LINUX Unplugged - Episode 157: SSH: Heaven or Shell | LUP 157
Episode Date: August 10, 2016Our favorite tricks & hacks for SSH, debunking the Linux botnet rampage myth, the new challenges Solus is taking on & the inside track on how FOSS Talk Live went.Plus getting Ubuntu MATE on the BQ Tab...let, benchmarking Ubuntu on Windows & our quick takes on using Zim Wiki and TagSpaces to manage you local, secure notes.
Transcript
Discussion (0)
So there's one thing I thought we'd talk about before the show starts, and that's the Omega 2, a $5 Linux computer with Wi-Fi built in.
That is nuts.
And, of course, it's on Kickstarter with Kickstarter music.
We use development boards to build all sorts of cool stuff.
But most development boards on the market fell short of our expectations.
They're bulky, confusing to set up, and overcomplicated.
We usually spend
far more time
reading the documentation
than actually using them
to build things.
Today, we're changing that.
That is one of the dumbest
statements I've ever heard.
Say hello to the Omega 2,
the world's simplest
development board.
The Omega 2 is tiny.
At less than a quarter
of the size of a credit card, it can easily fit into any project.
But don't be fooled by its size.
The Omega 2 is powerful.
It is a full Linux computer.
That's right.
This tiny purple thing runs the same operating system that powers some of the world's most efficient credit card infrastructure.
The Omega 2 works out of the box.
It comes with built-in Wi-Fi and onboard storage.
Wow.
So it comes to life the moment you power it on.
Onboard storage for something that small is impressive.
The Omega 2 is familiar.
Built-in Wi-Fi too.
You control it with apps just like your regular computer.
We even have an app store so you can discover apps created by the community.
The Omega 2 is easy to program.
In fact, you don't even have to write any code.
It supports Node-RED, a graphical tool that you can use to create programs by simple drag-and-drop.
I'm having lab view flashbacks.
But if you are into writing code, the Omega 2 supports many programming languages.
So I was a backer of the Omega 1.
And, you know, also TechSnap host Alan Jude, huge fan of the Omega One.
They actually really delivered on the first Omega.
So they make some pretty funny claims, but they are already, because of their past success, they are just – look at this.
They are crushing it with a goal of $15,000. They have raised $268,392.
Wow.
Holy smokes.
So the Omega 2 is coming.
Show me the money!
I don't know.
I'm interested, especially with the built-in Wi-Fi.
This is rather incredible.
Yeah.
I wonder how—
This is considerably incredible. Yeah. I wonder how— This is considerably incredible.
Yeah.
I'd respect that right now.
With Wi-Fi and storage built in for $5, is that really—will it really be $5 when it ships?
Hmm.
See, if you pledge $10, you get your hands on the Omega 2 Plus, double the memory and storage, and double the fun.
And it includes a built-in microSD slot.
And shipping by November, too.
Really?
I guess that they've got the supply chain down.
Yeah, they've got the supply chain.
Look at that.
Look at that compared to a size.
Look at that.
That's compared to a cherry right there.
That is amazing.
That is amazing.
This is Linux Unplugged, episode 157 for August 9th, 2016.
Welcome to Linux Unplugged, your weekly Linux podcast that's wrenching all of the news out of the dry August month.
My name is Chris.
My name is Wes.
Did I get that right, Wes?
Pretty good. Pretty good, Chris. I like it.
So, actually, I thought at the beginning of the week we were going to have a small show for you.
And I hate saying that.
Right.
And I thought, okay, maybe we might end up with a medium-sized show.
We were hoping for a nice medium, average.
Yeah, because August tends to be a little slow.
People are on vacay.
Yeah, exactly.
But, no, it turns out we have a big show coming up on 157.
Linux botnets are on a rampage, apparently.
And it's because you suck at managing them, at least according to experts.
Ha!
Quote, unquote.
We'll tell you about this ridiculous story.
The guys over at Solus have a pretty nice, solid upgrade.
Humble has a bundle that actually includes some Linux games.
We've got some benchmarks that compare Ubuntu versus Ubuntu on Windows.
Native versus Windows.
And it's actually kind of interesting.
Snap's got some updates.
And then later on in the show, we're going to talk about our favorite SSH hacks.
One of the coolest tools ever invented for Internet communications, built right into our Linux box.
And there's so many neat things.
So we're going to go around the virtual log and talk about some of our favorite SSH tricks.
And Wes and I will share ours.
Plus, we'll tell you about a new feature in OpenSSH 7.3 that was just released.
It's really cool.
Then after all of that,
inspired by Noah's app pick this week,
I'm going to talk about how I have recently started using
tag spaces
to tag and manage my local
encrypted text files with
a system that
allows me to add keywords and
groups and labels and
metadata information on top of my file system.
Whoa.
Yeah.
That's very interesting.
It's tag spaces.
The community is – all credit goes to them, really.
I tell you.
You know what?
Somebody pointed me in the direction.
I looked into it, and I was damn impressed.
So I've just started messing around with it, and I'm going to give you my quick take on it.
But before we do that, we have community updates.
So let's bring in our virtual
lug. Time-appropriate greetings, Mumble Room.
Hello.
Hello.
Hello.
So I'm excited to
break this next story down with you guys.
Hello.
You know, I just smiled
when I saw the headline. It was one of those where I saw
it go by and I'm like, open a new tab.
Coming back to that one later.
And it is now time to share it with you.
Linux botnets are on a rampage.
This is CNN Breaking News.
That's right, Wes.
Not just your average rampage.
Oh, no.
Oh, no.
A rampage of epic proportions.
Oh, no. Oh, no. A rampage of epic proportions. Linux-operated botnet distributed denial-of-service attacks have surged in the year's second quarter due to a growing interest in targeting Chinese servers and WES.
This is according to Kaspersky Labs that was in a report released last week.
Now, I'm scared. I'm just going to come on right and say it right now. I'm scared. How does Linux fit in? Well, the Linux server is the go-to platform, they say, for orchestrating denial of service attacks because of its latent vulnerabilities, said Charles King, a principal analyst at Pund-IT.
A common problem is they're not protected by reliable security solutions.
He goes on to say.
Is he perhaps a vendor of any of that I could buy for him?
Some sort of yearly contract would be nice.
Why don't you Google?
I have a hyperlink, but it's Pund-IT, P-U-N-T-IT.
Let's see, their URL is Pund-IT.com.
We shouldn't give them any promotion, but that means you've got to look for me.
All right, so he goes on to say, this is a quote from this principal analyst here.
What the hell is that even?
That makes them prime targets for hackers, especially those that leverage C and C servers
to centrally manage and carry out denial of service attacks.
This is what he told Linux Insider.
Deploying leading security solutions as well as utilizing and updating established Linux
distros can go a long way to protecting against these kinds of issues.
So what are you grokking when you visit their website there, Wes?
Do they have some solutions they could sell me, perhaps?
Actually, not much.
It's a pretty minimal website.
So this guy's a BS guy?
Yeah.
Oh, my God.
I got to show this on the live stream.
This is embarrassingly bad.
You have to see this. This is like a WordPress template.
Like, this is as low-budget as it gets.
And this is a leading principal analyst that is railing against.
Okay, so he goes on.
This expert goes on to talk about how.
And by the way, listen to the logic in this. Listen to the logic and tell me how much sense this makes. He goes on to talk about how, and by the way, listen to the logic in this.
Listen to the logic and tell me how much sense this makes.
He goes on.
Remember, this is a botnet rampage.
Breaking news, you guys.
We don't see any changes in tactics.
Brute force and passwords, exploiting common vulnerabilities and web applications,
hijacking or sniffing wireless communications.
These are old and well-known issues and threats.
Now, brute-forcing passwords, exploiting common vulnerabilities in web applications, and hijacking
or sniffing wireless communications.
How is this taking advantage of latent vulnerabilities, quote-unquote, in Linux?
Right.
Sniffing wireless passwords and brute-forcing passwords?
That's not latent vulnerabilities in Linux.
This is trash.
Which, I mean, not to say that there aren't or that, you know, like Linux security is a very legitimate topic.
Right, yeah.
Especially in IoT in that reign.
But, yeah, you're right.
Like this would, what he was saying before really seemed like it was going to be a kernel level or something at the core here.
Now, John McCarty, he's got a Cisco cert and he works for Aztec Consulting.
And he, this is a direct quote.
Linux is becoming more commonplace and used in most embedded systems.
Okay, well, that's actually wrong, too.
I mean, Linux isn't becoming commonplace in the server environment, which is the context in which he's speaking.
Linux has been commonplace.
So that's, okay, that's a minor thing.
And in embedded systems, yeah, Linux is pretty successful.
So is NetBSD.
So is Android.
Those are other platforms that are also successful.
But he goes on to say these implementations are often not hardened or patched or upgraded regularly, which I agree with that, which has led to these systems being compromised and becoming part of a botnet.
I would like to see numbers because to me, and I absolutely have participated in the hysteria.
I hand up.
I thought you were going to say you participated in the botnet.
No, hand up to the sky.
I have participated in the hysteria, but the hysteria goes something like this.
There are so many unpatched Linux devices all around the world that at any moment the entire infrastructure could go Mr. Robot on us and we could all come crashing down.
Oh, my God, all of the patches.
That's the hysteria.
But we actually haven't had a doomsday scenario yet.
There hasn't been that moment where everything has come crashing down.
It is definitely reasonable and logical to be concerned,
prepared, and thoughtful about this issue.
But it is not necessarily
reasonable to be so
hysterical to say that Linux
botnets are on a rampage because people
can sniff Wi-Fi and crack
passwords.
There's a cognitive disconnect here.
I also wonder who exactly this
article is targeting because it's either I mean, is it like just the lazy sysadmins who – but there's not a lot of technical details.
And it really doesn't help like a desktop Linux user to do anything except for maybe like go try to buy antivirus software that they don't need.
You know what?
We'll bring up the antivirus software when it comes back to the Ubuntu on Windows benchmarks.
Turns out, big, big difference there.
Oh.
All right.
So just wanted to put that out there.
You'll see the news Linux botnet's on a rampage,
and it just, I scratched my head.
I don't see Ike or Josh in the Mumble room today.
They're probably too busy blogging or something.
They do a lot of that.
They do have some new features, though, in Solus,
which I wanted to just mention really quickly
because I'm always impressed with at the speed they get this cool stuff out they've upgraded their entire
gnome stack from version 3.18 to 320 nice yeah i know which that's not just like uh that's not
just nice because gnome 3.20 is pretty solid it also means you get things like flat pack but
it's also what's what's really nice is a lot of the GTK desktop distros, not all of them, and with some significant missing notable ones, but a lot of them are all landing on 3.20.
It seems like a milestone release.
Yeah, it's becoming a nice base, reliable.
I think the 320 will become the GTK platform for a while.
And so it's really nice to see.
And that's just I think. I don't know, maybe not.
It'd be nice.
It's a nice round number.
Yeah, and it seems to have a pretty wide adoption.
Another major change in Solus is they've got Linux 4.7 in there now,
which, of course, brings better hardware support
and under-the-hood improvements like AMD GPU support,
PowerPlay support, NVIDIA GeForce 800M support,
and Maxwell support as well as C720 trackpad support, finally.
And last but not least, USB 3.1 support, as well as support for third-party generation or random generation of Thunderbolt IDs, Polaris architecture support, multiple Radeon features, and Skylake improvements, as well as whatever skl rappel support is in color
management way the color management thing that's way beyond yeah me too but apparently it's in
solar sounds like a great girl colonel it does sound like it you know what it sounds like a
great distro yes it legitimately i you know me i'm always i'm always the one that's like oh it
doesn't have these packages but if uh if Ike could get over his apparent philosophical hump about snaps and more and more stuff started coming out of snaps, I could use Sol S's.
I mean imagine if the world's largest Linux podcast was using Sol OS or however it's pronounced on its desktop.
And not only would I be using Solo S on my desktop,
but I'd be screwing up that pronunciation all the time,
so they'd be getting multiple name mentions.
It's great.
And so if they just implemented Snap support, I could almost do it.
It's ironic, isn't it?
It's ironic.
Is this your tacit endorsement?
What's that?
Oh.
Hello, sir.
Wait a minute.
Wait a minute.
Did a wild Ike just show up like you say
his name three times you pronounce his distro wrong he's there i love it okay so wait a minute
because last time you and i talked you were like the anti-snap guy
well at least you very well articulated the other side i should say yeah i mean it's a case of for
and against but um i mean we've been a little bit more flexible about a couple of things lately like
electron apps are now allowed in solace oh that is a big such as slack like i was vehemently against
that and wanted it to die in a fire but i've allowed it in because at the end of the day
once you sit down there thinking it's like i'm a c guy and i'm gonna hate basically every bit of software that's ever been written by anyone including myself yep
so i was like well you know it's not really about what i want is it's kind of what the users want
um so electron apps and things like that are now finding their way into the repos i mean we've had
cody and everything going in in the last few days um so it's like massive growth like huge growth in
the last few days we've completely redone our infrastructure you know uh we've solved massive bugs that have been there since 1.0 in the last
few days complete stack update sky lake maxwell polaris support everything's just landed um so
what i've said is i would allow snaps as a secondary deployment mechanism but never as a
primary i think that makes sense i mean yeah I mean, if you wanted that available,
then yes, that could be done.
But I mean, as a primary mechanism,
that's kind of what I'm trying to get across.
And I don't know if everyone agrees with you on that point,
but I can see your perspective on it for sure.
Yeah, I mean, we spoke about the difficulty of dev deployment,
didn't we, before, as one of the main reasons for wanting something like Snap to exist.
But, I mean, you've seen what we've done with this last stack of updates.
That's just kind of not really possible anywhere else, ever.
So the way that we're built works for us, but as a secondary mechanism, yeah, I mean, I can make some exceptions.
Yeah.
I think at least for our case, it comes down to like sometimes you just,
even if it's a little bit ugly, there are times where you just need some software.
Very practical.
Yeah.
It's not about, it's about like, oh, I have to have this.
Yeah, I'd really love this thing right now.
It'll solve my problem.
I'll uninstall it later and be done with it.
Man, there's even apps where I'll make wine.
I'll use wine as a compromise for that.
And that really tells you something.'s down in the really do really really really strongly
request though like if you started to use snap i'd always suggest like whatever the app is you
happen to be using just request that we put it in repo and we make sure it's integrated natively
yeah so do you remember we was uh we spoke before about the having the maintainers between the
package and the distribution, right?
We just spoke about updating to GNOME 3.20.
One of the first bugs I hit was actually launching GNOME Calendar, which all of a sudden decided it absolutely required GNOME Shell for this one particular setting, which happened to be, do I show weekdays or not?
And these are the kind of bugs that come up where you need the maintainers because that could have been deployed as snap and it's like yeah i don't know what i'm doing i don't
know how to run what the hell what so i think that's where you need that middle ground and at
the end of the day we would like to get things integrated better just so they run that little
bit better for solos like i mean we've just integrated golang 1.6.3 rust 1.10.0 so you can
build these things natively you can take advantage of
our updates and you know like if you've got an app or something solace is you know we're kind
of going to bend over backwards for app developers um so as a an example budgie took something like
five or six months to get into debian um after going through all the political process with
debian and ubuntu and then getting it sponsored and monitored
because that's how things roll over there,
and that's the same for any new app.
In Solus, we kind of need the apps to be here,
so we're going to make sure your app is out there,
and you don't have to wait for a new major release
for somebody to get your features or rely on the Snap.
We'll make sure it gets integrated and it's working properly.
So that's kind of our value add.
So having the native forms over the Snap packages, it's always and it's working properly. So that's kind of our value add. So having the native
forms over the Snap packages is always
going to be preferable. I will definitely give you
this. You are catching my attention with these
releases. Yeah, me too. I'm looking at that.
And I was, Ikey,
I swear I was thinking of you on Saturday
because I went to go fire up a game.
I think it might have been Starbound, but I can't remember which one it
was. And I got a bunch of
Intel driver errors. That Solus Runtime, man. Yeah, I know. I think about might have been Starbound, but I can't remember which one it was. And I got a bunch of Intel driver errors.
That Solus runtime, man.
I know.
I think about that, too.
That's exactly what it was.
Essentially, there's just Arch, Intel.
Really, the solution was go use all your native libraries.
Go get rid of the Steam stuff that it installs.
I think we've been in the same place.
I thought to Solus, I thought, son of a gun.
Well, I've got news for you there.
So you've got, yeah, I was surprised to see this turn up.
So some nice Sol has packaged up Linux Steam integration in the AUR.
Yeah, I saw that.
It doesn't install.
I forgot why it didn't install for me.
Okay, so you have to move your user bin steam to
wherever it's configured the steam
to really exist, which is going to be like user libsteam
or something like that. Take a look at the package
build to see how they're configuring it. But you
need to mask where the steam binary is,
but then just install that, and then
you'll be using LSI instead.
I do love Arch, though.
That is almost the
Arch, this could almost be Arch's slogan.
If it's great, it'll end up in Arch.
Well, I think that's where something maybe that, to go back to earlier, the snaps can kind of play a role, especially if people are good about asking you guys to upstream stuff.
That's kind of what the AUR does for Arch is like a proving gown.
How much interest is there?
Wouldn't that be interesting if you could derive user interest by watching snap packages and saying, okay, well, this is probably something we should just bring in-house.
Right.
Huh.
Interesting.
All right.
So let's take a moment and talk about Snap since we've been talking.
There's just been a pretty cool update.
And then after we talk about this, I kind of wanted to pick Wimpy's brain because he published a Snap package that I am particularly interested in.
I am particularly interested in.
So Snapcraft 2.13 and Snapd 2.11 landed with support for downgraded and installed snaps as well as other things like new commands.
Buy, try, find private, disable, refresh, and revert.
These new commands let users buy various applications that are being distributed in snappy stores.
Also, they obviously allow other, not just Ubuntu, but other distros do the same thing.
They also allow you to find private snaps,
which I think is an interesting concept.
Disable installed snaps altogether,
as well as downgrade any snap package you've installed.
Now, this is definitely turning on some of the obvious features that snaps can provide.
When logged into a store, snap find dash dash private
lets you see snaps that have only been shared with you.
It's pretty interesting.
So snaps are getting some pretty cool updates.
And I wanted to pick Wimpy's brain about one of the snaps he published recently about maybe the process, what it was like.
It's called Pod Publish, a tool for encoding and publishing podcast content and assets, which has been, I think, a fork of something that Stuart Langridge started a while ago.
which has been, I think, a fork of something that Stuart Langridge started a while ago.
And I've seen people that work on some of our GitHub projects associated with this. So, Wimby, what is PodPublish and what was the process like of creating a snap of it and then publishing it somewhere?
PodPublish is a re-implementation of BVPublish that's written by Stuart Langridge for publishing the Bad Voltage podcast.
And is this like a bash script or is it something beyond that?
Or is it like a series of prompts that it asks you for information about the show and does like the tagging and encoding?
No.
So Stuart's was a Python implementation and I know Python.
So my implementation is in Python as well.
Love it. Love it. file and in the configuration file you specify the paths to your artwork and show notes in markdown
and what the episode number is and all of that sort of thing and it supports string interpolation
so you can define some sort of like global variables if you like in the configuration
and then they'll be inherited into the various. Yeah, exactly. And what does it assume is on the other end receiving this information?
At the moment, for the encoding process,
it'll encode to OGG and MP3 and MKV, which is H.264 with AAC audio.
And the MKVs are specifically designed to go into YouTube
with little to no re-encoding on YouTube end.
That is nice. Good idea.
In terms of the publishing,
it will publish to SSH or SFTP
using just about every authentication mechanism
you can muster.
And it will also publish to uh
wordpress uh it assumes powerpress at the moment as the only back in fact actually it doesn't
assume any back end at the moment it'll publish the wordpress and also upload to youtube
and you can you can define in the configuration which of those you have enabled or not. So at the moment, the Ubuntu podcast YouTube channel is banned for the second time.
So we have that feature disabled in our configuration file right now.
How does that happen, Wimpy?
Wow.
How do we get banned?
Yeah.
Because we've got out of copyright theme music from 1927 that somebody claims is oh here's the thing uh that
literally happens to me three four times a day so i don't understand why you got yeah it's a it's a
long it's a long tedious story we uploaded a load of stuff at the end of last year we basically
uploaded the whole back catalog of every of the previous eight years ah that'll do it yeah and
that and we got community strikes for that and then got banned
yeah yeah it doesn't take much managed then we persuaded them that we we'd been ignorant but not
malicious so we were unbanned but then we'd got a couple of strikes remaining on a few podcasts
you know a few episodes so i filed a um an appeal against one, and it was successful.
So I thought, brilliant.
I'll just do the same appeal against the other seven.
And then we got banned again because you're not allowed to appeal more than one at a time.
Yeah, isn't that a great system?
Wow.
And legitimately, I have thought about on just sort of principle getting off of YouTube.
But it really is a good platform for so many
people.
Like I just asked on the Linux Action Show on Sunday, hey, give me a comment if you watch
this entire show on YouTube, because it's not common for people to watch long shows.
Lots of comments from people saying they did, you know, I watched the entire show.
Also, if you're on YouTube, thumbs up this video right here.
If you listen or watch the entire Linux Unplugged on YouTube, give it a thumbs up.
Because what I want to demonstrate is there are a huge amount of Linux users that – and there's lots of reasons I hear.
Work blocks RSS feeds like FeedBurner.
Oh, wow.
That's a common one that I hear is work blocks X.
And the only way I can get around it is I use YouTube DL or something like this to pull your show down.
To pull the playlists or whatever.
Yep.
And there's a huge percentage of people that have, like, deals for YouTube.
Like, if they watch YouTube, they get it for free or they get a deal or it doesn't count against their cap or even for ISPs.
And so that's – so there's a lot of reasons to be on YouTube.
Plus it, like, makes it really easy to do Chromecast, that kind of stuff.
Yeah.
So I feel you, Wimpy.
I'm curious about this uh stuff how from just from the python angle yeah from like uh you know like for the
virtual env or pip requirements how is the snappy packaging gone um that was actually quite
straightforward the only complexity with snapping that application was originally uh that in snaps you can um stage packages and that
means pull in a deb and put that in my snap because i want to use it or things that are in
it and i originally staged ffmpeg and that didn't work but now snaps have got, they originally called wiki parts, and I think they might be called online parts now, but a way of pulling in an existing snap source part into your snap.
So now the pod publish snap actually builds FFmpeg in the specific way that's required by pod publish within the snap.
So it's got its own
special version of ffmpeg integrated within it that's very interesting so that was the only
only you know any sort of caveat but it works quite well it works better that way actually
because you can you know customize it just enable those codecs that you need and keep the size of
that ffmpeg implementation minimal yeah okay so when you, here's something I think we haven't figured out yet with snaps,
and it's probably going to be true with all the other universal application installers that may
or may not come to fruition. There's no contract. There's no guarantee on updates. You know, I,
for example, thought I'll use the Snap for Telegram and then very quickly discovered that it's several releases behind.
And then I realized, oh, yeah, of course.
Just because I'm using a Snap doesn't guarantee I'm going to get updates.
Back to Ike's argument about just using, you know, the Distress repos or package management system.
But, Wimpy, what are your thoughts on that?
When you publish a Snap, what is sort of the implied contract there?
And what are your intentions with something like Pod Publisher or other Snaps you publish?
So you talked about the new version of Snap earlier, 2.13,
and you mentioned the refresh command.
That is the command that will update your installed Snaps.
But it's still incumbent upon the snap author to actually uh what sorry go on carry on well i mean that my
my issue appears to be that the snap the snap authors are not updating their packages all the
time so the issue is not so much that i don't have a mechanism to update the snap is that they are
not how will you know what the schedule is what there's no implied contract yeah there's no established norm it seems like some it seems like
it's just up to the whim of the follow the master branch does it follow stable releases does it
follow nothing at all so the version of the snap should tell you what version it's uh using whether
it's you know tip of git or a git git snapshot or a stable release version and a lot of
the snap activity that took place making snap packages that took place through the snappy
plain pen initiative was lots of people making snap packages to find out where the edge cases were,
where it was difficult to create a snap or impossible in some cases.
The product of that is to try and get those Snapcraft packages
that were made adopted upstream.
So the view of snaps is it's the upstreams that will actually
maintain the snap packages and they will release snap packages in accordance with their release
schedules in the same way that they release new tables for example i see so like in a sense you
could have it almost integrated in with the CI systems or anything else.
Yeah, you can. I think this is true. If it's not true now, it will be. Everything in the Snappy Playpen is actually built in Docker containers in Travis CI, for example.
So it's quite easy to hook that stuff up.
See, I like that.
I have an idea for a new show, just a really simple show kicking around in the back of my head.
It would probably be only an MP3 just because it would just be for fun.
And I really like the idea of installing PodPublish as a snap and then using that to publish the show.
Ooh.
snap and then using that to publish the show oh so because that would be okay that'd be a totally cool workflow to to just you know use a snap in a way that is in a production workflow and something
that would you know i just think it'd be a really great experience especially with these new updates
that's where i'm kind of curious to see how snappy snap packages get yes deployed to enterprise because
that's one big thing where it's like if we've deployed our new release we really need to roll
back in the next 20 minutes and so having these kind of tools integrated in.
Yeah.
Yeah.
And you mentioned SnapRevert,
and that's the tool that does that now.
So you can manually roll back to the previous version,
and it doesn't just roll back the app.
It also rolls back the data.
Oh, wow.
For that version as well.
I see.
So if you've got, if you've, interesting.
You mean, when you mean data, do you mean application settings data or do you mean user data?
Yeah.
Oh, okay.
Application settings data.
Well, it could be both potentially.
It depends how that application is, you know, arranged.
Whatever's in the sandbox or that sort of thing.
Yeah.
Yeah.
Okay.
Okay, Wimpy.
While we've got your ear, I would love to know more about what seems to be a pretty neat development and kind of makes me want one of these BQM10 tablets even more.
I saw it come across your Google Plus feed here.
This to me – and I'm just looking on Google Plus, but it looks like Ubuntu Mate running on the BQM10 tablet full on touch and everything.
But that couldn't be.
That couldn't be because this is the Mate desktop and et cetera, et cetera.
Yes, it is exactly that.
So like all of the best developments in Ubuntu Mate, this came from the community.
It came from a guy called Marius
Kwebek. I hope I'm pronouncing your name correctly. And he had worked with somebody else
to come up with the basic principle of how to get this going. And he posted on G plus and I saw it
and said, please document how you did this because i'd be interested in taking a look so a
few days later he um pings me and sends me a document on how he did it and then i looked at
that and then started to think about how it could be refined a little bit because you know that's
what i do you know when we had the first raspberry pi version i took a look at that and figured out
how it could be slightly improved and the same with the power pc port and so on so i've taken a look at what marius has done and essentially the way
that he's done this is to spawn the um oh and then what he
does he then installs the ubuntu mate core meta package over the top of the unity 8 ch root and
then spawns the mate session into that XMIR window. And it works.
You know, touch works, and you can rotate the screen,
and the screen resizes, and it does all the things you'd expect it to do.
Nice.
And, you know, you've got things like Firefox pre-installed,
which actually work very well.
Curiously, it seems to work better than the version of Firefox
that's shipped along with the M10.
I haven't quite figured out why that can be the case,
but it appears to be.
So because I've done the work with the Raspberry Pi images,
I've got a build system for making root file systems for ARMHF.
So I've been tinkering with that
so that instead of having to put the Unity 8 image on
and then install some extra stuff into it,
I've made just a Marte core root file system
that you can just extract directly and use that directly.
And I'm just trying to clean up some of the rough edges
and find out how to integrate it a little bit more seamlessly
because it requires a little bit of hackery in order to sort of um okay scaffolding them up for x mirror and then run the session you have to do it all
through the the phablet shell and i'm trying to find a way to do it directly on the tablet so you
can just have a launcher icon click it and it starts here's my use oh go ahead oh maybe you're
about to say because i think my use case fantasy for this is not so much in full-on tablet mode, although that sounds useful when I need something quickly and I'm on the go.
But to me, what feels like the real ace in the hole use case for this would be I connected to an HDMI hookup and a Bluetooth keyboard and mouse.
Bluetooth keyboard and mouse. And now I'm using the Mate desktop on a lower end resources machine on a large screen that has, you know, perhaps a better response time. But I don't know. I mean,
what is the use case here? Because this seems, it seems at first like not, not, it seems like
Ubuntu Mate is not itself lended, as you might say, to a touch environment. It is not necessarily
the one I think of when I think of a touchscreen experience experience no it's not um i mean you can do a surprising amount actually by touching
the screen on mate and in mate one four we added some new features so you can make the menu icon
sizes and the panel icon size is much much bigger without changing the dpi of the whole ui
so you can actually make those a little bit more touch friendly myself i would i would absolutely
even if there was let's just say a compromise in some of the usability and a touch experience
if it meant it was a useful practical desktop experience and then i could have the same
information in the same state when i'm on the go and when I'm hooked up to it yes the same state that's really what it is if I
have notes in g-edit when I'm when I'm plugged into my window when I'm at my desktop when I'm
at the client's desk sitting down trying to remember what it was or when I'm at work trying
to remember that great idea I had for the show that same g-edit doc is still up on the screen
the show that same gedit doc is still up on the screen so what's what's important to understand here this is not ubuntu mate running on the tablet instead of ubuntu touch it's like running inside
ubuntu touch right it's running inside a ch root inside ubuntu touch and and it's effectively like a full-screen app.
So you can still swipe in and switch to the native touch apps,
but you can go back to it as it is desktop,
and it will work with Bluetooth mice and keyboards and all the rest of it.
Is there a performance penalty there?
There doesn't seem to be.
It's running extremely well.
of it is there a performance penalty there there doesn't seem to be it's running extremely well um and um because it's running in a ch root you've got apt so you can apt install those
applications that you want into that ch root to add the functionality or application richness that might currently be missing from the Ubuntu Touch
ecosystem. All kinds of tools I could think of. Yeah, absolutely.
That's a neat, you know, so Wimpy, what was, in your estimation, what's sort of the fundamental
thing that made this possible? Is it once you get Ubuntu on a device like this,
you can sort of just build out from there? Was there something else that made it? Was it a firmware thing? What was the quote-unquote enabling technology for this?
It's two things. It's Ubuntu and XMirror.
Right, because this is running under XMirror, isn't it?
Yeah, that whole desktop environment is rendered
with xmere and the performance is still pretty solid it's great boy that's see that's exciting
good well look at that and and it's so there's there's quite a bit of refinement to make this
a thing that people can use trivially i mean it's fairly trivial to use if you're comfortable with
the shell but at the moment you have to have a computer hooked up to the tablet in order to you know bootstrap it all
i'm trying trying to work around that so you can bootstrap it from the tablet directly
exactly that is going to be something the ipad could never know right like that's a fundamental
yeah and it doesn't have to be you know a buntu mate that's obviously what, yeah. And it doesn't have to be, you know, Ubuntu Mate. That's obviously what I'm interested in.
It could be Zubuntu, Lubuntu, Kubuntu, Ubuntu Unity, Ubuntu GNOME.
You know, all of those will do it too.
Well, that sounds super awesome.
Now, picture it, friends.
Picture it.
You take a BQ tablet like that and you combine it with a data connection from Ting.
Oh, I know.
I know.
It sounds impossible.
But friends, it is possible.
And it just got better than ever.
In fact, if you go to Linux.Ting.com, you support this show and get a little money off your first Ting device.
Yeah, yeah.
In fact, if you – here's another thing.
If you bring a Ting device, something when I say a Ting device, that's just a GSM or CDMA device that's compatible with Ting's network options. They got a page that tells you
all about that. They give you a $25 credit average first month, like, or actually every month, if you
just have one device, 23 bucks. So the $25 credit is kind of a nice thing too, if you already have
a device, but I want to, I want you to wrap your head around this. Ting is just pay for what
you use wireless.
$6 for the line,
plus Uncle Sam's take,
and then you just pay for what you use.
And the price for pay for
what you use just got even better.
In fact, our friend
Kyra is here to tell us all about it.
Data is now cheaper on Ting.
From now on, prices look like this.
Need more?
It's just $10 a gig.
That's what new customers pay.
That's what current customers pay.
It's simple.
We like simple.
See for yourself at ting.com slash rates.
You know what I hear the most, though, from people that switch to Ting after hearing our spots?
You wouldn't guess because, I mean, I guess I do hear quite a bit, OMG, I saved a ton of money.
I can't believe.
I do hear that a lot, especially from folks that are small businesses.
But the surprising one is the stories I hear about the experiences with their customer service.
So they have really good customer service.
And I get emails and tweets in a lot.
In fact, if you want to send those in, keep sending them in.
Go to the general comments and keep sending them in because people have been doing that.
And I haven't even really been soliciting this.
But keep doing it.
And if you want to take a picture of the note or something that somebody from Ting sends
you, please do.
Like, people are getting personalized, and I'm not shitting you here. People are getting personalized gifts from the Ting support. Wow. Like little notes,
little notes or like a, like a little card or something like that. And it's just, it's blowing
people's minds. And it's, you know, it's, I don't know if it's something they do all the time or if
it's just something they do from time to time. I mean, nothing is like the Ting customer service.
You call them, you talk to a real human being. And there's no BS.
They stick with you through a problem.
Let me tell you, I can testify to that.
The one time in over two and a half years I've used Ting, the one time I had to call
in was when I was doing the road trip to Noah's house.
And I don't know, I was in Montana or some crazy backward place.
And no offense, Montana.
And the Ting rep literally stayed on the phone with me for over an hour as we worked through all kinds of bad connectivity, problems with the CDMA network.
And none of it was Ting's fault.
And they still stuck with me until the end to make sure it all got working.
They could have punted at any moment.
And they didn't.
They have tons of nice devices you can buy directly.
All of them unlocked.
You own them outright.
Or you can bring your own or just buy it directly from the Play Store.
Check them out at linux.ting.com.
You want to go get a line for your tablet and only pay for it with the data when you have to go off Wi-Fi from time to time?
Exactly.
Ting is a great option.
linux.ting.com.
So I want to just take a real quick moment to mention that the Humble Bundle Survive This Bundle is out.
The Humble Survive This Bundle, I guess.
Oh, this looks great.
Yeah, and it is nice because they've got three actual games, which is somewhat progress.
Although all the ones I'm interested in, like this first one and this one that looks like it's a Mars one, not available for Linux because apparently they hate me.
But there are a couple of good ones like Rust Early Access available for Linux.
I think this Colot one looks kind of interesting.
Tell me about it.
Colot?
Yeah.
I actually haven't looked at the game.
I remember looking at it during the Steam sale, but it's narrated by Sean Bean.
It's an exploration adventure game.
So you kind of have to be into more of that like a little slower paced, a little creepy.
You know, you're kind of just flying around.
But actually it follows this like really kind of creepy incident where a bunch of graduate students died hiking this mountain.
Have you seen Rust?
Yeah, Rust looks fun too.
Yeah, it does.
And that's almost worth the price of admission right there if you don't have it already.
Especially it's nice to get a DRM-free version.
And when you give to the Humble Bundle, you can feel good about it.
Yeah, plus it's nice to see Linux stats on there.
Just saying, just saying. But yeah, I would love to see all of the games all of the
games also they have a discount on the humble monthly all right i was teasing it earlier um
and this is a little embarrassing to show on air because i don't know what happened you know dustin
i like him you know i've met dust he probably doesn't remember because it was years ago. But I met him at, I think it was Ubicon or something like that.
And I just don't know about this picture of him over on Linux.com.
It's like a picture for those of you listening.
It's all inverted.
So what's black is white and what's white is black.
And then they have the tux.
They have Dustin wearing a overcoat.
Yep.
Which he either. And then like a weird blue-. They have Dustin wearing a overcoat. Yep. Which he either.
And then like a weird blue green glowing skin tone.
Yeah.
And which he either sent them a picture of him like that or he took it just for this.
Or they shopped it.
Does it not look just a little bit kind of look like he might be offering you like on the cheap organs in an alleyway somewhere.
In a futuristic like sci-fi post-apocalyptic like
nuke war kind of movie yes it does new spleen sir yes uh yes it does although that said uh he is
rocking a bitch and beard in that photo and uh repping that so you know pretty much i'm not even
joking the beard makes the entire photo work doesn't it it really does if it wasn't for that
beard that photo would suck but tex needs a beard too. Quite literally, the beard in that
photo saves the rest of it because he's
almost got a...
I'm getting wafts of
Chuck Norris. Yeah, you are. Without the
beard here, it would be very different.
Right, but with the beard and that jacket,
I am getting wafts of Norris and then all of a sudden
it's gotten my attention. Oh, it also has the shitty
Windows logo on there. Anyways, if you scroll
down, he talks about benchmarking Ubuntu under Windows versus Ubuntu native. And he's doing it
on the Lenovo X250 with an Intel i7 5600 CPU, 16 gigabytes of random access memory, and 512
gigabytes of Transcend SSD and a two terabyte Samsung SSD.
So this is, in perhaps the kids' parlance, a hell of a machine.
And he's using SysBench for a lot of these.
And what's nice is he just gives you the commands to reproduce.
That is really nice.
Yeah.
You can just go on your machine and do this yourself.
Anyways, he had some interesting tests.
He wanted to nail the CPU.
He wanted to check disk IO, network performance, and of course, you've got to do the classic.
He built the Linux kernel.
You've got to do that.
That's required.
And so when he starts with the CPU benchmark, he said that he saw almost identical results between Ubuntu native and Ubuntu under Windows.
It took basically 2.8 seconds to run 10,000 CPU instructions.
Not bad.
But I want to move on to the memory benchmark
because this is where things got interesting.
So he's going to move 100 gigabytes of data through memory.
Native Ubuntu was able to move data through memory
at 4,235 megabytes a second.
Ubuntu on Windows was able to do it at 2,309 megabytes a second. Ubuntu on Windows was able to do it at 2,309 megabytes a second. So two
gigabytes versus four gigabytes. That's a second. That's a huge difference. This difference exposes
a bit, not only the difference in IO performance between the two systems, but also the overhead
involved with Ubuntu under Windows. So then another interesting look here was disk performance.
He says we're writing a one gig file with just nothing but zeros
synchronously to the disk.
Native Ubuntu yields about 147 megabytes average write speed to the disk.
Ubuntu under Windows manages to get 248 megabytes.
So a difference of 147 under native Ubuntu, 248 megabytes under Windows.
A massive difference.
How is this possible?
Well, it's a bit of trickery on Windows.
The flag that we're sending the DD command, the desync command, which is supposed to guarantee synchronous writes to disk,
command, the desync command, which is supposed to guarantee synchronous writes to disk, ensuring that every single byte is in fact written to disk and not cached in a buffer memory,
you know, kind of cheating the throughput.
That same flag was used on both the Windows and the Ubuntu machines, but it seems the
implementation of Ubuntu under Windows does not yet quite support that.
And you got to wonder about that, like in how many cases they're like, you know, there's
a lot of stuff, things
to implement in that layer, so it makes sense that
not everything is bit perfect.
And yeah, there's a big
translation probably happening there.
Network throughput, specifically testing TCP bandwidth
using IPperf. The native Ubuntu machine
averaged 935 megabits,
while Ubuntu on Windows,
an average of 805 megabits.
A noticeable reduction there.
But the one we've all been waiting for, the Linux kernel compilation test.
The native Ubuntu build took 5 minutes, 38 seconds.
While Ubuntu on Windows took 8 minutes and 47 seconds.
I don't want to wait that long.
No, no.
It's suggested, by the way.
Remember, I mentioned this earlier.
So Dustin contacted some folks at Microsoft.
And you know what their response was?
What?
I know we turned this on by default, but you might want to disable Windows Defender.
No way.
Yeah. Really? Wow. Yeah. You might want to disable Windows Defender. No way.
Really?
Wow.
Yeah, so now he didn't have time to try it, but that seems to be.
Well, if anyone has this Redstone stuff built in, you should try it. Get back to us about it.
So he concludes, from a performance perspective, CPU and network-bound processes will perform nearly identical in Ubuntu on Windows as native Ubuntu on bare metal would.
For heavily cached disk IO operations, Ubuntu on Windows might even outperform native Ubuntu on bare metal.
But for heavily randomized reads and writes and memory-heavy operations, Ubuntu on Windows does introduce a bit of overhead that might be noticeable in some workloads.
Pretty cool test.
It is kind of an interesting – even though you introduced this translation layer, it's kind of an interesting way now where you can benchmark a Windows system or a Linux system and then use the very same tool regardless of if it actually supports Windows or not and run the same benchmark.
So that's kind of interesting.
Yeah.
actually supports Windows or not and run the same benchmark.
So that's kind of interesting.
Yeah.
And, you know, it really does also speak to the rather awesome technical implementation that the Windows subsystem folks have done here.
I mean, that's pretty impressive.
Yeah.
It's damn near wine quality, you might say.
Also, it's probably a lot easier now.
You have Windows.
I mean, you want to install Linux, but you're kind of a purist and you want your own custom
compiled kernel.
Makes it a lot easier to do that too.
I want to continue to follow it with like a remote distance.
Like I'm not going to install Windows 10 and try it.
Right.
We're not hosting the show from Linux inside Windows 10.
No, I'm not that motivated.
But I will watch as things drive by me and I'll go, oh, that's interesting.
Okay, I'll note that.
I do see a lot of excitement from the people who use Linux professionally because
they have to deploy to servers, but
they're not watching the show,
they're not Linux enthusiasts, and
there seems to be a lot of excitement there.
Oh, I don't have to use a Mac. It's a nice feature.
I don't have to install SigWin.
Rikai, editor of the show,
and much more, the beard ended up
breaking down and taking advantage of the free upgrade.
I understand Rikai.
I only slightly judge you.
And he went ahead and installed the Ubuntu subsystem.
And, you know, it is the only way I can describe it as is it's unnerving to all of a sudden see him using Linux commands in what is clearly a Windows
box. See, that is weird. It's like, oh,
that's not... LS?
That's not right. You mean DER.
You mean DER.
Wimpy, can we go back to full bandwidth here for a second?
Full spectrum wireless bandwidth.
And can you chime in
a little bit for the folks over here in the
US that might not have heard about it or those that missed out
on what the heck FOSS talk is and how the hell it went because I listened to the Ubuntu
podcast and it sounded like a pretty fun event. Yeah, so FOSS Talk, it was the first event.
It was organized by Joe Ressington from the Linux Luddites. I happen to know Joe is trying to fall asleep at the moment with one earphone plugged in.
So if you can just pan me left to right a few times, I know that will irritate him insanely and wake him up.
So, yeah, Joe organized the event.
It was this Saturday just gone.
It was a small event uh joe joe wanted to make sure that um
you know it it was small enough that if lots of people didn't turn up who'd said they were
going to turn up it wouldn't look um you know like it was a complete disaster as it turns out i think
pretty much everyone that um requested a turned up. So there was about 50 people at this event.
It was at a pub in London.
So it was a gastropub, so good food, good beer, on the ground floor.
There was a small hotel above it and then a basement venue
where the event itself took place.
And we had the Linux Luddites do a 45 minute show the event to podcast we did one and then linux voice did a podcast and then there was what was
billed as the drunken mashup as the last show of the evening which was was uh joe and uh stewart language and dave mecca slippers from
geek news radio and a lot of heckling from the audience by that time of night with the intake of
beverages um so yeah four four 45 minute podcasts with a half hour in between um an hour and a half
or so beforehand for drinks and chatting and then late night drinking at
another venue around the corner uh afterwards so it was um basically a big um social um gathering
um with some podcasts going on to keep people entertained that that's a nice way to describe
it i like that atmosphere uh you know it makes me want – I just – I want to go like let's do this here in the States.
Let's figure out a time after scale or some other Linux fest or something like that and let's just do one of these here because that's – oh, man, that seems cool.
Yeah.
I wish you guys would have streamed it live.
I would have watched that for sure.
Or even listened.
Yeah, listen to them too.
I know.
But you actually – overall, the audio turned out pretty good.
So I got to give credit.
Yeah, Joe knows what he's doing he uh i i was joe's roadie so he just pointed at
cables and told me what to do and i got on with it um but yeah i think i think the idea was to
keep it as simple as possible this first time round and um yeah and maybe there'll be another
event i think the aspiration is definitely for there to be another one or this is the first of many.
Who knows?
The live show is –
And maybe the scope and scale will increase over time.
Good approach.
Really very good approach because there's nothing like doing a live performance.
Doing something that you normally have recorded in a setting where you're comfortable, you have everything you need, your notes, you have time to collect your thoughts.
You're often in a room by yourself when you're podcasting.
Right.
And to take what has been – and you do that for weeks and weeks and weeks and weeks and
weeks and weeks and weeks, sometimes years and years and years.
And all of a sudden you do it in the same room with people.
So not only do you not normally record looking at these people,
but there's also a whole bunch of other people there that are looking at you,
and you're always performing.
The performance never stops.
There's no downtime.
There's no time.
There's no time for you there.
Right.
There's no editing out that pause.
So what was that like for you, Wimpy?
It was good fun.
Joe's actually telegramming me as we're talking.
He's saying that someone said to him that FOS foss talk was like the best bits of odd camp but in one
evening which is a glowing endorsement and it really was it was basically a condensed version
of the social track of odd camp um with many of the odd campers in attendance not all of them
because it was obviously in london and odd camp
is typically in the north of england so we didn't have the full spread but um yeah the event venue
was very small so uh we were only about three or four feet from the front row of the audience so
you can see the whites of people's eyes and you you could very definitely tell whether or not uh things
were going uh going well or not uh thankfully see it seems just like to go well just like with music
where it's like it's a whole different thing for the performer but also for the audience
that kind of live interaction you really feel much more close much more engaged with the presenter
plus physically you never live up to what people expect by listening to you it's just it's it's a
winning it's never a winning thing.
So there's that initial awkward moment where they know you.
They have heard you.
They know how you think, how you talk.
And you have no idea who they are. And it is funny because I have – I developed a response.
So when people – like every now and then when I'm out shopping, it does happen where I'll run into a listener.
And so people go, Chris.
And what do you do?
If somebody walks up to me, you go, Wes.
You know, you don't have a response.
Right.
What do you say?
My initial response is, that's me.
And so when I started dating Hadiyah, she noticed that this is how it happens when people run into me in public.
That's me.
So she makes fun of me every time it happens. That's great right and because people walk up to you and they're like oh i know
you and i have no idea what your name is so and you don't know if it's like someone you should
know or if it's someone you've never met or but at the same time then all of a sudden you get to
put a face to like an irc name or like an email address yeah so i say wimpy yeah there was there
was lots of that lots of people introducing themselves and saying it's good to put a face to the name.
Yep.
And also lots of people very generously buying all of the podcaster's beers.
Joe rather optimistically had a large bucket in which to collect money to buy beers for the podcasters.
And people were extraordinarily generous. So, um, yes, my,
my headache the following morning, uh, reflected people's generosity in that regard.
So I just have one last question and Poby's not here. So I want the full real story.
What was the deal with the laminated show notes?
okay so um the ubuntu podcast has a reputation for being very well organized yeah and in particular um graham from linux voice finds this a point of much irritation so the laminating of the show
notes was really and they're passing really just to wind up
that was pretty good that was yeah that was good um not laminated show notes is is i almost want
to copy that i almost want to continue that tradition because it's it's so brilliant i
think it's it's a good reference making notes right on top it's great yeah yeah you could
it worked really well actually because we knew we had 45 minutes and so on our on our show notes we had um uh the times
as you know at um 7 30 7 33 you know the bits that we were doing and we actually stuck to time
perfectly so it worked out really well in the end well it sounds like a fun event and uh if we
ever get a few of you over here in the u.s at one time we've got to yeah it was so if anyone isn't
hasn't heard so you can go to the current episode of linux luddites they've got their live recording
published now the current episode it's uh episode 23 and a half of the ubuntu podcast is just the
live recording from Fostalk.
I don't know if Linux Voice are going to be recording their live recording because a fair amount of beer had been consumed by that point in the evening.
But I think Joe is planning to release the drunken mashup show
as soon as he gets his domain whitelisted with PodTrack.
So I think definitely three of the shows are going to be out.
If you're listening at home, I think the order to listen to would be Luddites84,
then the Ubuntu podcast, then Linux Voice if they get it out.
If you want to go by the order of the night.
Yeah, so it's Linux Luddites, Ubuntu Podcast, Linux Voice, and then the mashup.
Love it.
Well, that sounds like a fun event.
Yeah, it really does.
It really was.
Maybe we could see the laminated show notes tradition continue on.
And thanks to Joe for organizing it because it's a new event in our schedule now,
and it was a lot of fun.
How come we don't do more like that, Wes?
We need that.
We're going to.
Yep, absolutely.
We'll figure that out.
We're resolved.
Janice!
Janice, will you get on that?
Get right on that.
All right, so she'll take care of that for us, I'm sure.
All right, so I want to talk about SSH hacks.
We've got to move in.
That was the community updates, and there's a hell of a lot of them.
It's good stuff, too, so thank you, everybody.
Let's get ready for the next segment by mentioning DigitalOcean.
Now, this, a lot of what we're about to talk about, you could easily try out on DigitalOcean.
Simple cloud host and provider dedicated to getting your whole system up and running in no time.
Really simple, straightforward, and intuitive.
Great UI to manage it all.
You can get a system spun up in less than 55 seconds.
And for about $5 a month, you can run a system with 512 megabytes of RAM, a 20 gigabyte SSD, one CPU, and a terabyte of transfer.
I say about because I actually would look at DigitalOcean more like in the hourly context.
If you go over to their pricing, switch over to the hourly button there, and then you can
really see how this rocks.
Use our promo code D01plugged.
D01plugged, all one word, lowercase.
You smash it together, you put it in there, you apply it, and they'll give you a $10 credit. Now, here's what I did this morning. Just to give you an example of how handy this is,
I wanted to try out a local wiki. And I don't really want to learn docu wiki syntax, although
I might just end up doing that. But I wanted to try out, I think it's MD wiki. It's Markdown wiki
because I use Markdown every single day for our show notes. And I thought, well, wouldn't it be
great if my wiki was Markdown? Oh, here we go. And so I looked at MD wiki because I use Markdown every single day for our show notes. And I thought, well, wouldn't it be great if my wiki was Markdown?
Oh, here we go.
So I looked at MD wiki, which apparently has been updated since 2014.
But I thought, I don't care.
If I use this, I'm going to put it on my own local LAN.
So I could live with that.
But I'll be honest with you.
I didn't feel like installing Apache on my system and setting up PHP.
I just – I have better things to do.
Chris, don't set up PHP.
Just don't do it.
Don't do it.
I know, right?
I have better things to do.
And I just don't want to junk up my system.
But I wanted to see if MDWiki was a viable solution because if it is, I will set it up on a home server that's on my LAN for my notes about things like warranty information about appliances or the model of a surge protector I got for this or that.
These kinds of stupid things that you kind of want to keep track of, especially when
you're doing warranty stuff.
But you don't want to keep the papers around.
You don't want to keep anything like that.
So I thought, OK, MDWiki it is.
So instead of junking up my system, in just seconds, I spun up a San Francisco-based droplet with Ubuntu 14.04, Apache, MySQL, and PHP all good to go.
I log in.
I change my root password.
First time I log in, I change my root password.
Right there in the message of the day, it tells me this is my web directory.
Drop your HTML files in here.
This is the URL to go to.
This is your info.php if you want to see
what your PHP install can do. I mean, I love that.
I SCP'd up
the md.wiki.html file.
And I mean,
within two minutes and 45
seconds, I was able to determine
that md.wiki was a total waste of my
time. Like, it just sucks. It doesn't
render properly. It doesn't render properly.
It hasn't been updated for years.
It was a... And you know what?
I immediately destroyed the drop.
I just, like, kill it.
One API call away?
Did I even pay a penny for that?
I don't know.
That's why, if you use the promo code DLunplugged,
this is just a scenario where you apply a $10 credit to your account
and leave it in there,
and when you want to try something like this,
I deployed the entire stack,
uploaded the file,
and determined that it was a garbage project now
within minutes.
I didn't have to junk up my local host.
I could have installed all of that stuff on my Linux box,
but really,
I don't want Apache installed on my Linux box.
You don't need it.
And that's why it's great to get that.
So even if you want to try out the $5 machine and run it two months for free, that's awesome.
But if you just want to apply the credit, you can try out like they're super powerful machines just for minutes.
Try them, create something, and then destroy them.
And if you want to end up – and here's the other thing.
Like if I was trying something other than MDWiki because I would always run that locally.
But if I was trying something else and it worked fine, then I'm done.
It's in production.
It's on a production-grade system.
It's ready to go.
Bam.
You have backups.
You have snapshots.
Whatever you need.
Yeah, and they have an API that makes it super easy to interact with open source apps that have already been written.
So check it out.
Use the promo code D-O-Unplugged.
And a big thank you to DigitalOcean for sponsoring the Unplugged program.
And, you know, they got a brand-new fancy-looking website, too.
I was about to comment on that.
It's nice, right?
Nice and clean.
All right.
So we're going to talk about SSH hacks, and I definitely want to hear from our virtual lug on their hacks or, you know, tricks.
But we should start by mentioning that OpenSSH version 7.3 was released recently.
And it has a feature that I want to talk about kind of right off the top before we get into this thing because this is so cool.
It added some new features to the proxy jump option.
Proxy jump, a command line flag to allow simplified indirection
through one or more SSH base stations or jump hosts.
So we have an article linked in the show notes,
how to use a jump host in your SSH client configurations.
So I have never actually surprisingly used this.
Oh, really?
And it seems really useful.
It's very useful.
But my understanding is I SSH to one machine, which then proxies my SSH connection to an entirely separate machine.
And maybe I do this because I could have SSH running on host A on some crazy like port 443 kind of config.
And then it could connect to my actual client.
Well, it's also useful if you're part of like a larger enterprise or like I'm sure Alan uses this.
You connect to a border SSH server and that connects.
Yeah, okay.
These are the things I was thinking about.
And in the past, a lot of people use Netcat or other things to like proxy the ports between these.
But for a while now, SSH has supported this directly.
They have the capital W command here, which takes care of it for you.
So you don't need to invoke any other third-party system.
SSH can do it all itself.
So this is just the tip of the iceberg of stuff that you don't even think about.
I mean, I don't when I think about SSH.
And we have a whole line of SSH-type tricks.
But there's one I wanted to kind of talk about that you've installed earlier today that's sort of the opposite of this stuff it's it's really for fun or maybe even for a little
bit of research on your own and it's called cow wire or co-wire i guess it's cow or i don't know
co-wire i guess i like cow wire because i like it like cowry i like the idea of like a cow trip
wire that's where i but i think it's a co-wire. Co-wire. Let's go with co-wire.
It's co-wire.
I love it.
And it's an SSH honeypot that Wes has set up on one of his servers for us to talk about here.
I love this.
And I'm kind of curious.
You've had it going for a couple of hours.
Yeah, that's true.
Let's go look.
Yeah.
So let me tell folks what co-wire does. It's an SSH honeypot designed to
log brute force attacks and shell
interactions performed by the attacker.
Here's some of the interesting features. You ready
for this? It creates a fake file
system with the ability to add or remove
files. A full fake file system
resembling, I'm sorry,
a Debian 5.0
install. How wonderful is that?
Nice and secure.
Yeah.
You have the possibility of adding fake file content so the attacker can cat files such as Etsy password.
Only minimal file contents are included by the default.
Session logs are stored in a UML-compatible format for easy replay.
And CoWire saves the file downloads with WGIT and CURL or SF, SFTP and S S C P for later inspection.
So you,
if they,
if they,
if they transmit something up to the box,
it's doors in a way for you to look at later,
which is great.
Like what are they trying to do?
It's a honeypot.
Yeah.
It's,
it's a very easy to set up honeypot.
How,
how easy was it to set up?
I think they might need,
I I'll see about maybe sending them some pull requests. There's a couple
dependency things that maybe needed to be updated
or at least on,
they had some instructions for Debian, at least with 16.04
there was a few things, like their pip
requirements were slightly off,
but I mean, no more than like 10 minutes of
once you've got the Python dependencies installed,
they have a very nice start and stop set of
bash scripts for you that you can specify
even like a virtual environment for you to use so you don't have to set up anything like that.
So I thought it was pretty easy to get going.
They do recommend that you have a non-root user that you run this as because all of the SSH sessions will be in that user's name.
Oh, yes.
Is that what you did?
Yes.
So do you – so, okay.
So could we give the live stream a URL to SSH into, or I mean an address to SSH into, but they would have to know the, I mean, so essentially it's a honeypot they could bang on and that we could watch what they do.
But it does legitimately have like a username and password they would have to know. Like they'd actually have to be able to hack it, right?
Well, you can configure that so there's actually that's sorry no that's exactly that that's exactly the point of a honeypot you
don't just give direct access you need to make it you know challenging so that it seems real
the first right yeah for for yeah for a legitimate honeypot but if we want to let the audience bang
on it and so it actually starts out the way this one's configured is it denies the, or at least
the default config they ship with.
It denies the two most common root passwords, which is one is just root and the other is
like ABC123 or something like that, or 123456, I think is what it is.
It denies those two, but right now it's configured so that pretty much any password and any username
will get you in.
Do you want to put the host name in the chat room?
We'll see if people want to hack away.
And then, so I have up on this screen over here,
is this the correct log file? It looks like it. So what have you used to- Maybe refresh it right
now though. Okay. What have you used to generate this live log file that I'm looking at here?
That is SoCat and Tail-F. There are some better, there are some fancier ones that like WebSocket
D is kind of like a Unix philosophy style WebSocket thing. It just takes a little bit of
JavaScript on the client side to get you to render it.
So in the future, I'd like to have a better prepared live log file.
But here is a very hacky URL.
So we put it in there.
It's waspness.noblepain.com.
I've seen some incoming connections right now coming into your system, Wes.
I'm going to zoom in on the text so we can see it.
So in theory, would we see what they do on the file system go to the log here, or are we just seeing their connections?
And it does at least, like, it logs.
It doesn't necessarily log all the output, seemingly, but it does log.
And they have a separate audit log I can show, too.
It does log all of the commands that people try to run.
So it'll say, like, and it denies some.
So like if config IP, it won't let you run,
but like it'll show you when it finds curls,
W gets, that kind of stuff.
I don't, instead of,
so I won't show people's IPs on the screen,
but I see people like Honey, Alex,
I see trying to log in right now.
This is interesting.
New keys, looks like,
I don't see if anybody's gotten access yet.
Do you?
I see authorization failed.
This is really funny.
They should have.
I think even with a blank password, you should be able to get in.
That's easy to hack.
Actually, maybe these people are connecting here because I don't see failed logins for these ones.
Oh, here we go.
Oh, boy.
Oh, we got some activity happening now.
We got some Python scripts running.
This is going south real
fast here. Oh, my gosh, Wes. Oh, I don't know if this is a good idea after all, but this
is pretty fun to watch.
It is pretty fun to watch.
Because we get to watch from this sort of admin perspective and watch people go crazy.
This is kind of a fun, real easy, I mean, relatively easy to set up honeypot co-wire.
We'll have a link in the show notes if you guys want to check it out.
That's pretty neat.
Are you watching this still?
Yeah, this is fun.
So in the future, I'd like to have a live log that, like, scrolled as you update.
Right now, you kind of just keep scrolling.
Yeah, but that's still – yeah, some people – it's surprising how many people can't log in.
And there's command not found LS.
You don't have LS on this thing?
That is weird.
I think it should.
I mean, when I –
It's interesting. I can see what commands they're attempting to think it should. I mean, when I... It's interesting.
I can see what commands they're attempting to run, too.
Yeah, see, I like that a lot.
Yeah.
This is the future of pair hacking.
Yeah.
There's already pair programming.
We could have competitions around this, legitimately.
We could set up...
Because we could populate that thing with, like, rewards and, like, things for people to find.
Oh, yeah.
And it seems very configurable, hackable.
It's just like a Python.
Imagine if we seeded that with a pretty big user land, and we had set up like... And it seems very configurable, hackable. It's just like a Python. Imagine if we seeded that with
a pretty big user land
and we had files in there that they had
to find and get access to as part of a
challenge. So you have to get access
to the remote SSH box and get in there and find
certain things on the file system. That could be a fun game.
And you could watch it all in real time.
Now everybody, so I'm just going to mention it real quick
and we have a great tutorial linked in the show notes.
Everybody knows you can use SSH to copy files, right?
You guys all know that.
I think that's pretty basic.
You probably, if you're listening to this show, know that.
But if you don't or you haven't messed around with it a lot, if you've ever heard that Linux is hard to copy files around on a network, then you don't know about SCP.
So we have a link in the show notes that walks you through how to use it.
I use it almost every single day.
Almost.
Almost.
But just moving something down from a droplet
to my machine or something like that.
Especially if you're doing it right and you already have your key
authenticated, that kind of
stuff set up, it makes it very easy.
We have some instructions on that too. There are
commands you can do to remotely copy
your keys around and we're going to get to that.
Before we go any further though,
before I go through my list, does anybody in the
Mumba room have something they use SSH for all the time, like copying files with rsync or something like that that they want to mention?
Because I think there's some uses that people have come up with for SSH to publish something remotely or grab something or update something remotely that a lot of us don't think about because we don't have those use cases.
So if anybody has an interesting SSH usage, I'd love to hear it.
think about because we don't have those use cases. So if anybody has an interest in SSH uses, I'd love to hear it.
I heard in the
company I work in, if
any of the developers is using SSH
to connect to somewhere
to do some administrative work,
it usually means somebody's getting fired.
Why?
Because system administrators should be just
have everything magically working
for the developer not to have to go there and
set anything up.
Yeah, so they basically don't want them
having shell access.
Yeah, they shouldn't be needed.
We're trying to get rid of
system administrators and now we're just
praising apps for system administrators.
Okay.
Well, I mean, there is a certain amount of truth there
just in that, like, ideally,
and it depends very much on the case and how much technical debt you have, etc., etc., but ideally you should have, like is a certain amount of truth there, just in that, like, ideally, and it depends very much on the case
and how much technical debt you have, et cetera, et cetera,
but ideally, you should have, like, a log server set up.
You should have that being absorbed somewhere.
You should have configuration management set up
so that, ideally, the need to SSH is minimal.
But there are lots of cases, QA, et cetera,
where you really do need that SSH.
Yeah, for sure.
Ikea, I'd love to hear the use cases over at Solus.
In Solus, we had to come up with a scalable build system, as you can imagine.
And we use SSH in a couple of ways to achieve this.
Basically, there's a couple of rules whenever writing any software.
Rule number one, never write your own crypto algorithm.
Never do it.
It's rule number one uh rule number
two behind that really apart from don't use glib uh it should should probably be don't reinvent
authentication so have any of you guys used anything like uh garrett or get a light or
anything like that yeah i've seen get a. Okay, so one of the very unknown features of SSH
is you can actually tell it to run a command
associated with a public key.
Oh, yeah.
Yeah, so what we've taken advantage of there
is there is an isolated SSHD,
which is completely separate from the Solus infrastructure itself.
This one is public key-based only
and exists only to serve our build system.
So you have to have a public key.
And what it does is it SSHs to our script that runs behind this as a server, if you like,
which then controls all the builds and uses the database to store the builds there.
So we've got public key authentication and we've got Unix PAM authentication going on in the background there.
We didn't have to reinvent any of that.
The build servers as well do it.
So we can just revoke a key immediately
for any of these servers that are doing it in a pull-based system
instead of a scheduler and pushing them out.
On top of that, our packages are also uploaded with SCP
over another SSHD.
There's only one that can upload to this SSHD,
which is a truded directory where the files then land
before an inodify daemon in the background
then pulls those files in to index them into the unstable repo.
So it's all SSH powered.
That's pretty nice.
I like that.
Nice and secure and easy to understand too.
Now, Wimpy, you said you use something that does hardware acceleration for SSH.
What are you talking about?
Or in combination with hardware?
Elaborate, sir.
Well, so you've got the different crypto algorithms that you can negotiate to establish a SSH connection.
And if you're just, you know, at the terminal, that's kind of irrelevant. But if you're rsyncing or SCPing data, then you should elect the crypto algorithm that is most accelerated on your platform.
So there are ways to evaluate what the hardware capabilities are, both ends.
and you can then configure your ssh config so that when you're connecting to particular hosts it forces to use the most accelerated crypto algorithm and generally those are the aes128
gcm and aes256 gcm right algorithms and and they can run just over more than twice the speed of the others.
So you can, on the line, get nearly up to 400 megabits per second transfer speed as opposed to the default, which will be maybe 160, 170 megabits.
Yeah, that is a good one.
And Darsani, you have kind of an interesting use case
where you wanted to remotely
watch a server's traffic
to do some troubleshooting tell me about this
well I was
testing a
first of all can you hear me
yeah we hear you
I was testing this
man in the middle sort of software
it would watch outbound
packages to make sure that
no one was surreptitiously
sending bad, sorry,
secret stuff to the network, right?
And so we had to
use a regex, and it
would watch the
outbound traffic using regex.
Well,
I ran a...
Well, I had to do both of the things on my server right i had to watch the
wowza traffic which is a rtmp um server and i had to run that on my local machine and then i had to
run the clarenton local machine yeah so i had to use a sh sh tunnel to myself i could have used
netcap but i didn't have that available at the time.
So I was able to watch the traffic
inbound on the
Wowza server and then
TCP dump it, or was
it Wireshark it, so I
could read it. Yes.
That is super, super useful.
And a nice little, well, not a hack, but it's a hack
in the workflow sense, a hack where you can sort of put yourself over there.
You know, you heard us mentioning keys.
There is a command called SSH-copy-ID and then user at host.
And this is a nice way to enable passwordless logins, copy your keys around.
We have a couple of articles.
I have a couple that I highlighted.
Like you can output – here's a good one.
You can output your microphone to a remote computer speaker. I have not tried this,
but supposedly using DD and then piping it over to SSH and then at the remote host using DD to go
to their sound device, the output of the sound from your microphone port to the SSH target's
computer speaker port, sound quality is very bad to the SSH target's computer speaker port.
Sound quality is very bad, so you hear a lot of hissing.
I haven't tried it, but that sounds freaking ridiculous.
Also, you can attach to screen over SSH, which that's probably a hack worth mentioning right there, is use screen with SSH, use screen with SSH,
and also how to establish a remote GNU screen session that you can reconnect to right by starting the SSH command.
You SSH in to the machine and then you execute the user bin screen command dash lowercase X capital RR and then start with a screen session.
That's a good tip right there.
Screen with that.
Just reading the SSH man page is a great tip I think honestly.
There are so many arguments there that just are gold mines.
Yeah.
Did you find this Hacker News thread?
I think so.
Where a bunch of people posted their favorite, quote unquote, things you can make SSH do.
And there's some very good ones, some very good ones over here that we'll link in the
show notes too, also.
So I think I have probably shared this story
before, but I'll
risk sharing it again. I don't know if I actually have shared it
on the show, but before I do it, is anybody
else in the... Oh, there we go.
Mr. Fax, you had AutoSSH, right?
Yeah, I saw that earlier. Tell me about AutoSSH.
Well,
AutoSSH is very cool.
For example, if you have a remote
computer that cannot open a firewall port,
but you have a server at home where you can open the port,
then you can set up AutoSSH that the client connects to the server automatically
and then you do a reverse, tumble to the client and get a shell of the client.
And so you can use AutoSSH for
backing up the client via
Orsync or something else. It's really, really
cool.
I like that. So it's AutoSSH.
And Wimpy, you were talking
about FWKNOP,
which is like, I'm guessing,
a port knocking tool? What's this?
It's not port knocking. It's
a single packet authentication mechanism's this it's it's not port knocking it's um uh a single packet authentication
mechanism so it's like an additional layer on top of ssh so like instead of port knocking something
maybe in like alternative so so so it's it's sort of uh a key based packet authentication mechanism that then enables you the rest of your ssh connection to then
establish so you can have spa and then you have your key based authentication so this is the way
we have things we have spa key based authentication and then you get a one-time password as well
and it actually prints the QR code on the
terminal that you can scan with your
phone to get your
then second factor as well. So it's
like three-factor authentication to
an SSH jump server.
That's awesome. I guess I almost
feel like I have
to mention, yes, you can do
X11 forwarding with SSH too. I think people
would be like, how come you didn't mention this?
And probably remote command execution.
That's all.
So you can just send a remote command over there, which is amazing.
The other one is SOCKS proxying.
Yes, SOCKS proxying is huge.
Of course, I have to mention that, yeah.
I will say too, like you were talking about SCP, which works great.
But when you're doing a recursive copy, a lot of times piping tar over SSH will be better.
Yeah, or rsync.
I mean, I've used rsync in combination.
So rsync is managing the file copy, but it's doing it through SSH, which if you think about it, is such a brilliant combination of two of the best things.
It's legitimately like Nutella and peanut butter, which really does go well together, and peanut butter and jelly, which my kids don't think go well together, but one day I will convince them does go well together.
It is so great because you get the power and really the reliability and peace of mind of rsync with the encryption and protection of SCP or SSH.
So that's a great combo too.
So I feel like I'd be probably remiss because a lot of comments would be, how come you didn't say these?
Because those are sort of the obvious ones too. So I feel like I'd be probably remiss because a lot of comments would be how come you didn't say these? Because those are sort of the obvious ones too. Yeah, the
proxying stuff is really
nice. I've seen a lot of articles
online called the poor man's VPN using
SSH. There's a lot of articles that
cover how to do that. Oh yeah, especially the SOX
proxy, aka the capital D flag.
It's better than sync thing.
Hmm.
Yeah, maybe.
Yeah, that might be true.
All right, Mumble Room,
anybody else have an SSH tip or trick
or hack that they love about SSH before we move on?
Go on once.
You do?
I do.
I just want to mention the lowercase w flag
for setting up ton slash tap devices.
SSH can be your layer two, layer three VPN.
It's all over TCP,
so if you're super performance critical, it's not over tcp so like if you're super performance
critical it's not the thing to do but if you're on a good connection i've gotten speed ups for
like over bad links over like using digital ocean yeah or if you just want something like you have
some apps that aren't don't respect socks proxies but you want to proxy them through ssh yeah on
linux you just bam now you have a new interface bind them to that interface there you go yeah and
uh it's nice because everything you need is already installed as long as you have a new interface. Bind them to that interface. There you go. Yeah, and it's nice because everything you need is already installed,
as long as you have SSH installed.
And so it's, and you know it's safe.
You do enable the right things in your SSH.
You can fake on the other end, but that's the case for a lot of these.
Will you toss that in the show notes too, how to do that?
We'll have a link in there how to do that.
You know, this is actually, so how to do it.
I should really stop right here, and I should mention Linux Academy
because if we're talking about this stuff and it's a little over your head or you want to know more, Linux Academy would just be a fantastic resource.
Go to linuxacademy.com to support this show.
Now, they also have all the advanced topics around Linux, but it really is a great platform for learning more about this kind of stuff.
They've got the essentials and really all of the things that sort of been built on top of it. Stuff you really, if you haven't been through proper training,
the little details you might have missed that make a difference. Plus on top of all of it,
they have instructor mentoring to help you as you go. Learning paths, series of courses and
content planned by instructors for very specific types of career tracks. And then if you're busy,
they have learning plans. So you can pick a course
and set a timeframe and fit to it that matches your schedule. They have note cards that can be
forked by the community to help with study. They have video courses with self-paced in-depth video
guides on every single freaking topic around Linux, the cloud itself, DevOps. The labs and
exercises are unique because they give you the real world confidence to do
this stuff. You're walking away from something where you've really worked hands on with it.
So you have the confidence to work with the real technology in production. And for me personally,
that would be worth the entire Linux Academy subscription right there. The Nuggets give you a deep, right dive into something
when you just want to go into a single topic.
And they have iOS and Android apps to help you study from your mobile device.
They have a community stacked full of Jupyter Broadcasting members
because they've been advertising here for a while now.
And they're constantly expanding.
They're always adding new content.
They're always improving the previous content.
From fundamentals to the advanced stuff,
check them out at linuxacademy.com slash unplugged.
If anything we've mentioned today sounds new to you,
you probably could have learned more at Linux Academy.
linuxacademy.com slash unplugged.
Over the years, I have bought into many a management systems.
Systems to manage my photos, systems to manage my MP3s, applications and systems to manage my notes, my personal notes, my client notes, my family notes, my work.
Oh, Wes, you know what I've learned after all of these years?
Just put it on the damn file system.
Right. Turns out we solved this in like the early 90s. Yeah put it on the damn file system.
Turns out we solved this in like the early 90s.
Yeah.
Just make a damn file out of it.
And if you have it on the damn file system, then I can get to it when I SSH in.
I can get to it when I bring up my file manager.
I can get to it from my GWAC drop-down terminal. I can get to it from an application that sits on top of it.
And not many times I would imagine in my adult life will I sort of completely start over.
So the house I moved out of, it was unique because we had a lot of input on how it was built.
And I had a lot of knowledge of how it was wired and where everything was done at and what was what.
But I didn't properly capture that information.
So as time went on, the details became fuzzy.
I thought I'd memorize it.
And today I couldn't even tell you how many Ethernet ports I had installed,
which to me just seems ridiculous.
So now that I've moved into LadyJubes and I've begun building a home network,
which you and I were talking about on the pre-show,
I thought to myself, I am really at such a square one position again, which is so rare, which I know you're kind of going through the same thing having just moved.
It's rare when you're like, I can tear down everything I have right now and start fresh. And one of the things I have learned about myself is I will forget the little details over time because life goes on.
And I thought, wouldn't it be wonderful?
Wouldn't it be an accomplishment if I could document properly everything,
serial numbers, warranty information, support information,
implementation configuration details,
and have a spot to put it all that I could recall it fairly easily.
And so that started me down the path of trying to find the perfect wiki software.
And I think I kind of blame Noah for this.
Right.
You know, because he started talking about it on Linux Action Show this Sunday.
He got a diary where he puts his thoughts and feelings into about clients and stuff.
And I thought, geez, I could really use a spot that was kind of safe.
Some sort of like personal store.
Yeah.
You can come back to it.
It's there when you want it.
You can ignore it when you want to.
And maybe, and legitimately, Wes, years could go by before I have to reference the information.
Without touching it.
It's like maybe my refrigerator is warranty information.
Or that old notebook you have and you come back to it like, oh, okay, yeah, that's right.
And so I started with DocuWiki, which is a very simple to use local wiki.
It's really nice.
I highly recommend it if you are very familiar with its wiki, Sintai.
But it didn't fit my needs.
So I was a little disappointed.
I looked at MDWiki.
Didn't fit my needs.
Hasn't been updated.
So I've been a little disappointed.
So, Wimpy, I want to hear about ZimWiki because it is definitely a name I've seen go by online, seen it mentioned by the community a few times.
Have you messed around with it?
Yeah, it's what I use for keeping all of my sort of documentation notes.
Really?
So it's a desktop wiki, a GTK desktop application for doing wiki and note-taking.
And it does, you you know document link it just
like a wiki works but all of the documents are just text documents so i've got those
synchronized to all of my machines now the syntax is it like its own unique little special syntax
or is it um well i'll tell you what let's i'll bring one up in a text editor rather than zim
and i'll tell you how
and it just
looks at local files on your file system
yeah so I just got a folder
called notebooks
I think I have looked at Zim wiki in the past
it does seem very familiar
so why use this
instead of just create files on your file system
why not just have a directory structure that makes sense
and just put it on your file system? Why not just have a directory structure that makes sense and just put it on the file system?
They,
its content type is text
X in wiki and the markup
looks like
markdown-ish.
Hmm.
I like markdown-ish.
I mean, it depends on how close, but...
And you find this to be more efficient than just having a good file
structure.
Yes,
because,
um,
you can cross link the documents and you can create like a,
a higher level category and then hierarchies within that.
And it does the wiki linking within it as well.
So if you want to,
you know,
link back to stuff,
I think,
I mean,
I don't
use it for formatting i use it for hurling information in so when i'm chatting to people on irc i just grab whole conversations out of irc dump them into zim wiki so i've got a record of
that and then i can go through and you know tidy it up at a later date
and turn it into something you know more useful in fact but i've got all of my documentation in
there and how are you syncing that at all or are you just one machine has it all no i'm i sync it
okay using um i use sparkle share for that oh man i want to use i want to pick it i'm thinking
about using sparkle shareShare for everything.
You know, that's the one I haven't tried.
Yeah, I like it.
For this, SparkleShare works really well because it's just text.
I mean, you can put screenshots and stuff in there,
and SparkleShare is designed to do that sort of collaboration thing.
So it's got Git behind the scenes to use it.
Yeah, do you just blast all up to GitHub?
You just, like, slam it all up there? You don't have to do it. Yeah, do you just blast all up to GitHub? You just like slam it all up there?
You don't have to do it.
SparkleShare just does it for you.
It spots the read and write operations and does all of the commits for you,
and it has a format for the commits so you can see what was an addition
or an edit or a deletion and so on.
So it just takes care of it all for you.
As I recall, the last time I do remember now looking at this,
you can do things like you can set bolted lists,
or I mean lists that you can checkbox, like checkbox lists.
You can have calendar embeds with reminders.
Wow.
Yeah.
There's quite a lot of functionality, yeah.
This is a good one.
This is ZimWiki, I think, has got to be top of my list.
Here's the other one I'm playing with right now.
And I don't know if you've had a chance to try it out.
It's been
recommended before. I think I might have mentioned it even before, and I've been intending to really
give it a go. It's called TagSpaces, and you can find it at tagspaces.org. And it's an open-source
personal data manager, quote-unquote, that helps you organize and browse your files on every
platform. Now, here's a couple of the details, and I'll tell you why I ended up using it too.
It's running completely offline.
There's no cloud integration at all, no login required,
and you can still use it on platforms like OwnCloud or Dropbox
or BitTorrent, Sync, SyncThing, SparkleFile, Spydero, whatever.
It's got a pay version, and it's also all open source. So I like that it does have a
sustainable revenue model that seems pretty reasonable. Totally. To be around for a while.
If I'm going to rely on it. Yeah. It is an Electron app. I'll get that out here,
but then I'll tell you a bit more about it. You can organize your photos, eBooks, music,
recipes, invoices, and you can do it on Windows, Linux, OS X, Android,
Firefox, and Chrome because they have plug-ins.
It features basic file management operations.
You can create, edit notes in plain text, Markdown, or HTML.
You can use Tag Spaces to organize e-books too, which I think is especially nice.
On top of that, which is also especially nice, is managing PDFs.
This is something where I have gotten an influx recently of manuals and PDFs for pieces of
equipment that I now have in Lady Jupiter.
And what the hell do I do with these PDFs?
How do I keep track of which one's for the water pump, which one's for the furnace, which
one's for the inverter, which one's for the converter, which one's for the black tank?
Like this is ridiculous.
And so this kind of helps me put my head around all of this.
And also it does the same thing for photos,
which is nice because I have photos of particular pieces
of equipment and electronics.
The application supports adding tags to files
in a transparent, not vendor-locking way.
You can tag your files by simply drag and drop actions.
You can organize your tags thematically in groups.
It has smart tags, too, for date-based stuff.
Of course, it has file and search and all that.
It has a, quote-unquote, responsive design.
You can resize it.
You can browse by tag.
And it has a pro version if you want to spend the money.
And I've only begun working with it.
And it sits right on top of whatever file system you have.
Exactly.
And that's what I like.
So at the end of the day, I could SSH into a home server and just browse the file system and get this information.
But if I'm sitting at a machine, there's a bunch of different filters I can get at and use based on tags or metadata information or file creation date or category or by linking.
I could go look at the RV branch or the audio equipment branch and have all of the information I need in there.
And I like that I can also then include things like pictures and markdown information so I can put links in there and all of it's offline.
See, that part is awesome.
So all I have to do is load up a computer with this to sit on top of the file system.
It scans the file system.
It gets the information.
Where does it store its configuration?
Now, I haven't dug too far, but there is a database file in – so the way I currently
use it is I downloaded the entire thing and you can – there's packages available, but
it's also an Electron app.
So I just downloaded a single directory.
Everything is self-contained.
All the data files config are all in this one directory.
I tar.gz this one folder and I've got everything I need. I
extract that. I've got everything I need to just have it once again point at the file system,
and it's good to go again. So that's been working. That's sort of a real portable setup because I've
been able to replicate that a couple of times now and have it look at the same network path,
and that's been pretty solid. So this isn't totally in production yet because my final plan
would be I'm going to set up a final file server in LadyJubes, put all of the data on that, and then from like a laptop front end point this at it.
So I've just been experimenting temporarily, and I'm liking this.
I'm not totally done yet.
So there is still room for something like ZimWiki or another solution.
But the one thing I do like about this is over the years I keep going back to just putting it on the file system
for my photos, my audio books, my
mp3s, my docs, just put it on the
file system. And especially like it excels at that
like if you can bin it and just stick it
in a thing you know like a drill down hierarchy
and so if this can add that missing
layer of kind of like how do I find related
things? How do I find things? I don't want to put them
in the same folder but I do want to know that
they're related.
So if that can easily add that on top, that's very interesting.
And it's also available for Android.
Now, I don't know exactly how this would work.
I don't know how I would point Android at the same data source.
However, they do have some WebDAV support, and I've included that in the show notes where you can host it and then use WebDAV to connect to it.
And maybe that's how I could have my laptop and my Android client accessing the same information.
I'm not sure I'd want to expose it this way, but it's nice that it can look at a WebDAV
share and have the same functionality.
But if I was really going to go that route, I'd probably use something like SpiderOak
or Cfile or Sync.
Some sort of background syncing service, yeah.
Yeah.
Yeah.
So that's tag space.
I really have to think.
I'm going to give that a try. I've looked at some of like there's some Fuse-based tags, file systems, that sort of background syncing service, yeah. Yeah, so that's tag space. I really have to think, I'm going to give that a try.
I've looked at some, like there's some FUSE-based tags, file systems, that sort of thing, and none of them have really stuck.
Have you thought about, as you're setting up your network in your new place, if you're going to take down notes on how things are set up, like what the passwords are?
Yeah, you know, and I do have my own KeePass database and that kind of thing.
You just kind of keep notes in there right now? I do that for like account-based things.
But there's a lot of stuff, kind of stuff you're hitting on, a lot of that maintenance stuff,
a lot of the just the little details in life that I don't, you know, maybe they're in Google Drive.
Maybe they're on my own file server.
Maybe they're backed up in TarSnap.
But I don't have a lot of those linkages between them and I rely on the find command or something like that.
So this seems like a really good way to be like, okay, these are all associated with the network. These
are all associated with the, you know, the appliances that I own. So I'm very curious to
see how that works out. And I do think that the, you know, there's a lot of objections to being an
electron app, but this seems like also kind of a middle ground where it's actually kind of
reasonable because the features they want, I like that it's very pretty. It seems usable. It seems like something I could have someone who
wasn't even a Linux user or a tech savvy person jump right in and use it without worrying about
it. Seriously, when you first launch it, it steps you through sort of the logic of the application
and it gives you a good layout of how you interact with it. This is where things are
stored at. Yeah, it's really nice. Wimpy, you had a point of clarification about OpenFiler or Filler or, I don't know, OnLash.
Go ahead, sir.
Fire away.
At the end of this week's Lash, you said that you were experimenting with OpenFiler.
Yes, sir.
Did you mean OpenFiler?
I don't know.
I guess.
Why would I not?
Do you think Chris knows what he's talking about?
Have you listened to the show before?
I have not installed it.
I intend to install on an Intel NUC attached to probably about three terabytes worth of test storage open filer.
But unless I'm calling you.
Yeah.
Are you getting the name conflated?
With what?
So we were discussing open media vault
there are two yes that's right yeah maybe i was because i haven't downloaded it yet so maybe i was
yeah that's actually my to do this week so open file is like a sort of a dead project so you and
i were discussing open media vault i can't keep it straight anymore yeah i guess it probably was
it was probably that's what i give for was it an off-the-cuff comment did i make was an off-the-cuff
thing i said yeah it was thing I said on the show?
Yeah, it was towards the end of the show, yeah.
Yeah, sometimes when I speak off-the-cuff, I don't really – I get – I do that.
I got in trouble last week for saying something off-the-cuff too, which was just a totally like –
You know what I'm talking about.
I do.
And I don't know what my problem is.
I don't know what it is.
And unless it's a prepared statement, take Chris's words with a grain of salt.
He probably means like two versions different or round the name by a few letters.
The only reason I'm seeking clarification is because Chris and I have been discussing Open Media Vault.
And if he downloads Open Filer thinking this is what I recommended, he's going to be very disappointed.
Well, I did download Open Filer though.
So I guess I just won't even...
I haven't installed it yet, but I have downloaded it.
But I don't know if I've downloaded OpenMediaVault.
I feel like I should...
So the project's not being...
Because I feel like I was going to...
I should at least look at it,
but if the project's not really being worked on,
that sort of seals that deal for me.
I thought it had sort of stagnated, and when...
SP and the Chair have since 2011.
Yeah, when you look at their documentation, they talk about Linux 2.6.
So you are – this is probably – this is a good time to mention this.
So I don't want to overdo this.
I know I've talked about this a lot recently,
but I'm currently in the process of redoing my network storage,
and I want to try out a bunch of things.
And I had Rockstore on the list too, although I just just recently eliminated that i was talking to us about that earlier today
uh it sounds like open filers off the list now right now what's on my list is open media vault
um and uh free naz and i have feelers in the qnap because they have a rig that runs ubuntu
that i think would also be very cool now i'm I'm just going to cross Rockstore and OpenFiler off the list, which really brings
it down to if I'm going to roll it myself, FreeNAS or OpenMediaVault.
I'm down to two now.
And what's pushing me towards OpenMediaVault, in all honesty, is Wimpy has got a great testimony
for it.
He's really sort of sold me on it.
Do you want to talk about your implementation at all
or at least why you've been happy with it?
Yeah, I mean, I've been using it for years and years now.
I think I started using it around the 0.4 period
and it's 2.something is the stable release
and 3.0 is imminent, I think,
looking at how that's been developing
but it's a debium based nas solution uh the two series is based on wheezy and the three series is
based on jesse there's a a site called omv extras.org which is the community maintained plugins and it has plugins for
quite literally everything imaginable including zfs and snap parade and gray hole and just about
every disk management and redundancy strategy you can imagine so it's a fun thing to play with
because you can really explore the options that
best suit you if you just want to add disks of unequal sizes there are you know redundancy
strategies to support that or you can go with zfs or you can go with lvms and xfs you know there's
a whole whole raft of options but it's got plugins for mb server and plex server and all of the stuff that some
people use sick beard and couch potato and stuff like that essential yeah it just is just everything
it just you know all in one thing and because it's debbie and under the hood when you need to
you can just ssh into it and set up the bits that you need that are specific
to what you want to do this is exactly what i was talking about earlier this is yeah so if i so just
to just to jump in here is it if i'm correct is it based on debian 8 is it or so uh 2.2 whatever
the current 2 series is which is the stable version currently, that's based on Wheezy, which is Debian 7.
7, yeah.
The three series, which is in beta at the moment,
and I get the impression is very close to final,
that's based on Jesse, which is Debian 8.
Nice.
Okay.
I'm currently running two instances of Open Media Vault 2,
of Open Media Vault 2.
And like you, I'm preparing a NUC to replace both of those.
And that's going, I'm going to,
I'm building that at the moment.
That's running version three.
And how has that gone so far?
Because that's, I was thinking about starting with 3.0
when it came to Open Media Vault,
just to, just so I got a sense of where they're going,
because I'm not
likely to want to reload my system a month from now or upgrade and when i when i went to version
two a couple of years ago i did install the betas and upgraded them to final so i you know i did the
initial deployment on the betas so i've done that before and it's been fine um yeah it's fine it's
got 30 terabytes hanging off the back of it so that's cooking along yeah you're just fine and how the
plugins work for you yeah so that was the thing i i've been sort of keeping track on how the
plugins are developing and the ones that i need are now all available and um as best as i can see
all work perfectly fine so the first beta for version three came out in sort of January of this year.
There was another beta release about a month ago.
So, you know, there's sort of six months development time.
And in that period, I think a lot of the work has really been around the having the community maintainers for the plugins update their plugins to support the new API in version three.
So that on launch day, all or most of the plugins are available.
Yes, absolutely. That's, that's a good, healthy community, you know, and I was just talking to
Angela too. She has an old arch system that hasn't been updated for like a year.
And, uh, wow. I was thinking maybe we just – This is the Chris Ops special over there.
Yeah.
And I thought, well, whatever media – open media vault or FreeNAS
or whatever solution I end up on, I should probably replicate
because she has a NUC at her house.
Okay.
And so I think I'm going to – whatever one I end up on,
I'm probably going to do a pretty wide deployment of it
and at least two, maybe three installations pretty quickly. I think I'm going to, whatever one I end up on, I'm probably going to do a pretty wide deployment of it.
At least two, maybe three installations pretty quickly.
Well, and it would be really nice to have nailed down that storage appliance, roll it your own.
Something you understand that you don't have to necessarily buy.
You can roll it your own.
I like buying local, a.k.a. having it run Linux.
I think that's nice.
Not that Freenas isn't a great product.
No, totally. But if you already know.
Open Media Vault is kind of a, not a spin-off exactly, but a reaction to Freenas isn't a great product. No, totally. But if you already know. Open Media Vault is kind of a, not a spinoff exactly, but a reaction to Freenas.
So the lead developer of Open Media Vault was a Freenas developer.
And he had a disagreement with the direction that Freenas was going.
So created Open Media Vault as a result.
Interesting.
And also sort of encouraging as well.
So I will put a link to openmediavault.org.
If you guys have any implementation tips or experience,
let me know because I'll be kicking the tires
probably in the next couple of weeks.
I'm going to try to get it installed by Thursday afternoon
so I have at least a couple of weeks of production experience with it.
You mean so you can tell Alan that you really don't need BSD to run your storage appliance?
Mwahaha!
And then I'll probably review a little bit after that.
And then whatever I end up on, I'm going to deploy in LadyJubes.
A JB stamp of approval.
Yeah, I'm going to go install under some bench seats in LadyJubes.
Cool.
So are you using ZFS, Wimpy, or are you using a different file system?
I've got one of the boxes.
So the primary box is running XFS on an LVM,
and the backup unit is running on ZFS.
Cool.
And when I say backup, this is an active-passive cluster.
So if for any reason I need to update or reboot the first one, then the other one takes over. Oh, see, that's great.
That's the way to do it.
Woe betide, I interrupt my daughter's viewing of her favorite program.
Right.
So I'm looking back at their release log, too, and, you know, I see updates in May.
I see updates, I think two updates in May, actually, and I see an update on June 15th.
And then, of course, 3.0 is just around the corner.
So the project's, boy, I mean, compared to OpenFiler, looking at OpenFiler's releases, there's definitely a pulse here.
Yeah, and there's also images for the Raspberry Pi and the Odroid C2 and the Odroid XU3 and 4,
and QBoxes and stuff.
So it's quite an interesting project in that the main OS is just bulletproof.
I mean, it just runs and runs and runs.
I've never had any problem with it.
And I've used it at work as well.
I've used it for file servers in offices and stuff like that.
Now the big question though,
can I use ButterFS?
Only if you're insane.
Alright, well,
very good. I will point,
I am, I think,
irrationally excited about
the possibility of rebuilding, setting up
and picking a new file server,
figuring out how I'm going to do all of this, but I'll check back in.
At the end of the day, we're Linux users here
and it's just really exciting to be like, it's free,
I can do it, and it solves a real problem.
And stuff like Open Media Vault
didn't really exist the last time
I really gave this a thorough look a few years
ago. It just wasn't there, and FreeNAS was an option.
So everything has changed,
which makes it all
new and exciting again.
That does bring us to the end of this week's broadcast.
Thank you to everybody who tuned in this week.
Those of you who are also able to join us live, and a special thank you to our virtual
lug joining us live in the Mumble Room.
You can participate.
We just have a mic check, and that's basically it.
Mumble is an open source app.
You go into our IRC, mumble, get the info and join
us so you can participate. It's a virtual log
you can attend anywhere. Just go to jupiterbroadcasting.com
slash calendar for the live times, linuxactionshow.reddit.com
for the feedback and jupiterbroadcasting.com
slash contact to email us in directly.
We'll see you right back here next week and
thanks so much. Goodbye Wes. Say goodbye Wes.
Goodbye everybody. So, Ike, you're traveling up to the pacific northwest oh what yeah i'm gonna be in
portland uh well i'm leaving on saturday so i'm gonna be out there and i'm gonna be out in
hillsborough a lot as well for um i'm gonna be there for two weeks oh really two weeks is a nice
window yeah are you gonna have a vehicle are you are you do you have means i am not unfortunately
but you know there's methods
there may be there may be there because we have we have a fair amount of listeners in portland
uh because here's the thing west is what do you think uh the jb1 studios from portland that's
about a what three hour drive yeah uh depends on traffic but if we do it at the right time yeah
three hours we should be there yeah interesting that'd be fun ikey that would be that would be too much fun you know before what i want personally from you yeah so it's it's kind
of the whole user story thing and so i kind of like to get your views there and then as all
as opposed to you know like via text or you know remotely over the internet so you can just tell
me to be faced like this is a heap of shit, you bollocks.
Fix it, you know.
The hardcore user test case, I see.
Yeah.
Wow.
So how far out is that?
Two weeks?
Or you're going to be here for two weeks?
How far out is it?
So I'm leaving on Saturday.
I'm going to be getting burgers that night
because it's the end of the burger week, isn't it?
So I'm going to be getting me burgers that night it's the end of the burger week, isn't it? So I'm going to be getting me burgers that night.
Then there for a whole two weeks.
I'll be staying in Portland downtown.
Hanging with Linus.
I actually met him in Dublin last year.
I was presenting at LinuxCon Europe, so I saw him out the back there.
Yeah, LinuxCon is the place.
If you're going to have a chance to meet him, that's usually the place to do it.
He doesn't otherwise really like to attend.
Well, we also have conferences at work as well because my office is the Intel Jones – well, when I'm there, it's the Intel Jones Farm Campus over in Hillsborough.
So we have the conferences up in Washington, up in, you know, Skamania.
Yeah, yeah.
So, like, we go up there, and he's there as well.
So I've met him there a couple of times,
but the first time I ever met him, like,
I was kind of new at the whole thing,
and I was getting trolled and set up with him.
So I kind of went running in the other direction,
to be honest with you.
Sure, sure, yeah, I can understand.