then somebody in
the chat room suggested snaps and snap d and it's probably not bad uh maybe app armor too
yeah good one reek i yeah app armor is not bad anybody else in the mom room having suggestions
before we wrap up yeah if we're gonna to be her line, not more and more here, right?
Yeah.
Yeah.
Yeah, X11, well, I think that would be depressing.
Wayland wouldn't be bad.
Wayland.
Yeah, that wouldn't be bad.
Yeah, I'd say go for the infrastructure stuff,
and Wayland would... No, not JB titles.
Don't look there.
Don't look there.
It makes JBot grumpy.
Continuing the audit of Let's Encrypt, I think, is happening,
or VeriCrypt.
Yeah, that's a good one, Wimpy.
FreeBSD. Uh-py. Free BSD.
Uh-oh.
Uh-oh.
Yeah, you know what?
They had to remove the Linux subsystem.
That was OpenBSD.
Oh, so OpenBSD then.
Yeah, okay, good.
Let's do that one.
Yeah, they talk a big game.
Let's see how they do.
OpenSSL, I think that's happening all the time these days.
ArchLinux, I think that's happening.
You know, Google has a project called Project Zero where they're literally going and investigating different projects.
Recently, though, they've been really beating up on antivirus companies.
It's been really fun to watch.
Yeah.
Okay.
Well, if you have any suggestions, I'd like to hear your thoughts.
LinuxActionShow.reddit.com or leave a YouTube comment if you're watching on YouTube.
What open source project would you audit?
Because I have a sense we're probably forgetting of some because we just kind of came up.
It's on the spot here.
Yeah.
But on the spot, my attack would be infrastructure and then go out from there.
Wouldn't it be amazing?
I honestly, if there was some sort of perpetual crowdfunding platform for security auditing.
And I don't think Patreon would be it.
I don't think Kickstarter or GoFundMe or anything like that.
There's some sort of –
Something different where I could kick into from time to time and say I want to help.
And then – do you remember the infrastructure project that the Linux Foundation set up? If they ran something like that, if it came from a foundation like that or a group of people that were organizing and hiring
the right professionals for the right tools and the right jobs and being very transparent about
how they spend the money and the reported, man, that'd be such a perfect companion to open source
security is to have the Linux Foundation or somebody like that organize something like that.
And I would love to contribute to something like that. I wouldn't be able to contribute a lot,
but I absolutely would love to.
I don't know.
If you guys have ideas, let us know. You can also go to the contact page at jupiterbroadcasting.com
slash contact.
That's where we get that business done. That's our official
contact page. Although really, to be honest with you,
for this show, it is more of a community experience.
That's kind of where the subreddit comes in
probably a little more. And also, we have
the mumble room.
And the IRCC don't forget them
no I can
I'm looking at them
right now
we always stare
right at their faces
you can find out
when we do all those
things at
jupiterbroadcasting.com
slash counter
it'll convert that
live time to your
local time zone
then you go to
jblive.tv
you plug that into
your machine of choice
and join the IRC
and then from there
bang mumble
you get our mumble
secrets
you hang out in our
community
our virtual lugs
always willing and accepting as long as your microphone works and you don't got echo yeah oh yeah knock that off bang mumble you get our mumble secrets you hang out in our community our virtual lugs always
willing and accepting as long as your microphone works and you don't got echo yeah oh yeah knock
that off knock it off knock it off linux action show.reddit.com is where you go to leave feedback
and topic ideas thanks so much for tuning this week's episode of the unplug program
we'll see you right back here next week Next week! You did it, Wes.
You did it.
I'm impressed.
Hello, everybody.
I didn't know if you'd be able to get going now.
Do we have anybody connected, though?
Yeah.
I mean, I see Rikai right here.
He's on there?
Hi, Rikai.
Are you in the game?
Are you in the game?
Oh, yeah.
I'm in the game.
Where are you, Chris?
That's the question.
Where are you?
I was doing the show thing.
A show or something?
Yeah, now that the show's done.
Starbound.
Thank you for doing the show.
I like that you got your name.
Well, you got your online name.
I should do that.
I have Westpain, too.
I wonder if I could get my name.
Let's just say I have a little too many variants of my own name.
So do I have it?
Do I just put anything in there for the server account?
Just leave it blank.
Oh, man.
I was supposed to put the port in the actual specified port box. I didn't see that because I was just putting anything in there for the server account? Just leave it blank. Oh, man. I was supposed to put the port in the actual specified port box.
I didn't see that because I was just putting it in there.
JBtitles.com.
JBtitles.com.
If you don't want to buy this on Steam, too, you can get it on Good Old Games, which is pretty cool.
I would love to mess around with this.
All right.
So assets mismatched between client and server, and the override option is not set.
Oh, I thought i did what does
that mean what does that even mean is that because i don't have the steam version oh is yours uh allow
can you edit your character how do i do that i think there was like an allow mismatch oh but
maybe that was the start game option uh yeah because that just puts me back in my world
this is no good wes this is no good well okay jebbytitles.com my boy i'm starting to it's
getting to update it?
Is that why the assets are
mismatched? How do you update it when you get it from...
Well, it's Steam. Oh, you have...
I could just go re-download it, I guess, but that feels
pretty old. They need to snap this up.
That's what they need to do. Snap it up.
Okay, guys. Well, I want to
say thank you to everybody for making it. I really appreciate it.
That was really fun, Wimpy, to pick your brain and all that stuff. I find it
fascinating, and it's good to hear a story from somebody who was there so that way it. I really appreciate it. That was really fun, Wimpy, to pick your brain, all that stuff. I find it fascinating. And it's good to hear a story,
you know, from somebody who was there. So that way it's not just our speculation.
You're welcome. Thanks for inviting me on.
Wimpy gets snappy. So that's the top title right now. Oh, geez. Oh, man.
Okay, I have a question for you guys. I would really like to consult with some folks that have some multi-month long experience with SyncThing.
I do.
What are some of the key tricks to getting like your discovery between SyncThing nodes or whatever it's called working?
And what are key things to know if you're frequently reloading machines or setting up new machines?
And also if you want to have a pretty sophisticated sync setup,
like I want to sync a lot of things between some machines,
but some of those same machines I want to sync with other computers,
only a couple of things, so complicated setups like that.
What are tips to make?
Because I feel like here's my problem,
and I don't even know where I've gone wrong because it's been about six months or so.
But I set up a sync thing instance.
I get two or three systems going.
Usually it's this machine here in studio, my machine up in my office, and a DigitalOcean droplet.
And I get those three things working.
And then at some point I reload one of them.
And I can never get that third, that reloaded machine
to rejoin up or something like sometimes it can see them, but they can't see it.
Um, we have fully working, totally fine DNS here in the studio.
Yeah.
Uh, I don't really understand what keeps going wrong.
And so because, because I'm always doing it when I'm super busy and trying to solve a
problem and just get something working, I never really spend a lot of time trying to really figure out what I've done wrong.
And it just makes the—
Is there really that much of a difference between the 64-bit version and the 32-bit?
Oh, file-wise or something you mean?
Like how many files it can do?
So, yeah, okay, I don't know, Arch.
That's a good question.
You're asking about a storage array, right?
Well, no, now I'm just asking about SyncThing best practices in general to keep a good SyncThing,
like, to keep something that's sustainable for me using SyncThing.
I want to be able to have confidence that I can blow machines away and re-add them to whatever my,
what is it called, a SyncThing swarm? What's that?
What is that called? I don't know.
Network sync thing? Yeah.
Nobody
has any advice for me?
I will say, personally, I've got one
running on my phone. It syncs all my photos down and anything
I do on my phone that I want to, you know, be saved
in my computers and backed up. Yeah, that'd be good.
That'd be a perfect use case.
I've got a Linux box syncing that and I've
got a server in my data center syncing that.
And so when you want to add your phone, what steps did you follow?
I just opened all the web UIs and all the machines, plugged in.
Actually, on the phone, I did the QR code thing.
So I'd share the QR code from the other machines, snap the QR code.
It got all the information, so I didn't have to type it all out.
So when you add a new computer to an existing sync setup you go to both computers administrative interface and you add each the you add each other to it
right you have to add each other yeah because they both have to uh recognize the public key yeah
sometimes you can just add it one way and then the other will start trying to talk to your
new node and it will say like do you want to add this guy who's trying to talk to you like yeah
based on this i have seen that sometimes yeah okay but i would say yeah it does like but i would just
add them on both yeah add them especially for the links that you really care about okay okay
yep i will also say i've that's what i usually have done but sometimes like when i add them on
each end like one of them will connect but the other one won't or something typically what i do
is i have it they all connect to the server but none connect to each other in between. How do you define which one's the server?
You just don't allow them to discover each other.
There's like an option that advertises neighbor nodes or something.
Oh, I try using that thinking maybe it'll help.
Okay.
No, it might help you.
It should be fine.
But just the way I do it is I have one server that they all connect to and they don't interconnect between each other.
And that seems to work for me. I'm not saying that's the only
solution. It just seems to work well because the
server has ports open that are guaranteed
and the IP address is static.
Yeah, I'll say, kind of in the same
vein, I've enjoyed using it with
Tink for an overlay network, but you can use whatever
overlay network just so you don't have to worry about
any of the apps. That's what I was thinking.
Tink would be a good use for that. Or if you have a VPN set up already, that'll add it to your home or the studio network or, you don't have to worry about anything else. That's what I was thinking. Tink would be a good use for that. Or if you have
a VPN set up already, that'll add it to your home
or the studio network or, you know,
just on the same subnet.
Well,
I feel that doesn't really make me feel
much better because you guys really haven't given me anything
I haven't already done. Yeah, it does sound
like maybe doing a little bit more manually and not relying
on the auto-discovery might be.
It'd be nice if you could centrally manage the syncing
of all those nodes if you have so many.
Yeah, that would be nice. Having to set them up
on each node is really frustrating and time-consuming
and tedious. Yeah, I think that's the one thing
it really right now needs as a tool to
centrally make all your
configs. Yeah, that does burn me.
Okay, so Ben Fitzpatrick is in
the mumble room. Ben was our
feedback question, who was also our Aborted Runs Linux for the Linux Action Show this Sunday.
What's the update there, Ben?
Well, last night my friend Jamie came by, and I did manage to get Arch running on my ProBook that I was showing you guys and I tell you um what the problem was was
I uh believe it or not had a triple boot setup going on and what happened was I had forgotten
to write grub into the EFI boot so I was like oh my god so the problem the whole time was grub was
not writing to the EFI partition properly so um I found the command on the ArchWiki, and then bang, it just started booting after I ran it from the EFI boot menu.
And then voila, I was in, and I got XFCE loading, awesome, everything, and it's all sorted.
So yeah, and then my friend Jamie came by and fixed awesome up for me and everything's
all good so yeah and it looks really killer and hey congrats man that's awesome so did you go
straight up arch or did you go with an arch derivative or what was your approach there was
a normal arch via architect and i gotta tell you okay architect is not being maintained anymore
yeah it still works and uh i tell tell you, it's really very simple.
Even if you're a new user and you haven't used Arch before,
it really simplifies things down to the minimum.
And I've done stock Arch before,
and Architect makes it a walk in the frickin' park.
Cool. Way to stick with it, man. Good for you.
I plan to, and I tell you, this thing really saved my neck.
Are you enjoying any of the process?
I mean, I know there's ups and downs with it,
but have you found it just intellectually enjoyable?
Yes, and I tell you, I've actually wiped my Windows boot,
my Mac boot, everything.
Hey-o!
That is great.
I'm actually considering dumping OS X on my MacBook even and throwing Arch on Mac.
What?
Highly recommended.
Well, I don't know about on the MacBook, but go give it a go and report back and let us know how it goes.
I will.
Thank you.
Oh, man.
So, okay.
This made my heart sink.
I just saw this go by the chat room.
Wimpy says that he abandoned his syncing setup.
Uh-huh.
Okay, Wimpy.
I feel like this is going to be...
Story time?
I feel like this is going to be what convinces me
not to use sync thing,
because I think Wimpy and I have seen eye to eye
on this stuff before.
So do you want to tell us what happened?
You know all those things you just explained
you were trying to get fixed?
Yeah.
I couldn't fix it.
So it runs along just fine until you need to change something, right?
Is that what kind of your...
Yeah, the problem I had is that even though there are mechanisms to support key exchange with multiple devices,
that just wasn't happening seamlessly.
And for the number of machines I have, that was a real showstopper.
So I did things to tweak the speed at which it would
pick up changes but um yeah it just it just wasn't working for me and i was bored with keep on trying
to poke it and make it go so i just gave up are you using something else in place or uh well not really i mean i had this one use case left which was um my dot i've talked
in the past about roaming profiles and how i was using that just to keep all of those dot files and
everything that was in my profile synced across all of the machines which is why i use it on so
many machines because i was using it on all the servers that I use, you know, my own personal servers and my workstations and laptops and what have you.
So I've used the same tool to manage the.file sim linking,
which is a tool called MacUp.
But now I've just got it hooked into a Git backend
because I can't be doing with the sync thing messing me about.
You know, it almost makes me want to throw NextCloud on something with just a ton of disk
because really where my own cloud sync issues have gone wrong is when own cloud has tried to do something clever like keep a duplicate copy so I could undelete and then runs out of storage because the undelete bin takes up all my free space.
And when I'm working with unfiltered clips and it's multi-gigs per episode, that happens within a couple of months, even with tons and tons of storage.
But if I had a lot of storage sitting behind it,
what I really like about the NextCloud syncing paradigm
is it is very close to the Dropbox one,
where I install a client, I log in to the client.
Now, in the case of NextCloud, I point it to my server.
I don't do that with Dropbox, but I log in and it begins syncing and it begins just participating in the case of NextCloud, I point it to my server. I don't do that with Dropbox. But I log in, and it begins syncing, and it begins just participating in the sync swarm without having to discover servers, without having to exchange keys.
And the thing is, that's pretty nice for me because any given week I've reloaded a machine for a show, and I have to sync several hundred assets to that machine.
And so I'm not always in the same place when I'm setting them up.
So maybe NextCloud will solve this for me but in the meantime um dropbox enterprise is like super crazy expensive so i'm ready to just dump it as soon as possible
but and it'd be it'd be so okay so open source if you could yeah yeah the last time i used own cloud was own cloud eight and i'm gonna
have a go with next cloud um and the other one that i had some good success with um was c file
um which is what next cloud is using isn't it under or is it cc i think no yeah that cc file
is right s se a file yes right and the only thing that puts me off that is um So yeah, that C file is S-E-A file. S-E-A-S-C. Yes, right.
And the only thing that puts me off that is
I really don't want to be adminning loads of servers in my spare time
because that's what I do at work.
I think we all appreciate that.
He's loved last week.
Yeah.
Yeah.