Untitled Linux Show 155 Transcript

Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.

00:00 - Jonathan Bennett (Host)
Hey, this week we're talking about Kaspersky and their virus scanner for Linux, and then we once again mourn the end of CentOS. Openbsd welcomes the future. With Wayland, there is a pretty important security change for OpenSSH and lots and lots of updates to talk about. You don't want to miss it, so stay tuned.

Podcasts you love From people you trust this is the untitled linux show, episode 155, recorded saturday, june the 8th, the fluffy gnome. Hey folks, it is Saturday and you know what that means. It is time for Linux. It's time to get geeky and to talk about all the nerdy stuff that we love. It's the Untitled Linux Show and, yes, that really is our calling card. We get in deep and we talk about the stories that you don't hear anywhere else. We are nerds and we are geeks and we wear it pretty proudly around here. Although if you're not part of that club, it's okay, you can come along too, it'll be fine.

I've got my own little club of nerds and geeks some buddies of mine, and they are all here today. We've got David, we've got Rob, we've got Ken, and we were talking just before the show. We think Jeff is off trying to get a thousand miles on a motorcycle the Iron Butt Award, I think they call it and best of luck to him for that. But we've got some stuff to cover. There are things, there are things going on, and David has the first one. Oh, this is going to be fun to lead off with. This is an interesting story. There will be layers to this story. David, take it away and tell us what Kaspersky is up to and why we're talking about it.

01:54 - David Ruggles (Co-host)
Okay, so Kaspersky releases a free tool that scans Linux for known threats, which in and of itself, is kind of interesting. I mean, yes, we all like to claim that our operating system is invulnerable to all attacks, especially from those closed source people, but we know that it's not true. Anytime you've got humans and code, there is a possibility for malware to be about, as we've seen with some of the headlines recently. The interesting thing about KVRT, which is what they're calling their tool, is that they're advertising it as something to allow you to help scan for any sort of malware. They specifically referenced the recent XZutils backdoor. They talk about being able to detect malware, adware, legitimate programs being abused for malicious purposes and any other known threats. It's got a database that it routinely hits to update it. Like most tools, anything that it finds it stores in var opt kvrt 2024 underscore data slash quarantine in a non-harmful form.

Probably the two biggest question marks with this that I have and I'm going to, of course, bring in everybody else to discuss it is first off, we like to stay technical, not get political, but there are world events going on and Kaspersky is a Russian company located in Russia. First off. Second off, this is not an open source tool and it has to be run as root. So they're saying, hey, we're going to protect you against malware by demanding that you download their binary and run it as root, which I'm going, you know okay, yes, it as root, which I'm going, you know, okay. Yes, you know, as long as you trust them and their tool chain, you're not, you know, might be willing to do, but I definitely hesitate a little bit.

They have verified that they've tested on all the major versions. They specifically mentioned Red Hat Enterprise, linux, centos, which it's ironic they mentioned that since I have an article about that going away but Linux Mint, ubuntu, suse, opensuse, debian, among others. So there's a good chance that it's going to run on any Linux distribution. But, as my article from Bleeping Computer says. But as my article from bleeping computer says, um, we haven't tested the effectiveness, nor can we guarantee the safety of kvrt.

04:54 - Jonathan Bennett (Host)
So use the tool at your own risk. What are your thoughts? Yeah, I, I I very much feel the uh, the dubiousness of this. Um. So for, from a practical standpoint, yes, there has to be a consideration that you know this is being created in another country that potentially has some hostilities towards some of the countries that we're involved in, like the, the whole geopolitical thing. Like, yes, that's, that's consideration. I have a bigger problem with running it as root and it being proprietary software. I mean, who knows what all it's doing. So let's theorycraft this. This will be interesting. Let's theorycraft this a little bit. How could you use this? So, assuming that it is actually on the level, but wanting to protect yourself from the possibility that there's something malicious in there, how would you use it in a way that's safe? And I think there is a way to do it? I'm curious if one of you guys have thoughts on this how would you go about making use of it safely?

05:50 - Ken McDonald (Co-host)
first I'd scan it with clam av.

05:52 - Jonathan Bennett (Host)
After downloading it, scan the antivirus with another antivirus okay use it from another machine and scan things over the network okay, um, I'm thinking, clone your machine into a virtual machine and run it inside the VM, download it. Disconnect the VM from the internet, run it, see if it finds anything. If it doesn't just nuke the VM, don't let it touch anything on the outside.

06:15 - Ken McDonald (Co-host)
They're saying what it's going to tell you is that it can't work without the network connection.

06:19 - Jonathan Bennett (Host)
Well then, you can just kind of walk away from it and go well, that's a garbage product, I don't really need that.

06:25 - Rob Campbell (Co-host)
Yeah, I mean there's other solutions too out there. So it's true, it's not like they're the first, but I don't know. I guess my question to them or you, if you know what would set them apart from anybody else? I know it probably has a live where, like Clam AV, I think, is more just a general scanner, and I know there are plenty of. I'm assuming this is also free, otherwise it definitely wouldn't be that big of a story, since there are plenty of commercial products that you can. That will work on on Linux.

06:59 - David Ruggles (Co-host)
But yeah, it is a free tool. I think the only reason it makes news right now is because they released it, and anything they do generates a little bit of news at the current moment.

07:11 - Rob Campbell (Co-host)
Yeah, it's Kaspersky.

07:12 - David Ruggles (Co-host)

07:14 - Jonathan Bennett (Host)
Yeah, there's this big question mark with it. They do good work. There's great security research that comes out of Kaspersky. I've made use of some of their tools in the past. But there's just this big question mark because of where they're out of. And the question is there are they compromised to some degree because of where they're at and nobody really knows? So far they have not done anything outright shady, so you kind of want to give them the benefit of the doubt as far as that goes, but at the same time there's some red flags there.

07:51 - Rob Campbell (Co-host)
All right. I wonder what VirusTotal would say about it.

07:55 - Jonathan Bennett (Host)
I imagine somebody's already uploaded it to VirusTotal.

07:59 - Rob Campbell (Co-host)
Keith 512 mentions that yeah.

08:03 - David Ruggles (Co-host)
That's always a good first step.

08:05 - Jonathan Bennett (Host)
It is we ought, always a good first step. It is we ought to cover VirusTotal as somebody bringing it as a command line tip. One of these days. I'm sure there is a way to upload to VirusTotal from the command line too, and that would actually be really useful.

08:16 - Ken McDonald (Co-host)
With curl.

08:19 - Jonathan Bennett (Host)
I'm sure you can do it with curl, but somebody's probably got a script version of it where it's just VirusT, virus total this the name of the script, and then the virus. Total this and then whatever file you want to upload, there's probably somebody doing. If there's not, I'll make it. There you go, there'll be a way for rob to really make his mark on the world.

08:36 - David Ruggles (Co-host)
Make a virus total uploader there's vt cli, so there there is one out there already out there there. I figured it would be.

08:44 - Jonathan Bennett (Host)
The people that run VirusTotal are such total geeks. Of course they have a Linux script to do it for you.

08:51 - Rob Campbell (Co-host)
So many things integrate with it.

08:54 - Jonathan Bennett (Host)
Yes, virustotal is great and for those that don't know, I'll give you the quick version of what it does. You upload a file to it's like a website, virus total, and it then runs all of the antiviruses that it's plugged into, which is like 90 or 100. It runs it through all of them and then gives you a report. It's like okay, you know, kaspersky thinks it's fine, eset thinks it's fine, malwarebytes thinks it's potentially on one software, and blah blah. You get all the results. And the really fun thing about it, too, is you can search previous uploads. So if you find a virus, you can say, okay, what was the earliest point in time that VirusTotal knew about this? And it'll tell you this particular file was first uploaded in January of two years ago, but we first discovered that it was malicious a year and a half ago. So it's really great for doing research. Virustotal is pretty cool. Anyway, let's move on. Let's move on to the future. Rob is bringing the future this week.

09:58 - Rob Campbell (Co-host)
So first I'd like to start off the story by welcoming the OpenBSD crowd to the future. I've only dabbled in BSD. I've installed it, checked it out and then kind of never came back to it again. But I've heard that BSD maybe tends to move, sometimes a little slower than at least a lot of the Linux distros and things like that. But in this case they are only a little bit behind Linux Mint by just a few months. So I mean they're behind the rest of the distros by much longer than that.

But hey, so I am also a little bit late in this Walk of Fame announcement and we can blame high school graduation for that. It's not my fault, but my nephew and a few other people I knew graduated high school last week and I was forced to go to their receptions and stuff like that from the wife. But congrats to Sean Stahl and Max Fleming on graduating high school. But back to the story. What is this big news that I didn't get to tell you last week because I was not here? Well, wayland 1.23 was released a little more than a week ago. It was right before the show, so it's not that late. And with this release comes official support for OpenBSD. This means that OpenBSD users can now be as secure as us Linux users by using Wayland instead of X. Okay, send the hate mail to. You can find my website. Actually, it doesn't show on the full screen, does it? The?

11:41 - Jonathan Bennett (Host)
best way to send Rob hate mail is to put it in your comment line when you buy him a coffee. That's where hate mail is accepted for Rob.

11:48 - Rob Campbell (Co-host)
That's it. Buy me a coffee, send me your hate mail why Waylon's horrible and you don't care and you just want to use X. But so I know. This is a Linux show, but BSD is Linux adjacent is a Linux show, but BSD is Linux adjacent. And even though Linux users will also have access to this release, there isn't a ton in here for most of us unless you're a developer, and developers will see some new APIs and debugging enhancements which I won't get into the details. But if you're a developer they're pretty slick. Check into it, especially if you're developing your apps to work with Wayland. But you know, even though there isn't much in this release for end users, what's good for developers is good for end users and we'll likely see some benefits in a trickle-down effect with the improvements in the applications we use on Wayland. Because I'm using Wayland, I hope you are too.

12:50 - Jonathan Bennett (Host)
So I have an opinion about Wayland. It is not an original opinion to me. So last week on Floss Weekly we actually interviewed Brody Brody. Thank you, my mind I have another commentator that I'm. I have a story from later and that was the only name that was coming to mind. We brody robertson. We interviewed brody um for floss weekly and he shared with me what he considered to be a very controversial opinion and I've thought about it and I actually come to agree with it. Wayland needs a bdfl benevolent, benevolent dictator for life. Wayland needs a linus torvalds at the top that can write meme emails, because right now it is literally designed by committee and, uh, I have. This is. This is a thought that is out, that came from outside of me, but I have integrated it into myself because it is 100% correct. So this is my conviction from now on. The problem with Wayland is it needs a BDFL.

13:52 - Rob Campbell (Co-host)
There are many cases where a dictator can be a great thing if they're benevolent. I'm not really talking about politics. I'm talking about software development.

14:02 - Jonathan Bennett (Host)
Oh, we're going to talk about that too. No, it's interesting that Wayland gets on OpenBSD. I kind of have this feeling that with things like this, with the Wayland protocol, it gets a little bit better every time it gets extended to work on someplace else. You knock some of the rough edges off, but you also sort of expand it in a meaningful way, but into the places where people are actually going to want to use it. And so you know, you kind of hit on this, this idea that the things that are added for OpenBSD will eventually trickle down into Linux in the other way.

It's like it's a good thing for OpenBSD to share a bunch of graphical code with Linux. I think that's just a win for everybody.

14:43 - David Ruggles (Co-host)
Cross-pollination is always good. A bunch of graphical code with Linux. I think that's just a win for everybody. Cross-pollination is always good. Yeah, one of the interesting things about your story, though, and I was trying to go find it and I could not get my hands on it quickly enough to bring it up. But it was just about a month ago that I posted in Discord, tagging Jonathan, because I found some post from a BSD developer saying how they weren't going to jump on Wayland because they don't chase the new shiny things, they want stable and stuff. But I don't remember if it was OpenBSD or NetBSD, and I could not find it.

15:14 - Rob Campbell (Co-host)
Okay, you know like I said about BSD moving a little slow. That comment right there I mean BSD. Calling Waylon new and shiny is like calling my car from 2013 brand new and shiny I mean come on.

15:32 - Ken McDonald (Co-host)
Hey, compared to that 99 Sonoma.

15:37 - Jonathan Bennett (Host)
It's true, it's true. All right, I'm going to take it away. And I've got to say Gnome worries me, and I'm not the only one that has this opinion. I've got a link to a story written by Lunduk and some of you will hear that name and shudder. Others of you may hear that name and would not know who it is or maybe you're a fan, I don't care, does not matter. I don't care, it does not matter.

Lunduk is the guy that writes the Linux sucks article once a year and you know, sort of like with that article he raises some good points and then says some things that kind and it is all about the Gnome Foundation and their newly released five-year plan and, yeah, it's kind of a doozy. He takes it apart piece by piece, some of his thoughts we may or may not agree with, but there are things in here that I think are actually pretty interesting. Um, and the thing that I agree with him the most is it's, it's so, it's so vague and corporate. Speak the the gnome foundation's new five-year plan. It's, it's all about strategic partnerships, launching a badging, integrate financial sponsorships, uh, identify current critical security weaknesses in gnome and fix them and and like. So his comment there is wait. We weren't doing this already? Really? Uh, create a more strategic, inclusive, less expensive, more worldwide and greener annual event for GNOME. It's like, what? Like, yes, those are all buzzwords, but they don't really mean anything in this context. Like you can't meaningfully make your event greener, it's just, it's not a thing that it the world does not work this way, okay, anyway.

So all of this, I literally fear for the Gnome Foundation. Apparently, they only have about a year's worth of operating expenses in their accounts and they are running at a deficit. They are losing money, and their five-year plan here does not fill me with confidence for the future, and so I talk about this every once in a while. The Purnell's law, ironclad law of bureaucracy it's this idea that every time something gets started, it gets started for good purposes, but as time goes by, the people that are dedicated to the bureaucracy itself tend to become in charge of it, and the people that are dedicated to the original purposes for which the bureaucracy was created tend to have less and less influence. And so I'm just looking at this very shallowly from the outside. It seems to me that we have entered that sort of terminal phase for the gnome foundation, and unless they make some really big changes, they may cease to be relevant and maybe cease to be solvent too.

I don't know, but it's just weird. It's just everything about this is weird. It's just everything about this is weird. Like they so their new CEO. They hired a professional shaman as their new CEO. Like it's just bizarre. So something to something to keep in mind even if the gnome foundation goes belly up, dries up, goes away, that doesn't necessarily mean that gnome goes away. They just don't have the foundation behind them anymore. Like the software is still open source and the people that are working on it like actually doing the work, can still continue to do the work. They just won't have a budget to be able to pay people to look for grants to be able to have a budget. It's weird. Anyway, I wanted to make you aware of that, and just prediction.

19:42 - Rob Campbell (Co-host)
Anyway, I wanted to make you aware of that and just prediction a couple of years there may not be a gnome foundation or it may look very different. That's like your typical corporate or even marketing speak, where it's like we're all these good things and we do all these good things and you know, I don't know if that really means that their operation plan operations plan really is that fluffy. I mean, there are plans and mission statements and things like that for businesses I've worked for. I'm like, yeah, well, that's how we're going to do it.

20:21 - Ken McDonald (Co-host)
It reads like a template.

20:24 - David Ruggles (Co-host)
I think that, combined with the financials, though, is where the concern comes in.

20:29 - Jonathan Bennett (Host)
Yeah, yeah. If so, rob, I grant you that. I will say this If this is actually the effort to right the ship, then the Gnome Foundation is in trouble. If this is just their, okay, we really ought to put a mission statement out there, grab that template and, let's you know, kind of slap some gnome on it and there put it out there. Then, who knows, we don't really have any, we don't know what's going on. But if, if this is the fluffy gnome, if this is, if this is actually like six months of think tanking of how to save the gnome foundation, that yeah, it's gone well, yeah, okay, I completely agree with you there.

21:07 - Rob Campbell (Co-host)
If this is their six months of think tank and then the way they really think they're going to save gnome, yeah, okay, it's, that's, that's not good.

21:15 - Jonathan Bennett (Host)
But it's time to fork it yeah, how do you fork an organization that's uh, I don't know, I don't know if that works.

21:24 - David Ruggles (Co-host)
You let the organization die and steal all the people. An organization, I don't know. I don't know if that works. You let the organization die and steal all the people.

21:30 - Rob Campbell (Co-host)
You fork it and you call it N-O-M-E Nome without the G.

21:36 - Jonathan Bennett (Host)
Yeah, all right, let's see what's up next. Ken bringing the. Is this a Niche Distro? We're talking about Parrot OS, not something I've ever heard of Ken bringing the Nish distro news.

21:51 - Ken McDonald (Co-host)
That's funny, jonathan, because we last talked about Parrot OS in episode 136.

21:57 - Jonathan Bennett (Host)
Oh, I've slept since then. That's a lesson.

22:00 - Ken McDonald (Co-host)
This week we hear from Bobby Barsoff and Marius Nestor about the latest stable version of Parrot Security's Debian-based security-oriented distro for ethical hacking and penetration testing. Ah, sound familiar.

22:16 - Jonathan Bennett (Host)
It does. It's starting to ring a bell.

22:18 - Ken McDonald (Co-host)
Pareto S6.1 is going to be this latest version. It is powered by the Linux kernel 6.5 for the 64-bit generic images that they'll have and boasts a variety of upgraded tools essential for security and development tasks. Some of these include have you heard of AnonSurf 4.2? That's Parrot's anonymous mode wrapper to force connections through Tor, and Chromium and Firefox have been updated with the latest security patches. On the security tool side, the updates include Nmap, VerpSuite, SQL Map and Metasploit, and Parrot OS also brings performance improvements to the Pipewire audio server and enhancements in the Grub bootloader functionality. Office suite applications haven't been left behind either, with LibreOffice receiving an update to version 24.2.3 for better features and security. I'm going to give you some insider information I've got about LibreOffice 24.2.3 for better features and security.

23:32 - Jonathan Bennett (Host)
I'm going to give you some insider information. I've got about LibreOffice a little bit later. Ooh, insider.

23:37 - Ken McDonald (Co-host)
Yeah, and the distro extended its support to the Raspberry Pi 5 by updating to Linux kernel 6.6. Lts, received new drivers for better compatibility with external devices and noted improvements in Wi-Fi support for the Raspberry Pi 400 computer. Now, when you visit Parrot Security's website, you will find that it has been redesigned with a guided download page helping you select the edition that fits your needs home, home user security or hack the box. Jonathan, which do you think you'd be running?

24:14 - Jonathan Bennett (Host)
So if I were to use this, it's going to be on a Raspberry Pi doing like war driving or dropping one somewhere, and so that's going to be that if offensive copy of it, because I can't see myself like actively using it on a defensive level.

24:32 - Rob Campbell (Co-host)
Yeah, I mean.

24:33 - Ken McDonald (Co-host)
so so parrot, parrot, like so in other words HTB yeah, we probably would be a heck box.

24:41 - Rob Campbell (Co-host)
So so you know a parrot here like like was implied. It's basically like cali, cali linux, and there's definitely a very uh active parrot crowd out there. Many people out the world tell you it's better than cali. I've never actually tried it myself. I am interested to, uh, I know. When I was looking at this article, one of the things that bothers me is when people call Parrot or Kali a security Linux distro, and I mean, yeah, they are security related. What always bothers me about that, though, is that you get a lot of people thinking, oh, this is a security distro, I'm going to run this as my main general purpose distribution so that way I could be more secure, and I see this all the time in social media, people coming on thinking this and thinking that now they're running and Cali, from what I hear, parrot does have like a general purpose version I believe Calali doesn't, but it's not security. In that form of now, I'm more secure. You want that. You're going to want like Kail for anonymity and QoS for sandboxing.

26:02 - Jonathan Bennett (Host)
I would go with one of the heavily sandboxed or even one of the immutable distros. If you want something that's really secure, go all the way on immutability and that's going to be a pretty good security End user. I want my machine to be secure and trustworthy. Yeah, that's an interesting point Because I know what it's for. I don't ever think about that, but I could see how someone would come to that conclusion.

26:27 - Rob Campbell (Co-host)
Lots of people. So the psa I want to get this psa announcement out of the way is uh, cali linux paired os. I mean mainly pair os. Their main purposes are for offensive pen testing and testing security of systems, not to make your own desktop necessarily secure unless you're using it to test your desktop.

26:55 - Jonathan Bennett (Host)
They are not really made for actual deployment, yeah.

27:00 - Rob Campbell (Co-host)
Though there is that caveat. Like I said, parrot OS does, os does have, I believe, just a general purpose, really too but that's not gonna be a good desktop experience for most people.

27:12 - Jonathan Bennett (Host)
Like that is aimed at a very specific user crowd that wants to be able to have all these tools on tap all the time well, the general purpose one.

27:20 - Rob Campbell (Co-host)
From what I hear like I've used that argument too and people have corrected me. Apparently it's. It's just a general purpose one made by them. I'll have to check it out myself.

27:30 - Jonathan Bennett (Host)
And then we get into the conversation we have about using these niche distros that really nobody should be running as their main desktop.

27:39 - Rob Campbell (Co-host)
I'll try it out for you all sometime and let you know my real personal opinion. Other than these, may I suggest?

27:46 - Ken McDonald (Co-host)
you try one of the containers for one of the subsets of the uh pen testing tools it has no, you may not.

27:57 - Jonathan Bennett (Host)
Oh, all right, let's talk about, uh, redis and valky. Uh, maybe give us a little bit of the history here, david. What is the story and what is going on in Fedora?

28:11 - David Ruggles (Co-host)
Okay, so I've mentioned Redis and Valky before. Basically, redis is a key value pair database that has been very popular with I just lost my train of thought on the best way to describe it. Basically web dev, dev, ops anything where you need to store data and share it in a highly scalable way across server infrastructure. It's very good at what it does. The challenge is that the organization behind it decided to change its licensing a couple of months ago, and the interesting thing about this whole changing of licensing is that something that we're seeing. We actually had a little bit of a roundtable discussion about it, probably a couple months ago at this point, but we're seeing that happen as the open source community is trying to balance rent-taking with making money to stay alive versus how do we actually support and embrace the community and in this particular case, redis. The organization seems to have made the wrong decision, and part of the reason why I'm very confident in saying that is almost immediately after that valky came out.

Valky is a fork of redis, and it's not just a fork of Redis, but they also all of the key coders and developers behind Redis went with Valkey. In addition to that, the Linux Foundation has taken over stewardship of Valkey. So Valkey will not get put in the same position Redis was it put in the same position Redis was? It's being backed by all the big names out there in both web development, cloud computing and open source Amazon, aws, google Cloud, oracle, snap and other large organizations. So the point of the article right now is that the Fedora Engineering and Steering Committee has signed off on replacing Redis with Valkyrie in Fedora, so it's just another nail in the coffin for what was Redis. So I would say Redis is dead. Long live Valkyrie.

30:39 - Jonathan Bennett (Host)
Yes, it's pretty much a truism that if you want to kill an open source project, the fastest way to do it is to move it away from an open source license, which seems sort of obvious in retrospect, like it's right there in the names.

30:54 - David Ruggles (Co-host)
Yeah, but yeah, I had another article about a completely separate project that's doing the same thing, and the same thing happened.

There's been several of them recently yeah, and I I think it is a bit of a combination of the fact that, hey, yes, we do have to figure out how to make money. I mean, we gotta keep the lights on, we gotta buy the servers and stuff but at the same time, there's been some cases of, uh, why the open source equivalent of price gouging? Maybe where there's like we've got this valuable thing, we're going to change it and start charging. And the open source community is very resilient and if you do it for the wrong reasons, they'll kick you to the curb and keep on going with a fork.

31:38 - Jonathan Bennett (Host)
You know, there's been a couple of times over the years that you see people try to do what seems like maybe reasonable things and forks happen, but I think for the most part those fairly quickly. So I'm thinking of like with Audacity. Somebody bought Audacity and started making some changes to try to make a little bit of money and of course even there the community just went nuts. But then some changes were walked back, others were explained. It was kind of like everybody kind of chilled out and I was like, okay, we understand now what's going on. This is not quite the terror and fail that we thought it was. And then you've got some other projects that have a pricing model and do fairly well with it Not intentionally sticking on the audio editor thread here but Ardour.

If you want to run Ardour on Windows, you pretty much get to pay for it, and the reason there is because it is such a pain to compile the thing on Windows. But then if you use it on Linux it pops up when you first start it. Hey, it would be great if you went and paid for this, but it's open source, you don't have to. That's essentially what it says. And so there's a bunch of us that have said man, I would like to be able to. It's great stuff. I'd like to be able to support it. And here, just sign me up for PayPal, take $4 or whatever out of my account. Each Pay your programmer something to let him eat. But it is a problem. It's a problem with open source. It's a problem with trying to build a business around open source. That programmers got to eat, it's a fact of life.

33:20 - Rob Campbell (Co-host)
And you don't have to worry about foundations talking about putting ads in the open source. That's true or other fluffy stuff.

33:25 - Jonathan Bennett (Host)
I don't know that I would consider ads to be fluffy. They're kind of spiky most of the time. Okay, ads are not very fluffy. Maybe that's the solution to all of our problems. If we can just find a way to make fluffy ads, then open source will be a solved problem. Oh, all right, rob. Is Microsoft doing it yet? Or is Windows going to run the Linux kernel yet?

33:51 - David Ruggles (Co-host)
Yes, I have a story about fluffy ads here. Fluffy operating systems.

33:56 - Rob Campbell (Co-host)
Yeah, as you mentioned, this is another story about our favorite meta distro or hypervisor, whatever you call WSL, or maybe it's one we, some of us, love to hate. But anyway, there is news Last week for the Windows subsystem for Linux, or WSL, wsl being the technology Microsoft uses to build Linux distros right into Windows. Microsoft uses to build Linux distros right into Windows and really all they're doing is using Hyper-V, hypervisor technology, virtualizing Linux and then adding a bunch of integrations to make it seem seamless. You know, I remember when it was first released they really tried to hide the WSL. I mean, they said it was part of Hyper-V, but they kind of tried to hide the WSL Linux was just a virtual machine and try to make it appear like it was just part of the Windows system. Yet now, for some reason, they seem to be kind of. They keep pulling away from that and more and more by making it more visible that it is Linux running in a VM. But that's not a bad thing. Every update that brings us closer to just another VM in Windows brings us more settings and configuration options.

Microsoft has announced a new Settings GUI GUI it's coming to WSL, allowing you to configure typically hypervisor things such as processor count, memory size, swap size and swap file location. I don't know how I figured this out before. It's just magic before, and now it's no longer magic. Now you can configure it. But I assume this is just a start. They're probably going to add more settings to that and before you know it it's just going to be Hyper-V.

But there are also other WSL announcements, other features coming, such as automatically releasing stored memory in WSL back for use by Windows or other Linux WSL I mean Windows doesn't have to use it or other Linux WSL I mean Windows doesn't have to use it but DNS tunneling by default for improved networking support. Jonathan, I know you want some improved networking support. I do. I was going to ask Experimental features such as automatic disk reclamation and a new mirrored network mode that provides for features like IPv6 support, which, like I've said many times, I'm holding out for IPv8, but you can use IPv6 now in WSL. And there was also mention of Microsoft Defender for endpoints, intune and Microsoft IntraID, or previously known, as I still call it myself because it's a better name, azure AD Features coming soon.

So all these things are apparently somehow coming soon to WSL, and I know some Linux users fear WSL. It's taking away Linux users and they're going to WSL and not coming to Linux. And new features like this may provide even more reason to fear. But I think it's more like a gateway to Linux and even if it isn't a gateway, using WSL it's still Linux. They're still bringing more users and even if those new users only use WSL bringing those people, it still brings more people to Linux. And what that means for the rest of us who are using pure Linux on our hard bare metal, it means that even those other people that are using Linux more, it means that more developers will find a reason to port to Linux, will find a reason to develop for Linux and will bring their things to Linux because there's just more of a target out there.

37:52 - Jonathan Bennett (Host)
So I like it. Yeah, you know I am not a purist, never have been Like the whole. Everybody should use Linux, sort of thing. I've tried to help people use Linux before. It is not a good idea for some people to try to use Linux. It's bad enough to get Windows support calls about stuff like that. But seriously, though it's neat that one of the coolest things about WSL is like all of the command line tools and utilities. Suddenly you have an easy way to use them over in Windows, Like that's cool, that's really neat. And then of course, the fact that it makes it easier to do development, all kinds of fun stuff.

I hope they fix the lack of configuration for networking. That is my biggest complaint, as you know, about WSL. It's been probably a couple of years ago now I last tried to do it, but I tried to do something reasonably fancy. I was going to run a secondary DHCP server and I thought to myself oh well, let's be fun to set this up in WSL. It's one of the times I was working on PXC, booting Raspberry Pis, and there's just not a way to do it. There was not enough configuration to be able to make WSL do what I needed it to do, so I'm very hopeful that they actually fix it.

39:11 - Rob Campbell (Co-host)
You have to try that again, because I remember talking about WSL previously and networking being part of it, and you tell them the story and I just feel like I feel like we already talked about something that may have already improved that situation for you.

39:27 - Jonathan Bennett (Host)
Yeah, but we have a little bit, was it Sigwin? So we have a. We have a comment. I want to say that is really interesting. It's how is WSL better than Sigwin? And I have used both. I'm curious, rob, have you ever used SIGWIN?

39:43 - Rob Campbell (Co-host)
It's been quite a few years. Yes, I have. How is?

39:48 - Jonathan Bennett (Host)
WSL better than SIGWIN.

39:54 - Rob Campbell (Co-host)
It's pretty much mostly a full Linux just built right in and it just comes right up. It's been such a long time since I've used Cygwin though.

40:06 - David Ruggles (Co-host)
Cygwin is basically Linux recompiled to run on Windows because I've used it myself, whereas WSL is native Linux on a very thin hypervisor.

40:19 - Rob Campbell (Co-host)
It's a virtual machine.

40:21 - David Ruggles (Co-host)
Yeah, now they're pulling the curtain back and you know you're realizing it's Hyper-V. So I would say the difference is you will run into some gotchas trying to get Cygwin to work, cygwin to work and even some discrepancies between its function and doing the same thing on Linux, whereas you won't get that on WSL.

40:43 - Ken McDonald (Co-host)
So you could say WSL is pretty much Windows coming with its own built-in Linux virtual machine. That's exactly what it is.

40:55 - Jonathan Bennett (Host)
You can go to the Windows Store and click a button and get a Linux VM installed with basically a single click.

41:02 - Rob Campbell (Co-host)
You can also do it as a single command line to install WSL. I believe yeah For us. We like the command line Indeed.

41:11 - Jonathan Bennett (Host)
If I remember correctly, the initial install of Sigwin can be a little dicey, although maybe that's not the case anymore. As to the specific question of why it's better, I don't know that I would call one of them better. They're just different. They're like two different approaches solving two slightly different problems. So, if you want, wsl would be easier for most people.

For most people, wsl is going to be a little easier. Yes, now Cygwin does have the advantage that it is one of the easy ways to cross compile for windows, like, if you, if you have a, say, a gui application or any application that works under linux, there's a decent chance that you can take it to sigwin on windows and get you know native windows binaries. Um, back when I was, you know, more actively maintaining and developing some GUI applications that was our Windows release was the SIGWIN compilations of them and it worked well. There's nothing wrong with that. So it fills a different niche than WSL does.

42:12 - David Ruggles (Co-host)
Would it be valid to say SIGWIN is to Windows, what Wine is to Linux?

42:23 - Jonathan Bennett (Host)
It's close, but it's not quite the same thing. Um, sigwin is what wine would look like if all of those games, if the source code was available. Because essentially what it's doing is it's recompiling with a, the, the, the layer that wine provides with machine code and runtime calls. Sigwin is essentially doing doing the same. It's, it's achieving the same thing, but it has that layer built for source code. So when you come, when you, when you make a, you know when your source code makes a call to a Linux syscall, it's got a library that does the same thing.

43:06 - David Ruggles (Co-host)
So Sigwin is doing it at compile time, whereas Wine has to do it at runtime? Essentially yes.

43:13 - Ken McDonald (Co-host)
I would not do that to LibreOffice's source code.

43:17 - Jonathan Bennett (Host)
I don't know how LibreOffice builds on Windows versus Linux. It would not surprise me if there was some SIGWIN involved in that. Actually, so is it time to talk about.

43:28 - Ken McDonald (Co-host)
With all the other source code they've got.

43:32 - David Ruggles (Co-host)
I was going to say is it time to talk about their updates.

43:34 - Jonathan Bennett (Host)
We can talk about their updates, Ken. What is new in LibreOffice to talk about?

43:38 - Ken McDonald (Co-host)
their updates. We can talk about their updates, ken. What is new in LibreOffice? Well, according to Marius Nestor in his latest article about the Document Foundation's recent announcement of LibreOffice, it's now at 24.2.4. Last month it was a little over a month ago that they had released 24.2.3 that Parrot OS just updated to, so they're not far behind.

This point release does fix more than 70 bugs. Some of the bug fixes include charts that are not updated after data entry of freezing of columns is activated. They fixed that bug. Qt6 bug was support video playback and impress presentations on Wayland. So we're getting more Wayland compliant Text. Adjust to contour broken in recent draw impress and then you also have source unknown when pasting with control shift in Wayland. Libreoffice doesn't work with GLib 2.80. That got fixed. And here's one that I found really interesting the KDE QT user interface program freezes after save, as that's finally fixed. Now details about these and other bugs are available in the RC1 and RC2 change log that Marius links to in his article. You can download and compile the sources if you don't want to wait until the 24.2.4 release arrives in your Linux distro software repositories. The system I'm podcasting from today is OpenSUSE Tumbleweed and I was able to install that yesterday.

45:31 - Jonathan Bennett (Host)
You know I am actually. I don't think we talked on the show about the new system that might be interesting to dive into here in just a minute the LibreOffice update. I'm kind of amazed that a hang-on-save bug slipped into a release. That sounds like a terrible bug, but good to see LibreOffice continuing to push things out. And you know it's weird. It's not weird, it's weird. We don't talk about OpenOff. It's weird. It's not weird, it's weird. We don't talk about open office releases anymore. What's up?

with that we shouldn't. The problem is that there's not much happening at open office and they're not really pushing releases out.

46:10 - Ken McDonald (Co-host)
Is it dead?

46:10 - Jonathan Bennett (Host)
office now it's dying office. It's closed office. Yeah, the offices are closed. Oh, that's terrible.

46:25 - Rob Campbell (Co-host)
We're terrible and we should feel bad OpenSUSE Tumbleweed, though I am glad you selected that one.

46:31 - Jonathan Bennett (Host)
Yeah, that's cool. So how is that experience, what's the new hardware and how's the experience with OpenSUSE going?

46:45 - David Ruggles (Co-host)
Let me change my shared screen here. What's the oh? The really important question, though, is which uh gooey, are you running on top of it?

46:49 - Jonathan Bennett (Host)
that is. That is a question katie. Of course, I doubt it xfce.

46:55 - Ken McDonald (Co-host)
I was gonna say he's sticking with XFCE.

46:59 - Jonathan Bennett (Host)
Ken is stuck in his ways. He likes him that XFCE.

47:04 - Ken McDonald (Co-host)
Well, I've got a lot of widgets set up for XFCE from before. How's?

47:10 - Rob Campbell (Co-host)
Waylon running on XFCE there.

47:13 - Jonathan Bennett (Host)
Is that a thing? I don't think that's a thing. Yet OpenBSD got it first.

47:23 - Ken McDonald (Co-host)
If you want to bring up my screen share, you can see I've got Konky running on it showing that system. It's got a B650 Gaming AX motherboard in it. It's got an AMD Ryzen 7 7700 8-core processor. And next week's tip I'm going to show you how I can double that.

47:52 - Jonathan Bennett (Host)
Nice, I was looking for the core count. You should have a bunch of cores and not a whole lot running on it. It's showing 9% of the CPU being used right now, as opposed to when you were running on a Raspberry Pi. It was about 98% use all the time.

48:09 - Ken McDonald (Co-host)
And I put, starting off with 16 gigabytes dual channel memory, and that's sitting at 42% right now, with no swap being used.

48:22 - Jonathan Bennett (Host)
Yeah, the storage isn't really relevant because that's a one terabyte SSD with two partitions and then a four terabyte spinning rust drive for the, but you can see that still already had a lot of files on it and with the network, I think it's looking at my wifi instead of my ethernet connection it sounds like it's going to be a pretty nice build for you and I know we've gone back and forth about parts and which SSD to put in there and which processor forth about parts and you know which which SSD to put in there and which processor to go with and whether you need a dedicated GPU or not. So I'm I'm glad it's together and working and you're having a good time with it. That's fun.

49:08 - Ken McDonald (Co-host)
Oh yeah, I'm debating. I may end up, before fully set up, going back and repartitioning the M.2 SSD that I've got in there so that it's in probably four partitions so I can do a boot between various operating systems and desktops.

49:34 - Jonathan Bennett (Host)
Have a second partition, just to be your DistroHopper partition. That'd be fun.

49:40 - David Ruggles (Co-host)
So one last pick on XFCE before we move on. I just pulled up their Wayland roadmap and their long-term goals are. It is not clear yet which XFCE release will target a complete XFCE Wayland transition, or if such a transition will happen at all.

49:58 - Jonathan Bennett (Host)
I wonder if they took six months to come up with that roadmap.

50:02 - Ken McDonald (Co-host)
No, it was only six weeks.

50:07 - Rob Campbell (Co-host)
Yeah, as slow as XFCE goes oh.

50:13 - Jonathan Bennett (Host)
Alright, David, let's talk CentOS.

50:16 - David Ruggles (Co-host)
Ah, yes, I'm all about dead projects and dead operating systems today. For some reason Now we've actually discussed this month for CentOS 7. Now, as an interesting aside, not to open old wounds, but why are we talking about CentOS 7's official end of life and not CentOS 8's? That's because when Red Hat decided to terminate CentOS 8, I mean CentOS they just killed CentOS 8, and so the only CentOS that was still supported at all was CentOS 7.

In the aftermath of that whole process, there have been several different groups that have come forward. The two big ones are Alma Linux and Rocky Linux, so you can move to either of those. Of course, red Hat would prefer you move to their enterprise RHEL 8 or 9. We won't talk about that. But the reason why this is important is because, um, as they say somewhere in the sort of going to try to find the exact quote really quickly here, um, let's see, I can't find the quote.

But the point is is that in DevOps we often have a if it's not broke, don't fix it mentality, and so you can wind up running some legacy things. And we're still seeing that 26% of the 200,000 Linux devices that were scanned were still running CentOS and 2.4% of all websites are still running CentOS, according to some scanning that they did across the web, so there's still some CentOS out there. Now, if you absolutely positively cannot move off of CentOS, for some reason, there are actually a couple of companies out there that are um, offering solutions to extend CentOS 7's operational lifespan with um critical updates, security patches, and those are linked to in that article. So it's more of just a bulletin than anything else. If you're still running CentOS 7 somewhere, you probably need to decide how to proceed.

52:56 - Jonathan Bennett (Host)
Yes, I would agree with that. I'm curious you know they've got that that figure about public centos systems. I wonder, if so for those of us that went to centos 8. I had a couple of installs where I did with centos 8 because oh, it's made by red hat, of course it's going to be supported for 10 years, just like they promise it will be. Spoiler alert. It wasn't. There were some solutions like Rocky and Alma both stepped in and not only did they produce their own Red Hat using the Rocky or the Alma mirrors. And I'm curious I don't know for sure I'd have to go check on some of my systems I don't have them in front of me at the moment If some of those systems are actually still reporting that they are CentOS when they actually are getting updates from Rocky or Alma.

53:57 - David Ruggles (Co-host)

53:58 - Jonathan Bennett (Host)
I don't know we may see that sticking around for a while and maybe it's not quite as bad as it seems like it is. But yes, I would agree. If you're running CentOS anywhere, unless it's CentOS 8 and you've already done this, it's time. It's time to go back your data up, do a fresh install.

Oh, my recommendation would be Alma Linux. Yeah, I would say so as well. I'm glad that Rocky Linux still exists and they do some cool stuff too. So if you need a bug-for-bug compatible version of RHEL that is not RHEL, then Rocky is the way to go. But I I really like some of the things that alma linux is doing, like pushing out security fixes when rel doesn't think that things are a big deal and the rest of us look at the cves and sort of think they're a big deal. Um, so alma alma has. This policy was like. You know, if, if rel says we can't be bug for bug compatible, that's fine, we'll just fix some of the bugs. I can be damned with that.

55:02 - David Ruggles (Co-host)
Yeah, that Red Hat Enterprise, Linux or Red Hat Alma and Rocky ecosystem all three of those are large enough that we're not really seeing any fragmentation and it really, from my perspective, seems like we're seeing more of a mutual feeding of the ecosystem versus any one of them kind of leeching off of it.

55:26 - Jonathan Bennett (Host)
Yeah, particularly between Alma and Rocky. There seems to be sort of a friendly competition going on, and so it's yeah, it's been good, yeah, okay, rob, what are we doing to make OpenSsh more secure? You, you have definitely piqued my interest here. What's the story?

55:44 - Rob Campbell (Co-host)
this is one that, uh, I just caught last minute today and I changed my story. Uh, so who doesn't love ssh? It's, it's all linux users love it. It it's kind of just a requirement of Linux. And who doesn't love their publicly facing, open SSH servers getting slammed all day by people trying to break into your system? Yeah, obviously that's sarcastic, but that's what happens if you have an SSH server open on the Internet All day long. You'll be seeing that in the logs. So you know there are third-party tools or firewall rules you can use to minimize these attacks. For example, my web servers only allow SSH to my home IP, my specific IP, and you know there's also fail to ban, and that will help block malicious login attempts. Others also failed a ban, and that will help block malicious login attempts. Well, now open ssh is adding a new feature right into the software itself to help mitigate these attacks.

Open ssh developer damian miller is incorporating two key features, and those are per source penalties and and per-source penalty exempt lists into OpenSSH. The per-source penalties feature enables SSHD to monitor and respond to abnormal behavior detected during the SSH authentication process. So, when enabled, the feature monitors exit statuses to find things such as failed login attempts indicating potential brute force and password guess attacks and actions that cause SSHD to crash, potentially indicating an attempt to exploit the system. Problematic behavior can lead to the IP address block, the block of IP addresses even being temporarily blocked for a specific duration. Repeated offenses can lead to increased block duration up to a configured maximum threshold. The response is designed to adapt based on severity and frequency of the offenses and of course, this could lead to a denial of service if you somehow get flagged in that.

So you might want to exempt an IP from this block list. This can be done with the per source penalty exempt list. This can be done with the per source penalty exempt list. So you know you always have one path into your system if you have an IP somewhere exempt. You may also want to use this on a network that somehow triggers a lot of false positives, or a large network or whatever the cause is. There's reasons where it could happen and so you can also put that network in that exempt list. So this feature right now it will not be enabled by default. So once it makes it into your release, or you go ahead and jump ahead and get it installed manually, or whatever you have to do. You might want to enable this feature or test it out at least first see if it fits your needs. But eventually they say this will likely become the default in future OpenSSH.

59:07 - Jonathan Bennett (Host)
Yeah, I like it. I have a lot of thoughts about this.

59:11 - David Ruggles (Co-host)
I think it's definitely an improvement and, in all fairness, since we were picking on BSD a minute ago, I think it should be pointed out that this development is happening on OpenBSD.

59:21 - Jonathan Bennett (Host)
And it looks like on OpenBSD 7.6, they're going to turn it on by default.

59:26 - Rob Campbell (Co-host)
Yeah, and that's because OpenBSD maintains, I believe, the OpenSSH project, which is why we're seeing it there first.

59:32 - Jonathan Bennett (Host)
Yeah, that makes sense. So the things that come to mind First off, you're going to see some distros turn this on by default, and good for them, that's good. It's a security win. It will make your logs lighter and it will improve security a bit.

The mass SSH login attempts have changed, though. It's not just three or four IP addresses anymore, so the way this now works is there are botnets with thousands and thousands of bots on them, and they are all given IP addresses where or maybe not even maybe they're just scanning randomly. So what will happen, though, is each of these will try to log in, they'll guess three or four times, and then they'll move on to the next IP address, and this has happened because so many people now have things like fail to ban set up. So, while what OpenSSH is doing here is a good thing, and we're glad to see it, it is not as effective now as it was a few years ago, when the way this would happen was it would just be three or four IP addresses that were constantly hitting you, but now it's been farmed out to botnets, and so you'll get hit from all different IP addresses, and there is not an easy fail-to-ban style solution for that.

The other thing to keep in mind is fail-to to ban covers a lot more than just SSH. Of course, ssh is one of the more popular things to use it on, but you can also set it up for like watching for password guessing attempts on your email server. Or if you have an HTTP HTTPS server with authentication, you can set fail to ban up to watch the logs for that and ban IP addresses for guessing trying to, you know, hack into your websites. But I like seeing it in OpenSSH. I think it is a step in the right direction.

01:01:29 - Rob Campbell (Co-host)
Yeah, I mean there are other tools like fail to ban. That covers a lot more, but I think where this maybe really is beneficial and, like you said, sure, there's botnets out there that also aren't necessarily going to be covered, depending on how I don't know how many ips they have, but anyway, what? What I think this really helps is just that that first time user, that that person who goes and sets up a server and doesn't think about all these extra security settings and things that they have to block, and you know, it just gives them one more security feature to help protect them Without them once it's default, without them even having to think about it.

01:02:12 - Jonathan Bennett (Host)
Yeah, I think it's a huge win for Linux distros taking better security defaults like no SSH root logins.

That is something that has become more popular and become default in a lot of distros and that's a huge win. I think this is going to be good. In thinking about this, one of the things that comes to mind is it could be interesting and there are technical challenges to this but it would be great if you could get a bunch of servers all doing this, either with open ssh or fail to ban and then aggregating their logs, because you would then be able to identify like okay, these are all of the ip addresses that are uh, malicious or part of a botnet, and then just have like a mass blacklist, a mass block list. But the problem with that is it would be so open to abuse. You could you know so, like if you had open registration on something like that then, oh well, the easiest way to DOS somebody and not all service them is get their IP address put on this list of bad IPs. So there's not an easy way to kind of democratize that.

01:03:28 - Rob Campbell (Co-host)
Maybe that service has to be a little bit more controlled, whether it's just you have to have an authentication like an account and then you can do it, or maybe you even have to I don't know do something beyond that. But yeah, maybe that's.

01:03:44 - Jonathan Bennett (Host)
If somebody had a huge, like a large, block of IP addresses and there's some organizations out there that do you could have a couple of servers, multi-home them to where they would answer on all of those IP addresses. And then you know, you just use it like a what do they call it? An internet telescope? Well, yeah, it would be a honeypot, but using that many IP addresses, there's another term that they use for that. They call it like an internet telescope, because you've got so many IP addresses that you can listen on and because you're not using them for anything else.

You know all of the traffic that's coming to them is unsolicited and them for anything else. You know all of the traffic that's coming to them is unsolicited, and so it's all either like attacks against you know, scanning and attacks for things like SSH, or it's backscatter from other bad behavior. There's some really interesting data that some security companies have managed to mine just from having access to unused IP addresses. I'm going to have to go and look up what term they use. There's one in particular that had a really interesting write-up on it a while back.

01:04:41 - David Ruggles (Co-host)
Before we jump off this topic, there was a question from the comments about is the SSH session opened every time you reach out to the network, like doing an update, download or just accessing your network remotely, and so it might be worth just covering SSH real briefly. Yep, so SSH stands for secure shell, and what it is is. Most of what we do in Linux is from a command line or a shell, and it is a way of securely accessing the command line on a remote server. So it's not used unless you're intentionally using it, and most of the time it's not used unless you're administering a server.

01:05:26 - Jonathan Bennett (Host)
And more specifically to the question, and I think you're right. I think the question maybe shows a lack of understanding about exactly what SSH is. But just to make sure we fully answer it, when you connect to something over SSH, you have a single shared session and that session persists until you close it and you know then underneath that you've got TCP and so then it's a. It's a TCP session that remains open, but it does not. It does not break it down and set it back up every time you go to run a different command. It's just a single session. Now there are tools like I forget the name of it. There is a SSH over UDP tool that can do that. It can set up, break down SSH sessions for you. I can't remember the name of it. It was pretty cool though.

01:06:16 - Rob Campbell (Co-host)
Anyway, and to caveat onto what David Ruggles said, being command-lined, that is the main purpose, but you can also use tools like DashX and Waypipe. You can basically pipe a GUI application over that SSH tunnel. That is an extra kind of side feature. That's not part of the main purpose really. But then also a very common thing is to use SSH now to transfer files, which is SCP, yeah Well, sftp. Or is it FTPS? It's SFTP, right yeah.

01:07:01 - David Ruggles (Co-host)
No, that's FTP over TLS. So SCP is SSH for file transfer.

01:07:09 - Rob Campbell (Co-host)
No, I use Not SSH yet. No, I use SFTP with FileZilla often to transfer it through my SSH. On my server, all I have running SSH. I do not have an FTP and I use SFTP to get to it.

01:07:28 - Jonathan Bennett (Host)
Yeah, I think it's like tunneling FTP over SSH. So the same user asks is SSH like Telnet or FTP, except secure? And yes, to put it the most simply, ssh is the secure alternative to telnet. Now ssh has learned tricks over the years, like, um, the ability to tunnel other things through it. So you can, you can also do one of my favorite tricks with SSH is to do network tunneling over it.

So, like the dash L what's the other one, dash R, dash capital L, dash capital R, you can open a local port and forward it through to a remote machine. Or you can tell the SSH machine that you're connected to to open a port on that side and forward everything to you. And so you can do. You can do lots of fun things like that with with that ability. Um, I quite often will ssh into a remote server and then use port forwarding to get to the web interface on, like the router at that remote location or the printer or whatever else is there. There's. There's lots of fun that you could do with that. I enjoy it very much.

01:08:39 - Rob Campbell (Co-host)
SSH is encrypted, Telnet essentially, and then a whole bunch of added features got added to it later. Yes, yes.

01:08:49 - Ken McDonald (Co-host)
I like using the dash capital X for forwarding the X server from the remote system back to the local system.

01:08:58 - Jonathan Bennett (Host)
Yep, yep, and Rob kind of mentioned that that that is a thing that you can do and, of course, if you use Wayland, you can use Waypipe. That's the exact same thing.

01:09:07 - Ken McDonald (Co-host)
Probably the most prevalent use of SSH for me is to use SSHFS or file system, so I can mount a remote directory locally.

01:09:22 - Jonathan Bennett (Host)
Oh right, yeah, yeah, so that's using Fuse, the file systems in user space, which is yet another way to do file sharing over SSH. All right, we need to move on. We're not here to talk about SSH, although it's fun. We're going to talk for just a second about OBS. Yet another no, not a TLDR, tla, another TLA. Too many TLAs around, I couldn't even remember TLA. It stands for three-letter acronym OBS, the Open Broadcaster Software.

It just minted the 30.2 beta beta, or the first beta, but we get to see all the things that they're going to stuff in here, and there's some fun ones. Probably the most interesting is multi-track video streaming, and I am pretty fascinated with this because of the changes it means that they made under the hood. Now, apparently, for right now, this is for Twitch and Twitch is calling it enhanced broadcasting, and I kind of suspect that what has happened is that the guys at Twitch came up with this feature and the guys at Twitch are doing some of the work to make it happen in OBS, but it lets you push multiple streams at once. Now, one of the things that you could do with this is multiple encoding levels, right, so you could push your 4K stream and your 1080p stream at the same time, but it's the exact same kind of under the hood. It would work the exact same to also push two totally different streams, which, with OBS, kind of unlocks and lets you start thinking about doing some really interesting things, like pushing two cameras at once or pushing your camera off to someone and then a mix off somewhere else, and with some of the other things that I know people are working with OBS, like the ability to cut out all of the middle managed, have two OBS instances talk directly to each other. I see some really interesting things happening here.

And then, of course, there are other nifty things coming. One of the cool ones is the hybrid MP4 output format. This doesn't really affect me so much anymore, but it really used to be a problem because to record things for Twit inside of OBS, they had me use MP4 because it would just it would import without having to retranscode, because that's what Twit uses for all of their video stuff. If OBS happens to die and not get to close your MP4 file out all the way die and not get to close your MP4 file out all the way there's some really important stuff that doesn't get written and it actually makes for an unreadable MP4 file, and there are some tools out there to try to fix it, but it's a little dicey.

So OBS has added this hybrid MP4 format that, as they say it combines the fault tolerance of a fragmented MP4 with the wide compatibility and faster access times of regular MP4. So basically, they think they've found a way to have the best of both of these worlds, which really sounds pretty interesting. There is also now an NVInc encoder in Linux, which, for those of you NVIDIA users, that might be a big deal. Some shared texture support got added to various places. They have now added HEVC over WebRTC output, which that also sounds pretty fascinating. Yeah, bunch of changes, bunch of cool stuff coming in OBS. None of the really, really big things that I've I've been hoping for and looking for, but a few smaller, nicer things.

01:13:04 - David Ruggles (Co-host)
So yeah.

01:13:07 - Ken McDonald (Co-host)
Has OBS been updated to use the latest FFmpeg library? You?

01:13:12 - Jonathan Bennett (Host)
know I'm not 100% sure it might be in here, but I don't know. They're usually pretty quick. They're usually pretty quick to get to it. So it may be using FFMX7 already, but I'm not 100% sure.

01:13:31 - Rob Campbell (Co-host)
If Jonathan wasn't clear, he's had plenty of experience with OBS failing and stopping in the middle of recording and having to fix that later, so he was speaking from experience, yeah.

01:13:48 - Jonathan Bennett (Host)
I was. It turns out one power cord is not enough for to keep this laptop happy. It takes two power adapters to run it while we're doing the show. That's the power the show takes. Yeah, yeah, we're overpowered, I guess. Oh david, what were you gonna say?

01:14:07 - David Ruggles (Co-host)
I was just simply gonna say that because that mp4 modification is pretty interesting, because right now it defaults to recording to MKV for the reliability and then transcodes it to MP4 after you stop the recording, which can be a little inconvenient. Yeah, yep.

01:14:27 - Jonathan Bennett (Host)
Makes sense. All right, Ken, let's talk about the other video toolkit. That is not FFmpeg. What is VLC up to?

01:14:37 - Ken McDonald (Co-host)
that is not FFmpeg. What is VLC up to? Well, thanks to Mario Snister and Joe Sneddon for writing about the latest stable version of my favorite cross-platform, free and versatile media player for GNU, linux, android, macos. Rob, you'll be happy to know that it's even for Windows. Yes, as Jonathan said, we're talking about VLC, this time version 3.0.21, and it's here to add a new AMD VQ enhancer filter, a D3D11 option to use NVIDIA True HDR for generating HDR content from SDR sources, super resolution scaling with AMD GPUs and support for HTTP content range handling according to RFC 9110. It also improves Opus ambisonic support I think we talked about that recently Opus decoding in MP4.

Va-api hardware decoding with some drivers and HLS adoptive streaming in audio-only mode. There are a lot of fixes, including a fair few for Mac OS, including better rendering of Asian language subtitles and a bunch of general bug bombs and security patches. Now, library bumps that we see with VLC have FFmpeg going up to 4.4.4. Ffmpeg going up to 4.4.4, with the most recent one being 7. You'd think that's really old, but it's not that old really.

01:16:27 - Jonathan Bennett (Host)
It's only six months, well, but that's on an old branch, though of FFmpeg. You've got a bunch of major version releases since then. That is something that seems to kind of be a thing these days. Vlc has slowed down quite a bit in its development. It used to be boy, it used to be great and absolutely the best way that you know the bleeding edge, and it would play just about everything, and it's kind of lost its layer of chrome, as it were. Things like MPV and some of the others are really more the bleeding edge video players.

01:17:03 - Rob Campbell (Co-host)
These days, If you're developing and maintaining the same app for 20 plus years, when you kind of slow down and get tired of it too.

01:17:13 - Jonathan Bennett (Host)
Well, that's true, I think VLC. Wasn't it originally run by something out of a university? Was it originally a university project, something like that? I don't know. Yeah, let's see if I can find it real quick. But yeah, I suppose that's a fair point.

01:17:40 - Rob Campbell (Co-host)
They have some HDR stuff, but still, don't have support for any of the, I guess, the way to play HDR on Linux. I know I'm not maintaining any of my programs that I wrote 20 plus years ago anymore.

01:17:47 - Jonathan Bennett (Host)
Well, but Rob, but Rob.

01:17:50 - Rob Campbell (Co-host)
Okay, nobody uses them either.

01:17:55 - Jonathan Bennett (Host)

01:17:58 - David Ruggles (Co-host)
It's a little less important when it's just you using it yeah, he has, like millions of users, I gave up when I had like five people using as like. He's just not motivating me you weren't getting enough coffee out of the project yeah, it wasn't.

01:18:12 - Jonathan Bennett (Host)
Yeah, gotta be a. It's like this. It's like the, the xkcCD comic, the Balmer line. There's a Campbell line of how much coffee you have to get out of the project to be able to keep writing code for it. Fun times, let's hit some tips. Hit some command line tips. Did we want to hit?

01:18:35 - David Ruggles (Co-host)
your story real quick.

01:18:37 - Rob Campbell (Co-host)
I got one last thing. I forgot about this and so it wasn't on my story list, and then I requested to quickly do this, because this is big news and I don't know why I forgot about it, because we've been reporting this every time we got close, and in this recent Steam survey for May 2024, Linux passed the 2% mark by quite a ways. They are at 2.32%, macOS at 1.47% almost a percent higher, Almost a percent higher. So, yeah, you know that exciting 2% number that I've been wanting to pass and looking for and I almost missed it. 2% guys, Woo.

01:19:30 - Jonathan Bennett (Host)
So 3% is now the new 2% right.

01:19:33 - Rob Campbell (Co-host)
Yes, it is Maybe 2.5. I'll go for 2.5. And as fast as we jump to 2.3, we could get it.

01:19:43 - Jonathan Bennett (Host)
Yeah, I mean probably eventually. Like, if Steam continues having success with the Steam Deck, then it will continue to grow and with the anticipated update for Windows 11.

01:19:55 - Ken McDonald (Co-host)
With Copilot Plus.

01:19:58 - David Ruggles (Co-host)
That's definitely going to bump it up.

01:20:00 - Jonathan Bennett (Host)
Yes, specifically with that.

01:20:02 - Rob Campbell (Co-host)
I've actually heard from some Windows users who asked me about good Linux distros because of that, and I was not expecting some general. I mean, he's one of the guys. He's an IT guy, he's a network admin, but he's not a Linux guy. He's just Windows Mac and does configure Cisco switches. Also, I got a text message from him the other day asking about Linux Mint because of this.

01:20:30 - Jonathan Bennett (Host)
So it could be a good thing. Well, I tell you the thing with Recall it taps in to some. It's got a creep factor to it. So for those that don't know what's got a creep factor to it. So for those that don't know, what's going on is with, with Microsoft's new GitHub co-pilot plus recall that's what they're calling it. They're co-pilot plus enabled laptops, and specifically their arm laptops.

I'm not sure why this is just. Well, no, I know, it is the way that Microsoft is trying to market these new Snapdragon ARM laptops, and the new Snapdragon chips do have, you know, ai accelerators built into them, so you don't actually have to have. The guys that are doing the research on it have figured out ways to make it run on x86 desktops, but it's designed to run on ARM and so it's supposed to be the selling point for these ARM laptops. But what it does is, every few seconds, it takes a screenshot of your desktop and saves it to a folder, and then runs that screenshot through OCR, optical character recognition, and it takes all of the text that it sees and saves it to a database, and the idea is that a month from now, you can say hey, windows Copilot.

You remember that time I was looking on Amazon for 10 millimeter wrenches. I can't seem to find it. Can you bring up the URL that I was looking at for 10 millimeter wrenches? And the AI does its AI thing inside of your AI accelerator and goes here's the link for your 10 millimeter wrenches, dave, and you know if you're a manager, if you're a CEO at Microsoft, you go oh, that sounds amazing, but all the rest of us heard Microsoft's going to take screenshots of my desktop every five seconds and save them forever.

I'm not sure I like the sound of that every website every website I look at, every video I watch.

I'm gonna take screenshots of that there's no way to turn it off there are well, so it's on by default. You can opt out, you can go turn it off. People don't care about that. Like so we're just right now, we are just talking about like the optics of it, the persuasion part of it. No, nobody cares about that. Like all the details, like oh yeah, it's only on the arm, laptops, you can turn it off. Nobody cares, it's just. Microsoft is building a way where your computer spies on you and watches what you're doing. Like people are freaked out by that idea.

01:23:03 - David Ruggles (Co-host)
And it's the on by default, because we all know about the tyranny of the default. Yes, yes, yes.

01:23:09 - Rob Campbell (Co-host)
I've heard there's other problems too, like it's like SQL light, I think I've heard, and I think there are ways other users can view other users stuff. I don't remember the details, but I think I'm watching this stuff.

01:23:22 - Jonathan Bennett (Host)
Yeah. So if you get into the details, like so just the headline, the persuasion side of it is bad, but if you get into the details, there's bad stuff there too. So they talk about how all the data is encrypted at rest. And well it is. But as soon as somebody logs in, it gets unencrypted. And in their wisdom Microsoft did not put it in the per-user encryption place. It's not actually encrypted per user, it's encrypted per system. So one user that is an admin, so anybody that's admin can get into the folder and see all of it. And then the real problem, the actual security problem with it, is as soon as malware gets into your machine and gets to be able to run as the user, it can grab that entire database. And it's such a treasure trove of information and logins, and I mean potentially blackmail material. Let's be honest.

01:24:21 - Rob Campbell (Co-host)
That is going to be amazing for malware providers and ransomware people. Yes, yes, can you grab that?

01:24:27 - David Ruggles (Co-host)
And even if they corrected it and made it so it was secured per user. You know malware is running as the user, so it doesn't solve that problem.

01:24:38 - Jonathan Bennett (Host)
Yes, yes, that is correct, it is a real problem. It is an optics problem for Microsoft because again they've tapped into the creepy eek factor totally unintentionally, but they did it for a lot of people. But it's also like a legitimate security problem because that's a lot of data to be keeping about your user and there's just not a good way to keep it secure, you know, in defense, in defense.

That's kind of cool but that's, that's the other part of it, like so, if you're not, if you're not creeped out by it, and you don't think about the security problems.

It's a really cool idea, like the technology of it, and so there's things that they did about it. Right, they did some things very well. So normally with an AI thing like this, oh, you'd be sending all this data up to the cloud, where they've got NVIDIA Pro graphics card processors and APU units and all the rest to do the actual data crunching on it. Well, that's not how these work. They intentionally they actually took part of the Azure tool chain and re-implement it so that it runs locally within Windows, so that the machines can do the data processing without sending any of the data up to the cloud. Like that piece of it is great, and what you can do with it is great. It's just there's some problems.

01:26:05 - David Ruggles (Co-host)
Yeah, steve did a deep dive on it.

01:26:07 - Jonathan Bennett (Host)
The last episode this week passed, so if you're interested in that, I wrote about it in yesterday's security column too, so lots of people are talking about it, lots of good coverage on it. There are, of course, already tools the one that I looked at. It's fun. It's called Total Recall. If you're an admin on the system, it'll just go in and pull everything out and let you see it. It's all going to be there. It pulls every bit of it out. So fun, fun stuff, and I guess we should make it clear this is not a released tool yet, and the plan is that it's not coming to all of Windows, it's only coming to these specific laptops, uh, I think.

I think it's probably safe to say, though, that Microsoft would have eventually wanted to roll it out everywhere. Um, there's been such a backlash against it, though, though I've begun to hear whispers that they are trying to memory hole the whole thing. You know, in six months from now, it's going to what? Recall? I don't recall us saying anything. Yeah, we can't remember anything about recall. No, we would not have. Microsoft would never have. Yeah.

01:27:18 - Rob Campbell (Co-host)
Oh yeah, I've heard they've been pretty silent on it too, I think for news organizations and stuff asking them questions just quietly.

01:27:27 - Jonathan Bennett (Host)
Yes, the crazy thing about it is it's like it caught them by surprise, Like thousands of employees at Microsoft, you know hundreds of people, at least dozens, at least dozens of people would have had to sign off on this, and it's like they were all caught by surprise that people would have a problem with this. I'm I'm a little flabbergasted by that, but anyway, all right, that was not on the roadmap for today, but it's what we covered. Uh, let's get to tips. Let's go to David. Uh ping with a graph.

01:28:10 - David Ruggles (Co-host)
Uh, uh, ping with a graph. Oh yes, so I've got a gping and I have a screen to share. Um, let me see what happens if I do this, ah cool makes a little bit bigger, all right.

So it is called gping and it is cross-platform. I've got a link to the GitHub project, but I actually found it this week because I needed to do some ping testing as I was swapping out network equipment at a client. And what's really cool about it is you can do a list of IP addresses and when you run it it generates a little chart. Is you can do a list of IP addresses and when you run it it generates a little chart. It gives you details up at the top about your jitter, your average ping, your min, your max, and it makes this nice little graphical chart that it just constantly keeps updating so you can use it. I was using it inside a network as we were swapping out routers to make sure that we weren't introducing any extra latency between VLANs and also checking internet. So in this case I'm pinging both Google's DNS public DNS and Cloudflare's public DNS, and it's pretty nifty, so there's not a whole lot to talk about, but it works quite well and it did what I needed to do.

01:29:26 - Jonathan Bennett (Host)
Very cool. I like that. That looks really cool. I wonder if it will support pinging IPv4 and IPv6 at the same time.

01:29:36 - David Ruggles (Co-host)
Oh, that's an interesting question that I can't answer because I do not have IPv6 from Spectrum.

01:29:43 - Jonathan Bennett (Host)
I will. I'll see if I can get it downloaded and installed and take a look at it.

01:29:49 - Rob Campbell (Co-host)
Let's see Nobody cares about IPv6.

01:29:52 - Jonathan Bennett (Host)
Stop, stop trying to make it a. Thing.

01:29:56 - Rob Campbell (Co-host)
Stop trying to make it a thing. It's not going to happen. Yes, it can.

01:30:00 - David Ruggles (Co-host)
Ooh cool, I just used a local address because I do have IPv6 internally. Yeah Well, no, maybe it can't. It's not getting any response, I don't know. Anyway, it didn't blow up, but it's not working right.

01:30:18 - Rob Campbell (Co-host)
That sounds like a lot of my code. It's looking for a domain name instead of an ip.

01:30:23 - Jonathan Bennett (Host)
Oh, is it? Yeah, that could be yeah, that could be all right. Well, that's cool. I like that a lot. I will. I will get that installed on some machines here and have a have a play with that. All right, rob all right.

01:30:35 - Rob Campbell (Co-host)
So this one you might want to make yeah, make me big, because this one's thanks to cousin of jahoo brought this to our attention in the discord. This is I ventoy. Now most of you hopefully know what ventoy is. Well, this is I ventoy. So for those who don't know, or those who know what a pixie boot is, iventoy is basically a Pixie boot server, so it makes it so you can boot an ISO over the networks instead of USB or optical disk or whatever. So for those watching, I put my commands that I used to install it. So for that I did wget to theirithub and it's a targz, and then I untarded tar, zxvf, iventoy. Then I cd'd change directory into it and I ran iventoysh space, start. And then here I did ip-a to check what see how my ip was, because this was a new vm that I set up. And then I uploaded rescue zilla 2.4.2, blah, blah, blah iso into it and here on the command line I moved that into the iso folder because that's where it's going to pull the stuff from.

So after I started it you can access this from a web interface, and that's why I wanted to see what my IP was. So let me transition over to that. So, going to the web interface, I did the IP and I did a colon 26,000. And from here you can configure things. So I've already used this. You got your boot information. You got your server nickname, a device this is a device that I currently actually have booted over the network, which I'll show you shortly. You got different configuration. You got timeouts, retransmits, you know, just a bunch of stuff there. Most of it I just left that default is where I left it. You got Mac address filtering If you want to specify, to deny Macs or only permit Macs. You got your images you can click on it to get more details as default, all kinds of stuff like that and registering information.

I have the free edition. There is a paid version. I believe the only actual extra feature in the paid version was that you can use this on ARM. So if you want to use this on Raspberry Pis, you have to have the paid version, which I don't remember it was like $30, $40, $50 or something like that. But for those not doing ARM, this free version works just fine. So, basically, so the only ISO I have in there is the RescueZilla, so I'm going to show you here in a second, what happens when I boot up one of my.

This is another virtual machine, but if I would have had any bare metal, if it's supported Pixie boot, that's PXE boot, and if that was, if there was nothing else to boot in the boot order before that Pixie boot, it would reach out to the network and it would find this Also, one other thing I got to say. I got to add there is the DHCP server in there, but I'm not using it because I have my own DHCP server. You are going to want to configure the options in your DHCP options to tell it where the Pixie boot server is, and I believe it's a TFTP and another one I can't remember now, I forgot to save those for the show. But when you're going through the documentation it'll tell you what to do and if you have questions, go ahead and reach out to me and ping me on it. But anyway, for those watching, when you booted it up it booted into iVentoy that's the version I have and it shows you the list of ISOs. You can boot from any ISO you want or you can reboot, you can change the screen resolution, you can exit the BIOS, but you know, if you just go and boot from it. Hey, there's RescueZilla right there and it's just booted right up just like that over the network.

And I've known what Pixie booting was for years. I've always wanted to try it. I've actually all my years in IT. I've never actually tried to set up a Pixie boot, but this was so easy that I don't know. Maybe Pixie boot servers are just easy, I don't know, but this was so easy that I don't know. Maybe maybe pixie boot servers are just easy. I don't know, but this was super easy. So if you want to do a pixie boot, I recommend Ivento is pretty awesome.

01:35:30 - Jonathan Bennett (Host)
I I like this a lot. Now is it open source.

01:35:35 - Ken McDonald (Co-host)
He does not have it open source Cause I see I see a.

01:35:42 - Jonathan Bennett (Host)
I found a GitHub repo that claims to have some of its source. I'm just I'm curious about that paid version, that you have to be able to pay to be able to use the ARM boots, because I would. I use PXE for booting ARM, I use PXE for booting arm. So the other thing that really sounds interesting about this is I would set up a, I would set up a dedicated network and bring in machines to work on them and Pixie boot my, you know the, the, the ISOs I want to work on it with. It's like you know, on a Linux desktop, you just throw a second network card in there and have your second network hanging off of it.

01:36:20 - Rob Campbell (Co-host)
But yeah, that's cool, that's a neat. I've been thinking about setting this up. I work just. You know, I have a virtual machine and they're putting it on, they're doing a VLAN and you just have some separate ports on our, on our switch B. This is your setup network and yep, yep, that'd be very useful.

01:36:43 - David Ruggles (Co-host)
Yeah, it'd be very useful. Yeah, I've tried to sit or not tried.

01:36:44 - Jonathan Bennett (Host)
I set up PXE booting a couple of decades ago and it was a pain then. So this is pretty slick. So crazy it, uh it is. It is definitely challenging the first time you go to set it up, although it's a little bit better now. There's some tools that help. Um, but it takes some.

01:36:56 - Rob Campbell (Co-host)
Yeah, and if you're using a different DHCP server, you do have to. Well, you will want to. I think you have to, because I think one problem I had was it wasn't I couldn't get to boot from the right file and all I had to do was tell iVentoy I have my own DHCP server and put the right configuration in there, because you do have to tell the file to boot up to it. I don't remember what that is either.

01:37:21 - Ken McDonald (Co-host)
Am I wrong? Don't most home networks use a router as the DHCP server?

01:37:29 - Rob Campbell (Co-host)
Yes, Well, that's the default. Yes.

01:37:32 - Jonathan Bennett (Host)
A lot of routers will let you go in and add DHCP options, which is all this is. It's just a couple of DHCP options. It says, hey, if you need to pick some boot options. Which is all this is. It's just a couple of DHCP options. It says, hey, if you need a Pixaboot, it's over here at this place. And it's also actually possible to set up multiple DHCP servers using something like DNS mask, and so your main router will say here's your IP address and how to get out to the internet, and the DNS mask can kind of sit in the corner and go oh, by the way, if you need a pixie boot, it's over here. Like that's kind of essentially how it works. It just sends a second packet out. Well, here's some more DHCP options if you need them. So there are ways to get around that, even if you're running some proprietary router that won't let you mess with your DHCP options.

01:38:09 - Rob Campbell (Co-host)
I mean a lot of people. If you have an enterprise network, you can run DHCP on your server. If you have PyHole on your network, which I do, I could run DHCP on that, but I don't run DHCP on that. I run DHCP on my router because I don't want to use up resources anywhere else just for something that simplistic. And so, yeah, I went into my router and I put those DHCP options in there. Yep, A lot of them support it. All right. And if it doesn't, just turn off DHCP in your router and use this, Yep.

01:38:45 - Jonathan Bennett (Host)
That'll work All right. My tip is actually a Linux boot tip and it's because I fiddled with. Let's see, is this actually? No, this is an NVIDIA. Anyway, it looks like this, the RK11 from turing pi. It's a little tiny embedded board that goes on the uh, the turing pi 2, which is a baseboard, lets you put four of them in there.

Uh, and I'm writing an article for hackaday about this, doing a review on it, and the only official firmware for this thing is ubuntu. I I was like I really don't want to use Ubuntu for this. I'd rather use something else, like Debian or Fedora, or just not Ubuntu. But that's all that they officially support. So I went looking. It's like all right, well, what are the other options for this? And I quickly figured out that they have UEFI set up for the RK1, which is great. That's like the easier way to boot ARM64 these days is UEFI. It makes a lot of things easier and there is upstream kernel support. Starting in like 6.6, I think you can officially boot the RK1. So I set about trying to make it work and the furthest that I could get with it was right before the switch route. So the way Linux boots, it loads the kernel into memory and then your bootloader will load what's called an init ramfs, which is an initial file system that sits in RAM to let the kernel get things booted up far enough to then boot your real file system. And then it does a switch route. So then it switches where the kernel looks at for your file system route and it would fail before then and it wasn't throwing an error message, it would just kind of stop like it was waiting on something, throwing an error message, it would just kind of stop like it was waiting on something. So I reached out to a couple of people and finally found out that in some cases, depending upon what you're doing, the RK1 needs this little tiny kernel patch and interestingly, the patch is only in the device tree, which I don't like.

Messing around with the kernel device tree, I find it a pain, but it's part of how the Linux kernel boots on ARM. The device tree is essentially just your list of devices and where they're all at. Okay. So I built it, I got the new device tree out and then I'm stuck with this like how do I tell the Linux kernel to use this particular device tree? And you'll find some documentation that says well, you can just append as a kernel command line option, dtb equals, and I could never get that to work. And so this is how this typically goes for me.

About 30 minutes after I gave up on it and decided to move on, somebody pings me and goes oh, by the way, here's how you do this. So in the Turing Pi Discord somebody pinged me and says by the way, did you know you can add a device tree as a grub option? And I went no, I did not know that. So that's my tip. All of that long story, here's the tip In grub you know you may be familiar with.

You know you've got your Linux line in grub and that's where you define the kernel. And then you've got your init rd line and that's where you define your initial ram disk, your initial file system. You can also put options in there. Grub also supports the device tree line, and so it's just device, all in word lowercase device tree and then a space. And then it's going to be where in your boot folder you should, the kernel should, look for a device tree. And so in my case it's just device tree and then a space and then slash.

How do you call it Turingdtb? And that just says hey, while you're loading the kernel, go ahead and load this device tree up with it, and it works. And so it was that simple. I spent hours and hours on this and it was that simple. Once you got the right device tree and you told Grubb to load it, it just off. It went. Have a new enough kernel, fix the one thing in the device tree and it is golden. So if anyone messing with ARM, grubb, can load a device tree for you and it is glorious once you get it working, okay, ken, you've got. Oh, you've got an interesting one for us. What is Ken's tip?

01:43:03 - Ken McDonald (Co-host)
Well, if you're looking in the show notes you'll see it says host name CTL. Now I've got a link to a Google Docs that I created with some screenshots showing off the information. The first one in there is going to show the first thing I saw when I went into my OpenSUSE Tumbleweed after I booted into it and logged in. But I'd come across this tip while sitting up OpenSUSE Tumbleweed on my new system, because after I completed the initial installation, when I went to open a terminal, my Calend Prime was just saying local host. I'm always used to it giving usually the model name of the system or, in this case, the motherboard. Now I did find when I used NeoFetch that it gave the host as the model name of my board B650 Gaming XAX. In fact, if you'll see the second screenshot, it's showing NeoFetch providing that.

So I did a little bit of research and I found out this command line prop that uses the host name environment variable and that's updated from various configuration files. I didn't want to have to go to each one of those and figure out which one it was pulling it from. So I came across this command line which is part of your system D command, if you hadn't figured that out already because of the naming, but with it I was able to just go in, type in in hostnamectl space, hostname space, and then I put it in quotes b650, dash gaming, dash x, dash ax and put that in and it prompted me to authenticate. So I would recommend you putting sudo in front of it so you don't have to worry about the graphic thing popping up while you're in the command line terminal asking you to type in your root password. But I'll let you read the man page or follow the link that I've got to geeksforgeeksorg for some of the other examples for using this for some of the other examples for using this.

01:45:42 - Jonathan Bennett (Host)
I've got to say that hostnamectl, if it just had a nifty graphical icon showing what OS you're running, it would be a great NeoFetch replacement.

01:45:53 - David Ruggles (Co-host)
Yeah, running it without any options provides quite a bit of information, including the firmware age, which is kind of interesting.

01:46:00 - Rob Campbell (Co-host)
Yeah, to change my command, my uh string. There I've always just been as root, just typed host name and whatever I want, like you can.

01:46:10 - Jonathan Bennett (Host)
You can also set it in. On most systems it's slash edc slash host name. Yeah, to actually set the host name itself.

01:46:17 - Rob Campbell (Co-host)
And I usually like to give a little more interesting names than what my motherboard is.

01:46:23 - Ken McDonald (Co-host)
Well, I use it on my system so that when I SSH in, it gives me the prompt for the system I'm into and it makes it easy to tell me at the terminal whether I'm not SSHed into a remote system or not.

01:46:39 - Rob Campbell (Co-host)
You just have to know the names of your machines, like I've had freddy and janice and I, uh, I went with marvel for a while, so actually I had hulk and iron man and you can. I was completely joking about that, but I've had like I, I've changed my structures every once in a while, which really isn't a good IT tip but, I'd be like Diamond and you need to have a host name structure so that you can know just from the name what something is.

01:47:13 - Jonathan Bennett (Host)
So if you want to be Marvel or whatever you just Star Wars, Marvel characters or laptops, Star Wars characters or desktops, Star Trek characters or servers. There you go.

01:47:28 - David Ruggles (Co-host)
Yeah, I still have my Hulk machine up, so I just SSH into it. So if you look at my shared screen over there, you can see it.

01:47:45 - Rob Campbell (Co-host)
So if you look at my shared screen over there, you can see it. So do you do the.

01:47:49 - David Ruggles (Co-host)
ASCII art for all of yours too. Well, I didn't do my own ASCII art. I went and found it and it turns out they don't have ASCII art for all of them, so I gave up on that.

01:47:59 - Rob Campbell (Co-host)
But they did for Hulk man. You really, your machines are not cattle.

01:48:10 - Jonathan Bennett (Host)
They are pets, oh goodness. Well, that seems like a great place to end the show. I will give each of you a minute to plug or get the last word in on whatever you would like to.

01:48:25 - David Ruggles (Co-host)
We'll start with David, all right. So I came across another little interesting thing this week that I was not aware of, so I've got a link to it in my ending notes. It's called Rusk Desk and it is the open source alternative to team viewer. Yes, so I was not aware of it before coming here us to this week, so if you haven't been aware of it before, I wanted to point it out and to harken back to what we were talking about earlier in this very episode about, you know, open source making money. They have a pricing structure where they are offering services on top of the open source product 2FA, some other functions auditing stuff like that.

But if you self-host it, it's encrypted and you can keep all of the data on machines that you control, so it can be useful for that as well. So it looks pretty interesting and I just wanted to mention it.

01:49:37 - Jonathan Bennett (Host)
Yes, we've talked about RustDesk before.

01:49:39 - Rob Campbell (Co-host)
Yeah, david, I'm very ashamed of you. You need to go back and watch all of our episodes, because I have had this as a command line tip and talked about it a few times. But, I kind of stopped after they locked down Because they used to have the server piece used to be completely open source. I believe that's what they locked down like a year ago and said not anymore.

01:50:02 - David Ruggles (Co-host)

01:50:03 - Jonathan Bennett (Host)
Oh well, I don't get to the GitHub. There are, unfortunately, some questions about Rust Desk. One of the ones that I've seen people ask is where exactly are they based out of? And it's one of those weird situations where it's like, oh, they're technically based out of Singapore, but all of the people actually writing the code are in China, and so it's just kind of there are questions about it.

01:50:27 - Rob Campbell (Co-host)
Yeah, they may have. They may have. I don't know if they've changed again. I haven't looked at it for a while, but I know for a while. There, like all of a sudden, I was like, oh, there's some great features here, let me go get it from their GitHub. Oh, you have to. Well, at the moment there, you couldn't even get it at all because, yeah, we're changing things and we pulled this code off of there and you couldn't find any forks of it. So it sounds like they've at least brought it back in some form, and maybe it's not free, maybe I do need to check it out again, which I really did like.

01:51:00 - Ken McDonald (Co-host)
Definitely check out the website Because right at the top, white lettering on a red background, it says warning you may be being scammed If you are on the phone with someone you don't know and trust. Who has asked you to install Rust Desk? Do not install and hang up immediately.

01:51:25 - Jonathan Bennett (Host)
That is pretty good.

01:51:26 - Ken McDonald (Co-host)
Trying to steal your money or other private information.

01:51:29 - Jonathan Bennett (Host)
I kind of wish that TeamViewer and all the others would add that sort of notice to their websites. So I mean that's a point in their favor.

01:51:36 - Ken McDonald (Co-host)
I need to look at it again.

01:51:38 - Jonathan Bennett (Host)
I would love to be all in on rust desk again. It's just once upon a time there were some questionable things going on around it, but maybe, maybe that's not the case, maybe that was just a misunderstanding. I am open to that being a possibility.

01:51:52 - David Ruggles (Co-host)
So well, um, if you go to the github repo, um, it starts. It says it's another remit. That stops off for written in. Rust works out of the box, no configuration required. You have full control of your data. You can use their rendervis relay server, but you don't have to. So what you get from github should allow you to do a full operation without needing them at all.

01:52:21 - Rob Campbell (Co-host)
Yeah, there was a lot more server features that they pulled away at one point. Like I said, I don't know, maybe they've brought them back.

01:52:30 - David Ruggles (Co-host)
Yeah, well, I mean. So I haven't actually run it yet, so I can't go that far, but when I was digging into it. So if I do get it spun up and tested and confirmed that you can do everything out of the box, I'll let you guys know.

01:52:45 - Rob Campbell (Co-host)
If you use it with their cloud. It functions really just like TeamViewer, where you get the code and you punch the code in and it is pretty nice. It works nice, yeah it's cool.

01:52:56 - Jonathan Bennett (Host)
All right, ken, that's cool.

01:52:59 - Ken McDonald (Co-host)
All right, Ken. Well, since Rob decided to drop it, I wanted to mention that there's actually a couple of articles out there about Raspberry Pi coming out with an AI kit it aims to deliver consistent performance for AI-specific loads.

01:53:22 - Jonathan Bennett (Host)
Yeah, this thing is interesting. I am very tempted to pick one of these up. It is the official Raspberry Pi NVMe or PCI Express hat, and then they're partnering with Halo I don't know how that's pronounced to put an actual AI processor on it, and the real question is going to be what the support is like for that processor. Are you going to be able to use it with TensorFlow and is it going to be open source? There's just questions, but the fact that it's Raspberry Pi doing it kind of makes me think that they're going to do a lot of this stuff, right.

01:54:03 - Rob Campbell (Co-host)
And being Pi AI, I think the name should be Pi Eye. You know, like the old song.

01:54:09 - Ken McDonald (Co-host)
Pi Eye, I don't know that song.

01:54:14 - Rob Campbell (Co-host)
This one goes out to the one I love, pi Eye. Maybe it's not Pi Eye, maybe it's not, maybe it's a mystery.

01:54:22 - Jonathan Bennett (Host)
Oh, that's yeah, yeah, okay. Um, as much as I don't want to, I'm going to hand it over to Rob to say whatever he wants to for a few seconds. This is sure to go well.

01:54:36 - David Ruggles (Co-host)
I thought that's what was already happening.

01:54:38 - Rob Campbell (Co-host)
That's what I always do. I say what I want, what I want, all right, so come connect with me and I will see uh say a whole bunch more what I want. Uh, robertpcampbellcom, right down there, at the bottom, right there, and uh, from there you can see this nice website here and on there is a link to let me get the right finger up here LinkedIn, which some people have connected with me there. Appreciate that, mastodon. I've got quite a few connections there and, as hinted earlier in the show, here's the place where you buy me a coffee and you keep me caffeinated and and and moving forward, and you know. So I wait 20 years from now. I'm not abandoning this open source project.

01:55:35 - Jonathan Bennett (Host)
All right, it's been fun. I think we've gotten a little loopy and punch happy here at the end, but that's all right, we're having fun. Oh, thank you everybody for sticking with us. Thank you guys for being here.

If you want to follow my work, there is, of course, over at hackaday. There's the security column goes live on Fridays every Friday morning. We've got floss weekly over there on Wednesdays. We are about to move, probably for the month of July. We're going to do a test run, move recording of Floss Weekly to Tuesdays and see if it sticks and maybe do Floss on Tuesdays going forwards, because doing Floss on Wednesday and then writing the security column on Thursday to have it ready for Friday morning is a lot to keep up with. So we're going to try to get an extra day in there to get all that stuff done. But anyway, come and check that out. And of course I've got some other stuff going on. If you really want to, you can look for the YouTube channel. I've got a.

Buy me a coffee as well. Welcome to check that out. If you want to drop some change in the tip jar. Yeah, we sure appreciate it and make sure to support twit the there's, there's the club twit. For the price of a coffee per month, you can join the club, get to be a part of the discord and support people doing great shows like this, and we sure appreciate all of you that are there as well. That it's it for us here at the untitled Linux show for this week. We'll be back next week. We're going to geek out once again with everything going on with Linux and, as you have learned from today's show, a whole lot more. But that's all right, it's all fun and we will see you next week. Thanks so much.


All Transcripts posts