Untitled Linux Show 162 Transcript
Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show
00:00 - Jonathan Bennett (Host)
Hey, this week we talk about Thwep D on the Raspberry Pi. We get caught up on what's going on with Curl. Then there's the TinyWatch, the reason maybe you should run Alma Linux. And oh yes, Gnome still worries us. You don't want to miss it, so stay tuned. Podcasts you love.
00:21 - David Ruggles (Co-host)
From people you trust. This is Twit.
00:29 - Jonathan Bennett (Host)
This is the Untitled Linux Show, episode 162, recorded July 27th. Open source invoice. Hey folks, it is Saturday and you, of course, know what that means. It's time to get geeky. Get your geek on. We're talking about Linux and we're going to have a lot of fun talking about linux, open source stuff. It is time for the untitled linux show. It is, of course, not just me today. We've got ken and rob with us, and rob, you were on top of it, you're ready to go there, had the, had the, your stand and everything. Um, so let's dive in. And we've got some've got some fun stories to talk about. We've got some interesting stories to talk about. There's one in particular that's a worrying story to talk about. But we're going to start with something real fun first, and that is Ken's going to tell us about FWEPD coming to new hardware.
01:20 - Ken McDonald (Co-host)
Yes, Our favorite 9to5 Linux journalist, Marius Nexter, wrote about the latest release of 4PD 1.9.22, adding support for the latest Raspberry Pi devices, along with other improvements.
01:36
Marius states the biggest new feature in the 4PD 1.9.22 release is support for updating the firmware on the Raspberry Pi 5 single board computer. However, even though you'll be able to update your Raspberry Pi 5's firmware with FWAPTI, this support is marked as unofficial in this release. These FWAPD 1.9.22 also adds support for always loading the flash ROM plugin when using the open source core boot loader. It adds support for updating the firmware on the framework SD expansion card, adds a PCB tag in the USI-DOC GUID to distinguish different revisions and adds an explicit HIDRAL permission to the FUPDIIservice to improve support for multiple devices. This release fixes a critical warning if a device returns unexpected data from DFU upload, fixes a critical warning if the DMI manufacturer is an empty string, fixes several integer overflows from Coverity, fixes the Blackbird and Talos II baseboard details and fixes a transient version number issue after flashing the Wacom USB devices. As always, I haven't covered everything in Marius' article, so definitely read it, especially if you are looking for support for a particular device.
03:15 - Jonathan Bennett (Host)
I am looking to see what all this brings for the Raspberry Pi, because part of updating the firmware on the Raspberry Pi is just installing the new kernel on the SD card and that's slightly less interesting. And I'm trying to figure out whether it actually updates the on-the-board firmware as well, and I'm not immediately seeing all of the details about that, but it's neat to see yet another way to support the Raspberry Pi. Not that there's anything wrong with Raspberry Pi OS, but it's nice to have options.
03:51 - Ken McDonald (Co-host)
Alternatives are great. Ask Daffy Duck.
03:56 - Jonathan Bennett (Host)
Okay, and David, I'm real tempted to just roll with the joke and call you Rob all day, yeah.
04:05 - David Ruggles (Co-host)
I'm Rob, tempted to just roll with the joke and call you Rob all day.
04:08 - Jonathan Bennett (Host)
Yeah, I'm Rob undercover. I don't know what I saw. I'm sure something caught my eye as I was introducing the show and so I said Rob, of course we have David and not Rob with us today. And no, I'm not going to just roll with the joke. I mean, we're going to call it. We're going to call David David. We're going to call it David David. We're going to call it David David and a spade. A spade, but he's got the details on some fast patching and some slow patching around the Linux world. Is this by David Spade?
04:34 - David Ruggles (Co-host)
No, it is not by David Spade. My first link is from Pharonix and Michael Larabelle, so drinks high, michael Larabelle, so drinks high. But we've mentioned before about how AlmaLinux especially since they are no longer bug-for-bug compatible with RHEL due to Red Hat's changes have really taken that and run with it, and they're an example of what a vibrant open source community can look like. And so they strike yet again with an update. So I don't know how large a community is affected by this, but those doing VFX, specifically using the SideFX Houdini 3D animation software, have been running into an issue with the RHEL 9.4 update. There's a GLIB-C bug that goes back to May. That's making SideFX Houdini practically unusable, and they're still waiting for Red Hat to release an update on that. But Amalynx has pushed it out. So Amalynx again for at least the second time that I know of, maybe more than that is taking advantage of the fact that they don't have to be bug for bug compatible with Red Hat and are squashing bugs. So that's always good to see. Just wanted to give them a shout out again.
06:14
On the other end of the spectrum, my second link is a link to a register article about Mozilla Thunderbird, everybody's favorite open source email client and they have finally squashed a bug that has been open for 24 years. That's almost as old as I am Not quite but we're getting there. It was a bug that was opened last century November 12th 1999, with missing interface capability. Those using Thunderbird with Linux desktops were not able to see the new mail notification in the system tray when new email came in, which is pretty common and maybe the only reason that there are some people sticking with Outlook. Probably not, but anyway, they finally fixed it. But there's just some funny comments. Of course you know the Register. They put some tongue in cheek in their articles, which is why I like reading them.
07:20
But in 2006, there was a complaint wondering why it had been so difficult, and that was answered with a Welcome to Mozilla's Bugzilla. Don't worry, you will get used to it. Patience is a virtue. Then, 18 years later, the fix was developed. Not 18 months, 18 years was developed, and so now there has been a patch pushed out. Let's see. There was some effort made to try to get it into the 128 esr last week, but that deadline wasn't met. So it's still coming. But good news that 24 year old bug will get squashed. Well, I guess technically as a feature request. It wasn't a bug, since it wasn't something broken. It was something missing. But that bug report will be closed sometime this year maybe.
08:15 - Jonathan Bennett (Host)
Oh, that's fun. Good for them for doing it. Hopefully it's optional. I'm not sure that I want a pop-up in my taskbar every time I get an email. That sounds stressful. Getting emails is stressful enough as it is when you get a bunch of them.
08:32 - David Ruggles (Co-host)
If it's not optional, open a bug report 24 years from now, it'll be fixed.
08:38 - Jonathan Bennett (Host)
Yeah, thanks for that. Thanks for that. Let's see. So, while Ken unmutes himself, we're going to talk quickly about AlmaLinux, and it's interesting. It seems to me that there used to be a time when companies would say make sure you use Red Hat, because we don't guarantee that this will work on CentOS. I seem to have memories of that and I wonder whether we're eventually going to get to the point to where people will say Use Alma Linux because there are outstanding things on Red Hat that haven't gotten fixed. Is Alma Linux going to become the new preferred solution for people?
09:18 - David Ruggles (Co-host)
Well, if it doesn't, it's at least. If they keep doing this, it's going to put a lot of pressure on Red Hat to step up their game, and competition is never bad.
09:30 - Jonathan Bennett (Host)
Yeah, there is the slight problem with this bit of competition, that, uh, that taking paying users away from red hat does not help alma linux, because alma linux is a downstream like there's a. It's just a little. It's a little complicated, right. Um, just because of the way that that relationship works, we kind of want Red Hat to be healthy financially because they do sponsor a lot of work on Linux and the kernel and all of that. So it's complicated.
10:11 - David Ruggles (Co-host)
Well, red Hat has a huge quality assurance and testing apparatus around their rollout, so I still think that they're going to be preferred for core mission critical things. But having an alternative where, if you need something patched, you can jump to it quickly and then jump back because you know it's binary compatible, is very useful.
10:35 - Jonathan Bennett (Host)
Yep, yep, that's true, that is true, all right, well, on to our third story. I do not look forward to talking about this. One Gnome worries me still. This is not the first time that we've had this conversation, guys, it's. You know, if I had a nickel for every time we had this conversation, I'd have two nickels, which is not a lot, but it's weird that it's happened twice, right?
11:02
So GNOME has banned one of their board members from the community for a code of conduct violation, and that's not necessarily the problem. The problem is, in my opinion, that they've done it in secret, and that is essentially like that's the headline Nobody knows why. As far as I can tell, they still don't know why. They they've still not made any real substantive announcements about what's going on here. Um, it's, it's, it's not great.
11:42
Now, there's a few, there's a few pieces to this, right. So when, when you get into the um, the legal realm, you begin to have, you begin to fall into, like these areas where you talk to a lawyer and your lawyer says do not talk about this publicly, everything that is said publicly needs to go through legal counsel, right, and that's, that's like a thing. Because there's, you get into liability issues, and so sometimes, when things are happening legally, you just you don't talk about it. On the inverse side of that, when you're running an open source project and when you're running, you know, an open project, not just talking about open source, but like when we're trying to run a project on the principles of openness and transparency you want to be able to make these things public, because that's what you do when you're running a transparent project. There's also some principles about people being able to respond to their accusers and all of that, that sort of play into this.
12:41
But all of that to say, I don't think it is acceptable for a board member that was voted on and voted into the board by the community, by the members of the GNOME Foundation, to be removed without an explanation as to why it's really problematic. And then you have something else that's happened since then, and that is that a member of the in fact it was like the lead Manjaro developer committed the unpardonable sin of linking to a Lunduk article in the Gnome discourse, which landed him a lifetime ban from the project as well for linking to an article. That sort of behavior, well, for one thing, it spends goodwill, it evaporates goodwill, in fact, and the capacity that I would have had to assume the best about the leadership at GNOME, hearing that they banned someone for their from their community for linking to an article that they you know they did not approve of the person that wrote the article. The fact that that resulted in a ban, that evaporates my capacity to, um, think well of them and and so I'm, I'm GNOME, I really am specifically the GNOME Foundation and I don't want to overreact to this. But there comes a point to where you have to start thinking about forking the GNOME Foundation.
14:27
I don't even know how that works, but, even more broadly than that something I thinking about as I've looked at this throughout the week we probably have some work to do to figure out how you codify openness into, like, the articles of a foundation. So, like, how do you? So? We, we have the osi definition for code and we know how to make code open in the license that. There may be some work that we need to do. How do you codify openness into the articles that make up these organizations that control it? Um, so I don't, I don't, I don't know. There's a lot of, there's a lot of unknowns here, um, but I, I have, I have some very strong hesitations about the future of the gnome foundation and put it that way, and I think it's not just me. Uh, from what I've been reading, there's a lot of this, uh, from the community, where people are absolutely fed up with, um, the heavy handedness, but also the secrecy that goes along with it. So I will turn it over to you guys. What do you all think?
15:35 - David Ruggles (Co-host)
I think, if nothing else, there will be to quote Microsoft learnings from this for everybody else, because sometimes you learn by going through stuff, sometimes you learn by watching somebody else fail spectacularly.
15:54 - Jonathan Bennett (Host)
Yeah, that's true, that's true.
15:57
And so, like I don't know, I guess there's definitely a possibility that Sonny Piers, I believe, was his name, like he could have done something bad enough to deserve being banned, right, like I guess that's a thing, although personally I have hesitations about the entire idea of someone doing something outside of the project.
16:25
In my opinion and this is just my opinion for what it's worth, but in my opinion you should write your code of conducts such that code of conduct enforcement only happens for things that happen inside the project, because what somebody does outside the project, that's their personal lives, and you really don't want to go down that road of kicking people out of your project for things happening in their personal life. It's not a good place If you really think about it. Nobody wants that, Because that opens the door to a lot of things that are just not very nice. So, in my opinion, if you want to have a code of conduct, that's fine, but it needs to be written strictly, such that you only enforce things that are officially done in the project. And then I am beginning to feel very strongly, on top of that, that it is just a bad idea to have your code of conduct committee siloed off away from the rest of the project. I think that's a bad idea. They need to be.
17:22
For one thing to the project. They need to be answerable to the project, but they also need to have to borrow another turn of phrase skin in the game, like they need to also be contributors, um, because otherwise they just don't. There's no real good understanding of the things that are going on in the process anyway always looking like, say, for a representation of your peers yeah, okay, so that's a.
17:48
That's a. That's a fair question, like do you want your code of conduct community to be peers, sort of like a jury? I think so. I think that probably makes sense. I don't know, there's obviously a bunch of different opinions on the entire idea of code of conduct and I think, sort of as, like the open source world, we're still growing up into this and trying to figure out how it's going to work. And, like you say, dave, like you say, it's a learning opportunity. People are looking at this and going, oh okay, this is something to be aware of. Hopefully the lessons will be learned, and I would like to see I don't use GNOME, but I would like to see the GNOME Foundation get back to a place of healthiness and trustworthiness.
18:39 - Ken McDonald (Co-host)
But I think there's some work to be done and something else is they need to include in the Code of Conduct a method of appealing any policies coming out of it.
18:57 - Jonathan Bennett (Host)
Yeah, that's probably true.
19:00
True, that's a good point. Um, so derecho has a point here that is interesting and I don't know, um, I don't know how much I want to get into this because it gets into political stuff, but he says trial by jury has a serious problem with consistency for various reasons. In some cases that's a feature, not a bug, because, like there are times that if you just blindly apply the law, you end up in weird. So blindly applying the law finds weird corner cases where you then look at it and go, oh well, that's certainly not what was intended by that law or, you know, that is not actually appropriate in this case. So like that's part of the purpose behind trial by jury is so that human beings with their own, like, common sense can write something that's wrong sense can write something that's wrong, um, anyway, anyway. So we could talk, we could talk about this, but again it kind of veers off into into political things that just we're not interested in talking about here. So, um, anybody have any more thoughts on that before we move on?
20:09 - David Ruggles (Co-host)
I feel like I'm I feel like I'm walking on a balancing beam here, like oh I want to talk about it, but I don't talk about it too much maybe we virtually are I guess technology punditry right there, I mean because we want to focus on technology, but life tends to keep getting in the way technology would be great if it just weren't for all the people in it, to borrow a saying from a different realm.
20:36 - Jonathan Bennett (Host)
All right, Ken, let's talk about VirtualBox then.
20:40 - Ken McDonald (Co-host)
Yes, and here we're hearing from both Bobby Borosoff and Marius Nestor. They wrote about the VirtualBox 7.1 beta release, giving us a sneak peek at what is coming beta release. Giving us a sneak peek at what is coming. They both talk about the update's revamped Qt 6-based graphics user interface tailored to different expertise levels basic and experience. Morris even talks about Wayland's support for clipboard sharing on both Linux guests and hosts clipboard sharing on both Linux guests and hosts.
21:20
Virtualbox 7.1 also promises updated Oracle Cloud infrastructure with new functions to clone and reset compute instances, as well as support for the performance dashboard to display resource usage for local virtual machines. To display resource usage for local virtual machines. It promises to improve the performance of the screen recording functionality on all supported platforms, update the Oracle VirtualBox extension pack to adjust the PUEL license by removing the duplicated evaluation option and add a new MSDB slash KEX certificates to newly created virtual machines. Virtualbox 7.1 Beta introduces a comprehensive overhaul of its network address translation engine, including support for IPv6, expanding connectivity options and future-proofing the software. If you are using the latest Apple hardware, you will be glad to hear about the software extending its support to the macOS on ARM hosts, enabling ARM virtualization for Linux and BSD VMs. Since I've just covered some of the improvements, I do encourage you to follow the links in the show notes if you want more details about VirtualBox 7.1 Beta and how you can try it. But I would not recommend it on a production system.
22:47 - Jonathan Bennett (Host)
No, no, probably not, ken. I can't help but think of the old John Wayne movie Quiet man, where the antagonist, every time he sees John Wayne's character, he will carry a handkerchief around with him because he's got this thing. It's like he hates him and so he spits every time he says his name Towards the end of the movie. They're forced to cooperate together. So he has this handkerchief and every time he says his name you can tell he covers his mouth with the handkerchief and spits into the handkerchief. That way nobody can see him do it. That's ken with oracle right now. Uh, so I am, uh, yeah, I'm. It's interesting to see this continue on and the things that are new in there wayland support for clipboard sharing that would actually be pretty nice. Something about the clipboard on Wayland is just weird. I've continually had just edge corner oddness with the clipboard on Wayland.
23:46 - David Ruggles (Co-host)
Yeah, it's all the security enhancements preventing applications from seeing each other, that they just don't support that global sharing all that well they're still working those bugs out?
23:56 - Jonathan Bennett (Host)
Yeah that's probably true.
23:57 - Ken McDonald (Co-host)
An easy way to turn on the backlighting for your keyboard.
24:03 - Jonathan Bennett (Host)
I think that works mostly now at least I found a hack for mine. It depends upon what keyboard you're using. Like if you're using a Razer keyboard, you've got to build an out of tree kernel module to make it work, which doesn't have to be a kernel module.
24:20 - Ken McDonald (Co-host)
well, actually I found hardware support's weird manual systemd service that you can sit to run every five seconds yeah, that sounds manual.
24:33 - Jonathan Bennett (Host)
system D service that you can sit to run every five seconds yeah that sounds great, otherwise, when you hit the num key or the shift lock, it'll turn it back off. Yeah, that could be a problem, I suppose. And turns the backlight back on. Wow, oh boy, that's great, which is why today I'm running with the X server.
25:12 - David Ruggles (Co-host)
Understandable, I'm sure Wayland will get fixed within 24 years.
25:16 - Jonathan Bennett (Host)
I mean, mean, it's been almost that long they've been working on it, right? Uh, okay, save us, save us, david, by uh telling us about the newest open source smartwatch that we can actually afford uh, yes, you can afford it.
25:31 - David Ruggles (Co-host)
It it's actually available. It is the TinyWatch S3. It's an open source customizable smartwatch powered by ESP32 S3 system on a chip SOC. I'm not sure that all of us should be running out to buy one. In fact, I find it very interesting, but I don't have the time or resources dedicated to it. So you won't see me wearing one Because it does not come with. It's not breadboard compatible. It does not come with any headers. However, it is completely open source, both hardware and software.
26:15
The repository has KCAD or KiCAD. It's K-I-C-A-D Design files and schematics. It's got the firmware files, the STL and STEP files for the case example projects. So if you've always wanted to experiment with what you carry around on your wrist, this is an open source project for you and it's pretty neat. It's rectangular, standard watch face size, does not include the battery or watch band, but you can buy it for only $60. So if it's something you've got some time to kick around with, something to play around with and it seems interesting to you. It does have a clock chip. It's got sensors, six axis IMU, magnometer, I guess the microphone. It's got magnetic buzzer, haptics motor. There's a few buttons on it. There's a power on-off button, a reset button, a boot button. It does have ESD protection on the USB and buttons Two LEDs, one for power and one to indicate charging. 3d high gain antenna. So it's got some potential and it's always cool to just see open source spreading into all form factors.
27:45 - Jonathan Bennett (Host)
Yeah, the ESP32 S3, that is a fairly capable little microcontroller. Now you're not running Linux on it, but you can do quite a bit with it. You can do C++ code, do quite a bit. I would love to see something like this that had GPS and LoRa on it. So I've got in fact I've got one a little band. This is from Lilygo the T-Impulse, I think this one is called band. This is from Lilygo the T-Impulse, I think this one is called, but it does not have the ESP32-S3. This has a much lower power chip on it and so limited in what we can actually do with it. But this is cool. There's a lot that you can do with this sort of thing, with custom firmware or or, I'm sure, even with their, with their firmware?
28:38 - David Ruggles (Co-host)
do you know what the battery life is like?
28:39 - Jonathan Bennett (Host)
it doesn't say in the review of it here that's one of the other things that's tricky on devices like this. How do you get decent battery life without making the thing massive?
28:50
by having it turn itself off periodically well, yeah, but that gets tricky too, because you you know you want to be able to see the time and so you know then. Then you build things into it like shake to shake to wake. But if you're too aggressive with trying to save battery life then the thing will go into hard hangs where you've got a hard, boot them to get them to come back up, and it's, it's fun. Yes, I've done a little bit of embedded development. I know where some of the pitfalls lie, but it's cool. Hopefully people will jump on board with this. Usually this sort of project has a fairly low barrier to entry. It's much easier to get in and hack on this than something like the Linux kernel, and so somebody interested in just doing some I assume it's in C++, that's what a lot of these are written in these days wants to do some of that kind of hacking. This would be a great project to jump in on and try to do some simple stuff.
29:40 - David Ruggles (Co-host)
It mentions that if you've got some Arduino experience Arduino Core framework specifically that would be yes, so Arduino.
29:48 - Jonathan Bennett (Host)
Okay, it's Platformio and Arduino. Yeah, so the Arduino Core, the Arduino framework, has taken over the embedded world. There are Arduino core sort of layers for a lot of embedded chips, and this Platformio plus the Arduino framework is really pretty popular. The MeshTastic firmware that I work with is exactly what we use. We could probably run MeshTastic on this. Just without a LoRa chip, it's not going to be very useful. That's sort of the main thing that we try to do so without that being on there. But yeah, like I say, though, this would be a fun project for somebody that really wants to get kind of dip a toe into embedded development, I think this would be a really fun one to start with.
30:33 - Ken McDonald (Co-host)
And it even comes with a sample Hello World app.
30:37 - Jonathan Bennett (Host)
There you go. There you go $59, not too bad, all right. So let's see what else do we have? Oh yes, oh yes, rust, rust in the kernel. Some fun things have happened. Rust in the kernel. Some fun things have happened With kernel 6.11, the notable thing here is that we've got a minimum Rust toolchain version as opposed to a precise Rust toolchain version.
31:04
This is actually a much bigger deal than it sounds, and one of the things that has been a pain about Rust in the kernel is they're having to do so much development on the Rust language and the Rust compilers as they're doing development on the Rust kernel and so like with each version of the kernel. It's been okay. You've got to use, you know, rust 1.0. 1.75 for this version of the kernel and that's the only one that it'll work with. You can't use 1.76. You can't use 1.74. It's got to be 1.75, right. And that's just because things have been changing so fast to make this work to work with Rust 1.78 and 1.79 and 1.80, as well as the current beta and the current nightly, which is probably going to be in 1.81 and maybe 1.82, right. So you've got three to five versions of Rust that are going to work with this one kernel release, and what that does is it makes life way easier on distro developers, but it also will make life a lot easier on end users who want to run a newer kernel on their maybe slightly older distro. It's going to make it way easier to build it and get the Rust support in there, and so this is a good thing.
32:34
And then, also with this, something that is in the Pharonix article is that Upstream Rust has now added the kernel to their continuous integration tests, and so if they make a change that breaks kernel compilation, they know about it right away before it gets pushed out. And so you know, not to say that that won't ever happen, but it will now happen in a coordinated sort of way. And so, you know, rather than a surprise breakage, they're now going to be able to say, you know, let's say, in three versions from now, this happens. So okay, so kernel 6.11 works up through Rust version this, and then here's where the changeover happens. So okay, so kernel 6.11 works up through Rust version this, and then here's where the changeover happens. And so if you're doing you know, kernel 6.13, you're going to need this version of Rust, you know, whatever, but it's going to be. You know it'll be published and be a lot more flexible.
33:26
So again and we've talked about this before but this is Rust in the kernel, but it's also the kernel language itself kind of growing up and maturing into this idea of really being usable here. And we had a question last week about whether there's any actually useful Rust code in the kernel and I tried to do some research on that. Somebody pointed out the Asahi GPU driver and yes, that's written in Rust. As far as I can tell, it's not actually landed upstream yet. So I'm still not sure that we have any useful Rust, like actually usable Rust in the kernel yet. I don't know. I didn't have a whole lot of time to look into that, but I did spend some time this week trying to find that and was not able to pin down an answer on that one.
34:16 - Ken McDonald (Co-host)
Well, my command line tip later is going to demonstrate Rust being used in user space.
34:23 - Jonathan Bennett (Host)
It's used in user space all over the place. So yeah, interesting stuff. Do we want to talk about curl? Well, it depends, do you want to curl your hair or not.
34:39 - Ken McDonald (Co-host)
No, I don't curl my hair, but I curl downloads then and I do apologize if I butcher this cynthia kumar palani, also known as sk of OS Technics, tells about Daniel Stenberg announcing the latest release of Curl 8.9.0, one of the oldest software still in use. This marks the 258th release of Curl, with a whopping 260 bug fixes, 11 changes and two security fixes Two security fixes That'll definitely curl your hair. The security fixes address CVE 2024-6197 and 2024-6874. I'll let you look up what those are about. 6874. I'll let you look up what those are about.
35:37
Curl 8.9.0 also introduces several new command line options to enhance its functionality. Users can now set the IP type of service traffic class with the dash dash IP dash TOS option. Then you have the dash dash MPTCP option, which enables multi-path TCP for connections. That should come in handy, and then also the dash dash VLAN dash priority option, allowing you to set the VLAN priority field for IP traffic. There's also the dash dash keepalive dash, cnt or count option, letting users specify the number of keepalive probes before marking a connection as dead. Now improvements include GNU TLS and Wolf SSL, supporting CA caching, significantly speeding up serial TLS connections. Embed TLS. Add support for C-U-R-L-O-P-T underscore C-E-R-T-I-N-F-O. I would want to say that. Curl up cert info, allowing applications to retrieve certificate information. The URL API introduces I'm going to try saying this instead of sounding out the letters curl-you-know-gas-scheme for better scheme detection, I've provided a link to the SK's article if you want more details about this update and how to download and install it.
37:21 - Jonathan Bennett (Host)
Yeah, interesting. So there's something really fun in this particular release of Curl. You talked about those security vulnerabilities. One of them was it's a crash. It could maybe be used to run arbitrary code. It's a double free, I think but it's in the handling of certain like ASN.1 security certificates. And in the description of the bug the curl guys say this is specifically a c program error and and what they mean by that is this is a glitch. That was done specifically because this is written in c and if it was written in another language this probably wouldn't have happened. And I read that and I'm like, hmm, somebody's getting the rust slash go bug. I wonder if we're going to see another language pop up in curl eventually.
38:19 - Ken McDonald (Co-host)
It really intrigued me when will be the first time they've taken and converted one of the utilities we use from C or C++ to curl or to Rust?
38:28 - Jonathan Bennett (Host)
Yeah, we talked to. About a week and a half ago we talked to the Rust Core Utils guys on Floss Weekly we talked to about a week and a half ago. We talked to the Rust Core Utils guys on Floss Weekly and, interestingly enough, after we had that conversation, I got a comment from one of the OG Core Utils guys. They're like hey, how about us? We'd like to talk to you too. Okay, fine, so that's going to be interesting. When have you booked them? In? A couple of weeks from now.
38:59
Let's see I can pull it up for you did you ask if they were available the 30th. No, the the 20th. Um, they are. They are set for august 20th. Uh, yeah, no, I was hoping that they would go for the 30th. You, we like it when people line up earlier rather than later, but no, this is what worked out for them Anyway. So, yeah, that's fascinating with curl, though I wonder whether we're going to see something in there eventually. What's next Another? Oh, homebrew. Yes, david, let's talk whole homebrew, yes.
39:36 - David Ruggles (Co-host)
David, let's talk about homebrew and work brew.
39:40
Yes. So the irony of me talking about homebrew is I am an avowed anti-Apple non-fanboy, but we're talking about open source and I do like me some open source. So I linked to an interview that touches on the open source history of Homebrew and a discussion with the originator and primary developer of it, mike McQuaid, who is a Scot from Scotland, and it's got some interesting notes in there. So, first off, it starts out talking about the fact that across all operating systems, there are still 101 different ways of trying to update packages, whether they're open source or commercial, closed source and it talks about the issues with all of them, even Linux, our beloved language. You know you have to use apt or dev or rpm or dnf or yum or whichever the latest package has been released, to centralize them all and become, you know, the package manager to rule them all.
41:09
There's always some inconsistencies. There's always some issues. Windows isn't much better. Recently there's been a few things that they've released, but Homebrew is specifically focused on Mac. So Homebrew was originally created for developers and if you speak to any developer that uses Mac, there's a pretty good chance that they're using Homebrew. It's designed to keep the dependencies that are needed for developing, testing and running updated. But it has grown beyond that. It has methods for installing graphical and proprietary applications, managing background services and creating reproducible lists of what's installed on a machine, which are all extremely useful pieces of implementation. Sorry, I did kind of flip that, but one of the interesting things about it is that at various points in its history it has been the most popular and contributed to project on GitHub, which is.
42:17
It's always impressive to see something with so much passion in the community, so it was started in 2009 by Max using the Ruby programming language. It's been consistently popular. As I mentioned, there's been a couple of other things out there, but Homebrew has really just kind of taken over. And see, I already mentioned we're interviewing Mike McQuaid here and he had a decades-long role at GitHub and then moved on to found his own company. Interesting he was asked what it's like maintaining one of the largest open source projects, largely in your spare time, in the Northern extremities of Europe, and he said over here tech's not nearly as big as it is in the U? S, but he had a young lad come up to him in the gym today and said oh, you're the homebrew guy. I can't believe a tech celebrity goes to my gym. He said as a Scot, it made me cringe a bit. Public recognition and compliments are rare, so you know, a little bit of culture shock there.
43:29
But one of the things I thought was really interesting about and this just kind of is something that you know we talk about open source projects a lot and all of that he described the people who, when you're running a large project, a popular project, you get a lot of hate from people, people who are just frustrated because they hit a bug or because you changed something and they didn't read the release notes and they don't like the change and now something's broken.
43:58
So how does Mike handle that? He said there are a lot of entitled, noisy users in open source who contribute very little and like to shout at people and make them feel bad. One of my strengths and this is something we all can learn is thick skin is that I have very little time for those people and I just Insta-block them or close their issues, and that is very necessary. But all that to lay the groundwork that he is creating a spinoff from Homebrew called Workbrew, which is going to be a paid product specifically used for IT companies that need to manage Mac OS, and it's got some business specific stuff. I'm not going to delve into that because this is not a Mac show, but he is an open source purist. And he also said we've seen a lot of churn in the last few years from companies that made licensing decisions five or ten years ago which have now changed quite dramatically and have generated quite a lot of community backlash.
45:05
We've talked about that on this show. He said I'm very sensitive to that and I am a little bit of an open source purist in that I still consider the open source initiatives, definition of open source, to be what open source means. If you don't comply with that then you can be another thing, but I think you're probably not open source. And he is focused on keeping work brew and home brew separate and maintaining a home brew as a purely open source product, moving forward with work brew, just building off of that for business specific needs. So really cool. As a purely open source product, moving forward with Workbrew just building off of that for business specific needs. So really cool article, really cool person. Always cool to get perspectives of open source people from other cultures and things and they're perspective and stuff. So it's very interesting.
45:51 - Jonathan Bennett (Host)
Yeah, okay, so I have used Homebrew back in the past. Once upon a time I tried to give somebody a custom VPN for specific reasons on their Mac machines and to install boy, I think it may have been OpenVPN back then, but anyway to get that installed on the Mac. Homebrew was the way that we did it. So I've had a little bit of experience. Uh, experience there and yeah, it's great. There's all kinds of it's it.
46:20
Homebrew is basically a uh, um, a package manager. Like you know, you have dnf and fedora. It's like the package manager that you wish mac os had. Um, so it, it's a pretty cool project. Um, there is also Mac ports. Uh, we have a user uh, I am not going to try to pronounce that name. Uh, we have a user in the discord that is talking about the difference between Mac ports and homebrew and why he uses Mac ports instead of homebrew. Um, but, uh, you know, it's worth noting that there is an alternative out there.
46:56
That idea of pushy users being a problem is is fascinating. Uh, is simon phipps? Uh, noted one time that one of the ways that open source projects get in trouble is they let the project start to be run by those, um, by that set of users that doesn't really contribute anything but is very you know it's very needy and very demanding, and one of the one of the ways that open source projects die is by giving in to that group of users and I thought that was that was interesting to think about as a danger that we don't talk about very often. So it sounds like he is um tuned into that group of users and I thought that was that was interesting to think about as a danger that we don't talk about very often. So it sounds like he is tuned into that possible, that possible problem.
47:42 - Ken McDonald (Co-host)
Why am I thinking of the phrase prima Donna when I hear that?
47:45 - Jonathan Bennett (Host)
Yeah something like that. Yeah, it's interesting and I think it's fun that they are trying to do this business-oriented version of Homebrew. If you go to their website and do some of their documentation, what they're trying to capture are businesses where the employees would love to use Homebrew, but the business IT department doesn't want them to install it on their machines, and so it's like they're trying to make a corporate version of it. That's going to be more palatable and I think that's interesting. It's kind of one of the old ways that open source has made money and that is a business to be able to use anything they're like. Well, we have to get an invoice for it.
48:35
And you know, in some cases the open source project is like we don't make invoices and it seemed to me for a while. It's like maybe we just need to make a business. And I think the moment has passed, but maybe somebody just needs to make a business. That is all about charging people for open source because they can't use it otherwise. Like, let somebody handle that for you. Uh, every everybody would win. But I think we're kind of past that. So I I was too young to make my millions by by that idea um, I think it's still a valid opportunity to resell yeah, and you.
49:14
You have people like Tidelift and a couple of other projects that are out there now trying to do that sort of thing. But anyway, I wish the homebrew and now workbrew guys all the best. I think it's a neat idea and it could be things. We should name the show the Open Source Invoice. I like it.
49:37 - Ken McDonald (Co-host)
It sounds like WorkBrew would give the IT department a method of installing it for those users. I could do this with Homebrew.
49:49 - Jonathan Bennett (Host)
No, you can't. Yeah, bring your own IT. It's a problem in some cases and I know, I know some IT departments really don't like it.
50:02 - Ken McDonald (Co-host)
Almost as much as they don't like BYO, bring your own device.
50:05 - Jonathan Bennett (Host)
Yeah, yeah, sometimes the whole shadow IT thing is even worse, though. You know, you hear stories about servers set up in the bathroom that nobody uses and alternate email accounts that are officially unofficial, and all of that. It's great, crazy stuff, crazy stories out there. All right, we've got one more linux story to talk about, and, uh, fedora went for it, and hopefully this is not going to turn into us being worried about Fedora. I don't think it will, because it looks to me like they have been very careful about trying to do this the right way, and so what this is is Fedora is now going to have telemetry. They are going to collect data, but it is opt-in. It is not on by default, it is strictly opt-in. It is not on by default, it is strictly opt-in. And then they're also taking care to not collect identifying personal details. They're not going to collect IP addresses. There's going to be efforts to prevent fingerprinting, and the other thing that they do is they categorize it, and so I believe you can even turn the different categories on and off.
51:15
I think is part of this. And so they're talking about hardware details. They want to know what CPU are people using? What graphics card are people using? What camera are people using, and then things like system settings, what's your display language? What accessibility features are actually being used out there, and then they've got desktop usage patterns. That's going to be things like what applications are people actually using? How many open workspaces are there, performance reporting, which is disk memory usage, and then evidence of problems, which is counts of system crashes out of memory events and app crashes. Of course there is more information that Fesco has memory events and app crashes. Of course there is more information.
51:59
But Fesco has unanimously passed this 6-0. It is cleared to be part of Fedora Workstation 42. So they've gone for it. They're doing it. They're doing metrics in Fedora and, like I said, I think the way that they're doing this, they're being very careful about it and, especially because it is strictly opt-in, I don't really see that anyone should have a huge problem with this. If you don't like it, don't turn it on and yeah, let the rest of us go about our business. If you don't like it, don't turn it on. Yeah, you don't like it don't turn it on.
52:36 - David Ruggles (Co-host)
Yeah, so I mentioned that we can learn. You know, projects can learn by watching people go down in flames, other projects go down in flames, but we can also learn by watching people do it right. And you know we like to pull out the Steam survey and say hey look.
52:54
Linux is up there. But those sorts of things only happen because there are people submitting analytical data. So you know, I always try to turn that stuff on for all of my stuff, because you know I don't have a security issue and I want to get representation. But you know, if you do have a reason to not do it, you don't have to and that's the right way to do it.
53:16 - Jonathan Bennett (Host)
Yeah, and we don't need to know the reason that's true uh, the the pharonix comments are, um well, so far they've been refreshingly sane. I'm sure if I keep going, it's going to get worse and worse, because that's just what happens in the pharonix comment forums. Uh, so anyway, uh, yeah, good, good, good for fedora for doing this the right way. It seems like they tried to do this a few versions back and they did not do it the right way and there was quite the user backlash from it. Um, but, uh, yeah, this, uh, this seems like a decent way to go is this before or after?
54:00 - Ken McDonald (Co-host)
Audacity tried it.
54:02 - Jonathan Bennett (Host)
I don't know and, to be fair, the Audacity one was not as bad as it seemed and Audacity also listened to their users and made changes to the way they were going to do it before they rolled it out right, so it did not go as badly as it could have for what it's worth or as badly as the media was reporting it yeah it, yeah, yeah, all right, let's uh, let's get into the command line tips and ken is going to take it first and is going to talk about core utils.
54:41 - Ken McDonald (Co-host)
Yes, jonathan, I can thank you. And the recent Floss episode where you interviewed the Rust core utils maintainer, silvestri Ledru I think I'm saying that right, mm-hmm. So I decided to check the Rust core utils out. So I decided to check the Rust core utils out. Now I have captured the screen showing output from the core utils after I installed the Rust core utils, which is actually a multi-call binary similar to DistroBox, containing all the commands currently implemented. They can be seen by typing of all things coreutils, space, dash, dash, help. As you'll see in my first screenshot. If you've got the show notes open, you can click there. I'm going to go ahead and post the document I'm talking about into the live chat as well and give me a minute here to do that for you, and let me know if I don't have it shared properly this time.
55:46 - Jonathan Bennett (Host)
Well, you know, just as long as it gets shared, by the time people try to watch it.
55:51 - Ken McDonald (Co-host)
Yep, but if you look in the first screenshot you'll see it's got a. He gives the core utils a version and then in parentheses says it's a multi-call binary, gives usage how it's used. In other words, core utils, whatever function you want, and then any argument you need, and then it gives the currently defined functions as of running core utils 0.0.27. And if you quickly glance through there, it does have the common ones, cpls, even DATE, and some of the ones that we've covered over the episodes for the GNU Core Utils. But I went ahead and demonstrated using the command, say ls, by typing core utils, space ls, followed by ls. Then to find all of its, its options, I went ahead and did a dash, dash help. That actually turned into uh seven full screens, but I only put the uh first two and the last one that had into the screenshots I've got there.
57:08
Instead of having you look at everything, you can always uh install it yourself if you want to see all of them. But the one I really thought that you'd like to see, john, is where I used the coreutils space cp. Now with this one I did a dash g, which is a shorthand way of saying dash dash progress, as y'all were talking about in the floss episode, and that's the very last screenshot I've got there. You'll see it's got a progress bar. The file I copied wasn't that long so it was real quick. I probably needed to put a time in front of that so you could see how long it was taken for some of this, and that would be a good task for you all. If you want to play around with it is, do a time and compare the time using the GNU Core Util, say LS, to see how long it takes compared to the Core Util LS command.
58:16 - Jonathan Bennett (Host)
Yeah, that could be really interesting. All right, very cool. Uh, david, what do you have?
58:23 - David Ruggles (Co-host)
well, due to work requirements, I was not able to join you all last week um, but last week there was a massive catastrophe um is that what you were working on last week? No, it was not actually.
58:41
It's completely unrelated to that, but I wanted to mention that if you have a situation where somebody screws up your Windows machine and you're stuck in a boot loop, yes, you can use the Windows re-execution environment and you can use all the other tools. But hey, Linux has options and we do have a way to mount BitLocker encrypted drives. So I've got a link to a process which I'm not going to go through because it's pretty involved, but I just wanted to make sure everybody knew that it was possible. So if you need to do it for some reason, you can. So the link is to Linux Uprising blog post on it.
59:24
There's a lot of other ones out here, but it uses a tool called DisLocker D-I-S-L-O-C-K-E-R, which is a tool for reading BitLocker encrypted partitions on both Linux and Mac OS. When you use that tool and it's in all the standard repositories so you should be able to just DNF install this locker, or apt install this locker, depending on your preferred flavor. Um, it's going to. You're going to um find your bit locked partition. Um, you can use your standard F disk or LSBL, BLK from the command line or, if you prefer something graphical, G parted.
01:00:11
If you pull it up, it will identify the file systems as bit lockerlocker on that partition. So that lets you find your partition like slash dev SDB to in the example on here, but you know, might be SDC or depends on how many drives you have in there and also what kind of drive you have. Once you've located that, you're going to use disk locker to unencrypt it and what it's going to do is it's going to create a file that is the virtual file system, that is the unencrypted, bitlocked partition, and you will need to pass it, the BitLocker encryption key, just like you would if you've ever booted up a Windows machine with BitLocker and it makes you type in the key. If you don't have those, as long as you've got a Microsoft account, it should be stored in your Microsoft account. But if you don've got a Microsoft account, it should be stored in your Microsoft account. But if you don't have a Microsoft account and you're using BitLocker, make sure you keep those keys somewhere.
01:01:25 - Jonathan Bennett (Host)
Print them out. Print them out and keep them somewhere.
01:01:28 - David Ruggles (Co-host)
Yeah, I had a client that printed them out and kept them in his safe, because, yeah, I mean if you lose that, then yeah, you're not getting your data back, but you then.
01:01:41
So once it's unencrypted, it creates a file that you use, a mount loop on which allows you to just loop back into a file. It's the same way you would mount like an ISO or any other file that you need to mount as a partition, and at that point you specify you know what type it is Like. If it's NTFS, you'll need to use the NTFS 3G, or if it's exFAT, you'll use the exFAT FUSE file system, and then pretty much you can use all your tools like normal. So it's out there. It's possible. If it's something that you run into needing to do, um, hopefully this is a good starting point, but at least simply having that knowledge filed away that hey, it is possible, can often be what you need.
01:02:26 - Jonathan Bennett (Host)
Yeah, uh, so you mean it won't? It won't decrypt bitlocker when you don't know the password. Nope, that's, that's good, that's good, that's good. We would be worried if it would All right, very good. So I've got one and this is important to me for a very, very niche use case, but you might find some other uses for it.
01:02:49
Command line tip is PDF grep and it does exactly what you would think it does. It lets you grep the text of a pdf. This is important for me because I game master for a pathfinder game which is similar to dungeons and dragons, and we will have rules, questions come up or lord questions and someone's like can you remind me what my skyseer ability does? Like? I don't know, I don't even know what, I don't even know what page of which pdf that would be on. Okay, so you can do pdf grep, and so I just this is my example, because this is the first pdf that I found is one of the manuals for the game pdf grep, sky seer. And then I grep the, the second module in the series, so it's named sky seer and it will tell you here's all of the text in that PDF that matches all the lines. And so a couple of flags that might be really useful for you is dash in, that will tell you which page of the PDF it's on, and then dash capital C, and then a number will give you that many lines above and below.
01:03:58
And so, on this particular PDF grep, I'm grepping for the word Skyseer. I'm saying dash in, I want to see the page numbers, and then I have a dash C2. I want to give two lines before and two lines after each of these matches, and it did. It shows me a bunch of places where this particular word is mentioned in the PDF. It did. It shows me a bunch of places where this particular word is mentioned in the PDF, and so I can scan through here really quickly and go that's the one where I actually want to read about. Oh, that's on page seven, and then you can open the PDF and get the whole thing in context.
01:04:25
I will use this a lot. I did not know this existed until not very long ago and this is actually really great. I'm excited about this already. Pdf Grep it is in Pop OS at least, so in probably all of your Debian's it is available from Apt. I'm assuming it is in DNF as well, and if not, there are ways to get it. This is cool, alright. Well, that is the show. We've had our news. We've had our news. We've had our tips. I'll let each of the guys get in the last word if they want to.
01:05:01 - David Ruggles (Co-host)
We'll start with david I don't have anything significant. I would just encourage you to really think about using crowd strike and avoid it okay, so hey, hey, this is actually something we could talk about real quick, so and avoid it, okay.
01:05:18 - Jonathan Bennett (Host)
So hey, this is actually something we could talk about real quick. So CrowdStrike does have a Linux antivirus and their version of CrowdStrike on Linux runs with a kernel module and back a few months ago they crashed a whole bunch of Linux boxes the same way that they crashed Windows boxes last week. And yeah, the Internet has been brutal towards CrowdStrike, but probably the most fun was some of the other vendors, like we tried to tell you this was a bad idea. Guys, don't use CrowdStrike strike, don't use out of trig kernel modules, use something like and of course, our solution, which you know, doesn't um what are the other?
01:06:05
really. What are the other really interesting things though? Um, I got this from david plumber, who's a retired microsoft guy. Uh, he was talking about mic. Microsoft tried to build out an antivirus API back years ago and government regulators stopped them from doing that because they were of the opinion that it would be picking and choosing who was going to win.
01:06:28 - David Ruggles (Co-host)
It was exerting too much control over the platform, but, like in retrospect, we would have been a lot better off had they been allowed to build out this antivirus API, rather than all of these antivirus manufacturers running as kernel drivers, which you know has been proven out to be a dumb idea. Yeah, I didn't really plan that out.
01:06:53 - Ken McDonald (Co-host)
well, I realize now my tip should or you know, my ending note should have been.
01:06:59 - Jonathan Bennett (Host)
It's too late to short CrowdStrike. Oh, you could have made some money on that. They dropped like 10% of their stock value overnight. Yeah, it was not good.
01:07:06 - David Ruggles (Co-host)
And it kept going down.
01:07:08 - Jonathan Bennett (Host)
It did, okay. So the bounce that I saw in the news was the dead cat bounce then, and then it just kept falling afterwards. Well, that's not surprising. All right, ken, any final thoughts?
01:07:20 - Ken McDonald (Co-host)
Just want to remind everybody back up, back up and then back up somewhere else.
01:07:27 - Jonathan Bennett (Host)
Yup, yup, yup. I had a bit of a scare this week. Somebody called me up and like we had a folder disappear off the server. Those of you in it know this feeling. Dave, you know this feeling very well. It's like I'm pretty sure the backups are working on that system. Let's go jack. They were, and and I will. I will give you a free tip. When you give that phone call, usually what has happened is the customer has tried to double-click on a folder and they've accidentally clicked and dragged and they've put it inside of another folder. Nine times out of ten, you will find whatever they're looking for in a folder that's alphabetically, right above or right below, because that is what they've done. But the backups were working and they had just misplaced it. But it was good to go in there and double-check all of that.
01:08:24 - Ken McDonald (Co-host)
And remember when you're using rsync, if you're backing up a directory, put the slash after that last part of the directory that you're pointing using as a source to indicate you want everything inside that directory to be copied, not the directory into the other directory.
01:08:46 - Jonathan Bennett (Host)
Yep, yep, or else you end up with two different copies of it. So, all right, that is our show today. Thank you to Dave and Ken for being here. I sure appreciate it. It was a lot of fun. Thank you to everyone that stuck with us and watched. We had a lot of fun. We will be back next week. At the same time, same channel. And, of course, don't forget about Club Twit, the QR code right up there when you go to watch this later. Make sure to scan it. Think about supporting, join the club. It's about the cost of a cup of coffee per week, no per month. Oh my goodness, it's so cheap. It's only a cup of coffee per month and it's a lot of fun. You get access to the Discord, the ad-free versions of all the shows, get to chat and hang out with us. It is a lot of fun. You ought to join. And again, we appreciate everybody watching us, both live and on the download. And we will see you next week on the Untitled Linux Show.
