LINUX Unplugged - Episode 217: That One Time, At Ubuntu Camp | LUP 217
Episode Date: October 4, 2017How does Ubuntu get built? Chris is back from the Ubuntu Rally in NYC and has a full report, some interviews & stories to share.Plus Jos Poortvliet & Frank Karlitschek join us to talk about NextCloud�...��s new End-to-end Encryption.
Transcript
Discussion (0)
Did you guys see that Google is going to be shipping?
It looks almost all but confirmed right now
that Google is going to offer a Google Home Mini October 19th for $50.
At least it'll be on pre-order October 19th.
So this is like to compete with the Echo Dot.
So they're really pushing into this Home, cheapo, automation stuff.
I think that's interesting.
That's interesting. Tech. I mean,
the thing is, of course, it sends everything
you do to Google.
Well, yeah.
Yeah, I'm not sure which company I trust more.
You know, that is, isn't that
a horrible position to be in, just to begin with?
That position itself is just awful.
Yeah, to have everything, you mean,
being Google.
Or even just having to pick between the worst evil.
Which evil do I want to utilize?
Do I want to utilize the evil that wants to track and sell ads?
It's like a past election cycle.
Right. Yeah, it is.
Or do I want to utilize the evil that wants to put a Walmart in my house?
Which one do I want to go with?
It's kind of awful.
Yeah, I mean, even if these companies don't necessarily do or want to do something evil
at the moment, first of all, they can inadvertently do something evil. You know, like with Facebook,
the effect it can have on elections is massive, even if they don't try to.
Right. Well, and also, it's sort of like the universe is constantly expanding the need for
profit is constantly expanding and when you've extinguished all your existing uh pass to revenue
you're gonna have to take it you almost legally have to take advantage of other paths to revenue
um absolutely that's the other thing right i mean there's this constant pressure i mean it's the
same with apple they're not doing a huge huge amount of good stuff when it comes to security
and privacy and all this
stuff, but you have to realize there's a
constant pressure on them to increase
their profits, and if they can't
keep selling more expensive iPhones,
I mean, at the moment, the maximum doesn't
seem in sight, but there will be a day that it'll
cost more than a car.
Then they're just going to start selling cars.
They're going to have to look for another business model.
Yes.
I'm buying a $10,000 iPhone.
Yeah.
The Daily Mail actually did an article today, 10 cars you could buy instead of an iPhone 10.
No kidding, right?
Yeah.
Let's not kid.
It is getting – they are literally getting to the cost.
These are really getting to the cost of a, you know, a used car.
That is really something, isn't it?
And, you know, so you have Apple that's kind of getting into this space with their HomePod in December.
And that'll be interesting to see what it can do if it does the base minimums and what it reports home.
And they appear to be doing a lot of investment in on-box hardware.
doing a lot of investment in on-box hardware. Like in the HomePod, they have an A8 Apple CPU to do a lot of local thinking instead of shunting it off to the cloud. Maybe that'll make it a more
competitive product. But right now, like Eric was just saying, it really, to me, feels like
I'm always constantly picking between the worst evil. Either it's iOS or Android, or it's Google Assistant or the Echo. It's
just all these different compromises in technology now.
This is Linux Unplugged, episode 217 for October 3rd, 2017.
Welcome to Linux Unplugged, your weekly Linux talk show that still smells a little bit like New York.
My name is Chris.
My name is Wes.
Hello, Wes. The beard's out today. I think he's trying to build a Gentoo box.
Is that right? He would be. That beard.
He's always building the Gentoo. I'm inspired.
You know, Wes, that's okay, though, because even without the beard, somehow, we are going to
manage to have a great show this week. Very
excited to be back. I've brought with me
all of the secrets from Canonical.
You look excited, chipper. You're talking
quick. I think you're stoked for some
Linux. I am fired up. You're right. I am
very fired up about this.
I had a great time in New York, had a great time
at the Ubuntu rally, and
I sought out to really figure out how a company like Canonical actually gets work done,
and I walked away with some real insights.
So we'll talk about those.
Got a couple of interviews we're going to play on the show.
Plus, we got some community news.
One story in particular that I'm so excited about, I almost want to do it twice on the show.
So we're not going to, but I almost want to.
I'm on guard for that now. You watch out.
I think it's going to be big.
Not only good, but I almost want to. I'm on guard for that now. You watch out. I think it's going to be big. Not only good, but also bad.
So it's one of those shows where it's really got a lot of stuff.
Plus, later on in the show, Frank and Yoss from NextCloud are going to join us and talk about the new client-side end-to-end encryption that they're rolling into NextCloud.
Exciting stuff.
They're doing it in a unique way that totally avoids browser compromises.
And unlike some other projects,
they're doing it with a bit of humble pie.
So I'll tell you about that.
Plus, our friends over at Canonical,
Hopi, has launched the Ubuntu Community Hub,
and we'll talk a little bit about that.
So much stuff to get into,
plus another Linux event that's just around the corner.
We can't go any further without saying hello to the virtual lug.
Time-appropriate greetings, Mumble Room.
Tommy Winey.
Hello.
Yeah.
Hello, guys.
So I don't have it for you today, but I think next week.
I think.
I'm thinking about it.
I want to make sure I'm ready.
But I think next week I'm going to review the Librem 15, the new Librem 15.
So I haven't talked a lot about it on the show.
I'm not sure how much I've said.
But you guys are probably, if you listen to the show for a while, familiar with my history with Purism.
And I crowdfunded one of their first laptops and literally their first laptop.
Several years ago.
And was underwhelmed in the results,
actually, though, in full disclosure,
still using it today as a production machine.
So how bad can it actually be?
But, you know, predominantly I had issues with the fan
and I kind of gave it a mixed review.
And over the last, I don't know, what has it been, two years,
Purism has decided to make good on the original machine and has shipped me, and I'm going to swap, I'm going to send back the old one, a brand new Librem 15.
Latest and greatest Librem 15 from Purism.
And I decided to put it to the ultimate test, and I took it with me.
It was the machine I took to the Ubuntu rally.
Is that right?
So I spent a lot of time with this machine.
You've lived it.
On the road, and so next week on the show, I'm going to try to give that a full review.
But this week, we have to talk about the Ubuntu rally, and we have to get into some community news first.
There's a story that I'm equally excited and equally freaked out about, and I think it's going to be great for people in production.
I think it's going to be great for Android handsets. I think it's going to be great for
lazy system on a chip users. It's going to be horrible for people that want new drivers. But
Linux is about to get an extended support version of the kernel like we've never seen before.
So you're familiar with things like Ubuntu LTS and Red Hat Enterprise Server. But one of the
things you might not really think about is one of the real values that these enterprise and LTS distributions is offering is a kernel that doesn't change that they backport all the shit to.
All the stuff that breaks, all the vulnerabilities.
Some companies call it hardware enablement.
There's different names for it.
But all these things that you push back into an older version of the kernel to kind of make it look like a new version of the kernel.
And your cynical host here has often called this a fork of Linux.
These distributions are a fork.
They don't ship mainstream, upstream Linux.
They fork it, and they run their own patches against it,
and you're running their fork of Linux.
Red Hat Enterprise Linux is their version of Linux
because there is no long-term support kernel.
As hard as great KH has worked over the years,
the longest support we have for a Linux kernel has been two years.
That's changing now.
Linux's LTS release will now be maintained for six years.
Hey-o.
That's a huge jump.
That's a long time.
Greg KH will still be maintaining the releases, beginning with kernel 4.4.
The LTS cycle is going to be extended for six years.
Now, that's big because a lot of Project Treble devices are using kernel 4.4.
Oh.
Kernel 4.14 is the next LTS release currently being worked on that would then be supported
until 2023.
That is a long time.
Yeah.
Maybe ship, maybe in time for 1804.
Wouldn't that be interesting?
Now, the downside, of course, is system-on-a-chip vendors could now focus exclusively on LTS releases and say, screw you, newer releases.
And that would suck because waiting around until after 2023 to get new versions of the drivers would really be a pain in my arse.
But overall, I picture running here in the studio, being able to run off the same kernel for six years,
I picture like running here in the studio, being able to run off the same kernel for six years,
what that functionally gets us is a real targetable, stable set of APIs for hardware manufacturers.
So your Blackmagics, your HodgePages, and all of your Reds,
all of the other people that are making camera hardware that has to talk to a host operating system are going to be in a better position if there's something they can target that stays stable for six years.
That's about as good as you're ever going to get on Windows and way better than you
get on the Mac.
You mean you won't have to install Ubuntu 10 just to get your driver's door?
Yeah, just to get your capture card to work, which is a thing.
It sure is a thing.
He's not kidding.
Yeah.
And I like this.
I think it's going to be good overall.
It's an interesting, like it seems to be like a coming together.
There's maybe an acknowledgement that this sort of thing is happening anyway.
So maybe if we make it official, it'll be better.
I'm on the fence.
I see what you're saying.
I really do like that.
It's good to have official support.
It's good to have long, stable things.
Linux is great for that.
But like your little snip earlier, lazy sysadmins, I'm dealing with a lot of that in my non-show life right now.
And so I just, it's another reason for people not to build.
Like change is hard.
It sucks.
Updates, things break. But like, unless you build that into your workflow and your day to day and
like have plans for it, and maybe if that plan is every six years, we will actually move. And if
that's viable, great. But if it's just another excuse to be surprised in six years when, oh,
no, we have to get a new kernel again. But because you haven't been practicing it every two years,
it's a lot harder. So I guess I should probably say what's really forced this change, this huge commitment change,
think about what two years versus six years is in the world of Linux.
I mean, damn, Greg, if you need a beer, let me know, because you're going to need several.
Are we even going to be running Linux in six years?
I don't know.
You know what's pushing this, right?
It's Project Treble from Googs.
It's Googs.
This is for Googs. I mean, this? It's Project Treble from Googs. It's Googs. This is for Googs.
I mean, this is for everybody, but it's for Googs.
Does that mean they won't run away and start running Fuchsia?
I hadn't even thought of that.
Is that what this is about?
I don't know.
It might be a factor, though.
Is this to prevent...
Because Googs is going to do what Googs wants to do.
That's just what they do.
Yeah, and Greg's clever enough to say,
all right,
this is what it takes to keep one of our biggest customers.
Yeah, hmm.
I like that.
You know what, Wes?
That gets me thinking.
That's what this show is about.
Plot twist.
Yeah, so that is a bit of a plot twist.
Speaking of plot twists, Fedora 27 is out.
At least the beta. Oh, wow.
I should have.
Jeez.
Hey, will you just edit that part out where I said it like that? No, it's the beta release of Fedora 27 is out. At least the beta. Oh, wow. I should have... Jeez. Hey, will you just edit that part out where I said it like that? No, it's the beta release of Fedora 27. And there's not a lot
to report here other than you're going to get GNOME 3.26, which means you're going to get the
new display changes and the new network configuration panels, as well as the overall
settings panel improvements. But I thought I was curious, I was watching to see how would
the Fedora project, you know, one of the bastions of GNOME 3, how would they handle GNOME dropping
the system tray? Which to me feels still like a little user hostile. GNOME says they're doing it
for users because tray icons take away your control.
But to me, it's like, well, yeah, but I need that control over things like Dropbox and Skype, you know, Nextcloud.
So how does Fedora handle this?
Are they going to ship top icons by default?
Are they going to patch GNOME Shell?
They're kind of right in the middle.
Yeah.
So, well, we now know.
So the system search now shows more results at once, which is nice.
And also, this is a direct quote, and also the antiquated system tray has been removed to reduce visual clutter and confusion.
The top icons extension is available for use with any application that have not updated yet.
Yeah, they basically are. They're all in on the same thing that GNOME's doing.
Yeah, they are. What do you think of that?
It's awful, but not
surprising in any way whatsoever. So you think it's also
user-hostile, or am I just being a snowflake here?
It's absolutely user-hostile
in the sense that the entire
community, one of the most popular
extensions of GNOME extensions is
Top Icon, which is the reason why it's one of the most popular. So GNOME extensions is TopIcon. The reason why it's one of the most
popular.
They're like, oh, community,
you like this extension?
Nah, screw it.
We're going to go ahead and remove that.
They're kicking the legacy applications to the curb.
Just, you know, screw you guys.
That's not even the worst part.
The fact that they're removing the tray is annoying.
It's the fact that they're removing the API, which makes it broken.
Okay.
So, like, in the top icons, people announced that they're going to deprecate it.
So, yes, Fedora, you're right.
It is available for now.
Right.
But they've also said that it's gone.
So, you know, because the GTK4 API has has removed it entirely top icon just breaks right so this is an
interesting split in the different implementations we now see of gnome shell this particular change
by gnome shell is going to force all the different distro maintainers that ship gnome as their default
desktop to show their cards we already know what 1710 is doing what's anagross going to do what's
manjaro going to do what's you know all these already know what 1710 is doing. What's Anagross going to do? What's Manjaro going to do?
All these different distributions that ship Gnome by
default, what are they going to do? They're all going to have to share
their cards on the table and show
are they going to switch over to shipping
an extension installed by default?
Are they going to ship mainstream Gnome without
this critical user functionality feature?
I find this to be a fascinating
little rift that's developing here.
Now we see where Fedora falls on this line.
So keep your eyes out for more details on that really soon.
It's interesting to see how do we handle breaking or non-breaking changes.
And I'm sure they're limited by having to support these old APIs.
How long should that be?
How do we deal with legacy apps that won't be motivated to adopt Linux mainstream?
Or when is Linux mainstream changing too fast?
I don't know.
That's exactly what I was thinking.
You know, you've got Skype, you've got Dropbox.
Are they going to care?
Well, even if they care, these are companies that can take a year or more to shift directions
and support new things.
So, Producer Michael, what I'm worried about here is, and I've said this before,
but it's not that it's a bad idea in totality.
What it is, is that it is an idea
that is based on idealism,
like as if they can set the direction
of desktop application development.
Do you agree?
That's what they think, yeah.
It's the main thing is that
if you look at all environments,
you know, even there's an implementation for mac
and there definitely is for windows but so these companies are making it so that they feel like
it's the same experience throughout so that system tray icons is something that they're used to and
people are used to so while it's maybe not an ideal solution in their opinion it's still the
norm and it's still what people expect to exist. So they just remove it because they want to.
So I think if you look at the Mac, the Mac would be an example of a platform that will often do this.
They'll try to force application developers to support certain features.
But even one of the compromises on a Mac, if you look at any power user, Mac power user's desktop,
they've got tons of icons up in that menu bar.
They've got Dropboxes up there.
There's tons of applications up there.
So the Mac has the same problem.
Even Apple can't get away from this.
So I find it interesting using the word obsolete i'm looking at my area in the top right
hand corner of my screen and i'm seeing telegram wire discord steam dropbox how much which of those
are obsolete and who decided who became king of the desktop and decided those were obsolete because
those are all current applications that i can install right now latest bleeding edge versions and they all have icons in that area and i value
them having them yeah but that's that's almost different i mean you say that but it's it's
somewhat pointed in that like i i agree with your point but they could still all be using a legacy
api i'm not saying that the judgment of legacy is correct but like them being like them being
up to date it doesn't matter at all to this discussion i think it's very in mind that
linux users are a niche already and people who use the gnome desktop are a niche within the niche
yes so throw your weight around to say that everyone else who's outside of this bubble
is a legacy product is ludicrously arrogant in my mind because the fact remains all these
developers have to go around changing all this stuff because a niche of a niche want them to
and i think that's that's just pushing it a bit too far i couldn't say it better myself it's
certainly bad politics as somebody who likes the gnome desktop i couldn't say it better myself
well put um that's i think, okay, so that's our thoughts
on it. And I'm curious to see where it goes. And I will also, if it seems that application
developers take note and they begin updating their applications to support the new APIs,
I will be the first person here reporting it. So we will keep you updated. But I completely
agree with Pobi's assessment and Producer Michael's assessment. I want to take a moment,
I just got back from New York
but I can't stay still. This
Friday, October 6th and 7th
I'm going to be
at Seagull with
Mr. West. That's right. And Ange.
Ange is going to go too. And Seagull is
sort of a grassroots tech
conference. It's a GNU slash Linux
conference that respects your privacy.
And we're going to do a meetup there. If you'd like join us go to meetup.com slash jupiter broadcasting for this
friday and we'll be there rocking it out interviewing people yeah i'm giving a talk
there so it'll be fun for everyone what how did you did we did i know that and i forget i mean i
did i legitimately forget a few things about this but did you tell me that i swear i did it was a
while ago i think it was way back when it was first accepted, which was ages ago now.
Wow.
Yeah.
Okay.
That kind of rings a bell.
What are you giving a talk about?
I'm giving a talk about my dear friend Clojure.
Actually, ClojureScript.
And maybe why Linux admins might find it a great way to write shell scripts.
So you maniac.
What day is that?
That's on Friday.
Oh, that's the day I'm going to be there.
I'm going to be there on Friday.
Oh, yeah.
Clojure.
Oh, yeah.
Right here. There you are. Room
3179 by Mr. Westpain.
Look at you. That's right. Look at you.
So if you want to see me there, and of course, I'll be
hanging out all day. So, yeah, love to see
JB people in attendance. Yeah, that would be
awesome. And we will be
doing some interviews. We'll play. Seagull is new-ish.
It's been going around for a few
years. Eric, didn't you go like
three years ago or something like that? Oh, gosh. Yeah, it had to be a good three years ago yeah so we've been we've
been battling last yeah and and so ever since you know we we started really when eric was like okay
we got to start covering this but the timing is constantly in conflict with other events and so
this year we're going to try to make an effort to go down there and uh it's october 6th if you
want to go there when we're going to be there.
And Wes's talk, Mr. Wes's talk, looks like it begins at 1045 Pacific Time if you want to catch that in room 3179.
How about that?
That's right.
I got the address in the show notes too, and we got the meetup page, meetup.com slash Jupiter Broadcasting.
If you want to get it.
Look at that.
We already got a few people going.
Heck yes.
That's awesome.
Well, that'll be really cool.
So Siegel, I've never been, but I'm curious about it.
And what made you decide to give a talk?
We were hanging out with them.
Some people who put it on at Linux Fest.
And they were just talking it up that they're trying to get a broader range.
So Linux is definitely there, but they wanted topics about general programming, DevOps,
cloud, automation.
I noticed your talk is not for Linux.
It's closure for Unix hackers. Well, I mean, I, cloud, automation. I noticed your talk is not for Linux. It's closure for Unix hackers.
Well, I mean, I wanted to be inclusive.
Node runs on lots of platforms.
You think Alan Jude's going to this thing?
Well, you know, I mean, I wish.
I should have sent him an invitation, I suppose.
You know, that guy just got a MacBook.
I saw that on Twitter.
Is that right?
Yeah, you do need to have a big umbrella
because you've got to include him.
Yeah, so if you want to go, it's seagull.org.
And you can find out more information in our show notes and meetup.com slash Jupiter Broadcasting to go to that.
I think just Friday for me, I think, is what we're going to do.
We'll probably go during midday.
That makes sense.
I think it starts at like 9 a.m.
Yeah, I think so.
There's a lot of events going on.
It's that season, I guess.
Yeah.
And we've got to get to the Ubuntu Rally stuff.
I just have a couple of more community news items
I just want to mention briefly.
And there's one story that...
Actually, let's see if the Discord chat room
can guess what story I'm about to talk about next.
There is one story in open-source news that never dies. And I'll give
you a hint. It is they're running Linux, and they're going to switch away from Linux. And
then they're going to run Linux again, and then they're going to switch away from Linux again.
If you can guess what story I'm about to talk about in the Discord room, you get,
I don't know, five internet points for the day. But first, I'll mention Linux Academy.
Linuxacademy.com slash unplugged.
It's a platform to learn more about Linux and get critical thinking and troubleshooting on Linux, too, which is, I think, incredibly valuable.
And it's a great way to learn new skills and advance your career.
It's really a platform for all of that.
Linuxacademy.com slash unplugged is where you go to support the show.
You're smart enough to guess how that works.
They track the fact that you went to that website,
so they know that it's worth spending money here.
But also, you can sign up for a free seven-day trial.
Everybody wins!
It's funny how that works.
We don't have to track all of the things.
We don't have to have deep metrics about your usage.
You just go to linuxacademy.com slash unplugged,
and this show stays on the air,
and you get a seven-day free trial for a platform that gives you self-paced, in-depth video courses on every frickin' league.
Linux and cloud and gosh darn DevOps topic out there.
I mean, hoo-wee, Wes.
Hoo-wee, Wes.
Hoo-wee.
Also, hands-on scenario-based labs that give you real experiences on real servers.
You get to SSHN to a virtual server that they'll spin up on demand.
But what if I only know Ubuntu?
I really need to learn some Red Hat.
You know what, Wes?
I got great news for you, Wes.
You just choose the distribution and kapow, all of the courseware and them virtual machines
automatically switch over to match that choice.
Boom, Wes.
They also have learning paths.
So say you just want a series of courses and content that's been planned by their instructors
for like a specific track.
They got that. If you're going for certs, they got training for that. They got practice exams. They have all kinds of different planning and scheduling systems. If you're busy,
maybe you own your own business, you've got three kids and you travel often, it can be hard. And
they've got systems that'll help you plan for that. They got a community stack full of Jupiter
Broadcasting members. They have iOS and Android apps so you can study on the go.
And they have offline lesson audio notebooks and tools to help you study,
even without the Internet.
I know, without the Internet.
Can you believe such a thing even exists?
LinuxAcademy.com slash unplugged.
What a platform.
You're constantly getting new courseware.
They're retrofitting old courseware.
Instructor mentoring.
Actual human beings are available whenever you need it.
You get value out of that membership.
LinuxAcademy.com slash unplugged.
And a big thank you to Linux Academy for sponsoring this year's Linux Unplugged program.
LinuxAcademy.com slash unplugged.
They're amazing.
So I got a guess for you.
Patrick, quit your quiz there?
Yeah.
I think the answer is the JB Studio.
Oh, did you come up with that on your own?
That's right to the core, right to the core.
Oh, you son of a...
No, wait, that's not it.
It's Linux in here.
What am I saying?
Yeah, although I got to...
It's funny you say that because this morning,
GNOME 3 was working on the OBS machine
except for I can't move any windows.
I can't resize any windows.
Why would you want to do that?
The applications menu won't come up,
and dash to dock was totally locked up.
Outside of that, though, OBS is working great.
Perfect, beautiful.
And so I was like, oh, shit, why did I switch this to Linux?
No, it's Munich.
It is Munich.
And the open source pioneer, as Tech Republic calls it,
and something about this story, it just won't die.
I honestly feel like I've been covering this story for 10 years.
Yeah, pretty much.
I think I have been.
I think I literally have.
You started using Linux.
This happened ever since.
I really can't believe I'm still talking about this.
Honestly, a little just befuddled by it.
But if you look at the situation, it's kind of obvious it was going to go this way.
Now that we know 10 years later everything we know.
And it's been back and forth, on and off.
Are they going to switch to Windows?
Are they not?
And the final decision isn't actually even made yet.
It's not going to be until November this year.
Wow.
But it does appear to be going not in Linux's favor because the council has already begun work.
The council.
It sounds like this is something out of a sci-fi movie. The council has already begun work to switch to
freaking Microsoft Exchange. And they say it with some rather, I don't know, like, I don't know.
Maybe I'm reading too much into this, but I feel like there's a little bit of spite in this quote
that Tech Republic got. And here's the quote. The city will use Microsoft Exchange.
It will be used for mail and calendar.
So Colab will not be used anymore.
That's the entire quote.
Ugh.
Ouch.
Yeah.
And so we'll find out what happens with the desktops.
But generally, when you're switching to Exchange and Outlook,
it's slightly harder to use Linux.
Yeah, just a bit.
Although, you know, if you can get by with Office 365, you've got the web.
Now, we don't really need to worry too much about this because, first of all, they rolled their old Linux distro.
And second of all, we all know that the Windows kingdom is at risk as Apple and Linux operating systems post record gross.
This is an article from Softpedia News.
And it's...
Why am I...
I got a little tingle going on here.
Something's...
Something's not quite right.
Yeah.
Yeah, well, here's the article.
And I've been seeing this float around all day today, so I thought we'd talk about it
here for a moment.
Windows is currently the leading choice for desktop operating systems, the article says.
Obviously, everybody knows that.
And the cited source says this.
That's literally what the article says. Obviously, everybody knows that. And the cited source says this. That's literally what the article says. With no less than 88.88%, 88.88%, everybody, of the computers
across the world are running that Windows operating system. Now, the Apple Mac, the
runner-up, has 6.29%, and Linux comes in at a third with 4.83%. Only, or damn near 5%, everybody. I have no data to go off of,
but when I hear that the Mac is at 6%, that sounds like bullshit. And when I hear that
Linux is at 4%, that sounds like bullshit. And I'm not sure which one is exaggerated.
But if you were to go by these numbers, Linux is way up. It has jumped from 3.37, yes, 3.37%, from last month, or I guess, no, maybe May, I think that's what it was, to 4.83%.
So the growth is impressive, to say the least.
And I think back in May, it was like 1.99%.
So are these net market share numbers?
Yes.
Like the usual source?
Yes.
Net market share for the month of September.
Okay.
Well, I'm not going to hold in any hopes here.
Let's let it sit for a few months, see if we stabilize or if it's just a weird fluke.
All of these are bullshit numbers.
Yeah, right?
They're all bullshit numbers.
But one of the things that's interesting is all the different bullshit number tracking systems, with the exception of the Steam, which is a separate, the Steam
hardware survey, which is a whole separate thing.
Yeah, definitely.
All of the other ones are actually showing a legitimate increase in Linux usage.
So while I feel like in isolation, they're each bullshit, in totality, they are all reflecting
an increase in Linux desktop share.
We're going to do a meta survey here, publish some results, try to weed out the bad ones.
I mean, none of them are showing a decrease, so that's notable.
Definitely.
In Linux Action News 18 or 19, I did a breakdown of how some of these market numbers are collected,
and it is really crap. But the Steam hardware survey is a separate problem. So that's the one
area where Linux is continuing to decline month over month, decline in total percentage of Steam users.
And that's the key right there.
Steam itself is growing at an incredible clip.
And Linux users are not declining, but they're just becoming a smaller minority.
So the Steam hardware survey being the exception to that.
And it's just different mix.
Go on, Eric.
Did anybody ever see
the NetMarketShares preliminary
report for this past September?
I don't think so.
They were publishing their preliminary
report at like 6.97%
Linux market share.
And I was just like, nope,
there's no way. That means it would have had to
double in one month. measure all devices, that's a useless statistic. You almost need to measure influences or active
users or I don't know. There's another metric out there where I think Linux has a much higher
percentage usage. I mean, there's hundreds of thousands of people that listen to Jupyter
broadcasting shows. So there's got to be an audience out there. I mean, it's not like it's
just 10 people downloading over and over again.
And think of all the people Noah's switching every day.
Yeah, exactly.
The Stain thing is also a thing where I've only been asked to do the hardware survey once ever.
Once ever.
Same.
Once ever.
Totally.
And you know what's funny is we have one Windows system that I'll boot up every now and then in here, and that thing's gotten it a couple times. Yeah, right.
Mine too.
It's like I have two Linux machines, one Windows.
Somehow the Windows always gets in the survey.
It's like, okay, well, this is now representative.
Well, I should say before we go any further, I should say thank you to you in particular,
End of the Beard, for filling in last week.
Hey, it was a lot of fun.
I caught some of the episode as data allowed, but I was impressed at how many Wi-Fi access
points are open out there
on the road.
Is that right?
And disappointed in how freaking many of them have captures.
Just so annoying.
And then the captures where you have to reconnect after an hour or stuff.
Right.
So I tried to listen to a bit of it, and I caught some of it live.
So thank you for filling in.
Oh, my pleasure.
But on top of that, you and Mike banged out a whole plethora of Coder Radio.
I think Coder's done now?
Is that how it works?
I think so.
I legitimately came in today.
I'm like,
well, I think I'm probably
going to have to record
a Coder Radio today.
And Beard's like,
nah, I wested three of them
on Friday.
Excellent.
I was like, holy crap.
Okay.
Well, all right.
Hopefully that makes things
a bit easier for you
getting back here
and focused on Unplugged.
So thank you very much for that.
If time allows,
I'll have to buy you lunch
on Friday when we go to Seagull.
I think that's only fair.
So you should make it a nice one.
Remember that place we went
when we went to the Open Daylight Summit?
There is one of those in downtown, too.
That was good.
I think I'm going to bring the vlog camera with me, too.
Of course.
It's all content, baby.
Yeah, that's right.
But before we keep going about the new trip trip i should probably talk about the last trip
yeah going to new york uh new york city and uh hanging out at the ubuntu rally i had always been
curious because often after a big canonical event poppy and wimpy will join us and i'll ask him
probing questions about it but i I didn't have the context.
And so we only got that tiny slice of what it was like, what was really happening.
Right.
And plus, you know, you know, they could leave out something or, you know, they could be
excluding something, you know, like, oh, you know, 90 percent of people are screwing off
and like 10 percent of the people that are actually the people getting work done, which
the only reason I say that is because I have been to company work events like that.
And that's what it's like. You talk to one person
to a totally different experience. And I'm always the guy doing
the work too. So it was, I was
really, really genuinely curious
how Canonical gets
something like this done. And this is the first
time they'd ever called it an Ubuntu
rally. You know, you've had
different conferences. It's like a conference
for Canonical employees and
certain community members that get brought in. And it's particularly unique to them because they, more so than a lot
of companies, have a lot of people working from home, a lot of remote working. And so they get
brought together very rarely. And that gives it a kind of a unique energy and twist. And so that's
another reason it really piqued my interest and why I was willing to drive in a tiny, compact car from Seattle to New York.
Yeah, wow.
That is impressive.
I don't think I'll ever do again.
I'm glad I did it once, I think.
Yeah, but I don't think I'll ever do it again.
So I definitely want to talk about the Ubuntu rally.
definitely want to talk about the Ubuntu Rally. And if you want to see sort of my best attempt at combining three days into one video and giving you a sense of what it would like to be attend,
to be an attendee at the Ubuntu Rally, I have posted on my vlog, I have posted vlog 58 inside
the Ubuntu Rally. And it's nine minutes and 55 seconds long.
And it encapsulates three days at the Ubuntu rally.
And it sort of gives you a sense of what it's like to be there, at least for one day.
And I would encourage you to watch it because a lot of effort went into making that.
And if you find it enjoyable, I would ask that you would maybe share it with somebody
or retweet it or something like that if you enjoyed it.
And if you didn't, let me know what you didn't like about it and i'll try to make it better
in the future and i have that embedded in the show notes if you want to check that out but i
did seems like an interesting just sorry to go ahead it seems like an interesting sort of um
vantage in that it's very much like obviously there's pluses and minuses you know canonical
as a company but i feel like there's a lot of people maybe not even linux people that might
identify with that sort of thing they're used to to seeing Microsoft and Apple events. They're used to
understanding the culture in that kind of way. And so maybe if they don't, they're not driven to
Ubuntu in terms of, oh, here's this weird open source community thing. Maybe seeing this, seeing
the amount of work, seeing the culture, seeing the people who are doing it, it seems like a unique
way to connect with the company. It gave me a great perspective on not only how a worldwide company does something like this.
And holy, humbling, as a small business owner, a humbling sense of the amount of investment that Mark and Canonical put into something like that.
My room, my bedroom alone, my one room that I paid for out of my own pocket was $470 a night.
And Canonical employees got a discount, but not much, not, and employees didn't pay
it, Canonical did.
So they got a group rate, but it was a group rate that wasn't very significant because
I know what the group rate was.
And so just the outlay on the rooms, because they had dozens of conference rooms, they
had an entire plaza area, They had a huge keynote room.
The flights of all of the community members and the canonical members that went out there,
plus their rooms, was a substantial investment. Easily, easily in the millions. Because just the
equipment, Noah and I went through the equipment they use in the keynote room,
and we are familiar with how much it costs to ship equipment.
Just the equipment alone, $25,000 in shipment and equipment.
So just an incredible outlay.
They're doing it right.
And you think about it, though.
They don't have an office space, right?
They don't have a huge building in downtown London, right?
So this is, they bring everybody together a couple of times a year.
And so it's not an unbelievable outlay,
but holy smokes, it's a hell of an outlay.
It is really something.
So I want to talk about that.
I got a couple of clips I want to play,
an interview with Daniel Foray I want to talk about,
which I thought turned out really great.
So first I'm going to mention DigitalOcean.
Go to digitalocean.com, create an account,
and use our promo code D-O-Unplugged.
D-O-Unplugged, all one word, you apply it
to your account after you've created
the account and then you get the $10 credit.
It's a really simple infrastructure
that you can spin up and control
on demand with an entire stack of
Linux and Docker
and an application ready to go or just a bare Linux
installation or even free BSD.
They've got lots of distributions you can choose from.
Everything's SSD and the base rate starts at just $5 a month.
And you can get deployed within seconds.
Now, I had a chance, since I got back, to play with their new object storage.
This is way different than what I was expecting.
Is that right?
What were you expecting?
I was expecting, essentially, a straight-up S3 competitor.
And it is.
It is.
But it's an S3 competitor that human beings can use.
It's so great because if you want, you can pragmatically define storage, destroy storage, use storage.
You can take advantage of their API.
I mean, it's full on object storage.
But if you just want to use it as a place to upload files and give someone a public URL and they get a crazy fast download that has a time expiring link, you can just use it as that. It's so easy.
It's nuts, man. So you go into the dashboard, you create your object storage, your space,
and then you upload a file and immediately everything by default is private. And then
you can choose which goes public and then everything gets a URL, which you can use
pragmatically, or you can just go into the dashboard and say generate me a url and you can just share a url and so i was
sending files to noah today and i'm like this is going to be destroyed in seven days here you go
here's the url and when i was i was saturating our 100 megabit connection here at the studio
when i was pulling up saturating it so space is and you and you just turn it on. They have a trial right now.
The pricing is ridiculously great.
You can try it two months for absolutely free.
It's scalable storage.
It's available as a standalone service outside of DigitalOcean.
You don't have to have a droplet spun up to take advantage of it.
And you can get started in just an instant.
Yeah.
And the API is S3 compatible.
So if you have tools that work with S3, ship it up to Jadio.
I think you'll find their network, their transit costs much more reasonable.
It's so fast.
And, you know, I was thinking, too, like in regards to the API, I could really see JBot taking advantage of something like this because we could give JBot the ability to programmatically create a storage space it needs, dump files in there like cache files, avatar files.
If people in the chat room want to be able to transfer files between
IRC and discord like it could
generate the temporary storage store the file there
transfer the file destroy the storage
like a bot could do all of this
stuff and it's just so
easy to use or if you just
if you just want to like drag files from your desktop in your
web browser and generate a URL you can do that
it just works it just works it's like a
yeah like you said a real real human could use it.
I mean,
I never thought it would be this cool.
So you can check it out. Go to digitalocean.com,
create the account, and then
use our promo code DLUnplugged.
And they also have a two-month trial right now.
You can just try it for free, the new object storage
spaces. It's so cool. There's a lot
of great features over at DigitalOcean, but object storage
might be my new favorite. DigitalOcean.com, create the promo code D-O-U-N-P-L-U-G-D, and a big thank
you to DigitalOcean for sponsoring this show and for creating Spaces. I am going to use the S out
of Spaces. Very excited about that. Just use our promo code D-O-U-N-P-L-U-G-D to get that $10 credit.
credit. All right. So let's talk about the Ubuntu rally. I got there Sunday night and it was a long haul. It was like six or seven days of driving. And I got there and I mean, I couldn't have nailed
the timing any better. We got there and they were all going out to dinner and I was like,
oh, I want to go. I want to go. It was perfect. And I but I thought I'd talk I talk a little bit about what it was like to go as an attendee for a moment
because there was a feel to the room and that feel was there is a responsibility to get work done.
Like the people there understood the outlay that Canonical had spent to make it all happen.
And so everybody felt a sense of we've got to get work done.
And I thought Mark did a good job of reminding everybody we are here to work.
So you carry a lot of responsibilities.
And so for that reason, I want to ask you not to take the expression that this is a city that never sleeps as a personal challenge.
This is an incredible environment.
I'm delighted to have us here.
You know, I like going to kind of out-of-the-way places where there's at least one extra leg
just to torture everybody.
But mainly, actually, so that we can be in special places that you may never otherwise
get to, but you might read about them on, you know, travel or, you know, some interesting
blog.
I thought that was an interesting point he makes.
So one of the, essentially what Mark is saying here is, first of all, don't party too much because we're all here to get some work done.
And second of all, he's saying one of the perks of being a canonical employee is every now and then you get to go to these places that you really only kind of read about.
And isn't that true?
Like, I've never been to New York and I'm not even a canonical employee.
Like, I went to New York because of this canonical event. Like, when they create a gravitational pull around something, people come to an area they've never been to
before. And that is kind of a unique perk to a company. And then he kind of goes to set a little
more of the tone of why folks are here. I like to go to those places. We get to go to those places
as part of our work. And it makes for sort of a special dimension to life at Canonical and in Ubuntu.
But occasionally, there is reason for us to come somewhere where pretty much everybody has direct flights.
And this is one such occasion.
So make the most of it.
But please don't be that person that lets your team down because you just went
wild.
Go wild and get some sleep.
And so the tone was sort of set, like, we chose New York for a very specific reason.
Everybody can have a direct flight, and we're all here to get some work done.
And the focus was specifically set when Mark started to drop some numbers about the usage
of the Ubuntu LTS releases.
The data are pretty simple.
An LTS gets about 10x the utilization of a non-LTS,
and, sorry, of all the non-LTSs,
and about, therefore, about 20x the average non-LTS release.
So to make that clear, an LTS release gets 20x the amount of users,
20x the amount of users as a non-LTS release.
So it really counts. Use that information, use that data to shape your choices this week about what you're going to try and get done.
So that's Mark setting the focus. This is our priority. Make sure it impacts the LTS release because this is the release that matters most to Ubuntu users.
And with that, it was essentially it.
Mark set the tone and everybody got to work.
That's awesome.
So I wanted to get a sense, and we're going to talk to both Wimpy and Popier here.
We're going to talk to them in just a moment.
But I wanted to get a sense from a fellow outsider.
What was your impression of this?
Because I could ask the people that work for the company, but there's going to be a certain familiarity.
So I wanted to ask somebody who came from the outside, small business owner, who was there at this event that could share a perspective with me.
And so I sat down with the founder of Elementary LLC.
You guys may be familiar with.
My name is Daniel Foray, and I'm from Sacramento, California.
You guys know Daniel Foray.
And so Daniel sat down with me, and I asked him what it felt like to be an outsider at this Ubuntu event.
Well, I definitely feel actually super at home at these events.
I don't know if a lot of people know, but I used to do contracting work for Canonical on their design team.
So I used to attend UDS and all that.
So it's nice to see a lot of familiar faces.
I have a lot of friends that are still working at Canonical.
So, yeah, I really enjoy being here and getting to see those people again.
And it's definitely nice to reconnect with them.
And I feel like the people that I hadn't met before are really easy to get along with.
Everybody's really welcoming.
There's a culture of outreach within Canonical where people want to make, I guess, the wider open source community members feel like they're welcome and important and their feedback matters.
I thought that was an interesting point because I think a culture of outreach might be something that I'd also say I felt was present there.
And it was obvious why I wanted to go from a Linux journalism standpoint.
It was obvious why I wanted to be there.
But what was really the value for elementary and for Daniel for being there?
Even if we come back and don't ever ship snaps, just being here, we've been able to get different issues that we have in front of people and have them be able to go, Oh, yeah, okay, you know,
I saw that in the bug tracker, but I didn't get around to it. Or, oh, you know, you need to talk
to this person about that. Or I think just being able to network is really valuable. I know that
we've already had a couple of instances where we identified a couple issues in Snap that were
rapidly either addressed or confirmed in the issue tracker. So I think the FaceTime really helps.
And like I said, I think the wider effect, even outside of Snaps, is being able to communicate with people that are involved in different parts of the desktop team maybe because Ubuntu is our upstream.
Very true.
And I thought that was a great point.
So I thought, OK, Daniel, well, let's ask you something that's maybe a little uncomfortable because you've been fairly positive so far.
a little uncomfortable because you've been fairly positive so far. How has the switch from Unity 7 to GNOME and all of the changes in Ubuntu 17.10 screwed things up for L.M.L.T.R.E.O.S.? How has
it really messed things up? In a lot of ways, actually, that the change is positive for us
because there's less overlap between what happens in our desktop environment and what happens in Ubuntu. I know that we've had issues in the past where Ubuntu was carrying a patched version of GDK
or only had certain libraries that only worked in Ubuntu.
And so our kind of wider fan base, I guess, on other distributions
who are trying to leverage our source code there were we're having problems because it was very Ubuntu specific. And we're also a little more disconnected
from upstream libraries like GLib and GNOME and things like that. So I think with Ubuntu's move
to a more vanilla kind of GNOME experience, and also trying to pull in newer versions of the
packages, that it's helped us out a lot, not having to worry so much
about breaking changes from patches and backports and things like that.
And, you know, he wasn't the only person I heard that from.
That was actually kind of a common sentiment that I heard is that actually these changes
have all been pretty much for the positive.
Neil was there from the Fedora project.
He said kind of the same thing, essentially.
He had more perspectives on different issues that he wanted addressed.
essentially he had yeah you had more perspectives and different issues that he wanted to address and i thought overall everybody was sort of there in part of the conversation everybody was at least
part of the conversation and i i would say so picture picture it's a hotel room and you have
you have a couple of different floors of this hotel room you have conference room floor and
floor 14 which are really decked out for having meetings.
And Canonical has co-opted all of these meeting spaces.
And you just have a laser printer or dot matrix or whatnot, not dot matrix, but a printout on the door.
It's like, this is the kernel room.
This is the software as a service room.
This is the snap room, right?
And you have these.
And this is you go in there, and if you have a question for that team, like Noah and I, there was a great interview that aired yesterday on Ask Noah with one of the Canonical employees who's working on Weyland and Mir.
And so we just had questions about like, what are you guys struggling with?
And so we just walk into that room and just start asking them questions.
And that just aired yesterday in Ask Noah if you want to check that out.
And so it's the second half of the show.
Really great interview.
Also, they talk in there about what they might do if Waylon totally bombs in 1710 and what their backup plans might be.
That's in the Ask Noah interview.
But the room that I think I found to be the most fun to hang out in,
the most interesting to hang out in, would be the Snap Room.
So here's a little bit from that.
So Noah and I are crashing the Snap Craft Room right now because there's a good mix of different companies and projects all in one space so this is
sort of a microcosm of the entire event so it's one of our favorite rooms to hang out in and of
course our buddy wimpy's over there too and i wouldn't say it was the biggest room of the event
but there did seem to be a lot of buzz and a lot of different eclectic companies in there, eh, Wimpy?
Yeah, it was quite the collection. Yeah, that was where most of the people that were invited
from the community or from ISVs were doing their work.
And I saw your Google Plus post. You mentioned there was some of those different vendors
where I think Microsoft was on the list.
Yeah, so we had people from,
we had three representatives,
well, four representatives from three Microsoft teams.
So we had two guys from the.NET team there,
one guy from the Visual Studio Code team,
and one guy from the Skype for Linux team. What do you think? I mean, this is, wow. I'm now just sort of taking in totality
your sort of trajectory here with Canonical. And you just found yourself smack dab in the middle of probably one of the
more important rooms at a very important canonical event with very important companies and projects
and they're trying to produce packages around very important applications how do you feel about all
that well see you were experiencing that for the first time and what we're doing day to day is talking to the likes of those guys
and community projects as well and assisting them from afar and giving them some technical advice
and representing their requirements in terms of you know development resources and capabilities
and things like that but doing that from afar
when they're not tasked necessarily to work on particular things with a high degree of priority
having all of those people in a room for a week and also putting the right people from canonical
around them really accelerated a lot of what we were all trying to achieve and work on so it was
a very energetic room to be in,
and I thoroughly enjoyed the week.
It was absolutely fabulous.
How are you feeling?
I'm just about getting over the jet lag.
I bet.
Yeah, I somehow messed up my sleeping when I got back.
But, yeah, I'm just about over that now.
But, yes, it was a brilliant week.
We obviously had some exciting companies there
working alongside us.
And also we've heard from Daniel.
We also had Alish and Scarlett
from Blue Systems and KDE.
They were doing some fantastic work there.
They've really expanded the portfolio
of their applications that have snapped up. Yeah, and it was great to actually meet someone KDE, they were doing some fantastic work there. They've really expanded the portfolio, um, of
their applications that are snapped up. Yeah. And it was great to actually meet someone from
blue systems. That was, yeah. Yeah. Quite the, quite the rare opportunity. Um, yeah. And then
of course, you know, Daniel and I key from, from my point of view had some great, um, over a beer
conversations with, with them and, and with cody and the kde guys
in the evening um because you know i've got a passion project which is a desktop distro and
talking to other people working on linux desktop projects and getting their take on things and
insight on things it's the kind of conversations you can't have effectively over slack and IRC. So that, that, you know, Daniel said that kind
of FaceTime, even if it's not necessarily working on stuff, but just in the evening,
talking about all sorts of things like crowdfunding and stuff like that was,
was really fascinating as well. Yeah. I had a, I had a definite moment where I was,
there was a few, you know, celebrities as far as I'm concerned, did rocks and others that are, they're creating code that really impact my
daily life.
It's like, oh, it's so cool to meet that person and put a real voice and a face to the name.
I thought that right there in itself was very, very invaluable.
I also noticed, and I was wondering, Popey, if this was sort of maybe as a result of some
of the collaboration and work at the Ubuntu Rally that the new community site is launched today.
Yeah, thanks for mentioning that.
Community.ubuntu.com.
It kind of has been worked on for a few weeks now, but we got it solidified last week.
We were going to launch a kind of prototype version of the
site but uh we had a nice conversation with our canonical is people and they decided to
spin up a well um managed and robust version of course for our community site which replaces a static old crusty site that nobody ever maintained um so hopefully
that will uh see a lot more um active use yeah it looks really nice and i see a lot of uh well-known
names from canonical participating in the community over there too so that's a kind of a neat thing
um yeah what was your takeaway from the ubuntu rally as as compared to previous events and
sort of your historical perspective with Canonical?
What did you think of it?
It's funny you mentioned that and you played the chat with Daniel from elementary.
When he mentioned the fact that he'd been to previous Ubuntu developer summits or UDSs as we call them, I just looked up and the first UDS I went to was in 2007.
Wow.
I just looked up and the first UDS I went to was in 2007.
Wow. So over 10 years ago was my first UDS.
And I paid my own way to go to my first UDS as a community guy in Seville in Spain.
And Mark's right.
Like with Canonical, you get to visit a lot of interesting places.
There's no way I would have chosen to go to Seville or I might not necessarily have gone to Prague and possibly wouldn't have
been able to afford to fly to San Francisco multiple times. So I'm very grateful for the
opportunity to go to these interesting places. And last week I went up the Empire State Building
and had a bit of time away from the office to see the sites of New York and the Irish bars of New York with
Martin and Ikey. I heard those stories. But it did, it did, it did really, um,
remind me of some of the UDSs of the past. But one of the problems with the UDSs of the past
is they just got too big and they got towards the end there
were 700 people there and you know you've alluded to how expensive it probably was i have no idea
of the cost but how expensive it was to run that event in the center of new york city and you
imagine running that every six months with 500 plus people going that's a tremendous amount of
money to inject into yeah wow events on a regular basis
isn't it still going um right now is i just saw a tweet from dustin earlier today at the one world
trade center um he's still in new york so we often we often piggyback multiple events back to back
because some of the senior management need to be to multiple events. So last week, the event you were at was the Ubuntu rally.
And yeah, we've never called it a rally before.
And it's a bit of a strange name for it.
It's what we internally call a sprint.
We all get together and we all, like you say, we all hack from 8.30 in the morning
through till whatever time in the evening and often later.
But then the following week, which is this week, there's a sales sprint.
And then the week after there's a product sprint.
So we often have these back to back.
But you can think of the tremendous cost that that incurs for the company, you know, to host these events with so many people.
these events with so many people was 200 plus people at the uh the event last week in a not not um not a crap hotel no by any stretch of the imagination given given the price of the beer in
the bar it wasn't yeah it wasn't a terrible hotel but yeah when when um daniel mentioned the memories
of uds gone by it did it did rele that, especially given that on this occasion,
we were able to invite some community people along and, you know,
rebuild some of those relationships, which might not have been, you know,
as well tended over the previous years.
We're trying to rebuild some of those relationships.
It did seem like a reset there a bit.
There was a bit of a reset in a sense.
And that's part of why we've started to rebuild the community website.
So if you go to community.abuntu.com, it's part of our mission at the moment and part of my mission as my role is to improve the onboarding process for new people who want to contribute to Ubuntu.
So people who've bought their Dell laptop and it's got Ubuntu pre-installed and they think, how can I help make this better?
Or I want to be a good open source citizen and I want to file bugs in the
right place. Or I want to, you know, make sure I contribute back to this thing that I got for free.
I want to contribute back and we want to make the on-ramp easier for those people. But the second
thing is we really want to make the communication from the teams at Canonical out to the community
a lot better. So it's easier for people to talk to the people who can affect change.
As Daniel said, being in the room with certain people in Canonical
who he could put issues in front of them and say,
hey, we've been having a problem with this issue
and that's slipped someone's mind or it's gone to the back of their queue
or their to-do list.
It's nice to be able to poke the right people and get stuff done
and get stuff working.
And so that's part of why the new community hub exists.
It's not there as a – I mean, we're using discourse,
so you might be forgiven for thinking it's a forum,
but we're trying to use it as more of a hub,
more of a central place where people can go
to find out information about what's going on
in Ubuntu development
and get involved in Ubuntu development.
That seems really handy,
especially like that can be a very hard thing
to get right for a project.
And, you know, it's easy to get turned off.
Like if I can't find what I need,
I'll go somewhere else.
So if you can get it right from the first interaction,
that's awesome.
I was also surprised by just the type of conversations
that were being had out in the public.
That was my first impression when I saw it.
I was like, oh, so they're just going to talk about that.
Okay. Well, all right.
I'm going to have to kill you now.
I was like, well, I'm going to go ahead and read that thread.
It's very interesting.
Yeah, and I like it a lot. So I think it looks clean
too.
It's interesting
how little things like this sort of get extra momentum
from the rally.
I talked a little bit with Ike about some of the work he's doing with Snap integration
into the Solo Software Center.
I talked, obviously, with Daniel about it, too, and others.
And I think everybody got a little bit of extra momentum on everything they're working
on, even non-Snap related things.
Yeah, you mentioned Ike there.
What you didn't see is ikey gave one of the
lightning talks on friday that was great yeah it was a great it was a great lightning talk and
halfway through he got a round of applause from everyone at canonical when he he summarized
summarized the work that he's he's done in solus so that was really nice to say i wish i could
have stayed that long i had to cut out by
wednesday but you know it was just the way it was but i think that's one of the things that was
really nice that those lightning talks there was you know canonical people there there were
community people there nathan gave a great talk at the end about uh how he hopes app developers
can improve things and how canonical can can improve things in Ubuntu.
And he's identified a bunch of places
where we need to improve things.
But there were other people who were invited
to come along and participate in the Snapcraft room.
For example, Mohamed Zedek works for a company
that make robot ships that are quite cool
that go around in the sea and do stuff
under the command of computers.
But it was really great having him in the Snapcrafters room,
working along with Kyle and Leo and Sergio
from the Snapcraft team.
And he was bringing real-world problems.
It's not hypothetical issues that are on a computer somewhere in a lab this is a guy who has boats
who are you know out in the sea and they need to be autonomously controlled and they need to be
updated securely and robustly and he's talking directly to the people who are able to affect
you know packaging his software efficiently.
And he gave a talk as well, and that was great fun too.
That's great.
You know, one of the things that – and this is just a small example,
but it happened a few times – was a problem was identified,
the issue was sort of quantified, and then Upstream was given a suggestion,
and the patch was actually created on site.
And, Popa, you could probably talk a little bit about one of them,
which was like a little dock issue when you're trying to switch desktops small kind of a
small problem in totality but it was sort of a great example of how here's a problem i found and
the fix got turned around immediately i don't know which bug that you don't recall when you
when you scroll on the dash on the dock and oh that one yeah So, yeah, we've got in 1710, we've got this new Ubuntu GNOME user interface.
It's new.
You've heard of it before.
It's a bit different for us.
You know, we're used to Unity.
We've been using it for years and years and years.
And we've got this newfangled GNOME stuff.
And one of the community guys, Nathan, who was there, noticed that you could use the mouse wheel to switch between desktops if you hover the mouse in the right place.
But also it did it if you hover the mouse in the wrong place.
And so he walked up to the desktop people with his laptop and went, hey, look at this.
And this is, like you say, one of the benefits of like we're all remote users.
And sometimes it's easy to articulate something in a bug report when you type it out but it's much easier to just walk up to a desktop developer and show them your laptop
and say hey this is you know this is the problem so he files the bug and upstream who is someone
who happened to not be at the event uh turned around a bug in an hour or so and that was fixed
and it was a it was a great collaboration between someone who
works in the community who identified an issue the ubuntu developers who are like yep this is
the component you need to file a bug against he goes and files a bug upstream are super attentive
and they turn around a fix super fast and will consume that in ubuntu that's that is exactly
what ubuntu is all about it was pretty neat to watch it. To be
there for, oh, here's a problem. Oh, here's
how you reproduce the problem. Oh, and here's the
patch. Oh, and Upstream's working on it already.
Doesn't every bug contributor wish
that's what happened every time? It was great to see
it just go boom, boom, boom, boom the whole stage.
Every stage of the process.
I dream of that every night.
If I could just grab them and make them
look at how stupid this problem is.
Yeah.
I really had a good time, and I actually enjoyed New York a lot more than I thought I would, too.
I don't know.
I went in there.
So the studio's moving?
Is that what you're saying?
Yeah, right.
Yeah, when I become a millionaire, when I can afford swank pads.
Yeah.
You know, there was a couple other things that I will share as I left that really,
really blew me away. So for those of you that don't remember, because I don't know if we ever
covered it in any of our shows, because why would we? Back in 2010, your buddy and mine,
Mark Shutterworth, bought himself not just a nice apartment in New York, you know, a place to crash. He bought himself
the nicest apartment in New York, a $31.5 million condo on the 17th floor back in 2010.
So that could have been some reason as to why Mr. Shuttleworth wanted to have an event
in New York. But there could also be this. I was leaving the hotel Wednesday evening, and I was all done.
Heading out of town.
I was heading out of town, and there is nothing to confirm this except for my word.
You'll just have to believe me for the story I'm about to tell you.
Hadiyah and I are waiting for our car from the valet,
because that's the only way you can park at the Hyatt, the Grand Hyatt in Manhattan.
Not just any Hyatt. It's the only way you can park at the Hyatt, the Grand Hyatt in Manhattan. Yeah, it's not just any Hyatt.
It's the Grand Hyatt.
You are thankful that for $70 a night, they will valet your car and you will thank them
for it and you will tip them for it greatly.
And so as I am waiting for my little car to be returned to me, I am standing in front
of the rotating, what do you call those
doors west those rotating um what are those calling revolving doors there's a series of
revolving doors and i'm standing there in front of these gold doors that are are wrapped in gold
and they're just beautiful glass swinging doors and dude they weren't gold no they were on the
mezz normal rotating gold no on the mezz i'm the Mez, not the main entrance. The Mez.
Yeah, on the Mez where the very fancy doors where you wait for your car.
And I kid you not, right out of like a 1980s movie,
a guy that looks like the lead banker, lawyers, and a bunch of lackeys
walk up to me all wearing suits that look like they cost banker, lawyers, and a bunch of lackeys walk up to me
all wearing suits that look like they cost more than I make in a year. And they're standing next
to me and they're going on, they're talking about deals and they're just yammering. And
Hedi and I are looking at each other and we're just rolling our eyes. And I got all my stuff
packed up and I'm holding it there and I'm just waiting for my damn car. And now there's a group
of stiffs is standing next to me talking about things from their little board cube and i think that's just really adorable until they start talking about
the value in data centers like oh okay that's interesting and then they and i'm you just have
to take my word for this they start talking about the shuttleworth deal and they're working on the
shuttleworth deal because they think there's going to be a lot in data centers i don't know what that
means but as i was leaving the hotel you didn didn't pry for more info? You didn't pretend
that you were- I was flabbergasted because I was in civilian mode. I had my cameras and my
microphones packed up. I'm waiting to get in my car. I'm going to do a hardcore drive.
You're checked out, literally. Totally checked out, 100%. And then these bankers show up, start talking about the Shuttleworth deal.
And I couldn't believe my ears.
What is the luck that a podcaster with a microphone would be standing next to these guys?
What is the luck of that?
And so that's all I got.
That's it.
That was the totality of all of the secret information I learned.
But I would suspect there was more to New York than meets the eye.
Dude, if you continue to pack your camera away, you're never going to be the next Casey information i learned but i would suspect there was more to new york than meets the eye dude if
if you continue to pack your camera away you're never going to be the next casey neistat are you
i know i could have been the biggest wouldn't that have been an ending to my abunt inside the
abuntu rally vlog that would have been an ending damn it i didn't even think of that next time
yeah i'll just have to go though the ending that you have is pretty fantastic
well thank you yeah well of course it stars ikey the very very ending which is of course how you
want to end every vlog if you can i'm just gonna have to go to you i'm just i have to go to that
well over and over again um yeah so it was a great trip and it was that was a funny way to end it
and it was really neat to see how everybody worked together and how seriously everybody took that.
It was great to see you and Noah, actually.
It was lovely sitting there doing my work on a daily basis
and I'd look up every so often and there's you walking around with a camera
and Noah with a startled face every so often.
Yeah, that's amazing.
I managed to constantly keep Noah on his toes while we were going to events like that. One way or another, I managed. I think that's your yeah i managed i managed to uh constantly keep no on his toes while we're going
to events like that one way or another i mean i think that's your job yeah there was also a moment
where he and ike got to get away and have a beer and have a good chat and i think that was good
because they've they've had disagreements here on this very show about that was a great spectator
sport that evening did you attend that popcorn for everyone whilst that conversation was running
good for them though right that's exactly the kind of thing you want to have happen at an event like that,
is just kind of work it out.
And, you know, at the end of the day,
it sounded like they all kind of came to common ground, so that's good.
They did.
Yeah.
All right, well, so there you go.
That's the Ubuntu rally.
I actually have, so I have the vlog that I've mentioned a couple of times
obnoxiously that's coming out.
It's already out, but I have a few more things from our trip to New York
that will probably be in
the next one as well.
Episode or vlog 59.
I guess they're not called episodes for some reason.
Anyways,
I'll have more from New York,
including from some of our friends over there at canonical,
uh,
over at youtube.com slash Chris Fisher.
If you want to watch that and also check out some of the links in the show
notes for more information on how to get involved in elementary OS,
as well as the new announcement from the Snapcraft folks about Chrome 60 being packaged up as a Snap.
And be sure to check out AskNoah28, where in about the second half of that,
he has an interview with one of the canonical developers about their efforts in Weyland from the Ubuntu rally.
And just, I think, just really great audio quality in that interview.
Some of these interviews came out the best we've ever done
from an event on location,
so I think that's how we're going to do our future stuff too.
You're going to do your future stuff in very expensive hotels in New York.
Once you've tasted it, how can you go back?
I meant how we recorded it, but yeah.
When you hear the interview and ask Noah,
you would think that guy was in studio with Noah,
and they were there in the display server room just having a chat.
Yeah, so it really turned out pretty good, and that's Ask Noah 28,
and yeah, it was worth the trip, I will say.
We drove for days and days there and back, and it was totally worth the trip.
On our way back, we stopped in Salt Lake City and that was a lot of fun.
And I just yeah, I really enjoyed it.
I think I would probably do it a little differently and how I got there.
But I would absolutely do it again because I honestly feel like I'm walking away with years of understanding and insight into how different community members themselves individually operate and how Canonical operates.
And I would honestly just drive across the country to hang out with you guys sometimes.
I really enjoy my time with Popey and Wimpy.
I do.
They're just wonderful people.
They really are.
They really, truly are.
And it's so nice because, you know, the episode before I left,
I was all worked up about Linux journalism and certain members in the community that are degrading the conversation. And then I went to an event where people were just getting shit done
and creating really good stuff, not like average stuff, but really good stuff. And then the people
there were all A players. Just everybody was on the A player team doing their piece. And it was
a real privilege to see all that. So it was a good sort of contrast from the
episode I recorded right before
I left.
Yeah, yeah.
I would try to make it to a future event if they had it.
Alright, well, we're not quite done
just yet.
We have one more really cool thing.
There's always more on the Linux Unplugged show.
There is. Our friends over at the
Nextcloud project are working on a feature that has been requested
over and over again,
probably before NextCloud was even a project.
So Frank and Yoss are going to join us
from the NextCloud project,
but first, got to thank Ting.
Go to linux.ting.com to save a little money,
like $25 off a device,
or if you bring a device and they have CDMA and GSM,
guess what? You get $25 in
service credit. What? No way. Yeah. Now my bill will be slightly more this month. I'll admit it.
I will admit it. Driving across the country, having only my mobile device means I pay more
this month on Ting. Everything's more expensive at NYC. That's true. That's just how it works.
That is true. But the reality is that's what's great about ting you pay for what you use so 11 months out of
the year my my my average bill like 23 now maybe it's going to be 65 this month i haven't gotten
it yet not a big like that works out that that that math that works out it's still cheaper than
like everyone else's plan i just and that's why it's like not a big deal like the one or two
months i go over on ting like i don't care it's so liberate it's like not a big deal. Like the one or two months I go over on ting, like I don't care. It's so liberating.
It's surprising.
I was worried, honestly.
I was like, okay, well, if I'm paying for what I use, am I going to be like nickel and
diamond myself in the back of my head?
Like, don't use data.
But really it's like, if you want to be frugal, you are empowered to do so.
Exactly.
If you just want to pay for the data you use, it's great rates.
Yep.
Yep.
And no contracts, nationwide coverage.
I used both CDMA and GSM during my coverage or during my trip.
contracts nationwide coverage i used both cdma and gsm during my coverage or during my trip and the coverage was dramatically better than what when it was when i went over to noah's to to do
uh like his tour of his house and his home automation back in last days a few years ago
this time almost same route dramatically better coverage really in the past i had in my past road
trip i had one or two days
where I didn't have coverage.
Oh yeah, I've been talking about that.
It's like Montana, dude.
It's just like...
People don't live there,
so why would they put cell towers?
No, it's way better now.
Like I had,
I went from one or two days
to one or two hours.
Wow.
Yeah, yeah.
And that's, you know,
I was using both the GDMA and the GDMA,
the CDMA and the GSM networks,
which is my privilege on the Ting.
I really like it.
Plus, it can turn it off when I'm not using it.
That's really nice.
They have a great dashboard to manage all of it.
And because they have CDMA or GSM networks, that means there's more devices they support
that you could just bring with you that you already have.
Or if you want to buy a device, that's great, too.
They have really great prices on devices, or you can just get a SIM card.
And they're giving away free data this fall.
You can get up to an additional 2 gigabytes if you add
a line and they have more details. Really?
Yeah, they got more details
on their blog. You can check it out. Just start by
going to linux.ting.com
linux.ting.com, a
smarter way to do mobile and thank you
to Ting for sponsoring this here show and thanks to you
guys for going to linux.ting.com
That way you get the discount and you support the show.
Now, you guys know I'm a NextCloud user, so I'm always following the latest updates.
Really excited to have both Yoss and Frank join us from the NextCloud project.
Guys, welcome back to the show.
Awesome to be here.
I think it's a first for Frank.
Oh, Frank, well, yeah.
Frank, I know you've been on Linux Action Show, but welcome to Linux Unplugged, Frank.
Absolutely.
Thanks for having me.
Well, guys, you know why you're here.
There is big news in NextCloud land.
Speaking of land, though, Joe and I did cover the details sort of in depth on Linux Action News, episode 21.
So if you want to hear that, check that episode out.
But there's a piece I'd like to just deep dive into right off the top.
We can talk about other stuff,
but there's one aspect I really want to talk to you guys about,
and that's the new end-to-end encryption, the client-side encryption,
because I imagine this is something you guys have been hearing people ask for
for a long time.
So I'll start with Frank,
and then you guys just sort of pass it back and forth as you feel best. But Frank, from a project standpoint, how long have you guys been working towards this particular goal?
Yeah, that's an excellent question. You mentioned already that it's a feature that is requested from the users for a long, long time, for many, many years.
Yeah, I mean, encryption is a big deal
to a lot of people absolutely it's a totally big deal because like the main point of next cloud is
to secure your data and to protect your data and privacy and so on in the first place right and
encryption obviously is a big part of it so we already support like different kinds of encryptions
for a long time so obviously all the transfer of data over the internet is done via https tls so this is already encrypted and then we have server-side
encryption which also helps in some scenarios but basically having the totally the full end-to-end
the client-side encryption this is this is new this was requested for a long time from many many
years and this cast i mean there's there's so many GitHub issues about,
should we do it like this or should we do it like that?
And it actually took a while, as you have noticed, to really do it.
And the reason is that it's actually hard,
because this is something where you really have to do it in a way
that it doesn't compromise user experience.
It's really easy to use and really secure.
And it's also enterprise-ready.
So with enterprise-ready, we mean that it fits into the way
companies work, that you have central key management,
compliance regulations, and so on.
So this actually took us a while to do it the right way.
Yeah, I guess I want to just underscore that.
Somebody who's implemented a lot of different solutions for companies over the past decade, you can kind of get an idea when a
project is building in some of the most fundamental features from the beginning versus racing to bolt
them on after the fact. And I will definitely give a tip of the hat without having tried it yet. I'll
say just from reading through this, you guys apparently are doing that from the beginning
right. Like you said, you support creating offline administrator recovery keys. I thought, okay,
that's a great feature. But then you guys actually took it a step further. And I thought these sons
of guns really get it. And it's so not only do you have administrative recovery keys,
but the users get a warning that the administrator has used that recovery key.
And that's, that's the kind of thing that I feel like NextCloud, only NextCloud
does. I guess put it that way. It's something that only NextCloud does. And so, Yas, I wanted
to maybe jump over to you for a moment. When I read through the post, I have it linked in the
show notes, announcing the client-side encryption, it came across to me, one word that came across to
me probably the most predominantly was humble. It felt like a humble, like we're doing this,
we're going to give this a real go, but we admit we're not totally there yet. Can you expand on
that part for a bit? Yeah. So first going back a little bit to the thing you said about that,
well, that we warn users, right? I mean, this is really central. Like what Frank already said,
it is hard to do because you have conflicting requirements and conflicting demands.
Like you mentioned the recovery key.
Now, when you really think about it, you have end-to-end encryption.
So that means that the data is encrypted on one device and decrypted on, well, the recipient device,
and nothing in between ever gets access to that data.
So what happens if you lose your password?
Well, you lose your data.
That's pretty uncool.
And, I mean, that might be acceptable to some degree
for the access security for most home users,
but for an enterprise user, that's, of course,
well, people forget their password all the freaking time, right?
This is totally not a solution.
Right.
So you need this recovery key.
But then if you enable that,
well, that kind of compromises security to, well,
maybe a limited degree, but still, right?
The way it works is when you enable the recovery key,
the data gets encrypted to this key
that is given to the
sysadmin.
And the sysadmin gets a password shown with which his key is encrypted.
And this password is long.
It's a 12 random words password.
So it's really long.
And it gets shown only once.
That's why we call it an offline key, because you have to write it down.
Because if you don't, well, once you close that window, there's no way to get this password back.
So if somebody hacks your server, they don't have that password unless you were, well, stupid enough, no offense, to copy paste it and then store it on the server.
You shouldn't, right?
You literally should take this offline, put it on a piece of paper or something or a USB stick and put it in a vault.
That's at least what I would suggest.
And there are companies that literally have processes for this, and that's what you should do.
So, but then this still, to some degree, you compromise security by this because still the admin could be, you know, well, you could literally put a gun to his or her head and say, okay, give me the bloody key, right? So, and especially when you're talking about a state
actor, like a government, they could simply demand that they have access to this key.
And obviously, a lot of people want to use Nextline to protect themselves against that
specific scenario. At least it's a part of it. So, we warn the user that this key is enabled so that people can say, well,
I'm using it as a public provider. And the moment this provider would enable the key,
they would know that their security is essentially compromised. And they can say, okay,
this is not cool. I'm out. Or they can at least know that it isn't enabled. That really is, it's something that,
so Apple just published their quote-unquote transparency report.
Google publishes one every quarter.
So does Facebook.
So does Twitter.
A lot of the tech companies publish these transparency reports
in which they disclose that they've just been giving away information constantly.
There's no notification to the end user.
You don't know if you're one of the people in the disclosure
because all the numbers are randomized. But in this particular
case, the technology is built in such a way that the notification goes to the user. The technology
is built that way. And that's why I say it feels like something only NextCloud could do. But now,
I do want to talk about the fact that this is still preview, and it seems like there's a bit
of a humble pie in how you guys are approaching this yes yeah the thing is of course
with that i mean security is really hard so first of all what we already didn't do is like roll our
own crypto or something like that right i mean there's been a lot of debate about for example
telegram who had a bunch of really smart mathematicians and well they thought that was
good enough to be able to build good security. Turns out, well, at least most security experts disagree.
I mean, crypto is really hard, so we don't roll our own.
We try to find a cross-section of algorithms, secure algorithms,
that are supported on all the devices we want to support and use that.
And then just use, like, standard libraries and OpenSSL or Linux and, you know, all the stuff that's available, Android and iOS, and use that and then just use like standard libraries and open ssl on linux and you know
all the stuff that's available android and ios and use those but of course it's also pretty well
known that usually crypto isn't broken it's worked around so it's usually the implementation that's
wrong right there are some pretty famous examples of like you know devices that had really really
good crypto but then didn't actually
check whether you know somebody tried to hack it and other stuff so what what we've done uh what
we're doing here is trying to put it out as early as possible so the wider community can have a look
first at our design like is the way we do this is this actually sensible will this protect the way we think it
does and that's that's quite complicated because you're really talking about you know
just to create an identity you know you're creating a whole bunch of keys you're you're
signing some of the keys on the server you know you need to store them you need to encrypt the
keys themselves in the right way etc so cetera. So there's a whole description.
And if you download their white paper, you get even pretty pictures that explain the process for each of these.
Because it's pretty complicated the way we do it.
For example, we didn't want that users would have to re-upload data if they would remove somebody from the access list.
So let's take a do-it-yourself way, right?
I mean, what you can do—
And again, this is a great enterprise approach.
You've got employees that get fired or quit, and all of a sudden you have to revoke access.
How do you work around not having to re-encrypt all of the data?
Yeah, so that was a key requirement.
And the way we do it so that was a key requirement.
And the way we do it is by using a layered approach.
So we encrypt each file with a unique key,
and then that key is stored in a metadata file,
which is encrypted with a metadata key.
And this key is in turn encrypted against all the people who have access to it.
So when you remove someone, all you have to do is create a new metadata key and re-encrypt it.
That makes sense.
And you don't have to re-upload or re-download all the data.
Yeah.
And this is just one example. And we have many places where you have this multi-layer affair.
And, you know, obviously we want to know from people whether they think it makes sense and whether we, you know, well, didn't make any logical mistakes there.
Obviously, we've been working on this for a while.
We have experience with this.
We use similar technologies with the server-side encryption that also uses this layered approach, but a lot less complicated.
I can tell you I was working on white paper for this and I wanted to make nice pictures
of it and I looked at the pictures for server
side encryption and they had
in every area they had two or
three steps so I needed only to make
two or three icons. Well
here it's like six or seven
so it was really quite a pain in
the ass to kind of portray
it in a simple way.
Actually I didn't have to do it.
I let our designer help with that.
Sure.
But so...
It turned out okay, though.
Because it's complicated.
Well, yeah, it looks good, I think.
Good.
But the thing is, of course, it's complicated.
Yeah.
And it would be stupid of us to assume that in our company,
even though we have, I think, very clever people...
Sure, as you would.
...to think that we have all the knowledge in-house to do this in a truly secure way.
I like that. I like that.
And so it seems like a very open-handed approach to the community to ask for guidance.
There's a question that's coming in that I'd also like to know from Time Lord,
which I really feel honored that he traveled through time and space to ask this question.
He says, I don't understand generally how are multiple devices handled, like a phone
and a desktop. How do the keys that get
you access to the encryption get transferred
between those multiple devices?
Yeah, so
I mean, Frank,
I see you wanted to say something.
I mean, I can explain it.
No, no, go on, go on. I'll talk to you later.
All right. So
the way that works is when you create an identity,
there's the very first step.
Like you choose to client-side encrypt the folder,
and at that point, identity is created for you.
And this is a public and a private key.
And the public key becomes part of a certificate
that's signed by the server, which is your secure identity.
So people can download that identity from the server.
Signed by your next cloud, your own personal next cloud server?
Exactly. Yes, exactly.
So, and this can't change, by the way.
We've done this in such a way,
because if somebody would take over the server
and then create a new identity for you,
and then, well, ask all the people you shared with to re-encrypt their data or at least a metadata key, as we discussed, for the new identity of yours.
They will be able to get access to your data.
So you can't change an identity.
Once it's created and you've shared with someone else, they download your identity.
They check if it is signed by the server.
And after that that they will store
it locally and if the identity would change they wouldn't trust that right so it's trust on first
use tofu so that's about the sharing but back to the multiple devices case so we wanted to
make it as easy as possible for people of course course, to out multiple devices, but at the same time, it had to be foolproof.
Now, foolproof already means you don't let people pick their own password, and you try not to give them an opportunity to forget it either.
So you're taking out the human factor.
Well, to some degree.
This is like, maybe if I can jump in, like the human factor, this is actually what makes
everything difficult. Absolutely. Because if you
think that encryption,
when we said earlier that encryption is hard,
sure, there's an absolutely hard mathematical
part to it, like the actual encryption
algorithm. But this is something we don't
invent, right? We use standard AES
encryption for that. So this already
exists. But a human factor, the right
process is, like you said, this is the difficult
part, to make it
really secure, because
sorry for Jos for interrupting,
but I find it's an interesting aspect that
if you would allow people to pick their own
passwords, they probably would
pick the same password than their normal
login password, which comes from the
company, from the company
Active Directory, which is then controlled by the admin. They would probably use their normal login password. Absolutely. From the company, from the company active directory,
which is then controlled by the admin.
They would probably use the same password,
which why I have two different passwords, right?
Yeah.
And then the feature is sort of useless
because then it's all,
if you hack the server and you have the password,
then you can also decrypt the data.
So this is why I picked this approach
that the password is generated for the user.
And then of course the question is, okay, why I picked this approach that the password is generated for the user. And then, of course,
the question is, okay, if you present this super long, super secure password
to the user, how do they even
I mean, they can remember it, but can
they even write it down? I mean,
try to write down like whatever
50 character
hex password. No one
gets this right. But if you actually pick
real words, then it actually becomes possible.
So sorry just for interrupting, but is it this human factor
which is the difficult part in this process?
Yeah, Nick's 100% sense, Frank, actually.
So when I said the human factor, I was serious.
I mean, encryption is hard, but not for computers.
It's hard for humans, really.
Exactly.
You know, Frank, I actually wanted to ask you
something while I have you just sort of to match the theme of today's show. One of the conversations
you and I had offline a long time ago, and I know it's something you've mentioned before on air with
me too, is the difficulty in some distributions, and this is getting better than it was at the time
you and I chatted, but shipping old versions at the time it was own cloud and now NextCloud that are still vulnerable and not necessarily supported.
So I'm curious to see what you think now
about the evolution of universal packages
to sort of solve this problem,
like Flatpaks and Snaps in particular.
Are you following this at all?
And do you have any particular interest
from a NextCloud perspective?
Oh, absolutely.
I'm absolutely following that.
I mean, I tried to a long time ago, a long time ago, I had another like hobby project called the Project Pretzel, which I tried to do with the OpenSUSE guys together to somehow solve this by basically enable software developers to ship like new versions of the software directly to the end users and this is this was an idea even
long before own cloud or next cloud even existed so i'm totally following that that's basically
one of my pet uh pet topics so um i think uh what's going on at the moment with like the flat
pack guys and like like of course in the server world more like docker containers this makes total
sense i mean this is just this makes total sense i I mean, this is just, this makes total sense.
I mean, in the old days, like 20 years ago,
and longer than that,
like Linux distributions actually had the job
of basically collecting all the source code files,
all the tar files that are floating around on the internet,
by packaging it, compiling it,
and putting it on floppy disks or CDs
and shipping it to the users.
And then, hey, yeah, on this CD, you have everything that exists
in the Linux world, like, and you can use it.
But this idea, of course, this obviously no longer works.
So we have to do something in a way how it exists in the mobile world
for a long time, that you have an operating system, which comes from someone,
and then you have the applications.
And the applications, they come directly from the software developers,
via an app store or some other distribution mechanism.
And this makes total sense.
And this is what we like to do in Nextcloud, too.
So in the future, I hope that we can basically have a way
that we ship our clients directly to users
without basically going through the packaging of the distribution.
Yeah, we have an app image right now as of today.
Oh, okay.
As a download from our server, you can download an app image,
and this is already quite popular.
Besides the packages for various disciplines, of course.
Really? So the app image is getting some
traction?
Yeah, well, it is the only
thing that we make, right? Because for the
other packages, we rely on the distributions
themselves. And if you have, you know, Sousa
and Fedora and, you know,
most of the distributions simply have packages.
They have an active team that
keeps the packages up to date. Right.
But, of course, if they're not running release, we're back to this problem of outdated software.
And yeah, if you then get the app image directly from us, you don't have that problem.
So guys, I wanted to just sort of set the expectations with the audience as far as how baked this feature, this client-side encryption is, and when they could expect it to start rolling out as like a really full-fledged feature.
So who wants to tackle that one?
I'll leave it to you, Frank.
Sure.
So this is, as Jan already described, at the moment what we have is a pre-release.
You can play around with it.
It will get better.
There will be desktop client support and ios support coming in
the next few days so really fast but this is all in a preview in which we wanted to do to have like
early feedback so if you don't really want to test this or if you don't really care about giving
feedback if you only want to use like something that's stable and production ready then this will be as part of Nextcloud 13. The Nextcloud 13 is the next big release of
Nextcloud. And this is scheduled, I can't give you
a real date at the moment, but this year.
So later this year, and this will be one of the main
features. Not the only big features, there will be a lot more interesting stuff, but
one of the main features of Nextcloud 13, so later this year.
Well, I can't wait.
And if you do want to try out the current preview version, grab Nextcloud version 12.0.3,
which I will be grabbing to kick the tires.
Yas, Frank, guys, thank you for coming on the show and really, really happy to hear
about this feature hitting Nextcloud.
Just keep up the great work, okay?
Always.
All done by the community, of course, not by us.
Well, of course.
Not a lot of code is written by you and me now,
which is actually good.
Yeah, especially when it comes to
the encryption stuff, right guys?
Absolutely.
Well, I really do appreciate you coming on the
show and keeping us up to date, and I will give
a get of it a try.
Is there anything else you guys want to mention before we run?
Well, go try it out.
And, of course, download the white paper.
But if you try it out, I mean, the changes we make might even break the decryption of data that was encrypted with earlier versions.
So seriously, don't use this on any production data.
It's nice to play with,
but nothing more.
Just a big warning.
Yeah, that's a great warning
and I will do that.
I will keep that in mind
when I test it.
So thank you guys very much
for coming on the show.
All right, well,
that will bring us
to the end of this week's episode
of the Unplugged program.
You know, Mr. Wes,
is there anywhere
we should send people
before we go this week?
What do you think?
Is there any advice you have for the good people at home?
Well, I think they should go check out at Wes Payne and make sure they come join us at Seagull.
That's right.
Of course.
Another plug for that and, of course, a plug for the vlog, youtube.com slash Chris Fisher to see inside that Ubuntu rally.
We'll be back next week with reports from Seagull.
That's right.
Assuming I get my SD card in time from Amazon, because that's going to be a problem.
Fingers crossed.
And you can join us live.
Go over to jblive.tv to tune in for that shenanigans.
Get it converted by robots to your local time zone at jupyterbroadcasting.com.
And join the subreddit over at linuxunplugged.reddit.com.
Go to jupyterbroadcasting.com slash contact to get a hold of us.
Thanks for joining us, and we'll see you right back here next Tuesday.
Say goodbye, Wes.
Goodbye.
Bye.
Bye. Thank you.