Untitled Linux Show 236 Transcript
Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.
Jonathan Bennett [00:00:00]:
This week we're talking about accounting using Open Source software. We talk about QEMU and virtualization. There's the big court case and not everybody is happy about it. And Paper Moon. That's right, we're sending Linux to space. It's a lot of fun, you don't want to miss it. So stay tuned.
Rob Campbell [00:00:19]:
Podcasts you love from people you Trust. This is TWiT.
Jonathan Bennett [00:00:28]:
This is the Untitled Linux Show. Episode 236, recorded set Saturday, January 3rd. Still waking up. Hey folks, it is Saturday. It happens to be the first Saturday of the New Year. We took a little bit of a break and we're back. It's time to get geeky about Linux and Open source, some hardware, all kinds of fun stuff. And we brought back one of our team members almost from the dead.
Jonathan Bennett [00:00:53]:
Ken has worked himself almost to death over the holiday season. And Rob is back as well. Greetings to both of you. Glad to have you both back.
Ken McDonald [00:01:00]:
Wasn't dead, just in coma for a week after all that work.
Jonathan Bennett [00:01:05]:
I don't know, I feel like we were all kind of in a coma in that week between Christmas and New Year's. It's the closest thing to a golden week that we have here in the Western world.
Rob Campbell [00:01:14]:
Still waking up?
Jonathan Bennett [00:01:15]:
Yeah, still waking up. Fun times. All right, Ken, do you want to go first? See, you've got a very timely story from me and I'll tell you why once you go through it. But this, this is a thing that I actually worked with this past week. What you got, Ken?
Ken McDonald [00:01:32]:
Well, I'm going to be talking about Gnucash because just before Christmas 9 to 5, Linux reported on the release of the latest stable version of the open source free and cross platform double entry accounting software for GNU Linux, macOS and Windows systems. And we call that GNUCash. In this case it's version 5.14. Now this latest version includes support for US bonds on the new Finance double quote or excuse me, double colon quote module to get prices for series E, double E and and or I bonds. There's also a new postpone column to the scheduled transactions list for postponing scheduled transaction instances, the removal of China Merchants bank from quote sources and the removal of the Bulgarian, assuming this is pronounced lev L E v or as it's shown for the symbol BGN currency as it's replaced by the euro beginning the first of this year. Now GNU Cash 5.14 also improves the algorithm behind auto clearing transactions to handle up to 30 uncleared transactions in an account reasonably quickly. Excuse me, It Also adds support for changing the transaction report only when Show Only subtitles is selected and improves stale account balances and the Grand Total field during our column during transaction import. It also fixes crashes in processing invoices and creating multi commodity transactions due to premature destruction of the account tree view.
Ken McDonald [00:03:45]:
Improves the XML backend to speed up parsing of node text and of GU IDs replaces the deprecated G underscore binding underscore get underscore target Improves some translatable strings and don't die Kim Excuse me, Just weather's got my throat dried out and that always sets me off coughing in the winter. But it also increases the GNU C Library to version 2.68 and brings a variety of memory leak fixes and efficiency improvements. Now I'm going to recommend checking out the link in our show notes for more details about the changes included this update, as well as how to obtain GNU cache 5.14 and I think we've already posted that in the discord, haven't we?
Jonathan Bennett [00:04:45]:
Probably. All right, yeah. Like I said, I ended up doing some work with new cash this week. One of my customers is an accountant and he called me up and he's like, hey, I found this new accounting program that I wanted to try out and I went and I looked at it and it seemed like it was legitimate, it was open source, but it was ran in a Docker on a web server.
Rob Campbell [00:05:10]:
And I'm like, I don't know that.
Jonathan Bennett [00:05:11]:
That'S for sure what you want. And he was telling me later, he's like, yeah, I'm just looking for something like for a real simple customer I'm doing their taxes for. Sometimes we just need a bookkeeping system to build a punch, you know, a year's worth of stuff into, and it doesn't make sense for me to pay for a whole year's worth of QuickBooks Online. It's like, well, let me show you new cash, get into it and start looking at it. He's like, ooh, this is really good. This is exactly what I wanted. So we did a new cash install for him. I'm actually going on Monday and I'm going to help him.
Jonathan Bennett [00:05:43]:
He's got a particular way he likes his accounts laid out, and on Monday I'm going to go, he's got it set up for one customer. We're going to turn it into a template for him so that he can go to another customer and just say set up using this template and it'll put all of those accounts up there.
Rob Campbell [00:05:58]:
For him an accountant likes it must be pretty good.
Jonathan Bennett [00:06:02]:
Yeah, well, I mean, you think about it, it's essentially just in many ways a real simple double accounting system. So you just, you set up all your accounts and money moves from one account to another. It looks a lot like the way a check register works or the old school account register. So yeah, I mean of course the accountant likes it. He actually understands what's going on under the hood.
Rob Campbell [00:06:25]:
Yeah, I used to use it, but it's probably been over a decade.
Jonathan Bennett [00:06:31]:
Yeah, I mean there's some things that you don't want to try to run payroll out of it, I wouldn't think.
Ken McDonald [00:06:35]:
But out of GNU cash?
Jonathan Bennett [00:06:37]:
Yeah. I don't know.
Ken McDonald [00:06:40]:
I've never tried running payroll.
Jonathan Bennett [00:06:42]:
It's complicated.
Ken McDonald [00:06:44]:
I do use it on a daily basis because I'm at least spending 30 minutes every day logging in and managing what's on what my bank says I've spent to what GANU cash shows.
Rob Campbell [00:06:58]:
Yeah, 30 minutes a day. How much money is going in and out of your accounts, Ken?
Ken McDonald [00:07:04]:
It's not how much, it's how many transactions there are at it.
Jonathan Bennett [00:07:09]:
Yeah.
Rob Campbell [00:07:10]:
You do a microtransactions? You playing Fortnite or something?
Ken McDonald [00:07:15]:
No, my wife does microtransactions at the local store.
Jonathan Bennett [00:07:20]:
Fun. All right, well, let's move on and talk about one of Rob's favorite things to talk about.
Rob Campbell [00:07:28]:
I like to bring it up every.
Jonathan Bennett [00:07:29]:
Once in a while. And by every once in a while he means every month.
Rob Campbell [00:07:32]:
Not every month. I do not bring it up every month though it has every quarter. It has been a few times recently because you know, just in our annual predictions episode that just aired last week, one of my predictions was that Linux would pass 3% on, on the Steam survey. And, and in that episode we announced that, that I got it, that one correct. With Linux hitting 3.05% in October.
Ken McDonald [00:07:59]:
Well, you were low.
Rob Campbell [00:08:01]:
That story isn't over yet. It doesn't end there as, as we now have the numbers in for December where Linux hit 3.19%. So if this trend keeps keeps up, I will be well on my way to my predicted 4% for 2026. Already a good start going. What I find even more amazing is, is I remember reporting when, when we broke 1% only a few years ago, apparently back in 2013, somehow we broke 1% on the survey. But then they changed some things or something. But anyway, just a few years ago they broke 1% again with maybe more accurate data and you know, we're inching our way closer to that 5% and that. That magic 5% number where all the developers just start making everything for Linux.
Jonathan Bennett [00:08:58]:
Is that how that's going to work?
Rob Campbell [00:09:00]:
Anyway, so the December 2025 report comes in with Linux at 3.19%, macOS at a very sad 1.86%, Windows 11 at 70.83%. So, you know, we're making gains if you look at the current. But if you do Windows as a whole, they're only at 94.95%, which is still down. From where? From their high, where they've been in the past. So we're making some grounds. We'll get there.
Jonathan Bennett [00:09:37]:
Anyway.
Rob Campbell [00:09:37]:
A further breakdown of Steam on Linux places Arch at the top with 0.3% of that. Linux Mint number two with a surprising 0.2%. Then Ubuntu is half of that and only 0.1%. Times are changing somehow. I don't know why. But below that, in order, we have Endeavor os, then Fedora, then Ubuntu Core. Even if you had Ubuntu Core to the. To the other Ubuntu in the slot, it's still below Mint somehow.
Rob Campbell [00:10:13]:
And then Manjiro. So are there any surprises in that list for you? I thought Cashew was making more headway, but they're not on that top list yet. Any surprises you see about that?
Jonathan Bennett [00:10:31]:
Is there a surprise that we should see?
Rob Campbell [00:10:33]:
Well, I don't know if it's there.
Jonathan Bennett [00:10:35]:
I'm missing it.
Rob Campbell [00:10:36]:
I'm surprised. In some ways, I'm surprised. Lennox. Mint, just because it kind of lacks a lot of the gaming features, you know, the hdr, the vrr, that. That's a top contender for gaming stuff. Though at the same time, Mint is very frequently recommended out there because it's very Windows, like by default. So it's an easier transition, many say. But yeah, I don't think it's the best gaming platform, but I guess if you don't have an HDR VR, you know, a nicer monitor like that, then.
Ken McDonald [00:11:14]:
Well, one thing that I'm curious about is why we're seeing that Ubuntu Core 2264 bit, why people are installing Steam via Snap. The Ubuntu Core is a Snap.
Rob Campbell [00:11:30]:
Yeah. Well, I don't know if it's surprising that's being installed as a Snap, but it is surprising that that's above Manjaro, which at one time was kind of thought of as a decent gaming platform or Cashy or I mean, really a lot of others.
Jonathan Bennett [00:11:46]:
So what Distro is going to Install it as a Snap by default. I feel like that's the question to ask to really understand that some distro out there, one or two of them, is installing Steam as snaps for people. And that distro is way underrepresented in this list because it's showing up as this instead.
Rob Campbell [00:12:06]:
Yeah, Ubuntu.
Jonathan Bennett [00:12:07]:
Yeah. So there's more Ubuntu users.
Ken McDonald [00:12:09]:
What version of Ubuntu, though? I'm going to guess it's something older than 2403.
Rob Campbell [00:12:15]:
Oh, I see what you're saying. The fact we don't know what they're using because it's a snap.
Jonathan Bennett [00:12:22]:
Yeah.
Rob Campbell [00:12:23]:
Though that.
Jonathan Bennett [00:12:25]:
I mean, it's probably Ubuntu.
Rob Campbell [00:12:26]:
Well, Ubuntu Core is showing up on there, so.
Ken McDonald [00:12:31]:
But it's not being added into the Ubuntu 2403.
Rob Campbell [00:12:36]:
Right.
Jonathan Bennett [00:12:36]:
So people are running the Snap. The Snap is built on top of Ubuntu Core. That doesn't necessarily mean that that's what their bare metal Linux is. It's probably. It's probably Ubuntu 24, 2504, probably 2504.
Ken McDonald [00:12:52]:
2510, open SEUSS, tumbleweed or somebody.
Rob Campbell [00:12:57]:
Or if somebody else wants to do snaps anywhere. I mean, you can do them anywhere.
Ken McDonald [00:13:00]:
So any of the others that work fairly good with snaps.
Rob Campbell [00:13:06]:
Yeah. So what you're implying is that those really aren't people installing Ubuntu Core and then installing Steam. That's just what's showing up because it's Snap and isolated and that's how it's built.
Ken McDonald [00:13:18]:
And it's using the Ubuntu Core based on Ubuntu 22.04, I would assume.
Jonathan Bennett [00:13:25]:
I would assume that's what that means. Yeah.
Leo Laporte [00:13:27]:
Interesting.
Jonathan Bennett [00:13:28]:
Would assume. All right. Yeah, very cool. Good to see the numbers rising. Fun to see it. And we've got some more stuff to talk about. We're going to take a quick break though, and we'll be back right after this.
Leo Laporte [00:13:40]:
Hey, Untitled Linux Show. I've run out of Claude credits, so I got a minute. Can we talk about Bit Warden? Hey, our show today, brought to you by Bit Warden. Don't you love Bit Warden? It's open source, the trusted leader in password, passkey and secrets management. And I don't know about you guys, but I'm telling everybody I know. All those relatives who just live in insecurity, they write their passwords on a post it note, stick them to the screen, or worse, they just say, oh, I don't need to write it down. It's monkey123 everywhere. No, I tell them about Bit Warden.
Leo Laporte [00:14:17]:
Bitwarden is consistently ranked number one in user satisfaction by G2 and software reviews over 10 million users across 180 countries. Here's the thing that surprised me when I first heard it. 50,000 businesses use Bitwarden. But if you think about it, it makes sense. A business isn't secure if its employees aren't using good password hygiene, right? You need Bitwarden. It keeps it secure all year long. One of the things I love about Bitwarden, because it's open source, constantly being improved and updated. They just added the new Bitwarden Access Intelligence.
Leo Laporte [00:14:52]:
Do you know about this? This is for enterprises. Organizations can use it to detect monkey 1, 2, 3 weak passwords, reused passwords or credentials that have been exposed in a breach and immediately in without leaving the program guide remediation. Replacing risky passwords with strong unique ones. That is a fantastic feature. It closes a major security gap because as you know, credentials are the top cause of breaches. Credential stuffing, I mean it's. And then they that breach leads to more breaches. But with access intelligence, those exposed passwords, those bad passwords, those reused passwords become visible, prioritized and corrected before they can be exploited.
Leo Laporte [00:15:38]:
That's what you need for your business. Also, this is something brand new. I just heard about it. Bit Warden Lite. Bitwarden Lite delivers a lightweight self hosted password manager. We know that a lot of your users, a lot of my users, a lot of our friends like to run their own servers in their home labs or for personal projects. They want environments with quick setup and minimal overhead. And now Bitwarden Lite, it's enhanced with real time vault health alerts, password coaching features.
Leo Laporte [00:16:12]:
This is across the board with Bitwarden to help users identify weak, reused or exposed credentials and take immediate action to strengthen their security. Look at this. These guys, it's just getting better and better all the time. Bitwarden is easy to use and easy to move to and now supports direct import from Chrome, Edge, Brave, Opera and Vivaldi browsers. Direct import copies or imports, if you will, credentials from the browser into the encrypted vault without requiring that separate export into plain text. That scares me and you and everybody else. That's fantastic because you want to get those browser passwords out of the browser, securely move them to Bitwarden. This simplifies the migration, helps reduce exposure associated with, you know, that step of exporting and leaving in your download folder a plain text version of your passwords.
Leo Laporte [00:17:00]:
You don't have to remember to delete all of that stuff. It's just boom. G2 Winter 2025 just came out. Reports Bitwarden continues to hold strong as number one in every enterprise category for six straight quarters. Bitwarden setup is easy. It supports importing for most password management solutions. When I moved, it took me a few minutes. Was so easy.
Leo Laporte [00:17:22]:
Steve Gibson Same thing We use Bit Warden My main reason in using Bit Warden I am a strong believer that if you're going to use crypto of any kind, it has to be open source so that you know, there's no backdoors, there's no government intrusion, that it's done right. It's using standard, well known established crypto protocols. That's why I use Bitwarden. It's open source, means you can look at it. It's on GitHub, but it's GPL licensed, but it's also regularly audited by third party experts. Look, get started today. If you're not using it, try it now. Bitwarden has a free trial of teams or enterprise plan and of course for individuals, get started for free and free forever across all devices.
Leo Laporte [00:18:04]:
Unlimited passwords, passkeys, yubikeys, other hardware keys for individual users. Bitwarden.com TWIT will you use that address so they know you saw it here? Bitwarden.com Twitter I've taken up enough of your time. Back to Untitled Linux Show. I think my Claude credits have renewed.
Jonathan Bennett [00:18:24]:
Thanks guys. So we've talked a bit about the lawsuit between the Software Freedom Conservancy and Vizio the TV maker. And I think two weeks ago we covered a bit of an update there where the, the judge rejected some rather odd arguments that Vizio was making. Well, this, this, it's not over. And a few more people have weighed in on the situation, one of which being Linus Torvalds himself who has opinions. And one of the, one of the best places actually I found covering this is Brady Robertson, friend of, friend of this show, friend of mine, talking about all the different things going on and trying to, you know, trying to cut a line between what is being said and how the, the, the, the legal part of it works out and how the actual license part of it works out. So one of the things that you have to keep in mind is the Linux kernel is GPLv2 and basically all of the things at play in this lawsuit is either GPLv2 or LGPL. I think it's 2.1 and one of the.1 of the changes that was made in GPLv3 was they added the tivoization clause, which is an interesting thing.
Jonathan Bennett [00:19:54]:
And so what happened, what TiVo did, by the way. So we'll dive into a little bit of history here. TiVo shipped DVRs, digital video recorders, TV boxes that were based on Linux. And you know, people then said, hey, it's based on Linux, you have to give us some source code. And then people went in and started running their own code on these TiVo boxes. Well, TiVo in, like their version 3 of the hardware, they added a feature, a miss feature, some might say, where it would detect if someone is doing this. You know, if someone actually installed their own, say, bash or their own kernel or whatever on one of these boxes, it would trigger a sort of a cryptographic tripwire and it would disable the proprietary TiVo stuff running on it. And so, you know, the actual, like decode the TV channels and record video to disk and all of that.
Jonathan Bennett [00:20:53]:
If I had to guess, and I don't know this for sure, but if I had to guess, that was probably actually a bit of an anti piracy measure. They didn't want people to be able to go back in and back these shows up off of their, off of the hard drive because that would then raise copyright questions for TiVo itself. So this was a thing, this sort of tripwire built into these tivos really annoyed a lot of people, including Richard Stallman. And they wrote the GPLv3. And one of the things that it specifies is that you can't do this. You can't have, you can't lock down your hardware in such a way that it ceases to function if you exercise your rights under the GPL and install your own code to it. Okay, now GPLv2 does not necessarily include that feature as part of its rights given by the license. It does, however, have reference to the scripts and such that you need to be able to install the software.
Jonathan Bennett [00:22:00]:
And so there is sort of a lightweight version of that, you know, so in the case of Vizio, Vizio would have to give people some tooling to be able to install software on their TVs, particularly that does not include cryptographic keys with the GPLv2. All right, so that's the background here. This lawsuit between the Software Freedom Conservancy and Vizio Software Freedom Conservancy is sort of making the case. They're asking the judge to say that the GPLv2 includes more of these protections, basically saying you have to make it possible for people to install their own software and you can't break the existing functionality when you do so, which again, that's sort of a GPLv3 claim. Well, this Torvalds took to social media, of all places, and his comment was that he didn't feel that it was directly related to the kernel, so he didn't want to put it in the Linux kernel mailing list. So he used, I think it was a Mastodon server somewhere. He's got an account and made a comment about this and basically said, I wish the SFC would stop this because the thing that they're arguing for, basically everybody knows the GPL V2 does not. It does, it does not include.
Jonathan Bennett [00:23:24]:
And you're sort of making a bad legal case here. And of course somebody from the SFC has responded and said, no, no, you didn't actually read our ruling. And all of this to say that like, legal issues are hard. And it is a tip of the hat to Simon Phipps for this. Legal documents, particularly software licenses, they don't compile, they don't compile down to a precise meaning. It is all based on the way a judge rules on it. And some of these questions, like there's not solid answers until it goes through court cases. And this is one of the first times that we are sort of looking at these questions around GPLv2 in a court case.
Jonathan Bennett [00:24:12]:
And so it's a very, it's a very hairy problem, a very hairy case. And you know, we'll see exactly how it all shakes out. It still seems to be going in the, you know, in a, in a good direction. The judge is not looking at ruling that the GPLV2 is, you know, an invalid license or what have you. But there is some disagreement here in exactly how, in what it should mean and what it does mean. And it'll be really interesting to see when we get the final ruling from the case. And then of course, people that are actually lawyers will look at it and tell the rest of us what they think it means. There will be follow on effects from this for a long time.
Jonathan Bennett [00:24:54]:
But this was the very short version. If you want the longer version with links to all the things, go watch Brody's video. It's really good. There you go. I did watch. Was fun. I've been watching this case for a while too.
Ken McDonald [00:25:10]:
Fun, funny, interesting.
Jonathan Bennett [00:25:15]:
Yeah. All the above. All of the above. And you know, it's a big deal for those of us that use GPL software and that really like the copy left features of the gpl.
Ken McDonald [00:25:32]:
Basically, it just requires that the software that they included on their system, that they provide a copy of the source code. It doesn't specify what format, though.
Jonathan Bennett [00:25:47]:
It doesn't.
Ken McDonald [00:25:48]:
They printed it all out. Melt it to them with this.
Jonathan Bennett [00:25:50]:
You could do that, yeah. Yes. Really a question here, though, is what else it requires other than just the source code? Because the GPLv2 does talk about the scripts and other tooling that you need to actually install on the hardware or to install the program, I think is.
Ken McDonald [00:26:08]:
Exactly what it says on any specific hardware, on any hardware you want to.
Jonathan Bennett [00:26:14]:
I'm not sure. I don't know exactly what it says as far as that goes. And, you know, that's sort of important to the court case. But yeah, they.
Rob Campbell [00:26:22]:
If they print all that out, that'd get pretty expensive. I don't think they want.
Ken McDonald [00:26:25]:
No, no. Well, no.
Jonathan Bennett [00:26:26]:
And that's sort of the point. That's all. That's always been the point of, the point of the GPL is, you know, it's just the easiest way to comply with it is host the source code somewhere on the Internet. Now, that may not have been the case when it was first written, like mailing discs to someone may have been the easier way back when it was, you know, 1993 or whatever. But very, very quickly it became the case that you just, you put it on the Internet and people can go download if they want to.
Ken McDonald [00:26:55]:
Now, here's my question. Is the TV in question still under warranty?
Jonathan Bennett [00:27:02]:
Oh, I don't know. Probably not. They're probably old enough now that none of them are. I don't know.
Rob Campbell [00:27:07]:
Yeah, I don't think their warranties are very long. So.
Jonathan Bennett [00:27:10]:
Do you void your warranty by installing Bash on it? I don't know.
Ken McDonald [00:27:15]:
Do you void your warranty, period, by installing anything on it after the fact?
Jonathan Bennett [00:27:20]:
I mean, companies like to void warranties whenever they can, so probably. Probably. All right, we gotta talk about qemu and Ken has got this story and I don't know, can you install QEMU on your tv? If your TV has the right hardware extensions on it, I bet you can. Ken, what's new with Qemu?
Ken McDonald [00:27:46]:
Well, I'm going to thank 9to5 Linux again because they also reported on another. I'm going to call it a Christmas present, the release of QEM 2.10.2, bringing new features and improvements for next generation emulation. Excuse me. This release introduces live update support via a new CPR exec migration mode which allows for reduced resource usage when updating virtual machines and potentially for reusing existing state connections throughout. Update QME QEMU 10.2 promises performance improvements via switching to IO earring for QEMU's main loop 9 PFS shared file system support for FreeBSD host lots of fixes and enhancements for user mode emulation and replay protected memory block or sometimes referred to as RPMB emulation support to the EMMC device model. The changelog list updates for several architectures including ARM, HIPAA or, excuse me, HPPA, Lung, Arch, PowerPC and RISC via RISC V. For more details, I recommend reading the article linked in our show notes because there's a lot there that I didn't cover.
Jonathan Bennett [00:29:28]:
Yeah, it's amazing how much QEMU gets used for stuff. You know, you probably don't use it directly for much of anything, but I'll tell you, people doing development for some of these odd architectures, they do a lot of that development through qemu.
Ken McDonald [00:29:43]:
I'm going to be using it later tonight before the show's over.
Jonathan Bennett [00:29:47]:
What are you doing? Qemu?
Ken McDonald [00:29:49]:
I'm going to run my virtual machine for OpenSUSE.
Jonathan Bennett [00:29:54]:
There you go. Yeah, Internet uses a lot of the QEMU tooling.
Rob Campbell [00:29:59]:
Yeah. And most of The Hidden behind VirtManager, most of the VPs is online ProxMox. Pretty much every VM on Linux almost uses it.
Ken McDonald [00:30:12]:
Yeah, lots of faxes I was checking. I'm running 10.1 of QEMU.
Rob Campbell [00:30:21]:
Time to update.
Jonathan Bennett [00:30:24]:
Yeah, of course. All right. Rob has another server story that we're going to talk talk about. Maybe not something that you really think about running as a server, but it's out there. We're gonna talk about it right after this.
Rob Campbell [00:30:37]:
Well, I don't know if it's out there yet, as Jonathan mentioned before the break, but. And? And although Cashios also didn't make the top list on the Steam survey, it has been continuing to grow in popularity in 2025. Their optimizations have made it a popular gaming platform and the fastest Linux desktop according to many benchmarks. This has motivated the team to keep pushing Kashi to the next level. They posted a 2025 recap blog post of their achievements in the past year and the things that they have done for Kashi. And near the end of that blog post, they posted a paragraph of what we can expect in 2026. Say quote. It's going to be a direct quote from their blog post.
Rob Campbell [00:31:30]:
In addition to our ongoing PGO and auto FTO optimizations, we are developing a specialized server edition for NAS Workstations and server environments. We intend to provide a verified image that hosting providers as you just mentioned you can deploy for their customers. And interjecting here like the VPS is using qemu back to the quote. This edition will ship with a hardened configuration, pre tuned settings and performance optimized packages for web servers, databases and more. So first on that statement.
Ken McDonald [00:32:17]:
For those.
Rob Campbell [00:32:17]:
Unfamiliar with the terms to clarify PGO and auto FDO optimizations. These are advanced compiler optimizations that enhance performance which is one of the big things that has made Cashy so high performant and popular. Next I want to touch on the big story here. In that statement is the plan to create a cacheOS server edition. This sounds pretty cool on the face of it, but I'm wondering about how they will implement this. You know they say Harding and all that's hardening and all that stuff but and, and I love a rolling Linux distro for my desktop. I love having the latest and greatest and my desktop crashes, it's not a big deal. But generally for server you want something that's going to be stable with minimal changes.
Rob Campbell [00:33:12]:
So with with their current rolling Arch Linux design, you know they that they use for desktop I'm wondering what they will do different for the server. You know in most cases I don't think I would recommend a rolling distro for a server. Maybe there's some weird niche case if you have regular snapshots backups maybe. But you know maybe there could be something if it's done right but you know or are they going to somehow take this distro based on Arch and make it into a fixed release distro something a little more suitable for a server. Or maybe the Cash U. S server release will be based on something other than Arch but to keep it being cache will have their kernel optimizations applied to it. So you know I'm thinking maybe their server they could rebase on something like Debian and you know that might be the most realistic rebasent for for the Cashy server and but then put in their their kernel optimizations I think that would be the most realistic way for them to do it. But again it also may not be quite as interesting as seeing one of the first and I'm aware of rolling rolling release server distros.
Rob Campbell [00:34:35]:
Either way I'm interested to see what they do. I don't know that I'll use it unless I don't know it's hard for me to think that I would use it but maybe if they do it right I'LL maybe I'll have to try it out. We'll see, see what 2026 brings.
Jonathan Bennett [00:34:53]:
Yeah, it's interesting. It's fun to see the new ideas sort of popping up and, you know, people doing servers, trying to be based off of these, these new concepts. I, you know, some of them, some of them will stick for sure and you'll eventually see more, more and more of these following sort of the Cashios design. So elements of it. Right. Certain elements of it'll stick and become ubiquitous and then I'm sure certain things that they're trying will just sort of fade away. Yeah.
Rob Campbell [00:35:22]:
If they keep it rolling like an Arch distro server, maybe, you know, less critical things, maybe a game. Game servers and I don't know. Yeah.
Jonathan Bennett [00:35:33]:
So, I mean, think about it though. What's the, what's the sketchiest thing that you do with your servers? Trying to keep them up to date. It's major upgrades, isn't it? It's always been my thing. Yeah. So if you can really nail the rolling upgrade, I mean, that would be great for a server. Just keep it going forever, though.
Rob Campbell [00:35:52]:
The criticism people have on Arch, which honestly the, the couple years I ran it, I never had a break on me, but the criticism a lot of people have is that, you know, all these updates, something's not going to be lined up. Right. And it breaks it. And even, even the other guy's name, what's his name?
Ken McDonald [00:36:13]:
Who's Jeff?
Jonathan Bennett [00:36:14]:
Jeff. There we go.
Leo Laporte [00:36:15]:
I'm.
Rob Campbell [00:36:17]:
Even Jeff.
Jonathan Bennett [00:36:18]:
You were joking.
Rob Campbell [00:36:19]:
No, no, I, I, I just blank out sometimes. You know, I'm still waking up.
Jonathan Bennett [00:36:23]:
Yeah.
Rob Campbell [00:36:24]:
From, from the new year. But even, even Jeff broke Cashy OS on his desktop. Don't know, you know, why, if Cash is to blame or if it's just something that just happens sometimes things break. But so, yeah, may not be something, you may not be something on the server if, if you're just going to do it like that.
Jonathan Bennett [00:36:46]:
Yeah, absolutely.
Rob Campbell [00:36:47]:
If you're just, if you're just going to take cache and harden it, you might want to do a little more than that.
Ken McDonald [00:36:54]:
Well, from what I'm getting here and from what you've said, I think this is more of a gaming server than it is as a file system server or the type of server we normally think of when we say server.
Jonathan Bennett [00:37:14]:
Yeah, but I mean, what's the difference? They're still doing something that you want to stay up and they're, they're serving packets. So, I mean. Yes, but also it's not that big of a distinction I think I'm just.
Ken McDonald [00:37:29]:
Trying to think what network attached storage device you'd put a Cashios server on.
Rob Campbell [00:37:36]:
Well, if you make your own nas.
Jonathan Bennett [00:37:38]:
I mean, I mean the server might be the NAS.
Ken McDonald [00:37:43]:
In other words like I was talking about earlier tonight.
Rob Campbell [00:37:46]:
Yeah, it can be a home built nas. You know a NAS doesn't have to be, you know, a box that you buy pre built with NAS software and all that on it.
Ken McDonald [00:37:59]:
Now would you want to use a Lenovo Legion go as a server?
Jonathan Bennett [00:38:05]:
I mean basically any hardware can be a server. Is that what you've cut, Ken?
Rob Campbell [00:38:11]:
You would not want to.
Ken McDonald [00:38:13]:
That's a handheld device put out by Lenovo for SteamOS.
Jonathan Bennett [00:38:19]:
That's right, yeah. I mean it's got a battery built into it, doesn't it?
Ken McDonald [00:38:24]:
Yep.
Rob Campbell [00:38:25]:
You could, you wouldn't want to. His question was would you want to.
Jonathan Bennett [00:38:29]:
Built in battery backup?
Rob Campbell [00:38:30]:
I mean I guess it's small if, yeah, low power usage, building battery backup, unneeded screen.
Jonathan Bennett [00:38:38]:
But I mean sometimes it's nice to be able to go and actually poke at the server and see what's on the screen.
Rob Campbell [00:38:45]:
It'd be overpriced for underpowered server.
Jonathan Bennett [00:38:50]:
Yeah, that's probably true. That's probably true. All right, well there is another place that people are thinking about putting Linux servers and that is we are literally thinking about sending them to space. Well, we've already done that but every one of those Linux servers in space is something of a bespoke solution. So you've got companies like SpaceX that run their rockets with Linux. The laptops and the International Space Station are running Linux and have for a while now, reportedly because they couldn't keep viruses off of them when they were running Windows. I don't know if that's entirely true or not, but it's a great story and I'm going to stick with it. Then there is of course one of the Mars rovers, the helicopter inspiration I think it was called or Endeavor, oh my goodness, I can't remember the name of it, but famously ran Linux.
Jonathan Bennett [00:39:41]:
And, but each of these it's been sort of a start from scratch, build your own ingenuity. It was ingenuity, start from scratch, build your own Linux os. Well, there is a, there is a group that is looking at changing this. And so at the Open Source Summit in Japan, Ramon Roche, general manager of the Drone Code foundation talked about this and that. You know, Linux is quickly becoming the standard for space. But that there's no, there's no sort of unified approach to this. And so now there is a group that is looking into this. Like let's take a look.
Jonathan Bennett [00:40:26]:
What can we do? Can we make a standard Linux core built on top of one of the something like Yocto Linux or OpenEmbedded and then can we add board support infrastructure as a layer in there and then have a mission specific user space running framework at the top? That is their goal and they call it papermoon. So if a really interesting name. I'm not sure exactly where that comes from but there is now a working group that is looking at Papermoon as a possible standardized Linux. Not really a distro, sort of a distro, more like a toolkit you would say for doing this sort of space Linux stuff. One of the other really interesting things from this is that Microchip actually has a radiation tolerant soc. It's called the mpsoc which seems to be running RISC V. But yeah, it's really, it's really, it's really fascinating to me that they are. They are looking at doing this.
Jonathan Bennett [00:41:40]:
I'm trying to see if this is a Linux foundation project. Project has been incubating inside the Linux Foundation's ELIZA working group the enabling Linux in safety applications. And so yeah, they are tied in with the Linux Foundation. But again I think it's neat that this is becoming sort of a standard Linux becoming the space standard. We're going to the moon in other places. I think it's pretty cool.
Rob Campbell [00:42:10]:
Linux is the standard for everything. Why not for space?
Jonathan Bennett [00:42:13]:
Yeah, I mean why not?
Rob Campbell [00:42:14]:
Why not? It's like the old trope Linux run. Oh look, I found Linux running on this. Oh look, I found Linux running on that. And then people just stop because it just runs everywhere.
Jonathan Bennett [00:42:23]:
Just runs everywhere. It's true in some cases literally on your toaster.
Rob Campbell [00:42:33]:
And on your tv. As you said earlier, this.
Ken McDonald [00:42:39]:
Trying to think how many different versions of Linux have been or distributions of Linux have been used for various space programs.
Jonathan Bennett [00:42:50]:
Well, so you've got. I think it's Debian that they put on the laptops in the International Space Station and I don't know if it's still Debian there. If they've gone through different districts Astros and then there's whatever was on Ingenuity, the helicopter and then you know every other space launch supplier that puts it on their rockets. Like SpaceX has something. Yeah.
Rob Campbell [00:43:08]:
And then whatever was on that Red.
Jonathan Bennett [00:43:11]:
Hat or Fedora I have, I, I doubt it. I guess it's possible in some cases but I'm not familiar with Red Hat or Fedora going into space this is.
Rob Campbell [00:43:22]:
A question for you NASA listeners out there. Let us know.
Jonathan Bennett [00:43:25]:
Yeah, which Linux distros have been to space? It's a great question. Ken is actually about to talk about a new X server. We're going to get into that right.
Ken McDonald [00:43:37]:
After this and want to thank Bobby Barasol because while writing for linuxiac, he informs us of another alternative to projects such as EX Libre's X Server and Wayback for extending or replacing Xorg. I guess you could say it helps to raise it from the ashes, so to speak, since it is called Phoenix. Phoenix is a new X server project that takes a fundamentally different approach to x11. It is written entirely from scratch in Zig, a general purpose programming language and toolchain for writing and maintaining robust, optimal and reusable software. According to Bobby, Phoenix is not yet another fork of the XORG code base and doesn't reuse Xorg's legacy code. According to the developers, Phoenix aims to show that the X11 protocol itself is not inherently obsolete and can be implemented in a simpler, safer and more modern way. Phoenix supports only the X11 features that modern applications require, including odor software like GTK2 based programs. Now Phoenix keeps things simpler while still supporting many applications by omitting rarely used or outdated parts.
Ken McDonald [00:45:10]:
Phoenix is not ready for daily use yet and can only render simple applications that use glx, EGL or Vulcan Vulcan for graphics that's with fully hardware accelerated and nested in an existing X server now running Phoenix. Nested will be the only supported mode until Phoenix has progress further and can run real world applications. Phoenix address is one of the aspects for which Xorg receives the most criticism. Security by isolating applications and access to the sensitive capabilities such as screen recording or global hotkeys is mediated through explicit permission mechanism mechanic mechanisms. This is done without breaking existing clients as unauthorized access attempts return dummy data rather than protocol errors. Since there is so much more to cover, I recommend reading the article that I have linked in our show Notes. Have either one of y' all read the article yet?
Jonathan Bennett [00:46:27]:
I don't think I have. Just gonna say, you know it's funny, I've got my cell phone on silent, but I don't have all of my meshtastic devices on silent and the mesh here in Lawton is really growing.
Ken McDonald [00:46:39]:
So it's not me beeping tonight.
Jonathan Bennett [00:46:41]:
It was not you beeping tonight. That's funny. Not this time at least not this time. At least. Now I've seen this before. Ken, how familiar are you with Zig itself? That's something I've seen in a lot of different contexts.
Ken McDonald [00:47:02]:
Not that much. I just did a little bit of research before the show the show today and it sounds interesting. So if you're already a C or C programmer, it should be easy for you to switch over or pick up Zig and start using it.
Jonathan Bennett [00:47:18]:
Yeah, I think that is intended to be the idea. I haven't done much with it myself. I haven't looked at it yet. Like I'm still trying to get my head wrapped around Rust.
Rob Campbell [00:47:30]:
Well, if you're not a C or C user or even a Rust user, there is, there are other ways you may be able to contribute to the community.
Jonathan Bennett [00:47:40]:
Oh, Rob, do you have, do you have an alleyway for contributions for someone to consider?
Rob Campbell [00:47:47]:
I do. I have something to talk about here. You know, it's sad news, but it opens opportunities. So for the last eight years, KDE developer Nate Graham has been writing this Week in Plasma. The weekly roundup has helped keep us all in the loop on the happenings with KDE Plasma. You know, even us here at the Untitled Linux show. We've used them as a resource many times. But Nate recently shared that his week or that this Week in Plasma can't stay weekly unless new people step in to help.
Rob Campbell [00:48:29]:
You know, life changed, work got bigger, family responsibilities expanded and, and his time is just tighter now, especially, especially with his new role at Tech Paladin, which I think we talked to him about several months ago on Floss Weekly. Tech Paladin being a KDE focused consultancy that's doing work with partners like Valve. So for now he's planning to publish every two weeks or maybe even every three or four weeks until someone or a small team can help carry the torch. If you've ever thought I'm not a hardcore developer and I just can't contribute, this is your invitation to rethink that as an opportunity has just opened up. Helping with KDE weekly style coverage isn't just code. It's telling stories and stewardship, collecting notable changes and merges, writing short, clear summaries people can understand, grabbing a screenshot here and there on what's new in KDE Plasma, proofreading, formatting, polishing the posts, those kinds of things. And if you could write, if you can be curious and if you can be consistent, even as part of a small team, you can help keep this tradition alive. These efforts will be missed, but with all volunteer open source projects, you know, real life often just eventually gets in the way.
Rob Campbell [00:50:07]:
But if you can help carry the torch, I know that us here at The Untitled Linux show us. The host would appreciate still having that source available to keep us up to date and in the loop so we can keep the rest of you in the loop on plasma.
Jonathan Bennett [00:50:29]:
I feel this so much reading through what he's talking about. For those that don't know, I. So this is 2026, end of 2025. I wrote my last this week in security blog post over at Hackaday and I've moved on from that for some very similar reasons. More time in the week basically. Yes. More. More work opportunities are here and my children are getting older and they do not like me being cloistered in the office all day and then all night to try to get things done.
Jonathan Bennett [00:51:02]:
So I very much feel for him here and I hope making the change is going to help him out. One less thing on his plate, you know, he's got to be busy.
Ken McDonald [00:51:11]:
I'm just glad to hear that Floss Weekly was not one of those you had to give up. No.
Jonathan Bennett [00:51:15]:
Floss Weekly is. Is something that I've been a part of for too long and care too much about to give that one up. But yeah, something. Something had to give and that was. That was one of them that. That was one of them that did which said about that too.
Rob Campbell [00:51:32]:
And Kurt, Ken, nothing. You're not concerned that this show here wasn't one of them that he had to give up?
Jonathan Bennett [00:51:38]:
I mean you guys know you can't get rid of me that easy.
Rob Campbell [00:51:42]:
No, actually Ken was hoping. He wants. He wants your spot. He's got in for it.
Ken McDonald [00:51:46]:
No, I figured you'd step in, Rob.
Jonathan Bennett [00:51:49]:
That's funny. All right. Yeah. You know, so thinking about the actual, the actual article, I don't know that that's something writing those. That's not something that just anybody can do. It would make more sense for it to be someone that already sort of has their. Their finger on the pulse of the KDE development. But I.
Jonathan Bennett [00:52:08]:
If somebody really wanted to, I imagine you could get spun up into that within, you know, a couple of months and, and just get started on it.
Rob Campbell [00:52:18]:
Yeah. You're not going to just drop in and. And start doing. You have to get into it and.
Jonathan Bennett [00:52:22]:
Yep, yep. I think so.
Rob Campbell [00:52:24]:
And, and. And hopefully like KDE plasma.
Jonathan Bennett [00:52:27]:
That helps. That definitely helps.
Rob Campbell [00:52:29]:
Yeah, it helps whatever you do and it helps to like it. It always makes things a little bit easier.
Ken McDonald [00:52:34]:
Yeah.
Jonathan Bennett [00:52:34]:
Yep. Sure. All right. Well there's one last story that I've got and that is an update on things Asahi. That is of course the in some ways still experimental port of Linux to the Apple hardware. And I think we could say that on the Apple M1 and M2 that support has come along very nicely. Things are working quite well there. I don't actually have one of those devices.
Jonathan Bennett [00:53:01]:
I've threatened for a while now but the right deal has not come along to find one of those old devices. But Asahi works on the M1 and the M2. Apple is all the way up to the M5 and you might ask yourself what gives? What are users of the newer hardware to do? Why are Asahi users stuck in the past? Well, there was a bit of an Update at the 39th Chaos Communication Congress in Hamburg, Germany. This is one of those big hacker gatherings where our people all get together and talk about things going on and probably drink too much and you know, all sorts of stuff happens. But regardless, we got an update there from Sven Peter and he talked about the upcoming changes for the M3 and the problems with trying to get the M4 and the M5 working. So with the M3 there are co processor communication changes. So if you don't know inside these Apple laptops there's not just a single cpu, there's multiple processors. So there's the cpu, there's the gpu, there's also a security co processor and I think there's at least one other.
Jonathan Bennett [00:54:18]:
And these are all talking over internal buses. And so to make things work, the Asahi folks essentially have to reverse engineer those communications and rebuild it, rebuild it inside the Linux source code. And so they're doing this for some of these co processors. That also says that the GPU support for the M3 requires significant work. Not terribly surprising, there is a new contributor, Integral Pilot is the username there. Who that actually is, I don't know, but been working on the M3 bring up and it now runs Doom. You can run Doom on Asahi on an Apple M3 which, you know, that's always a harbinger for good things. The M4 and the M5 are more of a challenge because on the M4 and the M5 the reverse engineering tools themselves are broken.
Jonathan Bennett [00:55:20]:
And so you've got to keep in mind that to make any of this work, one of the first things that the Asahi team had to do was essentially build their own debugger to be able to watch these messages fly around inside the system and get actual instructions, you know, machine code off of the system to see when you first do a boot what machine code happens when you tell the GPU to show something on the screen, you know, what registers are written to what Gets written to ram, what memory accesses happen, you know, all these things. They sort of had to work it out the hard way, bit by bit. And this tooling doesn't even work on the M4 and M5. So I suspect what'll happen is now suspicious, especially now that someone is working on it. The Progress on the M3 is going to pick up and so it's probably going to become a usable system before too much longer, probably in 2026. But you're going to have to have, you know, a solution is going to have to be hit upon to be able to even start working on the M4 and M5. Somebody probably will at some point, but that one's going to be. That one's going to be a while.
Jonathan Bennett [00:56:29]:
So all that to say, don't go. Don't go running out and buy an M5 Mac hoping to put Asahi Linux on it anytime soon because it's. It's still a little ways off. But an M1 or an M2, I'm.
Rob Campbell [00:56:41]:
Still in for an M1 to. To hit a. Hit the right price point so I can do this.
Jonathan Bennett [00:56:45]:
Yeah, yeah. They're still, they're, you know, very capable little machines. It's like a. It's like a. It'll be like a Raspberry PI with a. With screen and keyboard built into it.
Ken McDonald [00:56:58]:
So, Rob, would you rather have someone donate you an M1 or enough coffees to purchase an M1?
Rob Campbell [00:57:06]:
I'll take either. I have no preference.
Jonathan Bennett [00:57:08]:
If someone just donates to the M1, you don't have to put it on your taxes.
Rob Campbell [00:57:12]:
Oh, right.
Jonathan Bennett [00:57:16]:
Nah, it's a gift. I guess that might be the case of the Buy me a Coffee stew.
Ken McDonald [00:57:23]:
Some companies that consider those gifts taxed or they have to pay taxes.
Jonathan Bennett [00:57:29]:
It's not a company.
Rob Campbell [00:57:30]:
I'm not a charitable organization, so it doesn't matter.
Jonathan Bennett [00:57:33]:
It's not up to the company, Ken. That is up to. To the irs. That is between you and your accountant, sir.
Rob Campbell [00:57:39]:
They have to donate to a 501C or something like the charitable organization that is tax deductible. And I am not, so don't expect to write me off.
Jonathan Bennett [00:57:49]:
Yeah, indeed you don't. Unless. Unless it is a legitimate business expense.
Rob Campbell [00:57:56]:
Yeah, okay.
Jonathan Bennett [00:57:58]:
Does not have to be a 501C3 for it to be considered a legitimate business. If you are getting enough as a business business. If you are getting enough gain out of Rob's presence on the uls, then it could be a legitimate business expense to buy him a coffee.
Rob Campbell [00:58:16]:
A legitimate business yeah. To buy me a coffee or just a legitimate, legitimate business expense to get me an M1 Mac. That way I can experiment with it and share with you and then. And then that will talk to your accountant.
Jonathan Bennett [00:58:31]:
Go talk to your accountant before you do this. This is not legal advice.
Rob Campbell [00:58:34]:
Talk to your accountants today. Don't listen to what we say.
Ken McDonald [00:58:38]:
Because I personally know of at least one company that if they give you a gift.
Jonathan Bennett [00:58:45]:
If the company gives you a gift.
Ken McDonald [00:58:47]:
Yep.
Jonathan Bennett [00:58:48]:
Yeah, that's called a bonus, though.
Ken McDonald [00:58:49]:
And you work for it.
Rob Campbell [00:58:51]:
Oh, yeah, that's different.
Ken McDonald [00:58:53]:
They have to take additional taxes to cover that.
Jonathan Bennett [00:58:57]:
Oh, yeah, it's because it's a bonus. It's not really a gift. That's. Yeah, that's. That's codified into law pretty solidly. No, there's no free lunch there.
Rob Campbell [00:59:07]:
So someone has to hire me first and then.
Jonathan Bennett [00:59:09]:
No, don't hire him. That's the key. You can't have a. Well, yeah, that gets in a gray area, Ken. Let's not do that. Anyway, I spent. I spend way too much time thinking about this kind of stuff these days. All right, we're going to go into command line tips next.
Jonathan Bennett [00:59:26]:
We're going to take a quick break and we'll be right back.
Ken McDonald [00:59:30]:
Well, as Jonathan said before the break, I'm going to be going over a command line tip. This may seem to pertain primarily to open SUSE users because I'm going to be covering Opus newest package manager. I'm going to go ahead and bring up the command line and try that again.
Jonathan Bennett [00:59:58]:
Keep tapping buttons until something appears. There we go. We've got a command line.
Ken McDonald [01:00:07]:
I've got to check out my stream deck and see why I'm having problems with buttons switching properly after the show. But here we go. And the comm. My command this week is I pronounce it Merlin. My R, L, Y, N. And I'm going to hit enter. And yes, it just did not launch a graphical user interface. So you can do that from the command line.
Jonathan Bennett [01:00:40]:
Nice.
Ken McDonald [01:00:41]:
But as you'll. For those of you all listening, the graphical user interface at the top it says it's Merlin. And then in parentheses, read only. And if you've ever used yes, it may look familiar to yes, software repository because you got filed and you can quit discard, changes, packages, dependencies, options, extras, and of course, help. And this is actually a version 0.9.9 that was just updated to Tumbleweeds, I want to say, back in June of last year. Now with this, since we're only in read only, it's not going to allow me to actually make any changes. But you can go through. You can search for various applications that you may have installed or need want to install there.
Ken McDonald [01:01:48]:
I just did obs and you can see all the modules are listed. Then you can do patches and I want to select all needed patches. Here you can see security recommended optional feature. Then for updates. Here's what's really nice is it gives it shows only packages that can be updated I. E. Where a newer version is available available than the version that is already installed. You package updates.
Ken McDonald [01:02:19]:
You can do a distribution update which is similar to typing the command zipper dup as root user or pseudo zipper dup. And of course you got the option to refresh the list. It allows you to manage your repositories which is nice patterns like if you want you can choose graphical environments you want to install. The X Windows system is actually installed on this vm and then you've got a option for a rather basic desktop icewm anybody and base technologies. And then it lets you do an installation summary where you can show packages based on their status. They are do not install. And I want to go ahead and exit out of this now as I said, that didn't read only you'd think you'd want to do sudo, right?
Jonathan Bennett [01:03:27]:
You'll need sudo somewhere in there.
Ken McDonald [01:03:31]:
So here's what happens. If you try to do sudo it doesn't let you connect to the display. You actually have to do Merlin dash sudo. And here it's going through reading everything up. And for some of y' all coming from a Debian based system, you may rec it may look similar to the Synaptic package manager if you've ever used that.
Rob Campbell [01:04:07]:
I was going to say that I was trying to see if this was a fork or something.
Ken McDonald [01:04:13]:
It's replacing the software services and the repository manager for yast as OpenSUSE gets ready to eventually deprecate. Yes, completely. I haven't updated my system yet so I'm going to head and do that. And here you see it's automatically doing it.
Jonathan Bennett [01:04:42]:
You're doing it live.
Rob Campbell [01:04:45]:
Let's say somebody definitely got some inspiration though from Synaptic.
Jonathan Bennett [01:04:50]:
Hey, we. We do inspiration. Inspiration is good.
Ken McDonald [01:04:54]:
And what's interesting is went to the website for Merlin and it's even showing that it has an option for being installed on Fedora.
Jonathan Bennett [01:05:10]:
Interesting. I know Fedora.
Ken McDonald [01:05:13]:
The update I believe I'm going to have to restart.
Jonathan Bennett [01:05:18]:
But it would be quite humorous if when Ken hit the button he disappeared. But no, no he is still with us. Like, I'm out.
Leo Laporte [01:05:28]:
Bye, guys.
Jonathan Bennett [01:05:32]:
All right.
Ken McDonald [01:05:33]:
Advantages of doing that in a vm.
Jonathan Bennett [01:05:35]:
Yes, indeed.
Ken McDonald [01:05:37]:
Backed up on top of qemu.
Jonathan Bennett [01:05:40]:
There you go. All right, Rob, what do you got for us?
Rob Campbell [01:05:44]:
So mine also is not a command line tip, but is a tip for people who use command lines, at least those for use those hues. Snapshot. So this is called Snapscope. It is a website to scan snaps for known vulnerabilities. And I think we've mentioned Popey or talked about Alan Popey somewhat recently on the show. Maybe he's behind the scenes, I don't recall, but this appears to be created by him. So those watching, I'll bring up the website. It's snapscope.popey.com.
Rob Campbell [01:06:19]:
that's P O, P E Y. And on here you can search by package name or organization, slash, developer. There's a recently scanned and highlighted vulnerability charts, charts, links to learn more about vulnerabilities. Ability to queue SNAP packages for rescanning. So for those looking, you can see here, you got the recently scanned ones. Scroll down, you got the highest vulnerability ones. So if I pick one here and just look in it. If I click on Rayforge here, you know, that's got seven high 10 mediums.
Rob Campbell [01:06:55]:
And it's not necessarily the program itself, it can be packages tied to it. For example, Rayforge, the CVE is the version of, of FFmpeg 5.16. And you can click and see the CVE. And there's a different other. You know, you scroll down, you see all the CVE is affected. Otherwise I can go back. I could, if I want to find out something else, you know, I can search something. You know, what's something we all use is Firefox.
Rob Campbell [01:07:37]:
And you can see what, what we got there. You know, I could find a revision. I could click on this one right here. And we have, you know, all the CVs listed. So before you install Snap, you could see if there's any vulnerabilities attached to it.
Jonathan Bennett [01:07:57]:
It's surprising how many times there are vulnerabilities attached to these. These various things that you could grab and install.
Rob Campbell [01:08:04]:
Yeah, there are a lot.
Jonathan Bennett [01:08:07]:
Many of them don't matter because of the way that you're running them, but in some cases, yeah, you really, you don't want to. You don't want to run that. You don't want to run that Snap.
Ken McDonald [01:08:16]:
Now, the snapped version of obs.
Jonathan Bennett [01:08:25]:
Yeah, there was another one, though. I'm trying to remember what it was that really had A problem. And I think that problem existed inside of Snap as well.
Ken McDonald [01:08:34]:
Was it Firefox for Fedora?
Jonathan Bennett [01:08:37]:
No, no, it was. It was something else here pretty recently. I don't remember what it was. It was a big security problem. And of course I can't. I can't bring it to mind at the moment. But that's all right. I've got a command line tip too that we are going to cover real quick and we.
Jonathan Bennett [01:08:52]:
It's something I've been working with, I guess I could call it my day job now, but I've been doing some data crunching and the tool that I reached for was actually SQLite SQLite 3, the very lightweight SQL database that you can run right in your terminal if you want to. And so I've actually been doing a lot of. You run the C program, it does the actual data crunching, but then you want to be able to get some visibility into it. Well, you can just open up that DB file with SQLite 3. SQLite 3 and the name of the file that'll open it up. I have found it very useful to run the. So you could put. You can put it in various modes as far as what you know, how it will display things to you.
Jonathan Bennett [01:09:38]:
And I've been using the mode space QBOX command. And so that puts. It puts binary data in quotes so that it doesn't garble your terminal. And then it gives you the nice box formatting so that you can actually see everything that's there. And I've been doing that a lot. We're putting text messages in hash chains very much like what Git does. It's not blockchain, it's git. But anyway, it's super useful to work with.
Jonathan Bennett [01:10:09]:
And I got to thinking, well, could you do this just from a BASH script? And the answer is yes, actually you can. You can run SQLite 3 and then the name of the database. So, you know, test BDB or whatever you've got, and then a space and then in quotes, in double quotes, you can give it SQL commands, you know, create, table, whatever, blah blah, blah, insert into, select from. You can write SQL commands right from bash. And I thought that was pretty cool. I'm not looked into this deeply because I haven't done a whole lot with it. But if you need to be able to track something over time, if you need to be able to mess with a database from your BASH scripts, you can do it. So SQLite 3, a super useful little tool for squirreling data away and then looking at it later.
Jonathan Bennett [01:11:04]:
I've been using it for over a week now, about a week and a half. Been doing a lot of SQLite 3 stuff back into the. Back into the database game. That's fun.
Ken McDonald [01:11:13]:
Looks like with the SQLite 3 it's actually giving you. If you just type it at the your prompt in your terminal, it takes you in. So you can actually do an interactive.
Jonathan Bennett [01:11:28]:
You could do. Yep, you could do it interactive and that's what I've been doing. That's where I use the, the Mode Q box. But obviously you don't want an interactive prompt inside of a Bash script and so that's actually what the command line tip was is how to. How to run those SQL queries right from Bash. And obviously there's bindings for Python and C and Rust and every other language that you can think of. I'm sure somebody's got bindings for it because man, SQLite 3 is everywhere. It may actually be the most popular database out there, at least by installations because I know that most Android apps on your phone SQLite 3 a good portion of the apps on the Apple Play Store SQLite 3 under the hood.
Jonathan Bennett [01:12:13]:
So it gets used a lot.
Ken McDonald [01:12:14]:
And I guess the.
Rob Campbell [01:12:19]:
There's also SQLite browser.
Jonathan Bennett [01:12:21]:
Oh I'm sure. Yeah, there's a whole, there's a whole ecosystem around it.
Ken McDonald [01:12:26]:
So would you. The commands that you would use from the interactive. Could you use them from the. After naming the database, follow it with in the quotes the command that you'd want to use that you would have used interactively. Like one of the commands is for displaying output of the next command in the web browser like www.
Jonathan Bennett [01:12:58]:
Yeah, I'm not sure some of those. I don't know how that would work trying to run it without being in interactive mode because some things it only lasts for like your current session. So I feel like somebody would just have to play around with how some of that works. Yeah. This is an open ended tip. You folks get to go home and do their own research. Do some homework on this one because again, yeah, I've not been doing a whole lot of that. All right, well that is basically the show.
Jonathan Bennett [01:13:27]:
I'm going to give each of the guys a chance to plug whatever they want to rob. Are you up to doing this?
Rob Campbell [01:13:33]:
I will. My eyes are burning me for some reason. The lights get into me. But let's get her done, get her done. So my usual, let me bring up the right screen here. There we go. For those who want to see more of me, come connect with me@robertp Campbell.com on there you'll find links to my LinkedIn, my Twitter, my blue sky, my mastodon. As Jonathan mentioned earlier, here's where you can donate a coffee to me or donate to Jeff or Ken and put their name on and I'll make sure they get it.
Rob Campbell [01:14:07]:
And maybe I'll buy some eye drops for whatever reason. My eyes are burning. Donate 5. Donate a five dollar coffee to me and I put that towards eyedrops.
Jonathan Bennett [01:14:15]:
I don't know what's going on. I'm not sure I would recommend coffee. Eye drops.
Leo Laporte [01:14:19]:
Rob.
Jonathan Bennett [01:14:22]:
See Rob at the gas station with a cup of coffee. Just putting my drops in a little.
Rob Campbell [01:14:26]:
Bit caffeine in the eyes might, might do it. I don't know.
Jonathan Bennett [01:14:28]:
Yeah, there you go. It really pick you up.
Ken McDonald [01:14:29]:
I think it's follow it with plain water.
Rob Campbell [01:14:32]:
I think it's. I think it's my spotlight. I don't know, something.
Jonathan Bennett [01:14:35]:
All right, Ken, what you got?
Ken McDonald [01:14:36]:
Well, I just wanted to share a couple of links that I've put in the show notes. The first is from Jack Wallen where He shares his 2026 resolutions, while the second one is from Saurav Rudra where he shares the apps that help him refine his workflow in 2025. One of those apps, I actually use two.
Jonathan Bennett [01:15:02]:
What's that? What's the app that you use?
Ken McDonald [01:15:03]:
Calibre.
Jonathan Bennett [01:15:04]:
Ah yes, Or Calibre as we always like to call it.
Ken McDonald [01:15:10]:
I'm trying to say it the proper way.
Jonathan Bennett [01:15:14]:
Indeed, indeed. All right, thank you guys for being here. It has been a blast. It's good to be back and we anticipate a whole bunch more shows in 2026. It's going to take a little while to get used to that, but I predict that you predict more shows in 2026. There you go. That's a safe prediction. I like it.
Jonathan Bennett [01:15:33]:
All right, if you want to find more of me, you can come check me out at Hackaday. That is where Floss Weekly lives. And you can go read through my back stock of security articles. But at least for the time being, no more of those. As I move on to other things. I suppose I can go ahead and pitch. The other things I've moved on to is working at Meshtastic and so if you're looking for off grid radios, then come check out Meshtastic. We would, we would love to have you be part of that too.
Jonathan Bennett [01:16:01]:
Appreciate everybody being here. We will see you next week. Thank you so much. Whether you watch or listen, whether you catch us live or on the download and we'll be back then.
