LINUX Unplugged - Episode 248: Contain All The Things
Episode Date: May 9, 2018Chrome OS is officially getting full-fledged Linux apps, and we ponder if this is truly a win for Linux. Plus a ton of app picks this week, community news, and more. ...
Transcript
Discussion (0)
I was just getting nostalgic about modems this morning and that sound that they make.
And I don't know if it was just serendipity or what, but you found the perfect,
perfect open source tool this week. It's pretty cool, Wes. It's called Waveshare.
Waveshare.
It's serverless. It's peer-to-peer. It's local file sharing through sound.
I like all of those words.
Yeah. It's using WebRTC.
Oh.
Signaling is performed through sound.
No server side is required.
You just unplug headphones, turn on a microphone,
get another computer to listen, and you can transmit data.
So I'm going to send about, this is about a 40 megabyte file,
and I'm going to send it at the fast speed.
They have normal, fast, fastest, and ultrasonic.
I'll do fast so that way we can
actually hear it. And if you were on the receiving side, if you'd gone and we'd set up a session,
this would actually be transferring a file to you. You ready? This is what it sounds like.
It's pretty neat. And that's it. Oh, it's transmitted. Isn't that cool? That's it. Oh!
It's transmitted.
Isn't that cool?
That's fascinating.
I love that.
And so you can find it.
We'll have a link in the show notes.
It's actually kind of hard to search for.
Wave-share is what you would Google,
but just go to linuxunplugged.com slash 248,
and we'll have it there at the top of the links.
It's so neat.
It's like bringing the modem back.
This is Linux Unplugged,
episode 248 for May 8th, 2018.
Welcome to Linux Unplugged, your weekly Linux talk show that's watching all of the keynotes from Microsoft, Google, and Red Hat all at once,
and putting it all into something that's actually interesting. At least we hope. My name is Chris.
My name is Wes.
That's right, Wes. It is a packed Tuesday. Google, Microsoft, and Red Hat are all up on stage as we record, and they're all talking about Linux.
are all up on stage as we record, and they're all talking about Linux.
Not entirely, but it's a lot of Linux.
We'll cover a couple of moments from Red Hat Summit and from Google I.O. that I think matter to our listeners.
Plus, we've got a bunch of community news.
We've already got speculation on the next version of Ubuntu.
And I got really deep into Fedora this weekend, and I did some things.
I want to hear about them. I made some changes.
Oh no. So I'm going to tell you all about them. You didn't.
I did. I'm a maniac when it comes to that.
I don't know. I am officially a Linux nomad. I just hop around a lot. But I think I have the
perfect setup. This weekend, sitting for my
Kubuntu workstation SSH into
Fedora 28 cloud instances,
I consolidated three servers
down into one. I'll tell you why I did it
and what really made it click for me. And why I think I'm going all in on Fedora 28 on my servers down into one. I'll tell you why I did it and what really made it click for me
and why I think I'm going all in on Fedora 28 on my servers for these jobs.
Wow.
I never thought.
Okay.
I'm going LTS on the desktop and Fedora 28 on the server.
You're a bad man, sir.
I got a good reason, though, and I'll tell you all about that coming up in the show.
Plus, we always have those folks in that virtual look.
Time-appropriate greetings, Mumble Room.
Hey-o.
What's up?
Jedi.
Oh, come on.
We got more than that.
Come on.
There's more than that.
Come on, guys.
You got to be.
Food.
Yeah, okay.
I admit, I'm hiding.
Well, I'm glad to have you on there, Jed.
It's nice to have you sneaking in today.
Because I know you got one of those, I think people call them day jobs.
So that's really much appreciated. Welcome. Yeah, especially on a day like today. Most people are burned out.
Good thing I'm working from home. Oh, good move. Good move. I'm glad I'm glad you're able to make
that work today. Most people are burned out because of everything going on. But the big
news item, like if you're going to pull one thing out of Google I.O., it's the story that we've been
slowly building towards on Linux Action
News and on this program, and that is
Chrome OS getting full-fledged
real Linux
apps coming all together
in one place. You've got Android,
Chrome apps, and now Linux desktop
apps on Chrome OS.
It's a big announcement. We've seen it coming,
and it's released on the Pixel
Book today. It'll be rolling out to other models later. Seems like a pretty big announcement. We've seen it coming, and it's released on the Pixelbook today.
It'll be rolling out to other models later.
Seems like a pretty big deal.
And we know that underneath this,
it's probably some sort of containerized Linux environment where... Yeah, it looks like they've got a sandbox
and then a virtual machine inside.
Yeah, and where it's like in the past,
there's been other methods to get sort of Linux side-loaded on Chromebooks.
This is something where you'll go into the settings,
you'll check a box, and now you have it.
Yeah, it seems like maybe Google leveraging some of the security things they've learned from the cloud here on their desktop platform.
Ooh, this seems like it could make Chrome OS the largest desktop Linux operating system.
It's always been Linux-based, but it didn't have Linux apps.
Now it's got a multi-billion dollar corporate sponsor.
It's running a Linux stack. It's got access to desktop Linux applications. Oh, and if you need
it, it's got Chrome and features like PowerWash and reasonable prices. And while we'll throw in
a few Google Cloud services too, which everybody's using those these days anyway, so why not?
I mean, it takes the Chromebook to a new level in a way.
Suddenly a major bump in utility, at least for me.
I mean, you can install Android Studio on it.
Developers have been messing around with getting entire development stacks
running inside the Chrome OS container for Linux.
There is even people that have gotten wine loaded for different Windows applications.
I think it's hard to overstate
how this could change desktop Linux.
This really could make Chrome OS
like the number one desktop Linux system.
And I just want to spend a moment with that
because this is Linux to the masses here.
This is the success that so many of us wanted for so many decades,
for so long now.
I mean, really, since multiple decades.
And it's arriving.
Linux that's available to anybody that goes into, like,
an average electronic store.
They'll be able to buy a Chromebook that can run Linux applications.
Seems like a pretty big deal to me.
Yeah, it does.
And it's not even, right, yeah,
you don't have to flash it yourself.
You're not doing anything complicated.
It's in a safe sandbox environment.
It's got a warranty.
And they're cheap.
But it's deeply tied into proprietary services
that spy on you.
And so this is what our success ends up looking like.
And is it success?
Is it a clean win?
I don't know if it is.
I'm not sure it's a clean win.
I don't think it feels like we thought this might feel like.
No, I don't think it does.
I think I always pictured a Red Hat or a Canonical being there.
Something more traditional, something like we're used to
or what we choose for ourselves.
Yeah, it's going to be interesting to see five years from now
if this really changes the landscape much,
if maybe people are creating more desktop Linux applications
so that people can have richer application experiences on Chromebooks.
I certainly, if I had a fleet of salespeople
or people that worked in a warehouse
or on a manufacturing line
that I needed to buy a fleet of machines to go with,
this would be pretty tempting.
There is some seriously robust centralized management capabilities
with Chrome OS that make it very appealing to businesses and schools.
And it's really comparable to what you would get
if you were to roll out Windows with Active Directory and all of that.
And they have it built into Chrome OS.
Apple really can't compete with that.
You could custom write that one or two one-off applications
that you need that for some reason aren't web apps.
Why would you buy a standard full Linux workstation or laptop
or even a Windows workstation or laptop when you could do this?
Now developers could use it too, right?
I mean, they probably already could, but even more so.
I wonder where does that leave Apple as well? do this. Now developers could use it too, right? I mean, they probably already could, but even more so. Where does,
I wonder,
where does that
leave,
where does that
leave Apple as
well?
If you,
you know,
Windows has
the subsystem
for Linux,
Chromebooks can
run Linux apps
now.
Yeah.
I guess if you,
it's just where,
are you more
locked into
Microsoft,
Apple,
or Google?
And that's the
one for you.
I would like to
ask Noah,
like,
would you consider
selling this to
clients?
Yeah.
And I would like
to ask the audience,
linuxunplugged.com
slash contact,
is this a win for us?
If this becomes
overnight, I mean, I don't know
obviously because I don't have the numbers in front of me,
but it seems like there's some potential
here that if they turn
this on for the Pixelbook and
say half a dozen
other Chromebook models,
it would seem like the install base would all of a sudden at least be
in the hundreds of thousands, if maybe not millions.
And that seems like that would outflank just about every distro but Ubuntu
at that point for desktop penetration.
Pretty much.
So it could be within a couple of weeks,
the number two desktop Linux distribution in a way.
Am I wrong? Am I overstating that?
I mean, I think when you say in a way, that's the? Am I overstating that? And is this a win? I don't know.
I think when you say, in a way, that's the key, right?
Like, it's still very different.
But when I say in a way, I mean in a way that it's going to be a big deal
for end users.
I think it makes the argument for
a Sputnik for,
say, mom,
or... So do you see it hurt
for existing platforms?
No, because it's not going to change you and I
and our audience's preference.
But I think it's more like it's going to go after Windows and Macs
and they're going to do it using Linux
and I think it's just going to be sort of like how Android
is far and beyond the largest deployment of Linux
in average consumers' hands.
This is going to be the second largest.
And so this, in a way, is going to be the face of Linux
to the majority of people using desktop Linux.
That's what I say, in a way.
Is this the Wi-Fi word?
The hard numbers are going to be such that the gravity of desktop Linux will be here.
And so that has a way of influencing application design,
consumer purchases.
I mean, it just has a way of
causing incidental factors
in the marketplace.
What apps will it be that actually get used
on this new weird hybrid? I don't know.
I mean, I would be really
tempted to load LibreOffice, funny as it sounds.
But just the other night
I had a spreadsheet. I uploaded it to Sheets on Google.
Didn't really like what it did with it.
Opened it up in Libre.
It was great.
You know?
Calc just handled it fine.
I don't know, man.
I think if I was advising, like, friends and family,
I think I'm going to start saying get a Chromebook.
And I think I'm going to just, like,
then I'll just load a couple of side applications
that they need with this functionality. We just had a friend this week, she had an old like 2011,
2012 MacBook, and the video card finally went out on her. And the Mac repair shop's like, well,
if you buy your next MacBook through us, we'll transfer your data at a reduced rate. So they
get her like, so we'll save you 60 bucks if you buy a $2,000 laptop through us.
And I'm like,
what do you need the laptop for?
You know,
those questions you always ask.
And she's like,
well,
I got to check my Gmail
and I do,
you know,
online social networking stuff
and there's this exercise group
that we're going on a bike trip
that I want to,
you know,
et cetera, et cetera.
She just goes into the,
all of it's browser based
and she's got an Android phone already.
She's already got
all the Google account stuff.
She's had it for years.
She's been in the Google ecosystem for years.
And I couldn't come up with a compelling reason
for her not to get a Chromebook.
And you add this on there.
The maintenance burden is less.
It's designed for that type of user.
So I think there are actually a lot of advantages there.
Wow.
Wow.
Jed, you're seeing Chromebooks for as low as $60?
That's remarkable.
That's a Lenovo. It's a C-grade. I don't know what the grades mean, but yeah, $60.99. It's amazing. Four gigs of memory.
Yeah. Minimac, there's other aspects of Chrome OS besides price that are appealing to end users.
I don't know how many users you have already converted to Linux but often they have
problems with updates. They don't do
it, they are scared because they know
Microsoft and with Chrome OS
you just do a reboot and you're done.
So it's very easy for the user.
Yeah, not even getting to the PowerWash aspect
just the self-updating aspect
and really the fact that they don't have to worry about data
backups if they do go all in on cloud stuff.
The thing is once you start putting local applications on these Chromebooks,
you're going to start running into the hard memory limits and storage limits.
So then the next shoe that has to drop here is maybe this is a 2019, 2020 thing,
but they've got to start putting larger disk and more RAM in these things.
Nice Chromebooks.
Yeah.
I mean, the Pixelbook's pretty nice.
Right.
Yeah, but maybe slightly different, more options.
Yeah. So, JJ the Pixelbook's pretty nice. Right. Yeah, but maybe slightly different, more options. Yeah.
So, JJ, what do you think?
Not necessarily cheap Chromebooks for Linux apps.
It might be limited to the more premium products.
Seems like that could happen.
Yeah, possibly.
And also, I know that currently you can get the Play Store on Chrome OS,
but only on a certain hardware type of devices.
Only certain Chromebooks that have been approved to run the Play Store.
Maybe it'll be limited to the same exact Chromebooks.
But if you happen to have one of those Chromebooks,
like I said at the top of this thing,
you're getting all the Android apps it's possible to run on that thing,
plus all the Linux apps it's possible to run on that thing,
and all the Chrome apps it's possible to run on that thing.
That's actually kind of slick.
That's a lot of choice.
I don't know how good any of them are going to look or function on that device.
I mean, could this be a ploy to replace the Chrome Web Store
that I've been hearing for the last few years that Google wants to get rid of?
Oh, I don't know about that.
My suspicion is that it's really about hedging
as they transition Android off of Linux.
But that's for a future episode.
Let's talk about it.
This is the story that neither Wes and I wanted to do this week,
but we've got to talk about it
because I know you guys are going to be hearing about it.
So Jonathan over at LWN has a subscriber-only post right now.
It'll be out in a little bit,
and it covers some drama around glibc.
And it's about the removal of an old joke from the man page, from the C library manual.
And I'm amazed but yet not surprised that it can spiral into such a shitstorm.
Let me give you the background here.
So think about this.
You know, you're coming across the manual,
and you see some old kind of off-color joke in there.
And you read that, and you go,
there's no reason for this to be in here.
Let's remove it.
And you submit a patch to pull that out.
And from there, it spirals into a confrontation with RMS
because the author of the joke was RMS.
And I'll read you the joke.
It's not even funny.
That's the worst part. So it literally says in the comments, put in by RMS, don't remove.
Says future change warnings. And this is about the abort function in Lib C.
Proposed federal censorship regulations may prohibit us from giving you information about the possibility of calling this abort function.
We would be required to say that this is not an acceptable way of terminating a program.
That's the joke.
It's an abortion joke.
That if they make abortion illegal, then they can't talk about the abort function in glibc.
And people come across this, the people who actually are responsible for developing the software.
RMS is not actively involved in the development of glibc.
And they come across this and they go,
oh, let's pull this, let's remove this.
And the developers have this consensus-based,
community-driven development model.
And they come to a consensus,
the people who are responsible for developing glibc,
and if everybody agrees and there's consensus reach,
then they take action.
And they reach consensus.
However, they didn't reach out to Stallman. Now, Stallman is
not directly involved with GLIB-C, but of course it is a GNU project. And that's where Stallman
gets involved. He writes back after seeing it on the mailing list, my decision is to keep the joke.
Just short and sweet. People respond back. He says, nope, I stand by my decision to keep the joke.
They apologize to RMS for not involving him in the conversation, but they say, nope, I stand by my decision to keep the joke. They apologize to RMS for not
involving him in the conversation, but they say, look, you know, we're the maintainers. We've
reached consensus. We would like to remove this joke. We're not going to put the joke back in.
It's already been removed at this point. We're not putting the joke back in. That's when you
might say Stallman got unimpressed with the situation and went for the authority play. He
says, this is a direct quote, as the head of the GNU project, I am in charge of what we publish
in the GNU manuals. I decided the criteria to decide by, too. He later adds, I exercise
my authority over glibc very rarely, and when I have done so, I have talked with the official maintainers.
So rarely that some of you thought that you were entirely autonomous.
But that is not the case.
On this particular question, I made my decision long ago.
And it started where all of you could see it.
What I love about RMS's statement here, besides the pure authority play that just says,
I'm in charge of the manuals and I've made my decision, is like the sly, I have been pulling the strings behind the scenes the entire time, but you fools never knew it. He literally writes in his response,
I've gotten involved so rarely that some of you thought you were entirely autonomous,
but this is not the case. Like he's sitting there stroking his beard with one hand while he writes this.
So the maintainer who really is leading this, O'Donnell, they start the discussion back up.
But somebody else who, Alexander Olivia, who apparently was on RMS's side, just decided to, on May 7th, slip it back in.
The first change to GLIBSY in 2018.
Slipped the joke back in.
He didn't
post anything on the mailing list. Didn't ask any, didn't say anything until he was directly
questioned on it. And he says, well, we were waiting for a return to consensus. So I wanted
to put it back in there, which has now spun into this massive fight over who actually controls the
project, calling RMS an authoritan leader. And I believe, I haven't checked for the last couple of hours,
I believe the thread is still spinning out of control right now on the mailing list.
And it's all about this stupid joke in the manual.
At some level, it does just feel like an unfortunate waste of time.
I'm not saying there's not legitimate things to be discussed, etc.
Right.
But if this all could have just been sidestepped and...
Right. I mean, the joke is really a proxy for a more significant question,
one which is relevant to both the developers and really the users of the project.
The question is, how is a project governed and who makes decisions about which patches are applied?
Is it the overall founder of the GNU project and the person in control of the manuals?
Or is it the core developers
who are the ones that actually have been doing the work
for a long time
and have made consensus-based decisions
on everything else, really?
But if you ask RMS,
well, I've been pulling the strings all along.
So they really haven't been doing their own thing.
Right, it makes you question,
like, is this the best governance model
or what are the, you know,
what are the limitations of our governance model?
And it's really when the dictator has bad taste.
And RMS is sort of abrasive, hard line, no compromise style, takes the conversation to
an 11 immediately.
And it also makes it hard not to go, oh, geez, here goes RMS again.
But I guess it's really not about the joke.
I just, it just comes across as he has a big ego
and he puts himself first
and I wish that wasn't the case
because I don't actually think that's usually his intention
but the abrasive nature
in which he communicates and conveys himself
often leaves one with that impression
and I think it harms the message to a degree
it sometimes would be a good sign
to show that some lines are not worth fighting.
It's not a good joke.
It's old.
Why not remove it?
Why not?
Why not take the high ground here and go,
yeah, why not come up with a new joke?
Put something else in there.
I think that's kind of what disappoints me too.
It is what it is. You too. It is what it is.
You know, it is what it is.
Swamp had a couple of great
interviews with RMS up on his
YouTube channel. So look around for those.
My next guest is RMS.
You can go YouTube search that
where he talks about what happens
after he passes on.
Like who's going to take over?
Who's going to lead the charge?
And I'll leave it to you.
I won't spoil it,
but I was surprised by his answer.
I'll just leave it as an exercise
to go check that out
because I think Swap deserves the views.
So Microsoft's most popular product of all time,
their most popular big, you know, their big thing really is SQL these days
for software that they sell and stuff.
And the most popular version is the one that runs on Linux.
Coming out of Build today, Microsoft confirmed
that their most successful server product ever
is the SQL server that runs on top of Linux.
This is the general manager of Azure Data
in an interview with The Register.
He says it is, this is a direct quote,
the most successful server product we have ever released
in terms of downloads.
Our typical volumes are in the hundreds of thousands.
We're looking at 7 million downloads.
Talking about Cosmos DB, which was introduced
a year ago, it's a distributed multi-model database. So it supports SQL APIs, JavaScript,
Gremlin, MongoDB, Azure Table Storage, all of those to query data, as you'd expect. And it can
be scaled to multiple Azure regions or locally, which turns out it's handy when dealing with
regional data centers.
And it's become a big hit because people can mix and match the components.
But the takeaway headline here is it's their most successful server product ever in terms of downloads.
And it's the one based on Linux.
And I think that just plays a little bit into the backstory of why they're getting so deep
into all of open source and Linux.
Now, Wes, I was all proud of myself.
See, we're sprinkling
in app picks through this whole episode.
We really are. There's app picks sprinkled in all
over the place, and we're going to start with our first one while we're talking
about something Microsoft-related.
I was like, Wes, check this out. Check out what I
found. And you're like, oh, no, no, you don't need this.
So with a disclaimer, Wes is going to tell you how
you could do this without this tool.
But if you've ever been in a situation
where a year ago, I needed to install Windows 10
and I hadn't done it since Windows 10 had come out
and I didn't know what the hell I was doing,
I assumed you could just download the ISO
and DD it to a flash drive or use Etcher
and you're off to the races.
No big deal.
Nope.
Nope, doesn't work.
The only way I could ever successfully write
a Windows installer ISO
that would actually boot into the Windows installer was from another Windows box.
I could only do it from another Windows box,
which totally defeated the purpose of what I was trying to do,
which was install a Windows box to test something.
And so I found this tool called Windows to USB.
It's a bash script which writes Windows 7, 8, 8.1, and 10 DVD images
to your USB flash drive or an external hard drive on Linux. And it's really great because it's
really fully automatic. You don't have to prep the thumb drive. It supports BIOS, UEFI, FAT32,
and NTFS. It works with certain custom Windows ISOs that are like corporate specials, like smaller
ISOs. It'll use stock Windows bootloaders. It does not break EFI secure boot chain, and it's available
as an app image. So you just download it, mark it as executable, so Chamod plus X, and run it in your
terminal, and you're good to go. And it'll start flashing a Windows ISO that you already have
to a USB drive, which is awesome for the next time in a year
when I have to test out Windows.
But after I told Wes about this, he was like,
oh, man, yeah, I already got this figured out.
You actually had to do this the hard way, though.
Yeah, that's true.
Sometimes I like to do things the hard way.
But it all starts with a little NTFS magic I didn't know about.
Yeah, if you do it on MBR, you can just,
if you set it up right, you can just format it NTFS,
set the bootable bit, and
the NTFS partition headers
have enough magic to
get boot manager going, and then
the rest is an unfortunate operating
system. So they have that all just built into
NTFS? Yeah.
It's pretty slick, actually. Yeah, it makes it very
easy to just go from
the ISO to having a fully functional
thing.
EFI also makes it easy because they're just booting with standard EFI.
So GPT formatted, right?
Set up all those standard EFI file systems, copy the rest from the ISO,
and again, away you go.
Okay, so you get it formatted, and then you just do like an rsync from the actual.
All right, that's not too bad.
That's not actually as bad as I thought it was because I didn't realize NTFS had the boot magic.
So there's a format option.
Now that you say that, I remember a bootable option
when you format something as NTFS.
And when you do that, that's when you get that stuff.
That's cheating.
I know, it's just too slick.
But we all have it now.
EFI has saved us for better or worse.
Yeah, yeah, cool.
But not everyone wants to do that
or remember how to do that
or look up the documentation to do that.
So if there's just a handy app image,
when it's already unfortunate
that you have to install Windows,
you might as well make it easy.
I just picture a younger Wes Payne,
like a year or two ago,
rifling around the Windows file system
and the ISOs,
trying to figure out how the hell
to get this thing to boot,
being frustrated that he couldn't just DD the ISO image to the thumb drive.
Like, you had to do some Sherlock there, some Sherlock work.
Many wasted hours attempting to administer Windows from Linux.
That's right.
Yeah.
Yeah, you know what RMS would say about that?
I think that we should all make those businesses fail.
Yeah, that's what he would probably say that about it.
He takes a hard line on stuff. He takes a hard line on stuff.
He takes a hard line on stuff.
I take a hard line on my mobile service provider.
They've got to be great, and that's why I recommend Ting.
Go to linux.ting.com, where the average Ting bill is just $23 per phone per month.
It's $6 a month for the line, and then just what you use in minutes, messages, and megabytes.
Whatever you use, that's what you pay.
There's no contract. There's no early termination fee. They have nationwide minutes, messages, and megabytes. Whatever you use, that's what you pay. There's no contract.
There's no early termination fee.
They have nationwide coverage, CDMA and GSM.
And as you would expect from any Jupyter Broadcasting sponsor,
they've got a great control panel,
an excellent dashboard that gives you full control over your account,
your minutes, your messages, and your megabytes.
You can get instant snapshots of what you used,
exactly what you can expect to pay at any given moment.
They have an app on the Android or the iPhones
that allows you to manage all of that.
And speaking of devices, they got a bunch
that you can buy directly from Ting
or a whole bunch that they support.
Ting offers CDMA and GSM networks,
which means they support a lot of devices.
And they have incredible customer service.
When I signed up for Ting, I didn't
realize I could activate my phone through their website because that seemed impossible
back then. But now it seems obvious, really. I should have known better. Noob. But I called
their customer service. Have you ever had to deal with Ting's customer service? They're
pretty great.
They are great. Actually, I have it myself, but not everyone. Some people I've recommended
Ting to have, and I'm always like, okay, well, how did it go?
Never surprised, it goes great every time.
They're just so friendly.
I actually got a postcard once from one of the reps I talked to.
See, there you go. That's the extra mile.
I left an impression. What can I say?
And it's pretty great. People love Ting,
and when you switch over, you get great customer service.
So anyways, I called up the first time,
and I was blown away by how simple,
how straightforward, they will communicate with you.
And, yeah, I did get a postcard afterwards.
So that really happened.
It's smarter than unlimited because you just pay for what you use.
If you use less, you pay less.
And that's why the average Ting bill is just $23 per month.
I was paying $120 for a couple of lines back in the day,
for three lines before I switched to Ting.
And now I'm paying usually around $40 something a month.
Linux.Ting.com.
That's Linux.Ting.com to support the show and get $25 off a device
or $25 in service credit if you bring a device.
Linux.Ting.com.
Now that 1804 is out, we've got to start talking about 1810, obviously.
That's what everybody does, right?
And you can blame Mark Shuttleworth for this, actually,
because he just posted, Cue the cosmic cuttlefish. 1810, obviously, that's what everybody does, right? And you can blame Mark Shuttleworth for this, actually,
because he just posted,
cue the cosmic cuttlefish.
That's adorable.
Super adorable.
I'm in love already.
I like that.
He says it's time to start talking about 1810 because really, it's really time to start laying the groundwork
for the next LTS.
Things got to keep happening.
2004, 2004.
Oh, man.
It's right around the corner.
But in the meantime, we focus on 1810.
And so he says he wants to take this early opportunity in the LTS cycle to talk about
things that he's starting to care more about and what particular feature he'd love to see
people focus on is security.
I like the way Mark phrases it.
You guys are all going to work on whatever you're passionate about in Ubuntu.
But if we had one thing
I'd really love to see
everybody that,
everybody could incorporate
into whatever project
they're working on,
it's security.
He says,
I'd feel great about that
if we could systematically
for everyone who uses Ubuntu
improve their confidence
in the security
of their systems
and their data.
It's one of the very true,
few unifying themes
across every use case.
That is, that is so true.
It is. It's something that the cloud
people care about. It's something the desktop people care
about. It's something that all of the
different aspects of Ubuntu care about.
I mean, we need it to keep being a serious
operating system, right?
Yeah.
Especially when it's the core of so many
services now. And then Mark
not putting the keyboard down for a moment,
wrote on the Ubuntu mailing list for development
that it's time to start considering the new installer,
Ubiquiti Next Generation, or NG.
He says, now let's start with a trip down memory lane.
MDZ and I were shooting to the moon
on a Saturday afternoon in my apartment in London
when the idea for Ubiquiti formed. It seemed crazy. A live CD that would let people try out Ubuntu
and then drive straight into the install? Seemed like that was science fiction,
but it quickly took shape on a piece of paper that I'd rather wish I'd kept.
Now, 14 years later, we have new kinds of magic to draw on, and perhaps Ubiquiti NG could take
advantage of them. First, we have Curtain, which knows how to take a description of a machine
and do the right thing, partitioning,
installing, and cleaning up.
In fact, Curtain is neat and efficient,
and it's super fast.
So we have the beginnings
of what also could be an HTML5 installer.
Third, we have Electron,
which is an HTML5 app framework
used by the world of world-class developers
like Skype, Spotify, and a ton of great apps on Ubuntu.
Fourth, we have snaps, which are just amazingly tasty ways
to get the latest bits in the hands of your community.
So who is game to sketch this further?
So we may be seeing a new installer in the works.
Wow.
Seems to be in the cards, in the air.
What's the phrase there?
Everybody's got new installer ideas.
I'd say it's probably time.
I'd say anybody in the mumble room have thoughts on Ubuntu replacing their installer, good or bad?
As long as it can be customized to what the individual flavors need, then yeah, I'm all for it.
Yeah, definitely something that keeps the flavors in mind.
I mean, I guess if there's momentum, right?
If people want to do it, if there's enough momentum and energy to see the process through.
What do you think about it being based on Electron?
If it's easy.
I guess I will, as long as it doesn't have a drawbacks, right?
As long as it works, if they can make it reliable enough for all types of devices that would need to be installed on,
then if the end product's good, I'm all right with it.
I would love it to have an anchors back-end interface that I could use
on the command line when I'm installing it on a server somewhere
or something like that.
Or make sure, you know, like,
Dbootstrap still works cleanly and all those things.
I'm sure that won't change, but...
All right, Wes, I'm going to install...
So it's another app pick.
I'm installing it right now on the show.
I'm going to see if I can't break my computer live on the air.
So this one's a snap that I saw going across the Twitters,
and it's called Stress-NG,
and it's a tool to load stress on a computer.
So if you have, for some reason,
the desire to punish the subsystems of a computer,
like the CPU, the cache, disk memory,
your socket connections, I.O., the scheduler,
Stress-NG is a rewrite of an old stress tool that has many additional features such as specifying different operations, your BOGO operations, and executions of metrics, stress verification on memory, compute operations that are more stressful, things like that.
So I just went and installed it here on my machine.
And I'm going to go ahead and give it a go.
StressNG.
We're going to kick it off to the, uh-oh.
Oh, no.
This is no good.
It says here that some I.O. tests may fail.
I don't know.
Now I'm thinking maybe this isn't a good idea.
Dangerously, Chris.
Come on now.
I don't know, Wes.
I don't know.
It seems like this might be a bad idea to do to my production system during the show.
I'm starting to get cold feet.
But it's a pretty cool app.
I love punishing systems when they're in here for review
or seeing what a new droplet can do and things like that.
So StressNG, wow, it's got a lot of options.
Holy smokes.
Here's a flag for you, though.
Maybe this is the one to run with.
So you run StressNG and then tack-tack aggressive.
Yeah?
Aggressive, I like the sounds of it.
Also, there is an option called dash dash ignite CPU,
which will try to make your CPU run as hot as possible.
That actually could be useful for other things as well.
There's also things in here about just smashing the IO.
Barbecue, for instance.
Yeah, yeah, yeah.
It reminds me of that.
You can smash your disk IO.
You can try to make your system timeout.
Dash dash thrash.O. You can try to make your system time out. Dash, dash, thrash.
Amazing.
Oh, yeah.
Force all pages and cause a swap thrash.
That's amazing.
Have at this.
I think this is going to be good.
Oh, some cryptograph stuff in here, too.
Yeah, I could play with this for a while.
All right, I'll play more with this after the show.
It's so easy.
It is.
It's pretty cool.
Don't break anything, please.
Come on now. Just snap install. The show's to do. I know, right? I know. That's what easy. It is. It's pretty cool. Don't break anything, please. Come on now.
Just snap install.
The show's to do.
I know, right?
I know.
That's what I was just thinking.
Maybe I shouldn't.
And then one more pick.
I told you,
we're putting a bunch in here.
This is insane.
How did you find so many good things?
You did it.
It was really you that found this one.
I found that last one,
but you found this one.
Castro.
We've mentioned it once before
way back in the past,
maybe like six months ago.
I'm not quite sure,
but Castro is a command line podcast client.
Those are all the words that we love right here on Linux on Point.
So you can subscribe to all of your favorite Jupyter broadcasting shows,
which is obviously all of them, from the command line.
And I'm actually using something similar to this,
although I think I'm going to switch to Castro,
for downloading reruns and things like that
for our automated system.
That's a great idea.
Mm-hmm.
Just subscribe to the RSS feed, get it automatically,
and it just drops it in a directory,
and then I got a player that reads that directory.
And if you've got Python already loaded on your system,
pip install Castro.
And I sure do.
Castero?
That's probably not Castro.
It's probably Castero.
C-A-S-T-E-R-O.
I don't know, man.
All I know is the Command Line podcast clients are the win.
You're already on the Command Line.
Command Line music players are already great.
This is just the perfect thing.
Mm-hmm.
Mm-hmm.
I've thought about trying to get as many things back into the Command Line as possible,
not because it's retro, but just because it's really convenient to have
them running like persistently on a droplet
or a system. Just in a TMUX session.
Yeah. Done. Yeah. A TMUX
session huh? That's fancier than
what I was thinking. That's a good idea
actually. I don't know why I hadn't even made that
connection. I like having
I like also having the drop down terminal so the stuff I can
put in the drop down terminal I'm always about that.
Got the U8 going on the plasma desktop.
Boom.
So, yeah, go check out Castrero.
Don't come to me for pronunciation, folks.
Come to me for the picks, but not for the pronunciations of them.
For that, go to Wes Payne.
He is a pronunciation expert.
That's right.
That's what I say.
Official.
Official.
People come in town, and I say, if you want to know where to go in Seattle to get good food, talk to Wes.
And if you want to know how to pronounce something, you've got to talk to Wes.
It's a lot of work, but I'm happy to do it.
Somebody's got to.
Right.
Maybe I should.
Or you'll just butcher it for everyone.
I'm going to have to bring you along with me because I'm going down to Texas Linux Fest
in a couple of weeks.
And if you're in the Austin area on the weekend of June 8th and 9th, come down and say hi to me
at Texas Linux Fest.
I'm going.
I'm going to be in Austin, Texas
June 8th and 9th,
hanging out.
It's the first time I've ever been.
I'm making it official
right now on the show.
I haven't even really made it.
This is like the first official time
I've even said anything about it.
What a commitment.
Look at you.
All the way to Texas.
I know.
It's going to be great,
which probably means
the shows are going to be crazy
for a few weeks while I'm on the road. It's time for adventure. It is. It's going to be great, which probably means the shows are going to be crazy for a few weeks while I'm on the road.
It's time for adventure.
It is.
It's that time of year.
And I've always wanted to go down to Texas Linux Fest.
And I had such a good time in Texas last year.
I was just looking for a good reason to go down there.
I'm also going to go down and see our buddies from Linux Academy and work with them on some of their production stuff.
I have a suspicion that you're just going to get all that tasty barbecue.
Am I right in this? The real motivator is to get Levi back down to Texas. Oh, his homeland. Yeah,
Levi loves the sun. But yeah, once the dog gets to Texas, then barbecue, then hang out with Linux
Academy, and then hang out with the audience at Texas Linux Fest. That's what is up. So if you're
going to be in the Austin area, June 8th or 9th, come have some barbecue with me. Maybe some
brewskis. That sounds amazing.
Come hang out with me and the LinuxFest guys.
Give Noah a hard time for going to
Self instead. I assume he's going to Self
instead because that's the really
unfortunate thing is that it's at the same time Self
is. So Self and Texas LinuxFest.
That's a shame. I know. What's going on?
Too much good Linux in the world. Wow.
Google I.O. and Red Hat Summit on the same day
and you got Self and Texas Linux Fest on the same
day. Yeah, I'll go say hi to Alex Jones.
That seems like a great idea, Token Run.
That seems like a really great
idea. I've never installed GNU
slash Linux. DigitalOcean.
do.co slash
unplugged. Go there to sign up and get a
$100 credit when you create a new
account, and that'll last for 60 days
when you go to do.co slash unplugged.
It's simplicity at scale.
Spin up an entire Linux rig in seconds.
They've already got Fedora 28 and Ubuntu 18.04 images good to go.
They're updating their documentation
so everything reflects the absolute latest releases.
And with one click,
you can deploy an entire application stack
or just the base rig.
And the real ninja combo with DigitalOcean is to take advantage of some of the built-in features of their excellent dashboard.
For example, you can have DNS and SSH keys already set up to go when that machine turns on.
So within seconds of launching a new DigitalOcean droplet, I'm SSHing in with my key,
and my domain is already forwarding to DigitalOcean's name servers, and bam, DigitalOcean gets it assigned within seconds to my droplet.
I'm up and running.
I'm using the real domain.
I'm using something I'm going to have in production, and as soon as I need to add more resources, it's easy to do so.
I added another 250 gigs to a droplet that I've been consolidating to in seconds.
It's wonderful.
And they even cleverly named the device as DO block storage.
And so when I'm looking at it on the command line and I'm looking at all the names of my devices,
it's really easy to see, oh, that's the 250 gigs I just attached.
It just shows up right there, and they've even labeled it for me,
and within seconds I've added it to FSTab, and now it's mounted.
And it's brilliant because that's how I prefer to work. DigitalOcean is my enterprise now. That's my data center. With 12 locations
all over the world, 40 gigabit connections coming to the hypervisors, SSDs for every single rig,
Linux runs the virtualizer, KVM is the virtualizer. It's an ideal setup. And go check them out because
they're always adding new features, new documentation, and new pricing, like flexible droplets that are mix and match for the resources depending on your application.
They also have CPU-optimized droplets if you've got some large compute workload
and rigs with tons and tons and tons and tons of RAM.
Or you can just build something for $5 a month.
I just got done setting up a NextCloud box.
I'll tell you a little bit about it.
It's really nice.
It's really nice.
It runs so great.
And it's just nice to know that it's under my control.
And I really thought I would sort of scale back
on some of that stuff as time went on
and these things got easier
to just go get some hosted service.
No, more than ever, I'm building my own solutions
and I'm using DigitalOcean to host it
because that part of it is so low friction
that I can just get right to
the work that I actually want to do. So get that $100 credit by going to do.co slash unplugged.
It'll last for 60 days once you apply it to a new account. That's do.co slash unplugged.
Now let's talk about the change coming to Fedora Atomic Workstation. And this is going to lead us
into some of the Red Hat Summit news that we have. And it's a rebranding, I suppose. They're going from Fedora Atomic Workstation to Team Silverblue.
They're calling it a new initiative, and they think it's a better realignment for the long-term
goal of Fedora Workstation, where they feel like workstation is terrible branding to begin with,
and they want to call it Team Silverblue.
You can check out Joe Resington did an interview with Matt Miller
from the Fedora project in his new show Late Night Linux Extra
where he goes into some detail about Team Silverblue rebranding.
But that's sort of just a side note
because there also is a lot of other things coming out of Red Hat Summit
that maybe are bigger breaking news.
So Red Hat Summit is kicking off its 25th year, if you can believe it.
And they're doing so with a big announcement with IBM, a big expansion between IBM and Red Hat's partnership.
And they announced it today.
They're very excited about that.
And IBM is going all in with containers on Red Hat Enterprise Linux.
And IBM is going all in with containers on Red Hat Enterprise Linux.
And IBM is using Red Hat technology for their new AI and blockchain and Internet of Things solutions.
One of those is probably going to make a lot of money.
And so Red Hat is probably pretty excited to be at the core of it.
But the story that I am the most interested to share with you guys out of Red Hat Summit,
and this is the one that I think has some longer-term ramifications, and we've been wondering
what was going to happen after the CoreOS acquisition.
CoreOS technologies are being moved into
Red Hat container-native products.
And it looks like they're kind of doing a merger.
They write on CoreOS.com,
with the acquisition of container Linux,
it'll be reborn as Red Hat CoreOS,
a new entry into the
Red Hat ecosystem. Red Hat
CoreOS will be based on Fedora
and Red Hat Enterprise Linux sources
and is expected to ultimately
supersede Atomic Host
as Red Hat's immutable
container-centric operating
system. Wow.
I'm slightly disappointed they didn't call it Fedora Core OS.
Yeah.
Okay, that's fun.
I don't know what it means for Atomic.
I don't understand what it means for Core OS either.
It sounds like Core OS and Atomic are going away
and we're getting Red Hat Core OS.
Is the base then container Linux?
Is our PMOS tree staying the base then container Linux?
Is our PMOS tree staying around?
What's happening?
Red Hat CoreOS will provide the foundation for Red Hat's OpenShift container platform,
Red Hat OpenShift Online,
and Red Hat OpenShift Dedicated.
Red Hat OpenShift container platform
will also, of course, continue to support
Red Hat Enterprise Linux
for those that prefer its lifecycle and packaging
for foundations to their Kubernetes deployments.
That's pretty thick, and it seems like a huge, huge development
coming out of Red Hat Summit.
And I don't know.
Container Linux will continue to provide
a fast, free-moving and automated container host
and is expected to provide the basis
for new operating system projects from Red Hat.
Seems like there is something big happening
between CoreOS and Atomic.
I don't feel any less confused than I did when
they bought them. I'm just going to say.
They've got a lot of different initiatives coming out
from Red Hat. And that's kind of why I
wanted to go down to the summit if it could have worked off.
25 years of summits.
That's really, they're in San Francisco
this year. Red Hat surpassed 150
million customers. That seems like
a big number too. So big developments coming out of Red Hat this week. You got Red Hat surpassed 150 million customers. That seems like a big number too. So big developments
coming out of Red Hat this week. You got Red Hat
also sharing
the success stories they have in AI.
All of these events
are talking about AI so much.
Machine learning so much.
I will say all of it is confusion
aside. It's great.
There's a lot of really good technology here
and it's cool. It is exciting to see a lot of it continuing,
and good things will come.
Yeah.
When we were watching the build stuff yesterday,
they had somebody up on stage
that was deploying on a Red Hat enterprise server.
So that was seeing that up on Microsoft's stage.
And then, JJ, you just dropped a link in the chat room
about Microsoft and Red Hat working together on a project.
What is this about?
They co-developed the first Red Hat OpenShift jointly managed service.
They say by extending our partnership with Microsoft, we were able to offer the industry's most comprehensive Kubernetes platform on leading public cloud,
providing the ability for customers to more easily harness innovation across the hybrid cloud without sacrificing
production stability. OpenShift on Azure will be a jointly engineered and designed to reduce
complexity of container management. Red Hat OpenShift on Azure will bring flexibility,
speed, and productivity. Huh. So that's the actual product is Red Hat OpenShift on Azure.
I see. Okay. All right.
It's getting very incestuous in a way. It's so weird. It's such a strange thud.
It's like a re-bloom of all these different branded technologies that are intermixed.
Right. And Red Hat and Microsoft getting all friendly.
Yeah.
And I know we got to get over it. I know we got to get over it, but it's still on.
I guess everyone's just making that paper.
Yeah, I suppose. So I've been
following some of the Red Hat stuff,
but not the
traditional Red Hat angle. I've been getting really
into Fedora 28 since last
week's release. So I decided
to play around with it, to just give
a brief review on
Linux Action News. And
in that process, it sort of snowballed
into me setting up a Fedora Atomic system
and a Fedora Cloud system
and experimenting with what and how Fedora Atomic works,
which is fascinating.
Everything is containerized.
If you want to install some management tools,
you install a container,
which might have another container that needs to pull down.
And that's not necessarily a bad thing. It's just a different way of working and sometimes
those containers have had issues. So Fedora Atomic still felt a little raw to me. So I
started playing around more seriously with Fedora 28 Cloud because that felt like it
was further along. And one of the things that is very, very different
from the last time I really messed around
with Fedora or really Red Hat on the server
is there is so much documentation now
for how to do stuff.
Yeah.
There wasn't really a,
there literally was not a singular thing
that I got stuck on that I couldn't,
within usually my first Google attempt,
find the answer in the first link or two.
That is impressive.
Especially as you're coming back to it, right?
That is a very welcoming position.
It was, and I think it felt like
I was benefiting from the fact
that CentOS,
Red Hat Enterprise Linux, and Fedora
are all sort of sharing similar
command syntaxes, like they're all using
DNF, they basically all have the same stuff in the same place in Etsy.
It's really all kind of the same now,
now that they're all kind of caught up with each other
and all using systemd.
A consistent base of, yeah, just save this.
So every now and then I would find a one-off guide
or I had to do it on CentOS and it just happened to work on Fedora.
But for the most part, I was finding guides on Fedora.
And a lot of it was actually official project documentation.
I really should give credit to the project here.
A lot of it was on official cockpit project websites or Fedora project websites.
It has really upped their game.
It has really improved.
The situation with documentation around Fedora has really, really improved.
And if you're somebody who you can get pretty far, but you forget,
like, where do I need to go to do this? Or what's this command in Fedora? What's even like,
what is the name of this package? If you're capable of like searching on that stuff and
getting answers, I think you'd be impressed with how manageable Fedora 28 is. And that extends into
a couple of other aspects of Fedora.
And I've had a real A-B comparison this week with FreeNAS and Cockpit.
Now, they're not initially comparable, but I'll explain.
So you might be familiar with when I've raved about Cockpit on this show before.
Cockpit-project.org, got a link in the show notes.
Cockpit is server management that makes it easy to manage Fedora boxes, Red Hat boxes.
They say it's for all Linux machines.
I've only ever used it on Fedora systems.
Yeah, I'm going to try it on some non-Fedora systems because that would be fascinating.
I will give you a tour of it after the show.
Great.
It is.
It's, first of all, simple and easy to use.
And it makes it, if you're not familiar with setting up Docker or managing SELinux,
it makes those things very, very approachable.
One of the things that I super, super, super appreciate about Cockpit is that it has a brilliant SELinux troubleshooter.
So, for example, I went to go launch a NextCloud container.
And I wanted my NextCloud container to store its data on block storage, on DigitalOcean. So that
way I could blow away the container, deploy a new container, and all of my data would be there.
The container is ephemeral, the data is persistent. And SELinux wasn't having this. It was blocking
it because that container wasn't supposed to be accessing that file system. And SELinux caught
that and it blocked it. But that was preventing my NextCloud instance from starting because that container wasn't supposed to be accessing that file system. And SELinux caught that and it blocked it.
But that was preventing my Nextcloud instance from starting.
And I wasn't sure, you know, what the hell is going on?
Why isn't my container starting?
You know, damn Docker, blah, blah, blah, blah.
Well, you know, I'm looking around on Cockpit, which was just me sort of just,
well, I'm just going to take a look around for a bit because I don't know why this container isn't starting.
And I look over and I see SELinux.
So I click on the SELinux thing,
and it's got categorized of the recent types of SELinux alerts
that it's discovered,
much like the GUI tools do on the Fedora desktop.
And it's got solutions on how to solve it
with actual commands that I could run
to flag that stuff as okay in
SELinux and mark it as okay in SELinux.
It gives me the actual commands to run to fix the problem.
And when that doesn't work for some reason, it's got another brilliant feature that is
great.
It's got an off switch for SELinux that disables it until the next restart.
So you can be in a web interface,
you can hit this button, you can have
that process execute on
its rsync job it needs on the file system,
and you don't
have to worry that you forget to ever turn SELinux
back on, because worst case scenario, you forget
to flip that switch back on the next time you reboot
it's back on. And you could disable
it permanently, but I just think that was really, really nice.
But the other thing that really made using Fedora
as a server approachable to me,
and this is where I make the comparison to Freenaz.
There's no interference with Cockpit
when you're managing a Fedora system.
There's no interference between you
and what you do on the command line
and what happens in Cockpit.
If you start a service via Cockpit,
it can be stopped via the terminal.
If an error occurs in the terminal,
you can see it in the Cockpit journal interface.
If you make a tweak on the command line,
like you add a user, it's represented in Cockpit.
They don't step on each other like it does in FreeNAS.
In FreeNAS, you can SSH into a FreeNAS box,
and it's BSD,
but it's not BSD like you know it. It's like a small stripped down BSD.
You could say optimized, but yeah, different.
Yeah, optimized. And the reality is you could make config changes in there that will be
persistent while the system is running, but they lose and they're overwritten as soon as the system
restarts or you change something in the GUI. They override each other constantly. And for me, it's got to be something
where I can really lean heavily on the command line. And then if I want a GUI for remote
administration or to look at resource utilization, I can use Cockpit. And using Cockpit too, it makes
it really, really easy to deploy Docker containers or start virtual machines. And it can search
Docker Hub. And so you can put in machines. And it can search Docker Hub,
and so you can put in NextCloud.
It can pull down the official NextCloud Docker image
and get it started for you.
And before it starts, it'll ask you,
well, how do you want to do the network forwarding?
What parts of your file system do you want it to get to?
What would you like me to do if this instance crashes?
Would you like me to restart it?
Would you like me to always restart it
or only restart it if you haven't stopped it previously?
And you can go in there and set tunables like that as well.
Like, don't use too much CPU.
Don't use too much memory.
And then you hit the play button.
It starts up the container.
You decide you no longer want that.
It's one click.
You destroy the container.
You pull down a new one.
You reattach it to your data.
And you got a fresh system again.
And that's what I started playing with this weekend.
And through this process,
I ended up moving over a whole bunch of rigs
that were running, one was an Arch system, maybe two actually,
and Ubuntu 14.04.
So I don't think there was a 16.
There may be a 16.04 system in there that hasn't been moved yet.
So it was a smattering of Arch, smattering of older Ubuntu systems
that I needed to do something with.
They've just been getting neglected.
So while you were talking about this,
I spun up a 1804 droplet, and now Cockpit's running.
It's in the repository.
You just apt install, and there we go.
So one of the things that I wonder about,
and I'd be curious to see the UI,
is the way it works with Cockpit on Fedora
is that parts of Cockpit are modular.
So if you want to manage the disks, then you install that of cockpit are modular so if you want to manage
the disks then you install that aspect of cockpit if you want to manage docker then you install that
aspect of cockpit so like there's individual components of cockpit you can load or not load
i wonder is that is that true do you see multiple cockpit packages on ubuntu or do you see
i that's let me look. to a single Fedora 28 instance. And you might be wondering, why Fedora? Why not CentOS or Red Hat Enterprise Linux
or maybe 1804 with Crockpit?
Why not that, right?
So I want to address that
because that was, I think, the linchpin decision that I made,
and it's based on a multi-year project
that I've been testing behind the scenes
to sort of sort out where I wanted to go in the future.
And I don't have a
lot of these, but every now and then I've got like these three year long projects that I've been
brewing behind the scenes so that way I can come on the air and say, I've been skunk working this
for a long time and this is what I found. And so that's one of these situations. That's what we're
going to talk about next. So let's mention Linux Academy. Go to linuxacademy.com slash unplug to sign up for a free seven-day trial of a Linux training platform.
You sign up, and you get access to everything.
It's nice and easy like that.
It's a full-featured training library with everything you need to learn about things that run Linux and Linux runs on.
Everything you need to learn and get hands-on experience.
Self-paced, in-depth video courses, hands-on, scenario-based labs that spin up when you need them,
the SSHN, Learning Paths,
which are a series of courses and content planned by instructors.
And speaking of instructors,
they have few full-time human beings,
topic matter experts that are available to help.
That's huge.
Wow.
That's huge.
That really is a unique advantage.
And they also have something that I think is brilliant for those of you who are busy, a course scheduler system.
You can pick a course time, you set your time frame, your learning goals, and they'll help you stick to it.
They also have practice exams and quizzes to help get you ready, certification training,
which are courses created specifically to prepare you for exams, to get the big certs.
Of course, they've got mobile apps and study guides like
lesson audio, personal notebooks, and other tools that help you study while on the go.
They're always adding new features too. They added 70 plus new courseware, challenges,
and all other kinds of content to Linux Academy just last month. And they're rolling out new stuff
all the time. And you can try it out seven days for free when you go to linuxacademy.com
slash unplugged. linuxacademy.com slash unplugged.
linuxacademy.com slash unplugged to support the show and sign up for a free seven-day trial.
Big thank you, Linux Academy, for sponsoring the Unplugged program.
Go try out those hands-on labs.
Take advantage of that platform.
So Fedora Cloud has been kicking around in the back.
Well, really on DigitalOcean droplets.
But I was going to come up with some great story. But no, really really on DigitalOcean Droplets, but I was going to come up with some great story,
but no, really just on DigitalOcean Droplets.
Fedora Cloud, I think since they announced it in Fedora 24,
I don't remember when it came out,
but it started as a Fedora 23, 22 system,
kind of got refactored around Fedora 24.
And since then, I've been running MB and NextCloud on and off on this system,
in production on and off for years now, since really around Fedora 22.
Fedora 24 kind of did a big revamp.
And now with Fedora 28, I can report that I have successfully been able to upgrade that box
to every single release of Fedora.
been able to upgrade that box to every single release of Fedora. I have drugged that box from the 22 days all the way up now to 28. And in that time, nothing is broken. Not a single
failure to update. Never has my Nextcloud instance gone down. Never has my MB instance been broken.
Wow. That's some uptime.
And the reason why I wanted to do this is I said to myself,
I cannot use Fedora in production if I have to roll the dice
and worry that every nine or ten months or so,
I'm going to break my system.
And I thought, well, what I'll do is I'll put a couple of things
that would be a pain in my butt if they go down but aren't going to wreck my day.
Right.
Doesn't stop shows from going on air.
It's not.
Right.
But you still need.
Yes, exactly.
And so that was sort of the sweet spot for this job.
And I thought it's enough where I'll use it but not enough where I will swear off the door if it breaks.
And when – I don't know.
When I did the update to 28 on that son of a bitch,
and it still didn't break,
I sat back and went, what the hell am I so worried about?
I've got snapshots, I've got backups,
I'm putting all of this stuff in containers anyways,
and all of the data is living on block storage.
What do I care?
And so that's when I started playing with Fedora Atomic and 28 Cloud.
I did a fresh cloud install of Fedora 28
after I played around with Atomic,
and I did just that.
I detached the block storage from the old 22
that had been brought all the way up to 28,
moved it over to the new 28 instance,
installed Cockpit,
loaded up Docker,
set up a fresh Nextcloud instance,
connected to the old Nextcloud data, same thing with Envy.
And now I think I'm actually going to go even further.
And when that worked, that's when I went,
well, then why don't I just add more RAM and CPU to this system
and just shut down these three other droplets?
Yeah.
And move them all over.
If I put it all in containers, I have the data on block storage.
I've got backups enabled. I mean, it all in containers, I have the data on block storage. I've got backups enabled.
I mean, it was just like, this is really, really great.
And I thought I would just mess around with one or two things.
By the end of the night, I had everything moved over,
and I've also ended up setting up QO notes again,
where it's syncing back to my Nextcloud instance, which is amazing.
It's just been great.
That is amazing. It's just been great. That is slick.
So I've moved over. My Quazzle backend is now
living in a container. There is some Usenet
programs that are now living in a container. There is an audio stream process
that is living in a container. There's an MP4 backup process that's living in a container.
You container hipster, you. I'm going crazy with these things on this Fedora 28 system.
It really seems like you're empowered to maintain
and to set up your systems.
Now, it seems like you came to a lot of systems
that have been running for a long time,
not documented, not easy to figure out what was happening.
Yep, yep.
Now it's clear and easy.
It is really nice because using Fedora,
it feels very professional grade.
And I'm not taking away anything from any other distribution. Just going into it, sometimes I have bad experiences and it's
like, oh man, this is amateur hour. I tend not to share those sometimes, but I get very critical.
This is ridiculous. I can't believe they shipped this. This is embarrassing. I think we had a
conversation about that earlier today when it came to... Yes, we did. The other thing I was
comparing it to recently. Anyways, Fedora
Cloud is something a little different, though.
It's images that are really
not meant to be ever installed
on bare metal. They're really
designed to run in a virtualizer.
They also make Docker
and Vagrant images available, but
you don't really just go get the
image and DD the ISO to a
thumb drive.
It's really something that is deployable by your cloud provider.
And it's a very bare minimal install for DoraCloud.
It doesn't really have much of anything.
But everything's just DNF install away.
You have your basic tools. You can get nano in seconds, so everything will be all right.
Right. Everything that you need is there or if not, it's right there.
You bastard.
so everything will be all right.
Right, everything that you need is there,
or if not, it's right there.
You bastard.
And so it's really simple to just DNF the couple of things you might need to get off the ground.
And because the web services,
and I set up also a MariahDB server,
these are all in containers.
So I'm not even using DNF.
So the core Fedora 28 cloud install is super minimal. It's the base Fedora 28 cloud install is super minimal.
It's the base Fedora 28 cloud with a couple of modifications to the SSH config and a couple of additional packages for Cockpit and Docker.
And the rest is all running in these containers, which are destroyable and have their data stored outside the Docker image.
And that really was just perfect for me
because I can manage every once a year upgrading this Fedora box.
It's fine.
And as long as my applications stay fresh, I'm happy there too.
It was surprisingly pro.
I think it might even be a sweet spot for you
where it's not rolling, it's not Arch, right?
You don't have to update it every week to stay safe.
But it's also not a four-year LTS
where by the time you've come back to it,
your needs have changed, you've forgotten what you did,
or there's been a lot of different changes
in, like, available software.
One year might just be the nice cadence
where you stay fresh.
Yeah, also, it does a lot of small defaults
that I just don't really care to fiddle with anymore.
Like, the SSH config is root login is turned off by default
and it only accepts key logins.
SE Linux policy is not intensely too stringent,
but it's a reasonable default
that I probably wouldn't have set up myself.
The base package selection is just right,
which I wouldn't have had the expertise to re-spin a Fedora.
I could have done an Archer Ubuntu spin, but not a Fedora one.
And the thing that put it over the top was the combination of the super clear,
easy to find documentation and the totally solid implementation of Cockpit.
That really put it over the top for me.
I hope you're not allergic to bees, Wes.
You're not allergic to bees, are you?
No, I am not.
Hey, we got a visitor in the studio.
Yeah, we do.
Hey, buddy.
We got a really big wasp in the studio right now.
I don't know.
I don't know what we're going to do about that.
We'll just keep going on.
Hopefully Noah's ready.
Yeah, right?
He is allergic to them.
Anyways, I wanted to share that with you,
and I also wanted to share,
if you are considering trying out some NextCloud,
which if you have QO nodes
and you do that NextCloud backend,
it is some sweet Evernote killing magic.
Check out Floccus, F-L-O-C-C-U-S,
which syncs your Firefox bookmarks
to NextCloud bookmarks.
And what's really kind of nice about it
is you can sync just one folder
of your Firefox bookmarks if you want.
Ooh, that's nice.
Which is actually exactly what I do. I have like a current week's bookmarks that are just
for things for this week. And that's what I'd love to sync to Nextcloud. So that's what
I'm doing. You do have to have Firefox 57 and you can't be using, I think, the built-in
Firefox sync. So that is the downside to it. But it was kind of cool. And I'll have a link
to it in the show notes. It's F-L-O-C-C-U-S. All in all, I guess what I wanted to convey is if you've been skeptical
about using Fedora in production, I'd say give it a go for a while. Do like I did. Do a little test.
Do a skunkworks. See if it works for you. Obviously, there's so many great choices that I'm
not trying to switch anybody, but I was really impressed. And I did think it was kind of funny to be sitting there like loving Kubuntu on my
workstations, and I'm loving Fedora on my servers. Yeah, I had a Fedora server. I think it started at
17. It went to maybe 21. Then it, you know, ended up switching things up. But yeah, it was really
stable. Yeah, I remember when I was really stuck in a position,
I felt stuck at least, of trying to support Red Hat Enterprise systems,
really before they even incorporated Yum, but around that time.
I really grew to sort of dislike managing Red Hat systems,
and I thought Apt and Debian were so, and then later Ubuntu,
were so much simpler, saner defaults, easier to update,
easier to maintain, that I went into it with,
I think that's why it took me years of really trying this out
before I would accept that it was possible to do it
because I kind of had a bad taste from my sysadmin days.
You know, just sitting there having to,
do you feel that way with the systems you manage in your day job?
Do you feel like the Red Hat systems are more of a pain
in the arse to manage than the...
Especially if you don't have an enterprise
subscription where you get the nice, fancy, centralized
management. It's just...
I think it's gotten a lot better. I think these
days it is quite reasonable. I like
the security story a lot
on Red Hat-style
systems.
It's kind of a wash, I felt that too.
I felt that way too.
I felt like, oh, okay.
Especially now, right?
Especially if you're running containers or any of the other solutions,
application availability,
I don't necessarily have to install it with DNF
if I can get, if it's crucial.
App or DNF doesn't really matter
if you're doing it all through containers.
And then most of it's still there, right? Like 90% is in the repository. It's just those Adapt or DNF doesn't really matter if you're doing it all through containers. And then most of it's still there, right?
Like 90% is in the repository.
It's just those last 10 miles,
and that's that 10%.
That's well covered.
I think what you just nailed it is
having all this stuff moved into containers
is really kind of making the underlying OS
a lot less relevant to me.
And so then it's like,
well, who's getting that little implementation right,
that minimal shim that I need? Who's getting that right? And that's a competitive space for distributions to try to figure that out right now. I think it's very competitive.
Yeah, right, especially if it's the container OS or it's some tiny VM OS that lives in a droplet or EC2 instance. You want it to be tuned well and just work.
just work. So this minimal layer is something that I think is going to be like the big area of growth for distributions. Google, I don't really think as part of IO, but they just announced their
own kind of container runtime. I think you saw this. We were chatting a little bit about it
in Slack the other night. The GVisor, remember this? Yeah, GVisor. GVisor is sort of along these
same lines. It's an open source sandbox container runtime.
And again, it's about kind of making the underlying Linux OS irrelevant.
I think that's worth thinking about for a minute.
Like, what does that really mean if all of a sudden the distribution you're using doesn't really matter anymore?
And maybe the fact that it doesn't even need to be Linux anymore.
So this is from Google's's what do they call this? Googleblog.com, I guess. And they're open sourcing GVisor, a new kind of
sandbox that helps provide secure isolation for containers while being more lightweight than a
virtual machine. GVisor integrates with Docker and Kubernetes, making it simple to run sandbox
containers in production.
But it's not a container.
Applications that run in traditional Linux containers access system resources in the same way that a regular application does,
by making system calls directly to the host kernel.
The kernel runs in a privileged mode that allows it to interact with necessary hardware,
and then returns the results to the application.
With traditional containers, the kernel imposes some limits on the resources that the application can access.
These limits are implemented through the use of Linux C groups and namespaces,
but not all resources can be controlled via these mechanisms.
Furthermore, even with these limits,
the kernel still exposes a large surface area
that a malicious application could attack directly.
Of course, VMs are too much overhead,
too much bulk to emulate the entire hardware stack.
So enter GVisor, a lightweight container,
slimmer than a VM,
that maintains similar levels of isolation as a VM.
The core of GVisor is a kernel
that runs as a normal unprivileged process
and is capable
of supporting most Linux system
calls. I liked one way they described
it. Think about it as implementing Linux
by way of Linux.
So it's just a regular user space
process that is then acting
as a kernel and implementing a subset
of all of the kernel APIs.
So they've put a kernel in my kernel?
I mean, so why?
I guess for isolation purposes.
I guess they just answered that.
But their kernel inside this GVisor environment
is written in Go,
which they say was chosen for its memory and type safety.
And just like within a VM,
the application running within GVisor Sandbox
gets its own kernel
and its own set of virtualized devices
distinct from the host and other sandboxes.
Yeah, it's like a very minimalized set of what a VM might do,
but without all the hardware aspects,
and it provides the kernel.
So from the application side, you're still just doing software.
You're not worrying about running your own kernel.
It provides the kernel, but it implements a very minimal set
because that's been one of the biggest flaws with containers, right?
Is that even though they are contained in many ways,
a lot of vulnerability showed up because there's a huge
amount of syscalls that we have to defend against.
If you can instead implement
safe minimal set, that's the aim here,
then you have a lot
less surface area.
Yeah, and
it also sort of
prevents you from writing directly
to that dirty Linux, you know?
Now you can target the GVisor environment
and they could make GVisor available for Fuchsia in the future.
They could make GVisor run on free BSD if they wanted.
GVisor can be thought of as an extremely
para-virtualized operating system
with flexible resource footprint
and lower fixed costs than a full VM.
Comes at a higher price per system call overhead
and some application compatibility, though.
So those are the downsides.
See, this idea of running your applications in containers
is the future.
Like, there is, when we talk about, like,
is that in the distro's repo?
I love the AUR.
Drop in the bucket compared to what's on Docker Hub.
Drop in the bucket.
Everything's on Docker Hub. And so the bucket. Everything's on Docker Hub.
And so here's how it works now.
When I spin up a Nextcloud container,
I'm also spinning up a MariahDB,
and I'm connecting the Nextcloud container
to the MariahDB container,
so that way my database is in one container,
my Nextcloud's in another container,
my Quasar core's in another container,
and they can all talk to the database container
if I choose.
Right, that's one thing that they have an advantage of,
is they're thinking about and are used to construct systems.
And it turns out oftentimes you need those,
and it's not just a command line tool that sits by itself.
Yeah, and so now I don't think about getting the packages.
I don't think about dependencies.
I think about, well, what containers do I need?
And a lot of times they'll pull down dependent containers too.
So it's, I don't know,
it's a totally different way of managing software
and it makes Linux a bit less relevant,
which is sort of the creepy thing about it.
You know what I mean?
Like it really does.
Linux is kind of just an implementation detail.
Yeah, because you can put Docker on macOS,
you could put GVisor potentially on macOS.
I don't know how much of Linux kernel is dependent on,
but it seems like that might be possible,
especially if at the application layer
they're isolating that stuff out.
So in the future, they could move it.
Yeah, how much does this become a platform yet?
I don't know.
It seems like it is a platform in itself.
It is a busy week for the enterprise
with Microsoft and Red Hat and Google
announcing a bunch of this services stuff.
And Linux is playing a surprisingly large role in all of it.
It seems like a weird time, though,
because there's a lot of these efforts that are open source,
that fit a lot with our fundamentals,
but feel somewhat separate.
It's its own special subset of open source
that's like enterprise open source
and two giant teams somewhere use it.
It also feels like we have several things
going in slightly different directions in this regard.
You know, you got what Red Hat's doing with CoreOS.
You got GVisor out there.
You got what Microsoft's doing with Hyper-V and special Hyper-V environments.
And you still got Rocket out there doing its thing.
And, of course, have you heard the word about zones, Chris?
Zones are the word.
Zones and jails.
Haven't you heard the good news about jails?
Free BSD to it first, Wes.
Don't never forget.
All right.
Well, one more tease there for Texas Linux Fest.
If you're going to be in the Austin area towards the end of June,
or no, towards the beginning of June, June 9th and 10th or whatever it is,
come say hi.
Come say hi.
Eat copious amounts of barbecue.
Hang out with me.
Come say hi to the folks at Linux Academy.
He'll be the guy covered in barbecue sauce.
Just look for that.
All the time.
Like just, and if I'm not actively eating barbecue, so you can't tell if it's me,
look at my shirt.
If there's barbecue sauce on my shirt, 90% chance it's me.
Plus the little barbecue covered dog too.
Oh, that would be adorable.
Mr. Wes, why don't they go get more of you?
Where can they find a little more of Wes online?
Maybe you should check out techsnap.systems.
I hear it's a weekly podcast that covers systems network and administration topics.
It absolutely does.
Check that out, techsnap.systems.
I'll give a plug-ski for Tech Talk today.
We've been staying on top of all of the news this week at techtalk.today.
Ange and I busting through the headlines.
We've got one more coming up later this week if you want to check that out.
And then why not join us live on Tuesdays?
Hang out here with the virtual lug.
Do it.
And then you stick around, you get the Ask Noah program.
Extra special bonus.
And call him up, ask him what's going on, see what he's up to, see how he's feeling.
See if he watched Unplugged.
Just ask him that.
See what he says.
Just talk to him.
Just ask him how he's feeling.
Yeah, he needs that.
And you get a Linux, you get a whole Linux experience when you come here on Tuesdays.
Go to jblive.tv for that and jupyterbroadcasting.com slash calendar for those lifetimes.
Our website's linuxunplugged.com, linuxunplugged.com slash 248
for links to everything we talked about,
and linuxunplugged.com slash subscribe
for all the ways to get new episodes.
Thanks for being here.
See you right back here next Tuesday. Thank you. Man, next week's going to seem so low-key
when all these events aren't going on.
No kidding.
That'll be a harder show.
Well, this week I felt like was kind of hard
because there's so many things
that aren't really interesting to talk about but are important to the overall ecosystem.
I feel like it was a rough episode, really, to be honest with you.
Not particularly happy with this one.
Not particularly happy.
Not because, you know, anything we did.
Well, I mean, maybe.
But mostly just because there's so much enterprise-y stuff and I feel like when we start talking.
It's dirty.
Yeah, I feel like when we start talking dirty yeah I feel like
when we talk too much
about containers
people's eyes
start to gloss over
because if you're not
living and breathing
this stuff
it's hard to connect
with it
yeah we just want to
talk about Blasmo
come on
why are you stopping us
Chris
I don't agree with that
because you give
a lot of users
the chance
to try some
things out
and they've heard of it
because it's easy I hope that easy. I hope that's true.
I hope that's true.
I don't know. My sense is
that most people find it to be
the least interesting aspect of the stuff
we cover.
But it has so much momentum in that one space.
It is so relevant to the
marketplace. When you go to
any trade event or you talk
to anybody in the
industry, it's the only thing they're really thinking about. It's all they're talking about.
It really has taken over the world.