Untitled Linux Show 208 Transcript
Please be advised that this transcript is AI-generated and may not be word-for-word. Time codes refer to the approximate times in the ad-supported version of the show.
00:00 - Jonathan Bennett (Host)
Hey folks, this week we're talking about X11 and Weyland. No surprise there we talk about how long KDE is going to stick with X11. Talk about only Office releasing version 9. There's DCacheFS drama in the kernel, the Zed editor has a debugger and lots more. You don't want to miss it, so stay tuned.
00:20 - Leo (Announcement)
Podcasts you love From people you trust. This is Twit.
00:30 - Jonathan Bennett (Host)
This is the Untitled Linux Show, episode 208, recorded Saturday, june the 21st, one step below, horribly Broken. Hey folks, it is Saturday and you know what that means. It's time for Linux. We're going to get geeky with it, the Untitled Linux Show, and we're going to talk about software and some hardware, all kinds of fun stuff. It is not just me. We've got Rob Campbell and we've got Ken McDonald I remembered your last name this time and it's going to be a lot of fun. Jeff is still not here. He is still out playing hooky, but he'll be back here in another couple of weeks. But we're going to let Rob go first and we sort of have a theme that we're going to be talking about, at least for our first stories this morning, and we're going to let Rob kick it off.
01:18 - Rob Campbell (Co-host)
So not only is it time for Linux, but it's also time for your weekly reminder To get off of X, x or X11, whatever you want to call it and get on over to Wayland. Recently we mentioned the X11 Libre fork of X11 to replace the essentially deprecated X11 and keep things going. I believe the opinion on the show from the panel was mostly generally just let it die. And Michael over at Pharonix seems to have a similar response, saying that his lack of coverage of X11 Libre was essentially a vote of no confidence. He kind of said due to inexperience of the people that are taking it over Many of the X and with showing that inexperience, many of the X11 Libre commits to X11 have been recently reverted due to issues such as not handling copyright and license notices correctly. So most seem to agree that X11 Libre isn't the way of the future. So just get on over to Wayland, you know.
02:36
And if that's not all for you, here's what seems to be a regular weekly, monthly roundup of the new not even new, but newly discovered cve vulnerabilities that have propped up in x and relative things. So you got cve 2025, 825-49175-49176, 177, 178, 179, and 180. So that's six of them right there and from the top. The first one is an out-of-bounds access in X rendering extensions and animated cursors. The next one is an integer overflow in big request extensions. Then you have a data leak in xf, x fixes, I guess, extension six, x fixes set client disconnect mode. You have a unprocessed client request via bytes to ignore an integer overflow in x record extensions. And then you, the last one on there, the 49, 180, is integer overflow in R and R extension, the RR change provider property.
03:53
These flows you know why I said they're not new is because a lot of these flaws, not flows, they date back years, many years. And you know, like, as noted by Niles Emmerich over at the one research company that found a lot of these, he says, quote the XR X server is a is aged and large project that grew over time with the help of the open source community. All of these issues gave me a feeling that the source code itself can best be described as party underscore. Like underscore, it's underscore 1989 equals true.
04:40
So you know, we just keep finding more and more vulnerabilities over the years. You know X was developed at a time when Internet security and, you know, just overall security, wasn't really much of a thing to be concerned about. You know people weren't getting compromised and it's. It's just a lot to uh to, to go back and fix. We keep finding old vulnerabilities over and over and over again, which is you know really why they decided, decided some time ago, just to start over from scratch and really, whalen's there. They pretty much moved away from x and it's time for whalen come on, guys.
05:24 - Jonathan Bennett (Host)
Yeah. So there's a. There's a little detail here at the end of this article. They pretty much moved away from X and it's time for a wait list. Come on, guys. Yeah. So there's a little detail here at the end of this article the insinuatornet article where they actually talk about the vulnerabilities. At the very, very end of it it says we want to thank Red Hat. We want to thank Red Hat for the smoothly coordinating the vulnerability remediation process and preparing, publishing a security advisory as well as issuing the CVEs. So this is a point that I've made before the company, the reason that XORG is maintained at all, the reason that things get fixed, is because Red Hat is still using it and Red Hat is still paying employees to fix it. And when that goes away, it will be entirely up to the community and as of right now, that's pretty much one guy who's working on his fork. Yeah, it will be unmaintained software when Red Hat stops paying for maintenance. It's just the way it is.
06:21 - Rob Campbell (Co-host)
Red Hat's going to have supported versions of X for some time to come, but I believe new versions of Red Hat are already moving away from it.
06:30 - Jonathan Bennett (Host)
I don't think new versions of Red Hat support X at all. They have moved away, I should say. I think I think that's the case.
06:36 - Ken McDonald (Co-host)
Then there's one application they no longer support either.
06:40 - Jonathan Bennett (Host)
More than one. I'm sure which one are you thinking of, though.
06:45 - Ken McDonald (Co-host)
It's one that Bobby Borisoff wrote an article about.
06:49 - Jonathan Bennett (Host)
Oh, do tell.
07:00 - Ken McDonald (Co-host)
Yeah, it's one application development team are reporting their application having significant limitations and known issues that substantially degrade the user experience when running on Wayland systems. The application in question is KiCad, an open source tool for electronic design automation for engineers, hobbyists and printed circuit board designers. The KiCad development team recently published a blog titled KiCad and Wayland Support. It provides a detailed update on Wayland compatibility With major distributions like Fedora and Ubuntu moving toward Wayland by default. The KiCad development team wants to set clear user expectations. Though far from a seamless experience, kicad does function under Wayland. Now.
07:49
The blog states there are window management issues, input and interaction problems, performance and stability issues and probably the most is dialogue and user interface limitations. Are you asking, why do these issues persist? According to the KiCad development team, these problems aren't within KiCad's control and exist because Wayland's design omits basic functionality that desktop applications for X11, windows and Mac OS have relied on for decades, things like being able to position Windows or warp the mouse cursor. This functionality was omitted by design, not oversight. This functionality was omitted by design, not oversight. They also state the desktop environment fragmentation doesn't help. Their blog also includes a bug report policy for Wayland users and provides a list of what the KiCad development team consider Wayland-specific issues. Now, I do admire the way they end their blog. The last line is for now, if you need to use KiCad on Linux, use X11. Now I'm going to recommend reading Bobby's article for his take and to get the link for the KiCad blog, jonathan. The KiCad website also provides information about various projects made with KiCad. I found some of those extremely interesting to look at.
09:34 - Jonathan Bennett (Host)
Oh yeah, I've used KiCad for some things over the years too. It's a useful tool, yeah. So some of the things that they talk about that's missing. It's. It's sort of unfortunate and really it's from a time in wayland development where the people some of the people that were in charge of it were very opinionated about what should and shouldn't be there, and they were wrong. Let's just be clear they were wrong about what should and shouldn't be in Wayland and history has proved that out Things like mouse warping and being able to put windows in specific places.
10:14
It has been proven that that is a thing that needs to be in Wayland Because it's a thing that the desktops need and the various applications need.
10:23
The Waveland team was shown the light by a sort of a coalition of both those desktop environment folks like the people from KDE, the people from Fedora were involved in this and the people from Valve were involved with this, and you know I've said a couple of times and actually I was told that this is accurate Um, that, yeah, there was, there was sort of an implicit threat that we're just going to fork Wayland and go play in our own sandbox. If you guys aren't going to, aren't going to play ball and so, uh, that sort of straightened things up and we are now back on the path to getting all of these things merged in Wayland. Some of them are there already. In fact, when I talked with Nate Graham on Floss Weekly a couple of weeks ago, his comment was that their punch list of things that needed added to Wayland is very, very short now, but it takes time for that to get added to the Wayland protocol and then make it into the GNOME desktop, the KDE desktop and all these different places. So it's getting there. We're much closer.
11:28 - Ken McDonald (Co-host)
By the end of the decade?
11:31 - Jonathan Bennett (Host)
I would think so. By then it should be all ironed out.
11:37 - Rob Campbell (Co-host)
Mr Lawson on Facebook asked how Wayland is spelled. It is Wayland W-A-Y-L-A-N-D and it's like the aliens on Homeworld Lost by JN Chaney. I don't know about the aliens movie, those Waylands. But I know there's a Wayland in Homeworld Lost.
12:02 - Jonathan Bennett (Host)
Yeah, that's W-E-Y-L-A-N-n-d. I believe it's wayland utani. Different, different place. No, not related as far as I know but the wayland.
12:13 - Rob Campbell (Co-host)
I don't even know how that wayland spelled in a in the book that I was referring to, as that is an audio book because I don't have time to actually read anymore yeah, so interesting stuff.
12:27 - Jonathan Bennett (Host)
So I've got a uh, a wayland slash x11 story. This one is a different take on it. This one is from kde and I just mentioned his name. This is uh from nate graham himself and it is it's his response to x11 being in the news again. And I have to say this is actually a really nuanced and thoughtful take on it.
12:50
He doesn't directly address the criticisms and things going on, but what he does address is what KDE is going to do and what he is going to do as part of KDE, and that is that Plasma's KDE, plasma's X11 session is being maintained. So the Plasma side of it, they are continuing to maintain it. He says specifically this means the following things Plasma will continue to compile and deploy on X11. They're going to make sure of that. Bug reports about Plasma X11 being horribly broken will be fixed. So things like you can't log into it at all, they'll fix those Very bad. This is one step below horribly broken, very bad X11 specific regressions will probably be fixed eventually. Less bad X11 specific bugs will probably not be fixed unless someone pays for it. And then he's got a link off to the KDE consultants page and then he says X11 specific features will definitely not be implemented until someone pays for it. I think it's a very interesting and very useful sort of snapshot of where they are at. And then he says that there are actually not very many. There's a very small group of open and fixable X11-specific bugs. So remember that's the whole thing that there are certain bugs in X11 that are just they're not fixable. Right it's, the solution was to create Wayland, and so there are some of these things that are just never going to get fixed, like some of the security problems in X11 are not going to get fixed because they are baked into the specifications. And then he has this interesting thought that eventually it will be lights out for x11, so eventually support for it's just going to completely go away. And he says yes, but it's not going to happen soon. So his thoughts on this is it's not going to happen in the next year, probably not even in the next two years, he says, says that's a guess. And then he links to the Plasma Weyland Known Significant Issues page, which in and of itself has another link off to another KWIN Issues page.
15:20
Between these two you've got a list of problems or shortcomings for KDE on Wayland that they sort of they're aware of and they feel like they need to fix it before they can actually drop support for X11. There are things like the accessibility problems. Some of those are mentioned. There's problems with graphical tablets are mentioned. There's problems with graphical tablets. There are some things upstream that they're waiting on for various elements, various parts of the desktop. He talks about some things that are already fixed the links he has here, goes on talking about things that are already fixed upstream and are coming in a future version.
16:07
And then he says why are you guys doing this? Don't you like x11 anymore? And his comment is the plasma team isn't emotional about display servers. It's just obvious that x11 is in the process of outliving its usefulness. Someday, wayland will eventually be in this boat too, such as the eventual fate of all technologies, which I think is a interesting point and very true.
16:34
Wayland is better for modern hardware, he points out, and that maintaining code to interact with two display servers and session types is exactly as unpleasant as it sounds. There's a lot of great quotables in here, and that's another one of them. Regardless of when you pull the trigger, isn't it premature? And he sort of disagrees with this and says that they have some telemetry. The majority of Plasma users are already using the Wayland session 73% of Plasma 6. And he anticipates that's going to go up once things like SteamOS come out using Wayland by default, debian, the next Ubuntu LTS come out, they're going to be Wayland by default, and then we would expect to see those numbers go even, you know, through the roof, much closer to 100%.
17:28
So he says the goal here is to make everyone happy, which that is a very lofty goal. Yeah, that's going to fail. Yeah, but that's the reason why they're still maintaining the X11 session. They're going to try very hard not to get rid of it until everyone is happy with Weyland. And yeah, that seems like that is not going to be possible because there are some people that have legitimate complaints with Weyland and then there are a group of people that are just they've decided that they're never going to like it. But yeah, so he ends with saying that long transitions are tough but ultimately it's worth it to get something better in the end, and I think that sums it up rather well. So that is where KDE is at with Wayland. They are trying to move to it, lots of places are moving to it by default, but they're going to stick with it and keep the maintenance tail up until more people are happy with Wayland.
18:23 - Rob Campbell (Co-host)
I think he played it really safe there in his comment where he said it's not going away anytime soon, and then his reference of soon is one to two years. I mean, yeah, that's obvious. There are distros that have promised, because they have support for the next five, to maybe some as close to 10 years still, for X support, which pretty much says it's not going away for.
18:50 - Jonathan Bennett (Host)
Right, well, okay, so you're talking about two different things, though. You're talking about getting security updates for this stack, versus what Nate is talking about is not ripping all the code, all the X11 code, out of KDE right now, out of newer versions of kde right so they just released what kde 6.4 and so it. There would be nothing stopping them from saying, all right, that's the last kde version that's ever going to support x11. We're going to rip all this code out. And 6.5.
19:20 - Rob Campbell (Co-host)
You only get to run it on wayland I think if you, if you tell me it goes away in the next five years, that's still soon In my opinion.
19:28 - Ken McDonald (Co-host)
Five years is soon, yeah it sort of is what do you consider a second?
19:36 - Jonathan Bennett (Host)
Really soon.
19:37 - Rob Campbell (Co-host)
Yeah, I mean considering it's been around for what 40, almost four years four decades, yeah. Yeah, so you what? 40?, almost 40 years, four decades, yeah, so you know, five years is soon. I think it's going to be going away soon in that reference.
19:52 - Ken McDonald (Co-host)
By the end of the decade.
19:54 - Jonathan Bennett (Host)
Yeah, that's pretty accurate.
19:56 - Ken McDonald (Co-host)
Five years sounds shorter than by the end of the decade, though, doesn't it?
20:00 - Rob Campbell (Co-host)
And to clarify, as you kind of pointed out, going away as a not in new code, like new versions of KDE, but X itself will not be going away that quickly.
20:11 - Jonathan Bennett (Host)
X Wayland is going to be around for more than five years. X Wayland will be around probably for another 20 years. Just the reality of it All right Around, unused.
20:22 - Rob Campbell (Co-host)
Yes yes, there may be a point sooner where it's not installed by default, though.
20:27 - Jonathan Bennett (Host)
That's possible. Yeah, I can see that. All right. So let's move off of X and Wayland. We've talked about that plenty. Let's talk about Office Suites, libreoffice there's more than just LibreOffice and OpenOffice and Microsoft Office. What's this other one that I keep hearing about, rob?
20:47 - Rob Campbell (Co-host)
Yeah, so there is more than just that. We always talk about LibreOffice as the Microsoft Office alternative to use on Linux, but that isn't the only option. I mean there's even others, but some might argue it is even the best alternative. So, like I said, we're talking about only Office here. What sets only Office apart is its focus on collaboration and generally reliable compatibility with Microsoft Office files, even when compared to the likes of LibreOffice.
21:22
This week, openoffice 9.0 has been released, bringing even more great features to it and to you, the user. So the first thing, and in some ways the biggest, is the redesign of the interface. To prove a more intuitive and accessible experience For taking advantage of this, you have to go in. Well, from what I read, you have to go in and do select either enable either the modern light or the modern dark theme. Now to me. For me, I installed it on Linux Mint. It's right there in the software center as a flat pack. I got 9.0 and it had the um. So if I go over here to view, it had the modern light theme already on by default. Uh, for those watching, this is a modern light if I. If I go to the classic light, it's a little more compressed and maybe more like older versions. Um, I don't know. I I'm not even sure if I'd like the modern better or not. The modern kind of takes up more room, it's more bubbly. Um, I kind of like the old, but anyway, to each his own. I guess is this is maybe more the kind of look that microsoft is driving with their you know what they call a modern look, and people follow them and the Mac guys. But you know, look shouldn't be that important. But you know, it is actually one of the big things that drive people away from LibreOffice. I think OpenOffice looks better than LibreOffice. You know a lot of people. You know if you look old and outdated, people are just going to assume that you will function that way as well. So, as little as looks should be important, they kind of are Only.
23:14
Office 9 also adds AI tools. Okay, ai, gooo, hear me out, hear me out. So some of those features are extract text from scanning PDF files using OCR I don't know. Is that AI? I don't know. Whatever, whatever you want to call it, it's cool. Apply smart formulas and run complex data analysis in spreadsheets. Create new, only office macros based on prompts. Convert VBA macros to only office macros, which could be very useful. I know one of the things that people cite why they can't leave Microsoft Office is because their tools have VBA macros built in that they need to run their business They've built over the years. If this conversion tool actually does a good job, that might be a real serious way to uh migrate away from it and not even have to rely on ms office anymore.
24:15
Other improvements to various components of only office include pdf editor, drag and drop, reordering of pages, pdf editor, page duplication pages using copy and paste, spreadsheet editor, rlt support, spreadsheet editor, asynchronous calculations, document editor, improved content controls and paragraph borders toolbar button and then the presentation editor, which is your PowerPoint or whatever alternative, has text animation previews in slideshow mode. Other changes across the suite include a defined font size type in simplified chinese display numbers using hindi numerals. Text art text settings inside chart labels. Improve data and chart customizations. Print print files without using OS dialog, and on Linux you can enable disable spelling language detection in only Office settings. Like I said, I was able to find it, install it on Linux Mint and get the latest version and get to see what all the fun new features and look is Only Office Libre is not the only alternative. This is open source too.
25:33 - Jonathan Bennett (Host)
Yeah, absolutely. I've never played with it. I've never gone and played with only Office.
25:41 - Ken McDonald (Co-host)
I wonder how difficult the macros are to write in only Office compared to LibreOffice.
25:49 - Jonathan Bennett (Host)
In LibreOffice. You can do it in Python. I think that's what I was thinking too.
25:53 - Rob Campbell (Co-host)
Yeah, I haven't tried writing in it yet, so I don't know what that is.
25:58 - Jonathan Bennett (Host)
I'm going to say doing it in Python, so I don't know what that is.
26:03 - Ken McDonald (Co-host)
I'm going to say doing it in.
26:04 - Rob Campbell (Co-host)
Python is probably a better idea than doing it in VBA. Well, I'm guessing.
26:06 - Ken McDonald (Co-host)
they don't use VBA, though, though OnlyOffice gives you the ability to convert VBA macros to OnlyOffice macros.
26:13 - Jonathan Bennett (Host)
Right, but what language is it in? Is it Python? I'm also curious where did OnlyOffice come from? Is it like a from-the-ground-up rewrite or is it based on something? Is this the open-source continuation of ClarisWorks from back in the day? Who?
26:29 - Ken McDonald (Co-host)
knows, now you're giving us homework.
26:31 - Jonathan Bennett (Host)
I am, I'm doing it right now.
26:36 - Rob Campbell (Co-host)
I'm looking up the macros thing. It is a JavaScript syntax so it depends what you're used to writing with.
26:44 - Jonathan Bennett (Host)
Hmm, I see. So OnlyOffice was formerly TeamLabs. A group of software developers from Asensio System Sia, a Latvian-based company, and New Communication Technologies, a Russian-based, launched a project called TeamLab, a platform for internal team collaboration. In March 2012, they introduced an HTML5-based online document editor. At CBIT In 2014, teamlab Office was officially rebranded to OnlyOffice and the source code was published under the AGPL3. So, wow, it is a very software freedom. Yeah, it's a restricted. Do we call it restrictive? It is a very opinionated license. We'll put it that way.
27:37 - Rob Campbell (Co-host)
Yes, it is open source.
27:38 - Jonathan Bennett (Host)
It definitely is open source. Yes, it is one of the licenses that does away with the cloud loophole, as it were. Yeah, very cool. So there you go. There's the history. No, it was not descended from Clarisworks. No, I did not. I did not particularly think it was either. I did not particularly think it was either.
27:58 - Ken McDonald (Co-host)
Do you think it would make a good editor for writing code in?
28:04 - Jonathan Bennett (Host)
No, probably not. There are some new good editors for writing code in. What's one of your favorite new code editors? Ken?
28:21 - Ken McDonald (Co-host)
I'll have to admit that I actually like using Zed myself, and you'll see that I've got it up in the background at the moment. But I do want to tell you about another feature that's coming this to Zed that Michael Larabelle reported on and this is now. I do want to point out that I first talked about Zed back in episode 160. So if y'all want to go back and hear about it from the beginning, y'all can go back and listen. But according to Michael, the Zed developers announced the Zed debugger support has been merged, has been merged. He goes on to say it took eight months of development, nearly 1,000 commits and is comprised of more than 25,000 lines of code, while in turn being able to also interface interface with GNU, gdb or the LLVM, lldb.
29:20
According to the Zed editor developers, zed supports debugging popular languages including Rust, c or C++, javascript, go and Python out of the box. They also introduced a system that translates build configurations into debug configurations. This means you can write a build task once in a taskjson and reference it from debugjson or rely on Zed's automatic configuration. Dot JSON or rely on Zed's automatic configuration. Now the system they came up, they introduced, is called Locators, with current support for Cargo, python, javascript and Go, with more languages coming in the future. Zed makes it easy to inspect your program state, such as threads, variables, breakpoints, the call stack and a lot more that you can think of. You can customize the debugger panel and move it to fit your workflow. Now, if you prefer to keep your hands on the keyboard, then you will enjoy ZED's support for keyboard-driven debugging. It allows you to step through code, toggle breakpoints and navigate a debug session without ever touching the mouse. If you want to look under the hood, then definitely read ZED's blog.
30:55
Yeah, so I have you played around with that yet, Jonathan.
31:01 - Jonathan Bennett (Host)
No, not that I am stuck on VS code, because that's what the project I do so much work on uses. Pretty much all of the other developers use. Yeah, because it's Microsoft and all. Yeah, that's totally why. No, it's because VS code has really good support for scripts to do things like flashing embedded devices. We would have to rebuild all that stuff from scratch in Zed and I'm not sure how much it would be supportive there even. But no, so folks out there that are programmers, if you've not used a good debugger, particularly like a debugger that's inside of a code environment, it is so nice once you finally start using it and working with it. So good for the guys at Zed and good for all of their folks to be able to finally have access to this.
31:49 - Ken McDonald (Co-host)
Has VS Code got a good debugger?
31:52 - Jonathan Bennett (Host)
Yeah, it's pretty good, it's pretty decent. It too can talk directly to GDB, and all that good stuff.
31:57 - Rob Campbell (Co-host)
Now, if you prefer something that does not have a good bugger, debugger, bugger. It's a clean command line base. I got a great tip for you later, oh and it's for Microsoft.
32:11 - Jonathan Bennett (Host)
Edit, we already talked about that. All right, we'll see what exactly what that is, what coming up? Um, let's see. So that was zed let's talk about. Let's talk about servo. Uh, this is a kind of an interesting update in the servo browser and it's caught my eye because in 2025, halfway through 2025, the day after the summer solstice, so like literally halfway through 2025, the servo browser finally adds support for animated gifs, svg images and those. Those are the two big things. I suppose. Uh, other other cv or um other CV or other JavaScript and CSS things like transform, stream and set HTML on safe scrolling element properly on documents, pipe through. So you know, it's hard to reimplement a browser from scratch, but servo is getting there, being the Rust-based browser that sort of descended from Firefox, has broken out of the lab, so to speak, and is now getting worked on by a bunch of different people. But I was so humored that their big thing was that they now support animated GIFs. It's like, oh well, the Internet's usable again on Servo, it's fun.
33:42 - Rob Campbell (Co-host)
Yeah, we all rule the day that animated GIFs became a thing in other browsers.
33:49 - Jonathan Bennett (Host)
We rue the day I find it quite fun. We rule I find it quite fun. But you know there's quite a bit going on with Servo. They seem to have a bit of backing and I think one of the reasons for that is that the license of Servo Let me double check before I tell you this, because I can't remember for sure what it is I think Servo is actually a yeah, it's the Mozilla Public License 2.0, and it is rather permissive.
34:20 - Rob Campbell (Co-host)
You know, if you think GIFs are fun on websites, you must be a little too young to remember the days when websites would come up and there would be the same dancing GIF all the way across. Oh no, I remember that and there'd be MIDI music everywhere everywhere.
34:41 - Jonathan Bennett (Host)
And what's really fun is to go back to uh stewart chafee's computer chronicles and watch some of their early web episodes where they're like we can put music on websites so that it plays automatically when you visit the site and they're like, oh, this is so cool. And now we're like, oh, why did you do this? To us it seemed fun.
34:55 - Ken McDonald (Co-host)
Briefly, it was fun the first time it was a fun the first 20 years yeah, no that's a little far.
35:04 - Rob Campbell (Co-host)
I don't know if it was fun for that long maybe two it was fun the first time, uh.
35:11 - Jonathan Bennett (Host)
So anyway, servo is coming along. Um, it is. It is very fascinating to watch servo and ladybirdbird get closer and closer to usable. I was looking at Ladybird and they don't have a web or they don't have a dev blog quite in the same way that Servo does, but I did see there that they were talking about doing the first alpha next year of Ladybird. So we'll be in a position where suddenly there's a couple of new browsers that are worth looking at to see what happens with that.
35:41 - Ken McDonald (Co-host)
What engine is a?
35:43 - Jonathan Bennett (Host)
server using. Server and Ladybird are both writing their own web engines from scratch. So that's that's the whole thing. That's why the two of those are notable. It's not just another Firefox, reskin or yeah, using another web engine is nothing.
35:59 - Rob Campbell (Co-host)
I mean, I can make a browser using another web engine.
36:06 - Jonathan Bennett (Host)
Oh, using one of the available ones. Yeah, one of the available ones.
36:09 - Rob Campbell (Co-host)
It's creating your web engine. That is a real feat.
36:12 - Jonathan Bennett (Host)
Yes, yes, it's not using Chromium. That's really the hard thing. Yeah, don't pull any Chromium code and then you're doing something. So you know, this year, next year, maybe it'll be usable and there'll be ways to try them without building it from source yourself. That's the deal with Lady Bird right now. If you want to try it, it's like well, here's the source. Have fun.
36:32 - Rob Campbell (Co-host)
That's why I haven't tried it yet.
36:34 - Jonathan Bennett (Host)
Yeah, it's sort of on my long to-do list. I'm way up at the top of that to-do list right now and that's more down. You know where's my hand in the camera? That one's down here, right. You know, hovering right around where the microphone is, right above my name tag. That's where that one is on that to-do list.
36:50 - Rob Campbell (Co-host)
Yeah.
37:02 - Jonathan Bennett (Host)
By the time you get there, there'll be a binary for for you. That's the plan, that's my game plan.
37:05 - Rob Campbell (Co-host)
Uh, all right, let's see here. Oh, colonel drama rob's bringing the drama today. I like to do that. Yep. So linus is once again uh building drama around the colonel and bcash fs's uh commits to it. Know, this isn't the first time for any of this. In the past he has complained about BcashFS adding new features during the merge window, or you know, the release candidate testing phase of development, and you know it's just happened again. But there is, you know there's some fun back and forth. I mean, it's mostly been one-sided actually and I'm not going to go through the whole thing. I'm picking out some highlights here. I'll go through all of Linus' bit because it's short. So Linus says you seem to have forgotten what the point of the merge window was. Again.
37:58 - Jonathan Bennett (Host)
Why did Linus start talking like Schwarzenegger there for a second?
38:02 - Rob Campbell (Co-host)
Because I don't do accents. We don't start adding new features. I was starting to. You were trying for finish and you just failed spectacularly and then after I realized it's not working, I just dropped out of it. I'm like, yeah, I can't do finish again. Okay, you seem to have forgotten what the point of the merge window was. Again, we don't start adding new features just because you found other bugs.
38:27
I remain steadfastly convinced that anybody who uses BcashFS is expecting it to be experimental. They had better Make the Dash RC fixes be pure fixes. So that's Linus's point. But Bcash, you know the FS side. They didn't keep silent, with the developer, kent Overstreet, responding. He had a lot to say. I'm not going to say it all because I'm not, so I picked out some of the quotes. He says the goal is to get users code that works, is it not? Honestly, most of the people using BcacheFS, from what I've seen, just want something that works. There are a lot of people who've been burned by ButterFS or BTRFS.
39:22
I've even been seeing more and more people in recent discussions talking about unrecoverable file systems from XFS. If you go looking, you won't find those stories about bcash fs, except for me when I'm telling people what to watch out for, and that's because of a lot of hard work and because I'm dead set on not representing past mistakes. I actively hunt down bugs, reports and frequently tell people I don't care if you think it's a hardware issue or pep keck person what is that Person between keyboard and computer and keyboard? It's the file system's job to not lose data. Get me the info I need and I'll get it sorted out and get it working again. The goal here delivering something that users can trust and rely on.
40:21
Okay, that's all good stuff, but you know in other comments he says you know, in response to to um, what linus says. He says that's an easy rule for the rest of the kernel where all your mistakes are erased at a reboot. File systems don't have that luxury, you know. Basically saying that you know if we make mistakes, your files are gone unless you have a good backup, which everyone should. That's my interjection. He also says there's a time and place for rules and there is a time and place for using your head and exercising some common sense and judgment.
40:56
And kent goes on to say a lot of things that comes down to BcashFS works hard to put out good code, but in the entire rant I never did see an excuse or explanation for adding features during the release candidate stage. I almost think Linus defended it better when he said anybody who uses BcashFS is expecting it to be experimental, and if that's the case, then who cares if it's added during the RC stage. I almost felt like he defended it better. But at the end of Ken's rant he says there's no need for any of this micromanaging, which is what this has turned into. All it's been doing is generating conflict and drama. Yeah, conflict and drama. That's why we're here.
41:48
But I say, you know, maybe maybe not, you know micromanaging maybe that's kind of something that that's kept the, the kernel, stable all these years. And you know linus maybe is a little harsh on this and I think bk b, cache fs, um probably has a great feature. But you know, we all know what the rc stage of development is for. I mean anyone who knows a little bit about development, linux kernel stuff like that, you know. And the Bcache FS developers, you know they should also know by now, since it isn't their first time getting scolded for this.
42:28
You know adding features during that stage you know they should know that's going to cause them some grief. So you know, I guess at this point I just hope everyone has learned something from this. You know, I guess at this point, I just hope everyone has learned something from this. You know, let's all say sorry and move on and you know, do it right next time. But I don't know. I never heard a good explanation or excuse. You know, I heard a lot of talk is like we do hard work, we try hard, we fix things. I'm like, ok, but why did you put new features at the least candid stage?
43:02 - Jonathan Bennett (Host)
Yeah, so this is kind of a debate on exactly how the rules in the kernel development should be handled and whether this new feature is a feature or if it's a bug fix. And whether this new feature is a feature or if it's a bug fix and so sort of the argument that Kent is making is, without this feature, there is a way that people can lose data and so it should be considered a bug fix. And Torvalds is basically arguing that no, it is a new feature, it does not matter. No-transcript. Maybe it's.
44:03 - Rob Campbell (Co-host)
Maybe it's maybe it's how he commented I don't know. I didn't dig into his actual commits but maybe the comments on it were denoted as a new feature rather than a fix to stop from losing filesystems, or maybe not. Maybe perfectly labeled it appropriately.
44:29 - Jonathan Bennett (Host)
Yeah, he makes the statement that that's an easy rule for the rest of the kernel where all your mistakes are erased at reboot, but file systems don't have that luxury. Talking about fixing bugs at RCX and I don't know. On one hand I understand that. On the other hand, it is sort of a grating comment to say that, well, that rule shouldn't apply to me. I think that's why he has so many people that's ticked at it, because that is almost word for word what he said. That rule shouldn't apply to me because I'm doing a file system.
45:01 - Rob Campbell (Co-host)
I mean there are plenty of other bugs, I think, in the kernel that a reboot's not going to fix, such as something that opens it up to a compromise.
45:10 - Jonathan Bennett (Host)
Yeah, well, you know. Anyway, it's an. It's an interesting thing to watch and we'll see if he gives him if he gets it a little bit more rope from the kernel devs or if they continue to give him a hard. No, your new features need to land during the merge window. Um, it's, it's cat herding, right, this is what does full-time is is cat hurt all these developers. Um, that's just part of it. That's what you do.
45:36 - Ken McDonald (Co-host)
Um, that's just part of it. It's what you do.
45:37 - Jonathan Bennett (Host)
All right, be a cat herder I am a cat herder and it's oftentimes fun and then sometimes very hard and stressful and you still have hair. I do.
45:50 - Rob Campbell (Co-host)
It's going, it's going, gray, though it's okay it's okay, to be a cat herder, not a cat herder sometimes you have to hurt the cat's neighbor.
46:01 - Jonathan Bennett (Host)
Tough love man, alright. So when we're all stressed out, what do we turn to Ken to blow?
46:08 - Ken McDonald (Co-host)
off no you messed up the segue. I like to play around. I like to play around, but we've got some good news coming from Liam Dahl. I like to play around, but we've got some good news coming from Liam Dahl and XDA's Simon Batt. They both wrote about the latest Steam Beta simplifying gaming on Linux.
46:33
According to Liam, at some point recently Valve updated the Steam Beta client with a change to the way Proton is enabled, making Linux gaming easier. Currently, there's still an option in the stable Steam client that you need to manually check to enable Steam Play for all other titles or using Proton for all other titles. This is something of a leftover from when Proton was initially revealed and only worked for a specific set of games on Valve's whitelist. It now covers what Valve set by default for Steam Deck and SteamOS verification. The For All Other Titles option is gone in the latest beta. You can still get into the settings and tweak which version of Proton you want to use for a particular game.
47:30
Apparently, Valve has managed to get Proton working well with its entire library Proton working well with its entire library. This should mean Linux users don't have to activate options or guess which Proton version is needed for a game. Just boot up Linux, load Steam and play Now, as Simon put it, gaming on Linux is here to stay. Don't take my word for it. Folks Read both Liam and Simon's articles. I've got the link in our show notes.
48:06 - Jonathan Bennett (Host)
Yeah, very interesting.
48:07 - Ken McDonald (Co-host)
So Steam Valve is confident enough in Proton that they're just opening the floodgates and you get to run all your games through it gates and you get to run all your games through it, and I noticed with mine, uh, that uh looks like some of the games. Uh, give me a proton hot hotfix as a one to go with interesting yeah, I've had better experience with proton than native for quite some time now.
48:33 - Rob Campbell (Co-host)
In fact, the bigger problem I've seen with proton, steam, lin, linux in general is people online asking hey, I can't get this to work. Oh, you got to go into properties and go here and enable Proton. So I mean, I think this would be a world of difference.
48:50 - Jonathan Bennett (Host)
Yeah, it would be great. There's still the anti-cheat problem, though right, that's still an ongoing thing where games are throwing out anti-cheat problem, though right, that's still an ongoing thing, where games are throwing out anti-cheat, or they have anti-cheat features that expect to find the Windows kernel, and when they don't, they just kind of freak out.
49:07 - Ken McDonald (Co-host)
Yeah, I saw I want to be able to talk straight to the kernel period.
49:13 - Rob Campbell (Co-host)
I saw it on Reddit this week. I don't remember the game, but it just popped up and error said I saw it on Reddit this week. I don't remember the game, but what it just popped up an error said change your OS or use a different OS or something like that and kicked them out. It wasn't that it wouldn't work on it, probably, but yeah, it likely would work without the anti-cheat layer.
49:40 - Jonathan Bennett (Host)
Um, but you know your online games, man, you can't. You got to have it because the games that don't they're popular, you know anywhere close to popular people will cheat, they'll install, they'll install cheats and hacks. And then the next thing you know you're trying to fight into death. Match, and somebody is invincible and flying and you know, holding a tank and has to click a button and you die. Match and somebody is invincible and flying and holding a tank and has to click a button and you die. And it's just no fun.
50:02 - Rob Campbell (Co-host)
And even with the anti-cheat, it still happens.
50:08 - Jonathan Bennett (Host)
Yeah, it does. It's true, nothing is perfect.
50:13 - Ken McDonald (Co-host)
I'm not cheating when I die.
50:18 - Rob Campbell (Co-host)
I'm cheating death when I don't die.
50:20 - Jonathan Bennett (Host)
Yeah, all right. Well, there's an interesting thing that has happened this week and that is that the Framework 12 laptop is out, or at least it's out to reviewers, and I've got a link to a couple of different reviewers that took a look at it, and one is Michael over at Pharonix, and he seems to like it, likes it quite a bit. Actually it's Intel only, at least for the moment. There are a couple of dings against it, so it does have only one DIMM of RAM, only one stick of RAM rather than two, but your laptops will take two. The performance seems to be really quite decent and in fact I've seen and it has support for all of those the framework modules right, so you can drop framework modules into it. It's got the fun colors, which is really neat. So you know there's some stuff to really like about it. The second link that I've got is actually over to Ars Technica and that was a reviewer that had some of the same things to say, that he really liked it, his family liked it because of the size and the colors and all of that stuff. But the price doesn't necessarily make sense right now because you can get something that is compatible you know, comparable to it for so much less, um, so that's. That's really sort of where this is at. The framework 12 really great device. But uh, the price isn't really quite there and you know, part of that may be because of the tariff situation. You know these things are made overseas, a lot of them are put together in China, and so that I'm sure is part of this because they have to handle the imports.
52:01
But the DIY, the Arsene Nekar article ends with the DIY edition of the laptop 12. Ships with the Windows license and all the components you need, but you have to assemble it yourself. It runs you at least $1,176 to get a working Windows machine. You can do a pre-built for $1,049 without any of the special colors. You can get one, obviously with Linux for just a little bit cheaper than that because you don't have to pay the Windows tax. But again, the cost it's kind of a high cost, especially compared to some of the other things that you can get in that same performance ballpark. But the performance itself does look decent. It looks like it's going to be a great machine for Linux If you really want to do the framework thing and you really want the 12-inch form factor, the ability to fold it all around and use it kind of like a tablet, and you can afford it. Then it looks like it's a great one to go with. I still have a framework on the wish list and I'm probably still going to go with framework 13 at this point.
53:12 - Ken McDonald (Co-host)
Maybe Santa will bring it to you, maybe.
53:15 - Rob Campbell (Co-host)
You got to grow your beard out this year, then, and deliver it yourself.
53:22 - Ken McDonald (Co-host)
I'll probably start growing it out in September.
53:27 - Jonathan Bennett (Host)
I'll probably start growing it out in September. Michael of Pharonix talks about the starting DIY price of being $549. I think that is probably the price. With, just like the, not even the bare essentials to run anything, that's probably the no hard drive, no memory price. You could buy a piece by piece and eventually have a computer One at a time. It's like the old johnny cash song building the cadillac one piece at a time I've known people who build desktop gaming computers that way.
53:57 - Rob Campbell (Co-host)
Oh yeah, of course, like oh, I got, I got this, I got that. I can't do anything with any of it yet, but I'm still waiting on GPU Waiting for the case now.
54:07 - Jonathan Bennett (Host)
Yeah, yeah, so you can do the i3-1315U. That's a 2 plus 4 core, 4.5 gigahertz, and that one starts you at the 549 that he talked about, but that's not going to have any memory in it, it's not going to have a hard drive.
54:28 - Rob Campbell (Co-host)
Just like you can no memory.
54:31 - Ken McDonald (Co-host)
What did you say, Rob?
54:34 - Jonathan Bennett (Host)
His hearing is going too, apparently, so yeah, 549. But again, that does not get you a working computer. You got to add at least some memory and at least a well. The cheapest hard drive that they support is a hundred dollars. You can get one cheaper than that, obviously on amazon well, those are things you may already have around.
54:53 - Rob Campbell (Co-host)
I think that's probably what they figure I mean that's true, it's possible.
54:58 - Jonathan Bennett (Host)
Um, I think that may also not have a power supply. Maybe it does have a power supply, it's unclear. So you know, you add memory, you had a hard drive, you're talking 688 and that actually gets you a low-end but working computer, which is not terrible. It's really not.
55:18 - Ken McDonald (Co-host)
Um, you're gonna want then every year you upgrade one of the modules in it right I mean, then you start putting more ram into it.
55:27 - Jonathan Bennett (Host)
I guess you're probably going to want more than eight gigs of ram. So you know you drop another 40 bucks on that, um, but yeah, if you're, if you're willing to get by with just the quad core process, the two plus four, so I guess that's four fat cores and then two, two skinny cores. Um, so total of six cores. That's that not terrible.
55:45 - Ken McDonald (Co-host)
How long before you can swap that Intel chip out for an AMD?
55:51 - Jonathan Bennett (Host)
Well. So that's the thing with frameworks is they do that sort of thing where they'll make replacement motherboards for them? And I guess really the question is, is the framework 12 going to do well enough that they're going to take that line into the future, or is it going to be a once and done Right? And so if you, if you believe that it's going to do well enough, that they're going to do it in the future, then yeah, there probably will be an AMD version of it at some point and you kind of hope that you'll be able to swap it in. But anyway, that is that is our news. Let's get into some command line tips and, rob, we, we sort of teased this one earlier, but what do you have to to tip us off about?
56:36 - Rob Campbell (Co-host)
Well, you were exactly right. I was talking about Microsoft edits. Microsoft edits and we did talk about this on the show, I don't know a few weeks ago, how they were open sourcing or creating this new open source edit project which is like a kind of a clone of their old edit. And you know, we speculated that. You know, how soon is somebody going to compile this for Linux? How soon is it going to work? Well, it's on Linux. You can today, you can just go there, apparently run the binary.
57:12
But I took the easier way on Ubuntu and I just did the snap. So I did snap install edit. What did I do anyway? Oh yeah, snap install ms edit. And there it was. So here, right here on a version of ubuntu server, I have ms edit running and it was very quick to install.
57:41
So it's it's a very basic, um, and in some ways probably more of a modern command line editor tool. And, and why I say modern is because you know nano is great. It has all all your commands at the bottom. Uh, by them, you know it's great to uh, different, definitely a different paradigm. But for those who are used to working a graphical text editor at the top, you're used to a file menu, an edit menu, a view menu and you have that right here so easily. Alt F and I got my file menu.
58:20
New file, open, file, save, save as close I can tab over to edit. Or I could just alt E and you got the find. Replace all that, you got the view. You can focus the status bar at the bottom which has some details, go to file, et cetera, et cetera. There's a help turn on word wrap. So you know it's basic at this time, which is what some people love. Very simple to use. You know it has. Find, replace word wrap, set tab space indentations, set, change file encoding, line feed or carriage return plus line feed, open multiple files, files. So really, if it's another text editor option that you don't need a GUI for at all, there's not even a GUI installed on on this server that I am remote it into and I don't just a simple, very simple, very clean text editor, no frills.
59:25 - Jonathan Bennett (Host)
Simple, very simple, very clean text editor, no frills Are you actually using it?
59:29 - Rob Campbell (Co-host)
I just installed it today.
59:32 - Jonathan Bennett (Host)
Does it remind you of the old edit from years of Windows gone by, windows and DOS gone by?
59:39 - Rob Campbell (Co-host)
It's reminiscent. I believe the old one had blue on the top and I believe if you run this in a gui, that file edit view, that the, the menu bar up there is actually blue, along with the uh, the bar at the bottom corner of the screenshots. Um, but I usually get more things when you run, like in a terminal emulator, right on your browser desktop, as in here. I'm SSH'd in so I don't have those colors here, but yeah, it's very reminiscent of it.
01:00:15 - Jonathan Bennett (Host)
Fun, fun, fun. All right, ken, you've got more Pipewire stuff. Yes, I do. What are we doing with Pipewire this week?
01:00:24 - Ken McDonald (Co-host)
Well, we're going to create links this week using the create-link or cl command. Now I want to go ahead and give you a little bit of background. First, you do need to know the node and the port IDs of the objects that you're wanting to link. Now I personally found the easiest way for getting this information was borrowing back from Episode 197, where I covered PWDOT. So you're going to see me demonstrating that again to create a graph with the details of my current pipewire session and do it mean current, because this information may change as you open and close applications or even from one startup session to another.
01:01:13
Now I already have it set up with a link between my VLC media player going to my built-in audio analog stereo. I am going to go ahead and destroy those. If you all remember from last week or from a couple of weeks ago, I showed how we can destroy objects using the pw-cli destroy command. First thing I need to do is find those links. In this case, their IDs are 75 and 76, and so I'm going to go ahead and quickly destroy those by typing pwcli destroy with an O, not just Y.
01:02:14 - Jonathan Bennett (Host)
Destry is something else.
01:02:15 - Ken McDonald (Co-host)
Yeah, let's do 75 first, and I'm going to go ahead and destroy both of them at the same time, or almost the same time. There's going to be a millisecond difference between one being destroyed and the next one, a millisecond difference between one being destroyed and the next one. Type the command in to destroy objects 75 and 76, hit enter. And, for those of y'all listening, I've got QPW graph up and it shows that the link between my VLC media player and the built-in audio analog stereo on my Tumbleweed VM just disappeared. And, as I said, I prepped for this by going ahead and looking up what the nodes and port IDs are. So I'm going to first create the link for the front, right, it doesn't oh because I didn't forget to put the pw-cli.
01:03:54
That's important, but it's also important that it stays active Doing it from the command line. It creates it and then immediately goes away, so you never see it. So we're going to go into interactive mode and this time that will work for those of you all listening. I typed PWCLI to go into the interactive mode. Then I typed the create dash link with a node ID of 72, port ID of 74, node ID of 49, and a port ID of 54 that I had gotten using the pwcommander earlier, using the pwcommander earlier. Also, to keep everything the same, I've paused the VLC play in the planet and I'll show you in a minute why. But let's go ahead and get the front and left connection.
01:05:07 - Jonathan Bennett (Host)
You said that it would go away immediately.
01:05:10 - Ken McDonald (Co-host)
In other words, you never see it even come up here in the graph.
01:05:17 - Jonathan Bennett (Host)
Right. So my question is now when you exit the PWCLI, is it also going?
01:05:19 - Ken McDonald (Co-host)
to go away. Well, let's go ahead and do that it does?
01:05:23 - Jonathan Bennett (Host)
I thought it might.
01:05:26 - Ken McDonald (Co-host)
Which is why I've got three terminals up, one for PW, top, one for doing Now. You remember I went and did a link. This time it doesn't show anything, so let's go ahead and create those again.
01:05:58 - Jonathan Bennett (Host)
Yeah, so create the front right and the front left links.
01:06:01 - Ken McDonald (Co-host)
There's the front left, and now you'll notice that the ID for the link nodes has changed, because before it was 75 and 76. Now it's 68 and 75.
01:06:27 - Jonathan Bennett (Host)
Probably just grabbing the first available IDs, correct?
01:06:30 - Ken McDonald (Co-host)
In fact, let's go to VLC, start it playing.
01:06:45 - Jonathan Bennett (Host)
Open SUSE music video.
01:06:48 - Ken McDonald (Co-host)
Of course. What else would you play on? Tumbleweed, of course, and it just wrapped around.
01:06:57 - Rob Campbell (Co-host)
I hope it's open source.
01:07:00 - Jonathan Bennett (Host)
Permissively licensed.
01:07:05 - Ken McDonald (Co-host)
And now, if you look for those of y'all listening, pwdop is showing VLC link to my built-in audio stereo output, as well as QPW graph.
01:07:18 - Jonathan Bennett (Host)
Yeah.
01:07:23 - Ken McDonald (Co-host)
And look what the link IDsids are 68 and 73 different again.
01:07:31 - Jonathan Bennett (Host)
Yep. So how do you make it permanent? Is that part of the? Is that part of the tip? How do I make it what? Permanent, so that it doesn't go away when you close PWCLI?
01:07:47 - Ken McDonald (Co-host)
There you have to. I'm going to go ahead and mute it so I can hear myself yeah, there we go, but you'd have to add it to a config file.
01:08:06 - Jonathan Bennett (Host)
Ah, makes sense.
01:08:10 - Ken McDonald (Co-host)
So you're playing around using PWCLI. Figure out what parameters you need, or you could use PWLink.
01:08:22 - Jonathan Bennett (Host)
Makes sense, makes sense, makes sense.
01:08:27 - Ken McDonald (Co-host)
But every time it loops around it's going to update again. Let's go ahead and drag it all the way to the end here and bring that back down.
01:08:48 - Jonathan Bennett (Host)
Any guesses on what it's going to be?
01:08:49 - Ken McDonald (Co-host)
73 and 74, this time 5, very cool that's why you can test out, see if you've got the nodes correct. And, as I said, I had graphed it. This is what it was before we started playing around with it. See, it was 70. The VLC node 72, port ID 74, into the link ID 76, out of the link ID to the port ID 54 for the node ID, 49 for my audio out.
01:09:45 - Jonathan Bennett (Host)
Yeah, so something to talk about in the future, then, is how do you refer to these things not using these ID numbers that are going to jump around? I know there are ways to do it.
01:09:54 - Ken McDonald (Co-host)
I've had to do it too but that seems like that would be an interesting next step, I think if you go back and watch where I was doing a link to a virtual device, I actually use PW link in that one. Okay, and you saw me using the names.
01:10:11 - Jonathan Bennett (Host)
There you go.
01:10:12
Yeah, that's the. That's the way to do it. Use the names, not the numbers, for if you, if you want the command to always be the same, yeah, all right. Well, I've got a command line tip and this one is we're actually going to do the screen share thing, because you kind of have to see this one for it to make sense. And we've got here. It's OpenSSL is the beginning of it, and OpenSSL has the gen P key command.
01:10:42
This is will generate private keys and you can give it different algorithms. Um, I am actually using the X, two, five, five, one nine algorithm, which is a in a um, an asymmetric, um, elliptical cryptography. Uh, approach, and let's see, do, do, do, approach and let's see. I'm sure that there is a way to zoom in and I'm not sure exactly how to do it. Let's see. Is there a shortcut that will zoom? Control plus, plus, I thought I tried that. There we go, now you can read it OpenSSL, genpkey and then the algorithm, and if you run this, it's going to give you a private key inside what's called ASCII armor, and that's the begin private key, the end private key and also a portion of the beginning of this is not part of the private key. It is again part of that armor. And then this is in something called Base64 encoding. And so you might say to yourself I want to get the actual key, not this OpenSSL armored version of it. Is there a way to do that? Well, sure, there is. And so one of the things you can do and this is still not exactly what you're looking for, but this will take away the ASCII armor itself and instead of doing it, giving it to you in base 64 form, it will give it to you in raw bytes, and that is the outform dash, outform DER.
01:12:22
Now, if we run this a few times, you will see that all of these start with well, I've goobered my terminal. That is one of the downsides of doing this. You can, you can really goober up your terminal by writing those random bytes to it. But when you do this, you see that you always get this 0.0 plus en quotation mark, blah, blah, blah. And that is not part of the bytes. We don't want that. That's not actually part of the key. Again, that's part of the DER specifications. Well, is there a way to get rid of that? Well, sure there is.
01:12:59
And with this you actually run, um, you pipe it into a different command. You pipe it into tail and you say I only want the last 32 characters, because X, two, five, five, one, nine gives you a 32 byte key. So you pipe this into tail and say give me the last 32 characters, and it will then give you exactly 32 characters. Again, you're writing bytes to the terminal. It will not be happy about that, because not all of those bytes are printable ASCII characters. In fact, most of them are not. And so then you say, well, how can I do something with that? I can't even copy and paste from that. I guess I could write it into a file, but that's not very useful either. Okay, okay, so you can then pipe that command into base64.
01:13:45
And then you get an X25519 key in base64 format, and if you run this multiple times, it'll be different each time. One of the nice things here is that OpenSSL uses the kernels random pool, which I think it uses the blocking random, the slash, dev slash, random, but even if it's U random, on modern kernels that is an extremely good source of entropy as well. This key, then, is a well-generated, high entropy key, and so if you were running something like, say, meshtastic, that uses these particular keys. You might want to generate it on your Linux machine to make sure that you have a high entropy key, because some devices, particularly embedded devices, may not have an easy way to generate a bunch of entropy, and so this is how you would do that, and it's also a really neat example of how to chain commands in one to another, how to pipe things. I thought it was a really cool example of the Linux way, the Unix way, of piping one thing into another to get something done.
01:14:57 - Rob Campbell (Co-host)
So if you ran that on a machine without much entropy, it would frequently be the same. It would frequently be the same.
01:15:03 - Jonathan Bennett (Host)
If you ran it on a machine without any entropy, then you could feasibly get into the situation where you would get the same key multiple times. Yes, have you seen that? Not on a Linux machine. That was a concern on the OpenWRT routers, those embedded routers. Some of those didn't have any sources of entropy other than the system clock, and so if you were generating a key on boot, there was the possibility that it would generate the same thing, or it really? So? Really, what the concern was is you know, that's a, that's a 32 byte key, so you're talking about 32 times eight possible.
01:15:41
The key space then was like 256 bits of key space, so that's two to the 256 different possible keys. But if you're in one of these reduced entropy scenarios where you don't have any hardware entropy sources and you're just relying on the system clock, well, rather than two to the 256 possible keys which is a huge number, by the way, it's a really big number you might have 1,000 possible keys, you might have 2,000 possible keys. Well, the problem when you get in that scenario is that's a small enough number of keys that you can brute force. If you can figure out what the range is, you can then just brute force those keys and figure out which one is in play. So why you want that entropy? So that it's not predictable.
01:16:28 - Ken McDonald (Co-host)
Or if you've got an embedded system that, when it boots up, calculates it so many seconds after using that.
01:16:37 - Jonathan Bennett (Host)
Yes, exactly, and if you don't have any other sources of entropy other than just the time, which, that was something that we were seeing on a few mesh testing devices. That was part of. The problem is that, uh, you, you may be in that scenario where the only source of entropy was the system's micros clock, so that was basically the number of microseconds since boot. Well, there's going to be a little bit of jitter in that, but not nearly enough to be to be cryptographically safe you wouldn't know that from running that command over and over, unless you ran it within a microsecond of each other, though.
01:17:10 - Rob Campbell (Co-host)
So what you would have to do, and so this is.
01:17:11 - Jonathan Bennett (Host)
this is what I never got around to doing this, but, like if somebody ever paid me to do it, this is what I was going to do for open wrt um is just hook it up to a harness, basically like an external control, where you could reboot it, make it generate a key, pull the key off, save it to a file, reset it to where next time it rebooted it would generate the key again and then reboot it and then just start that as fast as it could do it. Start that process, let it run for a few days.
01:17:39 - Rob Campbell (Co-host)
It's time since boot that was one of the errors. You said yeah, okay.
01:17:44 - Ken McDonald (Co-host)
Make clones of it, the device, and you have five different devices booting up and they all give you the same key that kind of tells you there's a problem, right right, and I don't think with OpenWRT it wasn't that bad, and with Meshastic it wasn't that bad either.
01:18:00 - Jonathan Bennett (Host)
You know, it wasn't immediately obvious, but when you start talking about you have thousands of devices and then you start looking at the keys that they generate, then you might start seeing some collisions and didn't uh moustachic find that they had that problem early on uh, when they had expanded it for quite a few uh devices, like maybe a couple of hundred or a thousand?
01:18:29
What we discovered. Actually, within the last week, somebody bought two devices and put them both on their desk and started setting them up and realized that both devices had the same key. In that case it was actually because the manufacturer flashed Meshhtastic to one device and then just used like a JTAG debugger to copy it off, and then that was their golden image, and they just put that on all of the devices and it turns out the key was part of that, so that was one half of it. But then in the process of triaging, we also discovered that, oh, on some of these devices we do not have a good source of randomness at boot. And so, above and beyond what the vendor did to it multiple vendors actually, what the vendors were doing to us, we also could have this problem with entropy, and so we got that fixed too.
01:19:18 - Ken McDonald (Co-host)
So moving it into the later in the boot cycle where you've had a chance to actually generate a random half of the solution was to add it in later into the boot cycle.
01:19:27 - Jonathan Bennett (Host)
The other half was to go in and manually say all right, on this device, we know we have this piece of hardware entropy, and we also know we have this, this, uh, unique identifier that's burned into these particular devices. So we're going to seed our entropy pool with both that unique identifier that nobody knows, like it's kind of it's, it's sort of a pseudo secret in and of itself. It doesn't get transmitted over the network anywhere. And then we're also going to seed with this other piece of hardware entropy that we know about. And so we've we've fixed that problem up pretty pretty well too. So, anyway, that's what. That's what that is.
01:20:03 - Ken McDonald (Co-host)
But all that to explain this command.
01:20:06 - Jonathan Bennett (Host)
Indeed, indeed. I will still say that if you're on any system this is not a problem limited to MeshTastic if you're on any system that has a key like this built into it, if it has the key when it comes from the manufacturer, if you really care about your security, you need to generate your own key. And because there is absolutely the possibility uh, you know, I'm not throwing shade on any manufacturer, but in that particular case, there's absolutely the possibility that the manufacturer has a table of all of the keys of all the devices, right, or, you know, depending upon your threat model, maybe the nsa intercepted that package and pulled your key off, or there's multiple ways. So generate your own key.
01:20:48 - Ken McDonald (Co-host)
NSA just has a table of all the keys for all the devices out there.
01:20:53 - Jonathan Bennett (Host)
Sure, and then if it's an embedded device, it's worth thinking about generating the key on something with really good entropy like a full-blown Linux desktop.
01:21:03 - Ken McDonald (Co-host)
that's on the internet. It's been up for days.
01:21:06 - Jonathan Bennett (Host)
Uptime is good. Uptime helps with entropy On modern devices though. They've got multiple entropy sources that are able to see that really well pretty quickly on modern desktops, particularly if you've got Wi-Fi right Like having Wi-Fi and Bluetooth are really good sources of entropy because they turn those things it's not quite SDR mode, but it's something similar to that Like they'll they'll turn them on into into promiscuous mode is what they call it and they'll just sit there and collect all the data they can about everything that's going by on the network and every Bluetooth thing that they can find. And all of that feeds that entropy pool and it, you know it gets pretty chaotic pretty quick. So anyway, that's all of that um it quippy. So let's uh, let's dive into our ending show. I know ken at least has some ending notes here, uh, but we're gonna let rob go first, because he is the one on the left, that's uh right to left across your radio dial. So, rob, it's an old joke man, never mind, rob. Any closing thoughts for us?
01:22:12 - Rob Campbell (Co-host)
Just the usual. If you want more of me, come connect. You can find me at robertpcampbellcom and on that site you can find links to my LinkedIn, my Twitter, my Blue Sky Mastodon and a spot to donate me coffee in five hour increments.
01:22:30 - Jonathan Bennett (Host)
Yeah, very cool. All right, and Ken.
01:22:34 - Ken McDonald (Co-host)
Well, let me unmute myself first. You did, but I got a link in the show notes that I thought might be interesting. Show notes that I thought might be interesting it's an article by Joe Brockmeyer about an Emacs-like web browser called Nix Cool. What if Emacs was a good web browser? Huh.
01:23:00 - Jonathan Bennett (Host)
That's great. And to explain my joke, there was a US sports commentator way back in the day, kaywood Ledford, and one of the things that he would say at the beginning of games, like a football game, is he would talk about you know, they're moving from left to right, that's right to left on your radio dial. That was just one of his. You know one of his jokes that he would tell in introducing it in the sport. I'm kind of surprised that Rob's not familiar with this. It's a piece of Americana, man, oh well.
01:23:36 - Rob Campbell (Co-host)
I live pretty close to Canada so I don't know.
01:23:40 - Jonathan Bennett (Host)
That explains a lot, actually, rob. All right, it has been fun. Thank you guys. We appreciate it. I will quickly plug Hackaday. If you want to follow what's up with security and you want to read about it, that is, you can come check out the security blog over there. Friday mornings is when that goes live. We've also got Floss Weekly now at Hackaday and that goes live on Wednesdays and we have a lot of fun with that as well. Occasionally get some of the guys from here over there and we sure enjoy it. Hope you appreciate it. Check it out. Appreciate everybody being here for Twit and if you're not part of Club Twit, you should really think about it. It's the price of one or two coffees Depends on where you live per month and definitely worth looking at. If you're not part of Club Twit, you should take a look. We appreciate it. Thank you everyone. That gets us both live and on the download and we will see you next week on the Untitled Linux Show then I would love to invite you to join a tech community like no other.
01:24:46 - Leo (Announcement)
You can gain exclusive access to our incomparable quality tech content with Club Twit. As a member, you'll enjoy all Twit TV shows ad-free plus access, private video feeds for insider shows like iOS Today, home Theater, geeks and so much more. Dive into the members-only Twit Plus bonus feed for behind-the-scenes content, club discussions and special events. But here's the best perk Join our incredible Discord community to watch live show productions, chat with hosts and participate in exclusive members-only activities. It's your backstage pass to the world of Twit. Whether you're a tech enthusiast or a lifelong learner, club Twit elevates your knowledge while entertaining your interests. Get two weeks free when you sign up now and unlock unparalleled access at twittv slash club twit. That's twittv slash club twit and, from the bottom of my heart, thank you and welcome to the club.
