LINUX Unplugged - Episode 249: Home Grown FUD
Episode Date: May 15, 2018The Linux community is eating its own this week, as attention seeking plucky YouTuber’s trade on free software’s good name for clicks. We learn the real story behind some of the Internet’s recen...t free software freak-out. Plus a fantastic batch of community news and updates, some cool tools, and we discuss if it’s time to give up the Qt or GTK purist lifestyle.
Transcript
Discussion (0)
Starting the show off with an amazing discovery, Archive OS, the Archive of Operating Systems.
Its mission is to save great free operating systems, Linux, of course, the BSDs, the free DOSes, Solaris,
and many other independent operating systems, and make it bootable.
Look at this thing, Wes. How beautiful is this?
It's like the Internet Archive in an ISO.
A testament to the ages.
So you can go check it out at archiveos.org.
And I'm going to look into this more.
I got to try this.
They say it's important to save systems and let the next generation of users find them,
try them, and learn as much as possible.
This has been rattling around in my head.
I haven't tried this, obviously.
But what's been rattling around in my head is trying to set up some old VMs, or I should
say set up new
VMs of old versions of Linux
just to like, what was it like to use
KDE 2? What was it like to use
GNOME 2? Like, what was it really like?
Because we refer to it all the time. I've been
really tempted to set up some VMs to do this
just to have them sitting around when I want
to try it. Oh yeah, right?
And I think that's where this site is maybe
useful. A lot of times if you just maybe you have a disk image or a tarball,
but it's a long way from actually making things bootable.
So if you have some of this set up and ready to go,
you might actually use it.
That would be the perfect part.
Like one ISO you download, you load it on your machine,
and it boots the whole thing up.
That would be the holy grail.
Maybe they'll get there one day.
Maybe they'll get there.
But right now, they're just archiving these old great operating systems.
If you do want to try this, it's a great resource for that
so you can build your own system.
But one day, we may get to that ISO.
Somebody should build it and call it the Linux Unplugged Booter.
No, don't do that. Call it something else.
Yeah, definitely something else.
As I look at the pile of ThinkPads stacked up in the corner of the room.
You are building an archive.
Each one of the different operating systems.
How many do you have there?
How many ThinkPads is it?
Do you want to reveal the number?
Well, from what I can see in front of me,
one, two, three, four, five, six, seven.
Seven, I think, that I can see.
You could just have various different states of Linux
on each one of them, like a cross-section.
Yeah.
I kind of like them to be usable,
like actual usable machines,
not just like something that you you know
put in a cupboard and you never think about again so there's actually two on my desk right now one
of them is um a machine that we use for audio production um i don't actually use it samantha
uses it for audio production on the podcast but the other one that is on right now i'm running
offline imap to synchronize all my email down from Gmail,
because I quite like having an offline copy of all my email, just in case anything goes wrong.
I can open this laptop up, and it's got a local copy of all my email, and I've got MUT
installed on there. So at a pinch, it's got no GUI. I've got no graphical interface on this
thing at all. It's only command line applications and offline I'm up to sync my mail and then MUT if I need to actually write an email.
So now I can visualize you during the zombie apocalypse
hunched over this old laptop,
reading your email on MUT.
It's beautiful.
And I have a lot of email to read.
So once the zombies come,
I'll be quite busy reading on my old archive.
Right, of course.
But on that old laptop,
only seven minutes to read it all.
Yeah, right.
This is Linux Unplugged,
episode 249 from May 15th, 2018.
Oh, welcome to Linux Unplugged, your weekly Linux talk show that undoubtedly should have gone to that English class more often.
And my name is Chris.
My name is Wes.
I'm just saying, might have helped out in this whole podcasting career. It probably would.
Too late for that? No.
Ended up podcasting.
You know, Wes, we'll muddle through.
We have a great show.
We're going to talk about GNOME removing the ability to launch binary apps.
That's been the hot topic in our community this week.
Hot, hot, hot.
Yeah.
We'll do a deep dive into the new bookmark sync stuff that's coming to Firefox,
talk about System76 and LVFS's back and forth,
and some new features that look like they could be coming to GNOME if Will Cook gets his way.
Wimpy's here with a new trick,
and malware may have been found in the Snap Store.
Is everything ruined?
We'll get all worked up and super upset.
Plus, the folks from Plasma, well, some of them at least,
went to Berlin and came back with some code.
We'll talk about data collection in 1804
and some of the attempts to generate controversy for ad clicks, and
purism gets busted by Intel.
We alluded to this on a recent Linux Action News, but now we have a lot more details.
And then we'll ask if Docker is dangerous, and if it's time to just drop that all-GTK
or all-cute mentality.
Is it still relevant today, Wes?
We'll find out.
Don't answer.
We're going to get into that.
But before we go any further, we've got to bring in that mumble room.
Time-appropriate greetings, mumble room.
Hey-o, hey-o.
Hello.
Hi.
I like that.
That was a good mix this week.
Didn't expect that one coming.
So I want to start with the elephant in the room,
and that is the story about Gnome removing the ability to launch binary apps from Nautilus.
So we got the big news from last GNOME release, really,
was the removal of the desktop application icons,
the desktop icons from Nautilus.
And now it looks like this is sort of a continuation of that cleanup
is really launching binary applications
when you double-click on them in Nautilus.
So like.bin and.run files, perhaps app images as well,
.desktop shortcuts or like a shell script that you might execute.
You know, like the dumb arse that I am,
apparently doing things the old way,
I just downloaded a new game off of good old games, GOG,
and was, you know, assuming I would just be able to double-click and run it.
I don't know what I was thinking. I should have
definitely considered opening the terminal and running it that way.
Of course you should. You should be running all your
programs that way, Chris. Now, it's pretty easy
to poke fun at this decision, and it,
you know, it of course plays into that whole narrative
of GNOME always removing functionality.
I think the
common reaction I've seen
on the various internet outlets is,
just when you thought GNOME couldn't take any more functionality,
they're taking away the ability to run apps.
But that's a little hype.
It's not really that.
It's more really about how apps should be launched from the app launcher,
and the files app should be managing files.
And they think removing the ability to launch binaries from Nautilus
will improve its security.
And, of course, there will still be other ways to launch apps.
So what do you think?
Initial impressions when you hear this kind of thing, Wes,
are you so tired from drama that you're just sort of numb to it,
or do you have a strong response to this?
Okay, I will admit to being at least a little bit numb.
I also have some sympathies.
I feel like GNOME gets viewed as so many different things
and a lot of different roles.
Some of that might be valid,
especially now that they're on so many desktops by default,
but that's really the distribution's choice.
I can see why GNOME wants to craft things into
a more elegant desktop for the future.
Maybe not all users are ready for that.
I can see why people want to keep a lot
of standard paradigms around.
I personally
don't need them. I'm okay with GNOME developing into whatever
it is that they want. I understand
why it upsets people, though, because
hey, this is a lot of people's workflows. You can't do
it anymore. You're not allergic to bees, are you?
Oh, look at that.
There's a wasp.
Here, maybe you could put this
on top of him.
There you go, Wes.
Maybe you could trap that wasp
that's walking around
by your hand there, Wes.
Just a little Pacific Northwest summer.
There you go.
That surely won't piss him off.
Now he's trapped in the bell.
Now let's ring it. All right. Well, I agree. I think that people often lump gnome into one singular category when
it's a bunch of individual developers and people that are doing a lot of different work and it
often encompasses many projects and all of those disclosures aside, I can't imagine something like this ever landing in like Kaja, for example.
What do you think, Wimpy?
Could you see a rationale for something like this landing
in a Mate desktop environment?
Well, probably not because we choose not to remove features if at all possible.
So the only time features go away is when they can't technically be supported anymore.
But then I was thinking about this.
How often do people actually launch binaries with the file manager?
I think it's more common to a group of people that this is going to most negatively impact,
and that's new users that get switched to Linux or people that are buying commercial software.
I've definitely noticed the folks that I've helped move to Linux,
they have like this habit of Google searching
and then going and downloading the dev
or downloading a binary file.
Or like when you buy something from GOG.
Right, I can see that.
Or I use this program.
Oh, they have Linux.
I'm finally on Linux.
They gave me a tarball.
What do I do with this?
Yeah, yeah.
So a dev isn't executable though, right?
You double click a dev
and it launches something else
that handles the installation or you double click an image.
I'm just commenting on the behavior.
That's just the behavior.
I think the instinct for Windows users
is to download things off of the vendor's website,
whoever that vendor might be.
Right, but even those crazy lunatic third-party app developers
create desktop files and launchers.
And if you download, let's say, for example, a simple example like Telegram.
If you go and get Telegram from their website, there's a simple executable.
You run it once, and then you've got an icon forevermore in your launcher, your menu.
Right.
Same with the GOG game.
I bought that new fancy-looking space game.
I can't remember what it's called.
Oh, space game.
But it looks really good.
And it's a bin file that downloads,
and then when you double-click it,
it then launches a GTK installer,
and that does create a.desktop file
and all that kind of stuff.
But you've got to double-click that bin file
to get that GTK installer to create the desktop file.
But is the ultimate goal of this in the GNOME project to break the habit of these bad patterns
of downloading something from the internet and then just double-clicking it and expecting
it to work and it not be full of malware?
Maybe.
Yeah, I mean, I think you could make a pretty solid security argument from that standpoint.
And you could argue if they feel the code isn't up to snuff, that they shouldn't be maintaining it. You could
just base the argument off of that.
It does kind of remind me, too, of some of the, you know,
maybe like a Chrome OS type environment
or iOS, where these newer environments that were
designed in the world we have now
don't have some of these legacy things. But people who are
familiar enough with the file system, familiar
enough with, yeah, just like running binaries,
feels like a big loss. I don't
really ever do this. I guess the one area
it kind of sucks for app images, maybe.
Yeah, yeah. Other than that, it doesn't really
affect me. I guess I just don't agree
that you can change user behavior this way.
I don't think this ever works. I think you just
piss off users. And I think what you're going to have is
filter your base then, right?
And you're going to have distros that are just going to ship
another extension, just like they're shipping
extensions now to restore desktop icons or they're shipping extensions now to restore desktop icons, or they're shipping extensions now to restore tray icons.
Now they're going to be shipping an extension to execute binary files.
That's likely the biggest impact is that it'll just be now the work of the distribution
maintainers.
Or they'll hold back the version of Nautilus that has this patched out and patch it back
in again.
Yeah, yeah, maybe.
I have a link to the mailing list discussion.
I'd say give it a read and give the team
some slack to just figure this stuff out.
Like, the world hasn't fallen apart
with the removal of desktop icons from
GNOME 328. True.
We're still here, we're still holding good
and people that really need it have extensions.
I think also there's like, yeah, people have
extensions and if you're listening to this program,
you probably know that there's a bunch of other fine desktops.
So, you know, if we're having this debate in the context of like,
what should the new user experience be or the standard, that's one thing.
But for a lot of us, we just don't have to care because there's lots of choice.
Poby, are you still rocking Firefox as your daily driver of you cave to Chrome?
Oh, right.
Yep, yep.
No, the only reason I use Chrome is to talk to Wimpy on a daily basis
because the video chat thing we use only works in Chrome.
Yeah, I have.
And I've made an Electron app of the video conferencing tool we make
so I don't have to have Chrome or Chromium installed anymore.
Nice.
How do you make an Electron app of any rando website?
I would love to know that.
I will send you a link in irc to the ubuntu
tutorial guide that explains how to do it thank you because i have a similar situation i have one
app that i have to use chrome for yeah that's a great we should do that i know you know exactly
what i'm talking about so firefox is just getting better and better and uh beta 61 and the nightly
62 have a new sync system that is going to address some of all of the complaints, actually, I've really ever had with Firefox bookmarks.
This is something, their sync system with Firefox bookmarks has always sort of been a retrofitted solution where Chrome was sort of engineered for the game.
Right, yeah.
And now Firefox, the team over at Mozilla that creates Firefox for iOS
has quite a bit of experience
with this because when they created Firefox
for OS they created it with
syncing in mind and they created this
whole JSON system and they created this
dual database system of your active bookmarks
and the synced bookmarks and even a
third database for conflict
resolution and then they had a really great
system for keeping it all straight and keeping track of everything and even a third database for conflict resolution. And then they had a really great system
for keeping it all straight and keeping track of everything.
And when they engineered this,
they looked back at their Firefox desktop sync engine
and said, well, how could we apply lessons learned
to the iOS sync engine to the desktop?
And that's now essentially what they're doing.
They're going to have a mirror and a merger database.
They're going to have more of an iOS-inspired.
It's not a direct three-database, like one-for-one re-implementation of the iOS system because there is just historical legacy things they have to support.
But in a sense, they're going to be building into Firefox a shadow bookmarking system that will be kept syncing separately from your primary bookmarks. And that's where it'll work out like merging of conflicts
or other issues that crop up when you're syncing bookmarks
or adding new items or editing existing items.
And that'll be happening much faster in the background.
And it has a graceful way to get out
when there's a conflict that it can't figure out.
So then this is just sort of a new system being added,
bolted on that will take the
same data and do better things with it. Yeah, exactly. And they're starting to roll it out in
61 and 62 in different phases. I have those details linked in the show notes if you want to
read the whole post. If you're a big Firefox fan and you're curious about this battle and why
it's sort of been a little clunky, they even identify some of the issues that I thought I
was just crazy. I thought these
were just problems that I had, and now I'm seeing Mozilla
just say, the list is pretty
damning there.
Yeah, it doesn't make you confident. No, bookmarks
would be duplicated, lost, or reordered.
I have absolutely experienced the reordered thing.
And
folders with different contents would get smushed
together. New bookmarks wouldn't make
their way to all devices,
causing them to gradually fall out of sync.
And moves would be partially or completely undone at times.
There you go.
Yeah, right?
Wow.
And I thought I was just using it wrong.
And I thought Chrome did it a lot better.
And that was one of the things that first drew me to Chrome.
I went back.
I feel like it's been pretty solid, but I've also kind of reduced how much I use bookmarks.
Same, yeah.
And I'm looking forward to these changes.
Definitely should check the article out.
I thought it was a great level of,
there's a lot of technical details without too much.
There's not a ton of code,
but they talk about the advanced designs of the system.
And it's also worth mentioning,
recently I've gotten a little more critical
about the way Mozilla communicates.
It's very corporate heavy.
And it's sort of a turnoff to, I think,
a lot of members of the open source
and free software communities.
And so reading that, I'd say it was very clear.
It was technical.
Felt like it was written to us.
I liked that a lot.
I liked that.
And if you want to go read that whole thing, go to linuxunplugged.com slash 249, and we'll have a link in there.
I've talked a lot on this show about LVFS and the whole firmware update mechanism that I first experienced on an XPS 13 running Fedora
and then later different distributions, including Arch.
And it was just so exciting.
Yeah, you're in the software updates
and you go to the updates and it's like,
what, there's a new firmware update?
Crazy.
And then we really saw the value of having that system
when Spectre and Meltdown were announced.
Yeah.
And this system, LVFS,
is sort of, it's a Red Hat project that is attempting to be distro and vendor neutral.
We've covered a lot in the past.
Richard Hughes is the primary developer behind it.
I think he's done some great work.
And I love the idea of something that's cross-vendor so Lenovo or Dell could participate in it.
And you can be on Arch, Fedora, or Ubuntu, and you're getting these farmer updates.
Doesn't matter, yeah, right?
Yeah, that's great.
So I've always been a fan of,
well, let's get LVFS in all of the places.
And so that's why I think,
and I think other people have felt that way too,
and there was some interest in what was System76 going to be doing.
Now that they have Pop! OS
and that they'll be building their own hardware soon,
what is their intention to participate in the LVFS program?
And then it came out that in the background,
there had been some communication between System76 and the project.
It's not like they weren't aware of it, right?
Right, but nothing of major substance that had really progressed anything beyond,
like, hey, can we do this? How does this work? Things like that.
And it seems like things just sort of faded out.
There was some rumors that, yeah,
they started talking to us from the LVFS camp,
but we haven't heard anything.
And then about a year went by,
and Richard Hughes posted a blog post
where the crux of it is this isn't going anywhere.
They're not going to use our project.
They're going to do their own update mechanism
that they've created.
And if you want
somebody who supports LVFS,
go get an XPS 13.
And
Carl took to the System76 blog
and wrote a kind of line-by-line
response where he says,
we reached out to Richard over a year ago.
We were enthusiastic about LVFS
and interested in whether or not it would work for us.
Once we described how we needed to deliver our firmware,
we were told that it would not work well
and would likely not be acceptable to Red Hat Legal.
And they kind of post a snippet of the issue.
Richard Hughes says,
I don't think this will work for us
because there's no way to reference a flashing tool in the XML
or sign an executable on LVFS.
I don't think Red Hat Legal
would like the idea of shipping the flashing program.
We only ever talked about the firmware files themselves.
Although I concede the images in the.cap file
probably contain firmware executable code
wrapped up in layers.
Yeah, fair enough.
He says, I also know that Red Hat security team
would do more than just blink
when we tell them that we want to ship
an untrusted, non-free binary, which would run as root on RHEL customers' machines.
So that's the snippet of the conversation that why Richard Hughes says, I don't think this is going to work for you.
It's kind of, I believe, at that point in the conversation, things just died off.
System76 is like, well, obviously this isn't going to work for us.
We'll focus on what we need to focus on.
They were also launching Pop! OS around this time,
and they have plenty of things that they're doing.
And so he also, Carl mentions in his blog post,
that the update capsule mechanism that LVFS uses
wouldn't work for over a decade of machines
that System 76 has in the field.
And without update capsule, and with update capsule as well, it wraps everything into binary blobs.
You can't really pull it apart and reverse engineer firmwares, and they don't like that
aspect of it as well. Carl outlines a few other concerns in his blog post, but I kind of wanted
to reach out to Carl and ask him a couple of direct questions because there's been some that
I think have been rattling around the internet
that we'd like answers to.
So I sent Carl an email, and he got back to me this morning,
pretty promptly, actually.
And I asked him, I said,
is one of the core problems with System76 using LVFS
is that it's not really compatible with its upstream OEM agreements
that System76 has in place with, like, say, Clevo
or whoever that might be upselling the parts. Carl responds to that System76 has in place with, like, say, Clevo or whoever that might be upselling the parts.
Carl responds to that System76 has no upstream agreements limiting anything we can do to deliver firmware to our customers.
This is made up.
We were told in the email we posted that LVFS would technically be incompatible and would likely not be acceptable to Red Hat Legal.
We needed to still provide the functionality, so we built our own tool.
Which I, okay.
Fair enough. So he says that there isn't an agreement. There is no agreement in place that limits how they redistribute firmware. We needed to still provide the functionality, so we built our own tool. Which I, okay.
Fair enough.
So he says that there isn't an agreement.
There is no agreement in place that limits how they redistribute firmware, is what he said.
And I said, just to clarify, if customers choose to buy a stock Ubuntu machine from System76, not one running Pop! OS, will they still get updated?
He said, correct.
Any Ubuntu-based distro will work, of course.
We also had customers use the update tool on Arch.
Nice. Yeah, okay.
And I said, in the future, when you're building your own systems,
like your own desktops, do you intend to use LVFS at that point?
And he said that their first in-house design and manufactured desktop will feature open-source firmware components.
So they don't need to be reverse engineered,
so the update capsule thing isn't.
But they'll still use their existing infrastructure
and tools to distribute the firmwares
when they're building their own systems.
And so, you know, he's,
I think it's pretty clear in here.
This is just simply a matter of this is what works for us.
It wasn't really a statement on the LVFS project.
It's just not a solution that's necessarily
going to work for us right now.
And he would have, I think, I got from my back and forth
with him, he would have preferred to just leave it at that.
I wish there was a mechanism
for these different groups to communicate better.
It's funny, we have all these different
platforms, Twitter and email
and IRC and Slack
and Telegram, that everybody
in our community uses pretty regularly.
And yet, like, these like...
It feels like we end up talking past each other.
In blog posts, right?
And I really respect Richard, too.
I think what Richard is working on
is really important for a first-class Linux user experience
where you don't have to sit there and do the distro math
and wonder if there's a PPA for that system. And you just know that if you get a modern system, when you go to get all your
updates, you get your firmware update. I like that. I like that too. And there's probably a
lot of different ways System76 could crack that particular egg and maybe they could deliver it
that way as well. It's sort of unfortunate though that we end up getting these lobs thrown back and
forth at each other.
In another world, I almost would like to give people a space to just talk it out.
Because you get people talking and everything's fine. Let's hash it out now and then not have to keep talking about it.
We can stop covering it on the show and everyone will be happier.
Yeah, it just seems like that would be a lot nicer. Do you think there's any, was there any in the reaction,
any sort of open source community frustration just with Pop! OS
or feelings about that System76 may be motivated to do this
for some of their not appreciating forking when they don't need to?
That's an interesting question.
Yeah, I think that is a bit of it.
I think where Richard Hughes comes in is,
I saw some of his follow-up comments on Google+,
he's a little disappointed because the idea here is, is this is sort of like the community thing
to do. This is the Linux, you know, this is like a good Linux hardware citizen thing to do,
I think is the thinking. And so there was a level of disappointment on his part that System76
wasn't interested in participating in that larger ecosystem, even if it meant sort of
reinventing the wheel a bit.
Because some other manufacturers
are redoing the way that they do
all of this process, too.
And I think that is a point
you could argue. Maybe that's not
necessarily true, because
perhaps you could argue that LVFS
is not as independent as
it would need to be for that to actually happen.
It also strikes me that it's great
that System76 is taking this seriously,
and maybe if a lot of other vendors had been doing this,
yes, it would be a worse world
where we had a whole bunch of independent Linux flashing programs.
But imagine that.
If for years you'd be able to easily flash firmware
from whatever big-name vendor,
that just wasn't the world that we lived in.
It's cool that it's changing now,
but I can understand why they're like, guys, we've been shipping this for like
10 years. We just have to support our machines. Yeah, the machines we already have in the field.
Let's take a moment and thank Linux Academy, linuxacademy.com slash unplugged. Go there and
sign up for a free seven day trial of a platform that's built to teach you more about Linux with
full time human beings that can help you whenever you get stuck. And when you're not asking them questions,
they're always improving, adding, and updating content.
They have a course scheduler
that works with your busy schedule
and helps set learning goals
and then helps you stick to those timeframes.
They have cloud servers that they spin up on demand
when you need them as part of the courseware.
You can SSH into those systems.
And they're really cool.
You can set the distro and the courseware matches that.
And they also have practice exams and quizzes
to help prepare you for certifications and tests
to make sure you really have learned what you think you've learned
before you go take the big test.
They also have iOS and Android apps so you can study while you're going.
They have lesson audio and study guides that you can download and take with you.
And they have rolled out a big batch of content in the last month,
and it's still coming, too. It's impressive. There's so much to cover that they've been doing live streams that you can download and take with you, and they have rolled out a big batch of content in the last month,
and it's still coming, too.
It's impressive.
There's so much to cover that they've been doing live streams to just try to bring everybody up to date on all of this stuff
because it's so much, it's hard to keep track of how much.
You don't even want to read all the stuff that they have just off,
let alone all the actual material.
Yes, and they're updating old stuff as well,
so the old material is staying current.
It's a great, great service, and you can try it seven days for free.
But when you go to linuxacademy.com
slash unplugged,
go sign up for a free seven-day trial
and support the show.
linuxacademy.com slash unplugged.
Ba-ba-da-bop, ba-ba-da-bop, ba-ba-da-bop.
I like that sound effect.
I like that, too.
You should keep it going.
So if I say GS Connect,
does it ring a bell?
Does that ring a bell at all?
Well, it does make me think of KDE Connect.
You got it, Wes.
That's right.
It is the GNOME shell implementation of KDE Connect.
Oh.
Yeah, without the Qt.
I'm interested.
No Qt or KDE dependencies.
And KDE Connect, of course, is that awesome, awesome tool
that allows you to use,
to basically make your Android phone a companion to your Plasma desktop.
And now your GNOME desktop with JS Connect.
You can share clipboards.
You can get notifications moved between them.
You can use it as a remote control.
I mean, you could transfer files.
There's a lot of stuff.
And you've got to figure it's a feature that Microsoft is eyeing.
They've talked a little bit at Build about the new timeline feature in Windows 10 that requires like a special launcher on Android to make it all work.
Where none of this is required with GS Connect.
And so this guy, this random guy, Will Cook, some guy on the internet, he has proposed that Ubuntu should integrate GS Connect as part of 18.10.
I think it's a great idea.
That's awesome.
And so he's put out there for conversation on the Ubuntu community portal hub.
What do we call it, Popey?
Is it a hub?
Hub.
Hub.
And asked for folks to give input and has even named people that are volunteering to do some of the work.
I think this would be a great and useful tool and it'd be a nice feature on the side of the box,
like they used to say.
That sounds awesome.
Yeah, I mean, I would certainly use it.
So if you want to get in on the conversation around that,
I'll have a link in the show notes.
And then a little birdie dropped off,
a new snap.
New snap?
Right on the doorstep of the show this morning.
What is it? I'm dying to know.
Well, you know how we're big fans of the FFmpeg project here.
Oh, love it.
And you know what FFmpeg could always use? A little
more of hardware acceleration.
Always. But you can't
do that in a snap, right Wimpy? That's not possible.
It is now. Oh!
Boy! Dish. You got a dish.
So, this is something we've
had brewing for a little while.
You will have heard
Poppy and I talking about the fact that
OBS is able to use an accelerated FFmpeg that's in the Ubuntu 18.04 archive, which is terrific.
So people who want nvnk and hevc and what have you, that's all available.
But as is common, the 18.04 release comes out.
We're shipping the latest stable release of FFmpeg.
And then days later, FFmpeg 4 drops.
And we've now got an 1804 release, which is never going to see that new version of FFmpeg. So what we've been working on is a snap of FFmpeg, which is FFmpeg 4, with the NVN and HEVC pieces pieces enabled so you have the hardware acceleration we've also done the work to
build in the va api stuff so there's a hardware accelerated encoding and decoding for intel and
amd as well and all of the bits that ffmpeg relies on are all built from the current versions of source parts.
So the whole stack of FFmpeg is all the latest stuff inside the snap.
That snap is currently classic because it's FFmpeg itself.
And it sort of makes sense that maybe FFmpeg,
the tool should remain a classic snap because there's many different,
different ways people would want to use
it but that snaps only 20 meg so it's very small wow yeah i'm really excited i could take that
anyway yeah yeah and um what we've um what we've been doing is we've figured out how to confine FFmpeg and open up access to the NVENC socket.
And what this will enable us to do is in snaps like OBS and Kdenlive,
embed the bleeding edge versions of FFmpeg with all of the acceleration turned on inside those applications.
So they don't have to go looking at the host,
which may have an old version.
They can have the current latest versions
with all of the acceleration features.
Right.
Boy, that's going to be great for them.
And they'll know exactly that everywhere that it ships
will have that version of FMPEG,
which is going to be great for KDE and live.
Maybe that's one of the biggest challenges
for doing video editing on Linux
is that people have different parts
underneath of different versions.
And so you can say my KDN Live crashes
and it comes back with,
okay, what version of this
and what version of that do you have?
And this solves that.
That's available now in the stable channel.
In the future, we'll be doing a bit more
with the Intel and AMD acceleration
and a little project I'm interested in looking at
is we've now got the capability within snaps when they're being built to make architecture decisions in the build process.
So you can say when I'm on an AMD 64 machine, do these things differently than when I'm on a device.
and what i'm planning to do is bring some work i did on the raspberry pi uh last year where i made an ffm peg that was specifically tuned for hardware accelerated encoding and decoding on the raspberry
pi bring that into the same snap so that when you're building on arm hf it automatically turns
on all of those raspberry pi optimizations So the same snap will be the accelerated version
for the different devices.
You are doing the work of many editors out there.
They are going to appreciate that very, very much.
They're going to save so many folks time
that would have had to figure out
how to get that working individually
on each one of their systems.
Can you imagine the difference,
like just a couple of years ago,
trying to put that all together?
Maybe you're manually compiling things
or with sketchy PPAs, and now it's just a couple of snaps ago, trying to put that all together. Maybe you're manually compiling things or with sketchy PPAs, and now
it's just a couple of snaps.
Yep, yep. Okay, so while we're
on the subject of snaps, there's a big
story floating around, huge story, massive
controversy, shaking everything to its core.
So big! There was malware
found in the Snap Store, and as a response
there's been a post up on the
blog.ubuntu.com talking about
future steps that'll be taken to secure, to a degree, the Snap Store.
And there was one bit in here that really jumped out at me.
And Will Cook talked a little bit about this on the recent Late Night Linux, too.
They say, on the roadmap, they have an interesting security feature in the works that will improve the safety of the system and also the experience of people handling software deployments in servers and desktops.
A simple but fairly effective feature that we are working on is the ability to flag specific publishers as verified.
The details of that will be announced soon,
but the basic idea is that it's easy for users to identify that the person or organization publishing that snap are who they claim to be.
And so, though, would that have solved this?
So what happened?
So let me back up a little bit.
Yeah, lay it down.
There was a video game in the Snap store.
I think it claimed to be a version of that 2048 game
that everybody loves.
And when you get that there game,
it was actually doing a little crypto mining
in the background.
Surprise, surprise.
Well, of course.
That's what you got to do these days.
So it's an interesting use of, I guess, what you could call malware.
It was really more like crypto-ware.
Because it's in the confined snap, but it can still use your CPU resources and do mining.
Just raises your power bill.
Yeah, so it's behaving in a way that was unexpected to the user.
But they could have been a verified publisher.
Right, and with the verification, does that speak at all to the procedures?
How do they keep their keys?
You know, all those sorts of things that would actually also impact that.
Yeah, maybe we'll get details on that.
But that's about as much as I know.
I'm sure our friends Popey or Wimpy would have more insights on this particular topic.
It's been kind of interesting,
but it all could have been more of a shitstorm.
It's been kind of a mild shitstorm, but not that bad.
So what's been the piece that people have missed?
What is the definition of a mild shitstorm?
Well, I don't know.
From where I've sat, it could have been a lot worse,
but you were more at the heart of the storm,
so I'm curious if you have the same impression.
So whenever something like this happens, and I not not talking about you know whenever we regularly
get malware arriving i'm talking about whenever there's whenever there's a problem in ubuntu
and you know we see the community reacting in some way um we all jump to it and there are people
you know you can think of the avengers around world, you know, all coming together in order to resolve this problem.
And I know that a whole bunch of people in Canonical care very deeply about this problem and wanted to get it solved.
So someone alerted us to the fact that there was an application in the store and the application did something
other than what it said it did in the description.
That's effectively what it was.
It's as simple as that.
Someone said, this is a game.
It's 2048 or Hextris.
There was actually half a dozen,
four or five applications from the same author
and they all did the same thing.
They were, in inverted commas,
masquerading as one thing but doing something else.
They weren't stealing data.
They weren't grabbing data off your machine and sending it off to some third party.
They were basically using your CPU in order to mine some kind of cryptocurrency.
And at the point when we found out about this, I think it was on a saturday morning uh the weekend just gone and
i was standing in a field watching my son play football i know martin was in the middle of a
forest with his family other people were spending time with their families on a saturday morning
and everyone jumped to it telegram lit up irc channels lit up we all jumped on it we all pinged
all the right people phoned the emergency numbers
and made sure that those applications were yanked from the store as soon as possible
so we did exactly the right thing as soon as we were alerted or as soon as we figured out that
there was something wrong we pulled these apps from the stores and um and then started a plan
of investigation and uh debugging what the applications were actually doing to make sure that this doesn't happen again.
And we can plan for the future to make sure that people are more aware of what's going on.
Yeah. And so do you think this verified program would have fixed this particular problem since he did have a few other apps in the store?
He may have been considered verified at that point, no?
Well, there is no verified program at the moment so right yeah i couldn't
possibly say if it would or wouldn't fix it because i don't know what form that verified
program will take okay we've we've discussed this a number of times at canonical and it was most
recently raised a couple of weeks ago uh the snap team were at a sprint recently. And it's a hard problem to solve.
It's not straightforward.
Even if you have someone who is, whether they are verified or they're not,
it's not a magic bullet that stops someone from doing something nefarious.
Sure, yeah, right.
You have to be able to keep an eye on these things,
monitor what's going on, and fast when when things do go wrong like if you
look at any of the other app stores windows mobile app store ios app store mac app store
windows desktop app store android app store they've all had some kind of occasion that
something has been put in the store that users might feel aggrieved at in one way or another, whether it's too many pop-up adverts or crypto mining or something else.
Everyone's had this.
It's a rite of passage for any app store.
We've hit that now.
And, yeah, we're going to have to come up with ways
in which we can ensure that users have confidence that the applications that are coming
from the developers, they can have some level of confidence
that that's a valid application.
One thing that we're trying to do with the Snap Store
is not that you should trust us, Canonical or Ubuntu,
is that you should trust the developer.
It's the developer who's pushing their stuff in the store.
The code is coming from their GitHub repository. You should be able to go and have a look at their GitHub
repository. You should be able to interrogate the snap and figure out where did this come from,
who made it, what's inside it, right? You should be confident that the thing you're installing on
your computer is what it says it is. And we've got some work to do there because right now,
we don't make it obvious where the source of the snap came from. And we've got some work to do there because right now we don't make it obvious
where the source of the snap came from.
So there's certainly some things we can do to improve.
Maybe verification will help as well.
Yeah, it obviously will be a process.
I'm curious to see when the details come out.
Congrats on being a real software store now.
Yeah, it is a challenge,
especially if you're going to allow submissions
from the general public, which
you can kind of offset to a degree
by the fact that they are contained, or confined
I guess I should say. Right. And the
other thing is, it's worth noting that
when we reacted, we reacted
really fast, like
faster than most stores react.
So when we were told
within a couple of hours,
it's yanked from the store.
So no new users could download that application.
What we also did was made sure that any users who currently had the application,
we pushed out an update to those users that removed the component.
That's still in progress that removes the component that,
that does the nefarious stuff.
So they end up with the game and not the component that that does the nefarious stuff so they end up with
you know the game and not the malware that that came along with it so we've we didn't we didn't
just leave that software on people's computers but equally we didn't reach out to everyone's
computers and delete the software from their computers it's's a fine line to walk between saying,
well, you made the choice to install this software, tough,
and the Amazon way,
which was to reach out to people's Kindles
and delete a book from your Kindle, right?
We didn't want to do that.
We wanted to leave the software,
but remove the bit that was bad.
So it was a very delicate line and balance to walk.
Yeah, I hadn't thought about that.
I'm glad you mentioned that.
So now we wait for the details down the road.
I appreciate that little tidbit about verified.
I think that is a good idea.
I mean, it shows that these are concerns, right, that take it seriously.
And that goes a long way.
Some of the developers that have applications in the store,
we have one-to-one relationships with so some of the applications like those which are
classic snaps like many of the popular code editors um and things like skype you know people
are a little bit concerned they're classic snaps being a classic snap it means it has full access
to your system right very much like a deb does when it's being installed
and so people have a little concern there and and we go through a vetting process
for classic snaps where we vet the developer who has access to the snap and make sure it correlates
to the upstream developer who owns the application so So there's additional scrutiny applied to classic snaps?
We already do that scrutiny for classic snaps.
And perhaps that will be part of what we do
for our further verification process.
But like I say, we haven't figured out the details.
Well, thank you for sharing that insight.
It's very interesting to hear the behind-the-scenes aspect
of watching it from the outside.
Of course, people jumped on the bandwagon,
but you're right.
This does, it is almost a rite of passage to a degree.
And it's not necessarily even a new type of threat vector.
We've had rando repositories
that people have been adding to their sources list for years,
PPAs that you plug into a system.
I think there's always just going to be this conflict, right?
It's either you have a super lockdown store
where you don't have all the apps you want
or it's easy to publish
new software and it's great
and there are just more risks.
Yeah.
And the verified step
and perhaps others will help.
All right.
Well, I want to move on
to our friends over
at the Plasma Camp
who were doing
a little get-together
in Berlin, Germany.
And some of the folks there
gathered to discuss
the forthcoming 5.13 release
and, of course, the future
of Plasma and Wayland itself. But this
time with a twist. One
of the members of the Sway
window manager team joined
them to talk Wayland input methods
and a bunch of other things.
It looks like there was some really fruitful stuff coming
out of this. Drew DeVault, the lead
developer of the Sway window manager,
joined the Plasma Sprint to discuss where Wayland protocols
could be shared between the projects.
Wow.
Right? Brilliant.
The team looked at their layer protocol,
which covers much of the work of the current Plasma Shell protocol.
We found that this protocol contained some nice ideas
and suggested some improvements for the Sway window manager developers
as well.
The Plasma Output
Management Protocol
was also discussed.
Now,
get this thing.
This protocol defines
how external monitors
are used
and Sway currently
just reloads config files
so the Sway team
is going to consider
using the Plasma Output
Management Protocol
so the two projects
are using the same thing
for external monitors.
That would be nice.
This alleviates some of my big concerns I have about the path to Wayland, and I'm really
glad to see this.
There was also some talks about remote access and using Pipewire, because that's the route
that Prasma's taking.
Right, this is exactly the thing that we were like, well, we probably will need this in
Wayland, and it's happening, so that's good.
It's really good.
They also had some new work on the new input stack for Qt, because there's a bunch of other
developers there as well.
And Sean, I think I'm going to butcher this.
Rutledge, going to go for that.
What do you think?
Yeah, I think this time you got it right.
Yeah, well, he's the lead developer of Qt's new input stack.
And he joined the sprint for a few days to work on and review the new API.
And this is really all about putting Wayland first.
And they said they got some nice parts in that were improved,
and things went surprisingly smooth.
And the Plasma browser integration got final touches for 5.13,
which will be released next month.
Now, the Plasma browser integration means that Firefox and Chrome and Chromium browsers
will use Plasma's file transfer widget for downloads
and the native Plasma notifications
for browser notifications.
And more importantly for me,
the media controls in your task manager
will work for browser tabs and stuff.
So you can mute.
Love that Plasma manager.
It's nice.
So lots of stuff there.
Translations as well getting fixed up,
other kinds of things,
and some work on the Falcon web browser
and getting it feature parity
in terms of Plasma integration
like the other browsers.
So some good stuff coming out of the Plasma Sprint
in Berlin.
It's nice to see that.
Huge, huge fan now these days. I'm all about it. I've just really become quite the plasma sprint in Berlin. It's nice to see that. Huge, huge fan now these days.
I'm all about it.
I've just really become quite the plasma fan.
You're biased, we know.
I really am.
It's been working so rock solid for me.
I appreciate your restraint.
You only put in this one story here.
That takes a lot of self-control.
I'm going to get you to switch eventually.
Popey and I, we're still rocking it.
We're still rocking it, right?
Yeah, Popey, you're still there, yes? Yeah, totally.
Totally. All day, every day. Oh, really?
Boom! Really? Yeah.
It's an almost
believable yeah.
Okay, so I have two computers.
My main computer runs Unity
on 18.04, but the laptop that I
go walking around with, my T450,
that runs KDE Neon. I have to point
out, still the same install I did just after I came back from your place, and it's still rocking.
I love it. I don't want to steal his story because he might share it on air, but Noah has a hilarious
story that is a true tribute to how stable KDE Neon was for him. Long story short, he never rebooted since the initial install.
He'd just been using it and sleeping in his laptop,
which bit him in the arse in a major way,
but I'll leave it to him.
It's too funny of a story for me to share for him.
I won't take it from him, but it's a good one.
And it's been the same thing for him.
Super rock solid.
We're still running on all the studio systems here,
so it's great to see the team getting together in person
to put that final polish on 5.13.
I think that really makes a big difference for some of these teams,
so it's nice to see them have a chance to be able to do that.
We have much, much, much, much, much more to get into.
Still lots to discuss.
So let's take a moment and thank DigitalOcean.
Go to do.co.unplugged,
where you will get a $100 credit at Digital Ocean when you sign
up with a new account that lasts for 60 days and gives you a chance to try out Digital Ocean.
Everything's based on super fast enterprise grade SSDs. It's designed for developers,
but it works for human beings. They have a dashboard that's so good, you might call it a
dashboard for days. And now they have new flexible droplets where you can mix and match resources that are the most appropriate
for your application.
do.co slash unplugged.
They have private networking if you
want to have something in the back end like a database
or a cache. They have
block storage that you can add to your
system as you need it. I just put 250
gigs on it. Oh, big spender,
but not really. It's pretty
reasonably priced for what you get. Yeah.
So for an example, my favorite rig, three cents an hour. What? Yeah. And that's a significantly
fast rig too. It's probably more resources than I really need most of the time. And you can get
a $100 credit when you go to do.co slash unplugged. They have a great API that's clearly documented,
easy to follow. And because of that, there's tons of really good open-source code already written.
You can integrate it into your Linux desktop,
like control your droplets.
You can get apps for your phone.
You can get command line scripts.
You can get libraries for your favorite programming language.
I mean, the whole spectrum is covered for DigitalOcean.
Plus, they have a ton of great distributions,
all of the real distributions
you'd probably want to put on a server to begin with,
plus that free BSD.
Really? Yeah.
So go check it out, do.co
slash unplugged, get the $100 credit, and a big thank you
to DigitalOcean for sponsoring the Unplugged
program, do.co
slash unplugged.
So with the release of 1804,
we've seen a disappointing trend
of clickbait
to try to make, or manufacture, you might say,
some drama around the, quote, data collection services in Ubuntu 18.04.
And even the name is sort of over-dramatizing what this is.
If you install Ubuntu 18.04, at the end, there's a screen that comes up
that says,
What's new in Ubuntu?
And at the end of that screen,
it talks about data collection,
and it shows you an example
of the data collection.
We're going to go over
one of those reports
in a moment,
but I've noticed a trend,
particularly with YouTube,
and I hate to come on here
and be like,
you know,
Chris yells at YouTube
once again.
Hold then, Chris is back.
But it's pretty disappointing
because it plays here and be like, you know, Chris yells at YouTube once again. Hold then, Chris is back. But it's pretty disappointing because
it plays
to a well-trained
sort of
knee-jerk response that's in the
audience to respond
badly to anything about data collection.
Because of all of the Facebook stuff,
all of the Google stuff that we all know,
NSA collection, like since Edward Snowden,
It's been years now.
We've had it drilled into us that everybody's spying on us.
Windows 10 launched with all these metrics.
It's just been drilled into us that spying equals bad,
data equals bad.
But the reality is,
if you're deploying a large-scale operating system,
you have to have some insights into your customer base.
You have to.
You want that feedback cycle, yeah.
And so there's a line to be walked here.
And I think Canonical has walked it really well
because they could have gone further than they did.
Essentially what happens when you opt into this data collection
is you generate a report about your system.
And I'll have an example report linked in the show notes.
And what it does is it collects things like the version of Ubuntu that you just installed,
the type of processor that you have, the type of GPU,
the vendor and model number just like they would be in an XOR report.
Nothing fancy.
It's not like it's a super in-depth thing here.
Your screen resolution, if you have live patch or autolog turned on,
the desktop environment, and if you're using Waylander X.
Then your time zone, the media that you use to install, like the ISO.
If you use the minimal install, and that's essentially it.
There's a couple of other basics in here, like did you download updates during the install?
That's the data that gets sent.
It's really quite harmless. And also, if you choose not to participate in the data collection,
there is a one-time ping.
All of this is just a JSON file in clear text that you can read yourself.
You can just open it up and read it, and it's clear.
And there's a one-time ping that's sent to Canonical
that says user did not opt into data collection.
There's no IP, no identifiable information.
Will Cook stated they don't even store the IP address
of the HTTP connection in the Apache logs.
On the server side, yeah.
Right.
It's just they opted out, so that way they have a metric
to know how many people are choosing not to use this program
so they can have an idea of how unpopular.
Yeah, exactly, so you know how many total installs are happening.
But that doesn't stop people from attempting to generate controversy
because that generates clicks and views and ad dollars.
And if you look at the comments on a couple of these different YouTube videos,
people are all in on this stuff.
They're all in on it because they are just looking at that word data collection
and they're freaking out.
And the problem is that it actually handicaps Canonical's ability to really figure out what's popular.
Like, for example, 64-bit versus 32-bit.
How many of their users are actually using 32-bit processors?
Or how many of them are installing a 32-bit version of the OS on 64-bit capable hardware?
That simple, plain text
data file tells them that.
That's a pretty valuable
piece of information that could save them tons of
engineering time.
Well, and also it can be very difficult to get that feedback
other ways. You often see, right, that
minority communities are
going to communicate a lot more, and
it's hard to get a sense of just what a lot of
bland default users who don't care to give feedback
to Canonical,
this is a way that they can be sampled
in that user base. Producer Michael responded
on one of the videos. He said, I completely disagree
with this video being made because
none of the collection is a negative thing.
The initial data collection of Ubuntu
report, it's Ubuntu dash report by the
way, when you choose not to send info
only sends that you chose not to send info.
The removal of the package
merely to not tell them actually skews
the data because it lowers
the amount of people who will be continued
and counted as not participating.
See, these videos are advising uninstall this package
so that way you don't have anything
ever sent to them. Never even a
ping. Wow.
But the problem is, is then Canonical has no
metric to know how unpopular this is.
So producer Michael goes on, if you wanted
them to know you dislike it, then
you have to send them the info that you opted
out. They have to have that
information. The reason it was made
automatic and opt out is because
most people dismiss the pop-ups and close
it anyways. The other aspect
is there's some bug data collection that'll automatically
get sent to the background that does contain more information.
But again, that's critical information that every commercial desktop operating system is collecting.
And that's really my piece on this is I think this is actually an example of how open source media can be a free software coverage or whatever label you want to apply to it can actually be destructive to the movement
because it creates fear and uncertainty and doubt
about something that is very vanilla and very clear.
You actually, when you finish the first-time run wizard of 1804,
you can click a button and it will show you what it's going to send.
So you can review all of it. We also kind of waste an opportunity to, you can click a button and it will show you what it's going to send. So you can review all of
it. We also kind of waste an opportunity to, you know, interact with the developers, with the
organizations in the community, right? I mean, Ubuntu, I think, has been very clear about what
their purposes were. There was a long period of assessment before this feature got included.
So you don't have to pretend it's some monolithic corporation. It's not Oracle we're talking about,
where you have to assume the worst.
Why can't we have a good faith discussion about this?
Maybe people don't like it for legitimate reasons.
Let's not start it from a bunch of posturing videos that haven't bothered to have a conversation. And Gambus, do you think it's also something that software developers have more appreciation for than, say, an average user?
Yeah, I mean, I've been developing some applications for the Linux desktop and they are quite specific.
And many times it happened that people just reported, oh, this thing doesn't work and I don't know what's going on.
And I just tried troubleshooting and spent many hours trying to get information about the hardware when if I just add in some user profiling well not not the user
profiling but some informations before that's useful for developers just like
canonical is doing I would have had a much easier life trying to troubleshoot
all these issues and I think this is the same thing for Ubuntu I mean they have to make a distribution that works on such a
great variety of hardware and I can only imagine how difficult can be to fix so
many possible and potential bugs without knowing anything about the systems that
those bugs are are on I mean the typical problem that works on my machine
and nobody else's.
Yeah, it's hard to fully appreciate it
from the support standpoint
and how do you make decisions
and how do you design your software
when you have zero visibility into your user base.
And if you want to see what the information actually is,
if you're on 1804 right now,
you can run Ubuntu-report space show,
and it will generate the report that gets sent,
so you can review it and see how benign this is.
Wimpy, were you going to jump in with something there?
I was.
There's a couple of issues I have with this particular video.
The first is everything about it is technically inaccurate,
so it's got a wonderful click-baity title,
but the first thing it
explains to do is remove the ubuntu report package which is actually the wrong package to remove
because that isn't the package that the gnome first wrong wizard interacts with and you actually
see this you actually see this in the video that he clicks no and it generates the opt-out report and he sort of skips over a little bit.
So it's removing the wrong package. He also suggests that you remove popularity contest,
which is also known as PopCon. Now that's installed by default, but it's not enabled by
default and sending a telemetry report doesn't enable Popcon popcon is installed by default not enabled and we have
no plans to turn it on so in a suggesting that you remove ubuntu report and popularity content
because the contest because these are the things that collect data that also removes the ubuntu
standard meta package and what that does is breaks your upgrade path from 1804 to any
subsequent version of Ubuntu. So if you follow the instructions in this video, one, it doesn't
actually change the behavior of the first ROM wizard. And two, it breaks your ability to upgrade
in the future. Wow. That is. Just great. That is really,
that is damaging in a way
that I hadn't even touched on before
is that a lot of times
these videos are poorly researched
and kind of thrown together
because you need to capitalize
on something while it's very popular
in order to generate.
There's no time for research, Chris.
YouTube has this term
that they tell you to score for
called VPH,
which stands for views per hour.
And you want to optimize your VPH, which stands for views per hour. And you want to optimize your
VPH that way it juices the algorithm and puts you in front of subscribers. And the way you do that
is by producing a video on something that's trending at the moment, that's popular amongst
your audience at the moment. And so that is a long way of saying you're incentivized to rush
content on YouTube. particular video is going to generate, you know, which is trading off besmirching Ubuntu's
reputation with a technically inaccurate, you know, bit of video tutorial, that is poisoning
the world.
It doesn't help anybody.
You see all of these comments.
They see a data collection.
They assume this is like, you know the the kind of invasive stuff that's
in windows 10 literally that's in the comments several times yeah and they make all the wrong
assumptions and there is nothing in the words that are used in the video or the title to suggest
otherwise and the source code's available you know i mean if you want to research this you just go
and look at the source code and see how it works.
What I find frustrating is that Martin alluded to the fact
that if you do something,
there are some things that it's possible to do to Ubuntu
that many new users follow blindly a tutorial
that breaks their experience six months down the line
when they come to upgrade to the next point release
or if they're more conservative, they upgrade to the next point release or if they're more conservative they upgrade to the next lts release and the problem is people don't
remember in six months time they won't remember that a thing they did six months ago is the reason
why they can no longer upgrade we get it in the neck and people say ubuntu upgrades don't work
they do if you don't screw your system
in the first place right but the problem is you screwed your system six months ago and you've long
forgotten any terminal command that some random dude on youtube told you to put in you thought it
was a good idea at the time because that's what he told you six months later you're in our irc
channel or on our support network asking us why is my system broken I've
upgraded I've got a black screen or it won't upgrade or it crashes or whatever and we're like
well you know that thing you did six months ago no no no it's you you're the reason all this stuff
is broken it's Ubuntu's fault and that's really bitter pill to swallow because we try really hard
to make these upgrades work but if people actively shoot themselves in the foot it's really hard to undo that and that that's really
painful six months two years down the line some behind the scenes if you do remove the ubuntu
standard package which people have done for different reasons in error there are some
heuristics in the upgrade manager that try
to figure out what version of Ubuntu did you have installed before it got gutted to try and piece
together what it should do to repair the situation. But it's a best guess, you know, because you can
do so much to your system to mess with it. And this kind of thing, removing the base meta package
is just a recipe
for disaster. Yeah, I'm really glad you brought that up because I hadn't watched more than a few
minutes into the video where I started to read the comments and I got really frustrated because
two things. It plays on the paranoia of a technically savvy audience about metrics,
and it builds perhaps momentum against future projects that might want to do something similar.
And I would argue that is a bad thing
because I would make an argument that these metrics are benign
and that they are beneficial
and then they are much more beneficial
than they are in any way benign in a sense that they could track you
or that they would be identifiable.
The thing is, is you really have to appreciate
how much insight they're able to gain
just out of knowing the types of processors,
the Windows server, and desktop environments.
That can significantly give a company like Canonical
important information
so they know where to focus development resources.
And they're competing against commercial operating systems
that are doing 10 times the level of data collection.
Right, and then on the other side, right, you end up with complaints about why don't we have this?
Why don't we have that? How come we can't compete?
And it's just a no-win game in that world.
At the beginning of this episode, we talked about the GNOME project removing the ability to run binary files.
Imagine, and I'm not suggesting that this would be a good world,
but let's imagine that the GNOME project did have telemetry on how people used GNOME Shell.
And let's say they had telemetry that showed that 75% of their users at least once a day
launched a binary file from their file manager. They may not be considering removing that
functionality, but they have no data. They have no insights other than their gut intuition and
what they grok from the drive-by feedback that they get.
I have no, and I think most people in Ubuntu
have no problem with the fact that
people might want to tick the no box
and say, no, I don't want to do this, right?
Yeah, have at it.
It's an individual decision that someone might say,
you know what, I don't care.
And I actually value my own personal privacy so much
that I don't want to even tell you what resolution display I had when I installed the software product that I got for you for free, right?
I don't want to tell you that.
Okay, fine.
But that's another step to then make a video to tell the whole world not to do that as well.
world not to do that as well that's what gets me because when you socialize that whole don't allow canonical to have any kind of data in order to plan what they're doing in the future and then
we plan things and you say well what the fuck were canonical thinking why were they doing those
things why did they focus on laptops with 1366 by 768 displays? Well, because that's the
only data we have, right? That's all we know. And if we don't know what type of displays there are
out there, what types of CPUs are there, we can't make educated decisions. And if everyone is told
to turn this shit off, what the fuck are we going to do? I agree. And it's going to scare other
projects away from something similar.
And the thing that is unfortunate is this was pretty well implemented,
I really have to say.
The real cherry on the top was at the end where you could see the report
or the fact that you could show yourself the report at any time.
You can see in a plain text file what's being sent.
Simple, transparent.
And it's all clearly documented about what from the bug reports gets sent and all of
that telemetry.
So, you know, even when it was done, I think probably the most open and transparent way
possible, including the very source code that powers all of this is open.
I just don't know.
It's obvious that the core issue here is that there is a financial incentive or an even ego incentive for different outlets to try to make hay on this.
There's a lot of stories that just get blown out of proportion, and this is just another one of them.
So I've made this point before.
I won't make it again.
But thanks, you guys, for your thoughts on that.
And just be aware of it.
Thanks, you guys, for your thoughts on that.
And just be aware of it.
Even if you don't want to opt into data collection, just be aware of the impact this kind of stuff has.
Because I think you're completely, like Popey said, you're 100% within your right to not send any data.
I do think it's pretty nice, though, to send them that I'm opting out so that way they get a signal.
So you can essentially have a vote still.
I think that's something to consider.
All right.
I want to just also talk about really briefly a little follow-up on the reverse engineering at Purism for some of Intel's FSP stuff that disappeared off the internet all of a sudden.
Yeah, there was a blog post that went up describing the in-depth technical process that they went through recently to reverse engineer some of this Intel crap.
And we noticed on LAN that it disappeared.
And so we made a comment on Linux Action News
that perhaps they'd been contacted by Intel.
Yeah, it looks like that was the case.
It looks like Intel politely asked Purism
to remove their document
because they thought it might conflict with licensing terms,
i.e., if you want to buy processors from us in the future,
you'll be taking that down.
That's a pretty big fist to say no to.
Yeah, and so they complied.
However, the Internet never forgets, as you well know,
and Chris somehow found a copy in archive.org.
Demon you.
So if you want to read this extremely in-depth technical document,
I'll have a link in the show notes, linuxunplugged.com,
slash 249 to archive.org.
Wes, I almost think we should save this Docker story for another day.
It deserves probably a better discussion.
Yeah, I'll just quickly, last week I made a comment at the end of the show,
I think nobody's going to like this episode because we talked about containers too much.
And I got a couple of emails that were like, I actually really enjoyed that because nobody else is really talking about that.
And it's a huge part of my life these days.
And it's a huge part of where software is going.
So I feel like people have their heads in the sand.
And then other emails were like, it's new to me and I'm learning.
So it was interesting to hear what you could do with it.
Nobody really emailed in saying they hated it, but I assume some people do get tired
of us talking about magical ponies and container technologies.
So I'm going to save why Docker is dangerous and it's a gamble that you will regret for
a future episode.
But it's out there.
We'll be talking more about it in the future because there is still that question that
I want to get to before we wrap up.
I want to ask the Mumble Room and Wes if it's time to move on from the all GTK or all cute mentality. So let's start first by
thanking Ting. I'm taking them to Texas with me. This show is going to be broadcasted over Ting
all the way down to Tejas, and it's perfect. It's pay for what you use wireless. So I've got a
little MiFi for CDMA, and I've got a little MiFi for GSM
because Ting has both networks.
And I let them sit around for a little bit, you know, boss level.
It's $6 for the line.
So you don't care?
Fun and badger.
And you can actually, you could just deactivate the device
if you weren't going to use it for six months
and then just order up a SIM and pop it in and good to go again.
That's actually what I've done.
And it's great because then I've got CDMA and GSM with me as I go,
and I just pay for the usage.
So whenever I'm parked somewhere that has Wi-Fi,
which I always shoot for,
then I'm not paying anything for data.
It's like I'm just getting by for free.
It's nationwide coverage with no contracts.
It's just $6 for the line
and you pay for what you use,
your minutes, your messages, and your megabytes.
There's a control panel you can log into
to always check your minutes and your messages
and your data usage.
And you can always take total control, turn stuff on and off, activate and deactivate devices.
You can set usage alerts. If I ever get talked into giving my kids a phone, I'm going to start
using those usage alerts. Dylan, stop it. Too much. Get off them internets. And they got lots
of devices, including the new Moto devices, got the modules. Have you seen that where you can snap
on a new camera or battery and stuff?
They're selling that now.
Or you can bring your device, and they'll give you a $25 service credit.
Love it.
Might just pay for more than your first month.
So go check it out.
Linux.ting.com.
That's Linux.ting.com.
I just noticed there's a TechSnap logo there.
Yeah, I noticed that too.
That threw me off a little bit.
I'm like, am I doing the TechSnap show?
But don't worry, you still get to type
linux.ting.com
and maybe go see the old TechSnap logo.
It's kind of retro.
I made that logo. Look at you.
You can tell too. Professional.
You can tell I made that logo.
The new logo is done by a pro.
Okay, so this was a question that popped up
on the dumpster fire known as RLinux.
And it was asking, is this mentality still relevant today, the all GTK or all Qt mentality?
I ask this because I've seen people arguing about this online.
He says, nowadays, there's a lot of disk space.
So usually having two GUI frameworks installed really doesn't make a big difference on disk usage.
And he says, there's also people who use GTK apps when using a GTK desktop
and Qt apps when using a Qt desktop,
and they only use those apps.
And I actually will admit to,
when I switched back to Plasma again,
I tried to just try to do Qt everything.
And when I couldn't find, like, a good Qt Twitter client,
I just didn't even bother getting it.
I just used the website now.
Yeah, sure.
Or I was using Corebird on GNOME.
Or some Curses UI you found.
That would be great.
So I admit I actually do kind of try to skew All Cute now.
Wow.
Back in QO notes and stuff like that.
Yeah, I admit I've done this a little bit.
What do you think you get out of it?
Do you like it?
Do you feel clean?
There's small things that I appreciate.
Small consistency things like in my open and save dialogs,
like my favorites and my bookmarks are different between my GTK
and cute dialog open and close boxes, and that's always frustrating
because I'll be like working in cute apps all day
and so I'll have like a new bookmark in there,
and then I go into a GTK app and, oh, I got to browse the file system
like an animal, it's so slow, you slow. And that stuff is kind of frustrating.
So that makes me kind of prefer that.
And then you get other bennies usually,
like the Plasma Notification integration or KIO slave stuff.
And there's just things that are with the Qt apps that I just like to have.
Better integration, sort of a first-class feel.
Yeah.
You're on the GNOME side of things.
You don't seem to shy away
from a cute app, though. No, that's fine.
I don't have a
ton of cute apps.
You kind of have a mixed family desktop, don't you?
A little bit, yeah.
I guess I can see why you
might want to do it. I can appreciate a little
of the software purism, but
I'm not... The theming looks a little
better. Oh, that's gotten a lot better these days.
I guess it depends on if it's a program
that's easily replaced, then sure.
Maybe you'll find a new program that you love.
That's one of the great things about being
a Linux open source enthusiast, right,
is you have so many choices.
I'll tell you, I've taken this far enough
that I've given KMail several goes.
Yeah, okay, yeah.
And, you know, it's...
I like KMail in its own
way. I like it. It's in its own
esoteric, unique way.
I like it. But
Snap installed Mailspring.
That's just what I
ended up going back to Mailspring. Nice.
Yeah, I did. And it's the Snap, too. I Snap installed
Mailspring. And I just
it's just better. But it's like
this hybrid app. It's not a
cute app either. You've been thinking about it and that bugs me. Yeah, it is something that crosses
my mind. What about you guys in the mumble room? Anybody want to admit if they're a cute or GTK
purist? I'm not a purist. No. So I use what is the best tool for the job. So for example, I use
QO notes as well. Uh, that's a cute application, but it's the
best that's available. I use the Shotcut Video Editor and ABS, and they're both cute applications.
Yeah, I do too.
And I use VLC, Video Player, and that's a cute application.
Same.
So yeah, I use what's best.
Yeah, when you install MailSpring, by the way, little pro tip, if you snap install MailSpring
on the Plasma desktop, you also have to install GNOME keyring in the background because it will not run without that.
I have two machines. One is mostly with the approach of let's try to use everything GNOME.
Ah. And the other machine, it's the one I develop in. That one, of course, is full of everything.
Uh-huh, yeah.
Interesting.
So why do you have the one that's all pure?
Is that, in an ideal world, your preferred setup?
Just generally, I would like to see the project.
I started with GNOME, essentially.
And I'd like to see the project to be able to be self-sufficient in all of its toolings.
There's no better way to try the flow.
I also am a very big fan of default.
So I don't tend to use things that by default are not the way I tend to like the most.
I really don't like fiddling around.
In the beginning, that was exciting.
No longer.
There's no time for that.
Yeah, right.
Yeah, I understand.
That's how i
kind of see it it's just let's try to reduce the you know the foreign aspects and have the
experience and if the experience is not it try find something else generally that's how i go
and something else might mean the whole new package i don't care what toolkit and application has looking down my launcher I've things that I'm
running right now Firefox Telegram Gnome Terminal Steam Slack IRC Cloud Visual Studio Zen Kit
VirtualBox Discord Signal and Mumble yeah don't care all are the... So if I want to talk to you, I use Mumble on this show right now.
I'm not going to go out there and say,
I can't use Mumble because it's cute, and I've got a GTK desktop.
That's just lunacy, right?
I'm using the application that I need to get the job done.
And so I installed the right application for the job.
But that's not what i'm advocating
i'm just saying i didn't say you did there's a preferential path that i have and then of course
you do one or other exception but i think that that for having that cohesive expression experience
you do in the beginning go through oh maybe there's a lack of this and again i have two
machines and i develop stuff and there's also one way of seeing oh there's a lack of this. And again, I have two machines and I develop stuff. And there's also one way of seeing,
oh, there's a potential target here to develop.
And I can see how someone might want to dive fully
into the elementary experience and only use elementary applications,
designed, written in Vala, delivered in the elementary app store,
and designed specifically
for that environment and i can see why you might do that but i'd be pretty sure after a short while
you'd feel like you're missing out on something and there's a couple of applications you really
need and there's someone you need to talk to or there's some application you need access to or
some data you need access to that you need to install something that breaks outside of that amazing,
though it is, Vala boundary and into Qt or GTK or whatever.
It does seem inevitable from that perspective.
I might want a new user to start out in a consistent world,
and then you sort of eventually learn about the realities of the world
that we live in, and okay, it's a little more complicated
than the real world.
You've got to get the work done.
Yeah.
I do admit to one unique constraint I do usually
tend to put myself is to not
install apps I cannot maintain myself
in case doomsday
that is actually also part of how I decide
some apps I really like but for example
they're in Go so I'm never going to use
them because I really hate that language as an
example and so
I'm not going to be willing to maintain it
in Go. I try to find to be willing to maintain it in Go.
I try to find alternatives or just put the effort in
so that it happens in another language that I feel it's the best way.
I love your doomsday scenario.
It's not, I need to find food and drink,
but I need to be able to code applications I'm using on my laptop.
Well, you have to maintain, you know, right?
Like, what's the point of having source code
if one day things shut down and you can't fix it?
The bunker is going to have computers, obviously.
They got to keep running.
Yeah, I think I kind of agree with all of that.
Mostly, you got to have the best tool for the job.
And that's always the way I'll land.
Even if it's a GDI application running via Wine,
I'll use it if that's what I have to use.
But if there is any kind of thing
that sort of tilts the preference dial,
it would be if I could also get it
in whatever the native toolkit of my desktop is.
Well, I think that's what architect in the IRC
sums it up perfectly.
Use the least offensive tool for the job.
Yeah, that's very well put.
Yeah, okay.
I'd love to know your thoughts too.
Let us know linuxunplugged.com
slash contact where you can send in questions to the show
or if you are a cute RGTK purist.
There have been times, especially when using GNOME 3 Shell,
I'm like, yeah, yeah, I am tempted.
Client-side decorations all the places.
Forever.
Yeah.
Let us know.
Let us know how you feel about it.
If you want to join our mumble room,
we do have a setup guide that you can follow.
Yay.
If you just go Google Jupiter Colony mumble setup guide, guess what?
You'll pretty much find it.
It's pretty much all it takes right there.
You can follow Wes on the Twitter.
He's at Wes Payne.
You can go get more Popey and Wimpy in the Fantastic Ubuntu podcast.
New episode just came out.
And you can find out how many laptops each of them have.
Oh, boy.
Also, Wes and I just did a breakdown of eFail on TechSnap.
All of the technical details, all of those goodies in this week's episode of TechSnap.
If you want to know more about eFail, what's going on with GNU PG and OpenPGP,
and what the real details are, what the real deets are, it's all in that episode.
All them deets.
All right.
Thanks so much for tuning in to this week's episode of The Unplugged Program.
And guess what?
We're going to see you right back here next Tuesday. I've never installed
slash dogs
roof roof roof
guard dogs
on the unplugged job they don't want the show to end keep it going they on the unplugged job
they don't want the show to end
keep it going
they love the unplugged program
mumble room thanks you guys
that was a great conversation
and a bunch of stories
that you had some good insights on
so I really appreciate you making it today
you're wonderful
you're gosh darn wonderful
now we gotta name this thing
and the jbot's still down
because long story short
jbot's down again?
Yeah,
well,
you know that Archbox
is falling apart,
right?
Oh, yeah.
So I got TCP IP up.
No way.
I know.
Well,
it didn't get updated
for a couple of years.
So I got the TCP stack
working again
and I got SSH up
and running again.
Well, those are luxuries.
But I still can't get
JBot to properly function.
Oh.
But the OS is actually
standing again.
I don't know how I did it.
Like a miner
through the DigitalOcean console
chipping away at all of the cruft.
Literally, so what happened was...
Praise be to that console.
The system hadn't been updated for a couple of years.
Because it's been a while since DigitalOcean
let you deploy Arch.
Yes, it has.
And so...
Like years.
Yeah, and it got locked to an old kernel and all that.
Anyways, long story short,
they had to reboot for Meltdown Inspector.
And when it rebooted, it didn't really ever come back up quite right.
And so I went in there and sort of salvaged the system and got it standing again.
We figured out we had to SU to Rekai's account.
Yep.
We got the little esoteric, what weird user situation we had to be in,
where the scripts were to start
everything.
Figured all that out
and it connects up
and it just generates
errors.
So we don't have it
long.
That's my long way of
saying we don't have
JBot to do title
suggestions.
We have to just come
up with it on our own.
So much pressure.
You can throw it in
the chat room though.
I saw Fub Fud Buntu.
I kind of don't like
that though because it
sounds like a
garden dog. It sounds like a flavor.. I kind of don't like that, though, because it sounds like a flavor.
So I kind of don't like that.
So other title suggestions would be appreciated.
I also wanted to point out a documentary by DW, which somebody remind me, DW, are they out of Germany, I believe, but I'm drawing a blank.
They just did a video
called the Microsoft Cyber Attack.
And
it's, you know, the premise is
a little, but they go to Munich
and during all the
transition stuff, and they talk
about how Microsoft
lobbied to make some of this
transition from
LibreOffice back to Microsoft software.
And they cover also a French government transition to Linux.
There is some rando shots of consultants using Unity, like at the 27-minute mark,
there's a consultant that they're doing an interview with, and she's using Unity
on a, it looks like an XPS, and she's using the touchscreen to scroll a document that
she's showing the journalist.
So I'll have a link to that in the show notes if you want to check it out.
The Microsoft Cyber Attack, though, if you just Google it on YouTube.
And it's in English.
They've done translations.
Oh, nice. Great.
Yeah, it was a really cool documentary.
I didn't think the premise started a little, like, too newbie.
You know, I was like, ah, this is thick.
But then they got into, like, the Linux and Limux stuff, and then I was all in,
which happens about halfway into it.
All right.
We got to name this thing, Wes.
We do.
What did we talk about?
Oh, all the things.
That'll make it easy.