Untitled Linux Show 225 Transcript
Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.
Jonathan Bennett [00:00:00]:
This week we talk about the Free Software foundation and their Libriphone initiative. Then there's AMD and Intel news, including what may become x8664v5. There's the Fedora Linux 43 news that it's going to be a week late, but to keep you company, there's a Blender 5 and a Pipewire 1.6 release just around the corner. You don't want to miss it, so stay tuned.
Rob Campbell [00:00:25]:
Podcasts you love from people you trust.
Ken McDonald [00:00:30]:
This is TWiT.
Jonathan Bennett [00:00:34]:
This is the Untitled Linux show, episode 225, recorded Saturday, October 18th. Not a memory leak. Hey folks, it is Saturday and you know what that means. It's time to get geeky with Linux. We're going to talk open source, we're going to talk software and hardware. It's going to be a lot of fun. And once again we have the four of us back in our virtual studios in the home studios. It's nice to have everybody back together again.
Jonathan Bennett [00:01:03]:
Welcome Rob, Ken and Jeff.
Jeff Massie [00:01:05]:
The Barbershop quartet.
Ken McDonald [00:01:07]:
No, glad to be back.
Jonathan Bennett [00:01:09]:
No, we're, I like listening to barbershop music, therefore I am not going to let you guys ruin it for me.
Rob Campbell [00:01:14]:
On three.
Ken McDonald [00:01:20]:
Got the Statler brothers keyed up to go so we can mime to it?
Jonathan Bennett [00:01:24]:
No, no, they'll have to add that in in post.
Jeff Massie [00:01:27]:
I, I, I have a little bit of pre news news so I, I don't know if I mentioned last week I was having problems with cache EOS shutting down and it just would hang, I mean it would, I mean it would, it would eventually reboot, but I mean it could take like 10 minutes and it just seemed like it was always fighting something and it said something was running, Process ID thousand was blocking but I could never find anything. Did a little research now if you have this problem and it seemed like a few people do on a arch setup and some of it even might be tied to just the BTRFs. I saw something that said update your bios. So I did that, cleared it up. Everything's working beautifully now.
Jonathan Bennett [00:02:16]:
Weird. Good to know.
Jeff Massie [00:02:18]:
Yeah. So if you have that problem, try a BIOS update now. Mine was, you know, a couple years old I think and so it was, I hadn't messed with it, so but there I have an AMD motherboard. So it had some firmware, you know, the micro code or whatever.
Jonathan Bennett [00:02:39]:
AG, ESI or Aegis, whatever. AMD's.
Jeff Massie [00:02:43]:
Yeah, whatever, whatever these thing is is that there was a few updates to that code. So that might have been what kicked everything off? Correct. So if you have a problem with your machine, maybe check your bios.
Jonathan Bennett [00:02:55]:
Yeah. You know, it's funny, I remember when I, not that many years ago, actually doing computer stuff, the almost official recommendation was, if your machine is working, don't touch your bios. Leave it alone. If it works, don't update it. Yep, not so much.
Ken McDonald [00:03:12]:
Unless you like to live dangerously.
Jonathan Bennett [00:03:15]:
Yeah, unless you want.
Jeff Massie [00:03:16]:
Well, the old BIOS updates were a little funkier and a lot of them didn't have a way to flash back or anything. I mean, it was kind of a. We hope this is going to take. And I mean, you might do everything right and it still might. You might fight with it and have to reset and. Because I. I've had BIOS updates go bad and luckily I've never bricked one, but it was able to. There.
Jeff Massie [00:03:39]:
There was some trickery I could use to reload the BIOS in, but they now it's so much better than it was.
Ken McDonald [00:03:47]:
I think. I actually did more firmware updates to my routers than I ever did to my PCs.
Jonathan Bennett [00:03:54]:
Well, see, I have definitely done that because I've done Open WRT development, and that is just flashing your BIOS or flashing your firmware on your router all the time. That is what OpenWRT development is.
Ken McDonald [00:04:08]:
And that's where I learned. Make a backup of your old BIOS first.
Jonathan Bennett [00:04:12]:
Yeah, yeah.
Jeff Massie [00:04:14]:
Oh, yeah.
Ken McDonald [00:04:15]:
Well.
Jeff Massie [00:04:15]:
But a lot of them now, Open wrt, they'll have a. Was it flashback BIOS, they call it, or something like that? It's twin images.
Jonathan Bennett [00:04:23]:
Yeah, yeah.
Jeff Massie [00:04:24]:
It will take you back to where you should be. So if somebody forgets, it's like, okay, here, here's something. A factory version, which might be an old factory version, but it will take you back to where you need to be.
Jonathan Bennett [00:04:37]:
On some of them, it's a physical switch. There's a literal physical switch on the firmware on the. On the machine, where it's like, okay, flick it here to go to A and then once you're good with A, flick it over to B and then flash B and then flick it each time when you go to do an update and it kind of goes back and forth between which of the images it uses, it's pretty cool. All right, let's talk about some news while we're here. There's some news. Rob has the first one. Rob wants to talk about NordVPN. Rob, what in the world is up with NordVPN?
Rob Campbell [00:05:10]:
So, as open source on Linux users, we kind of love when companies Embrace open source. And since we also care deeply about privacy and security, today's story hits both of those sweet spots. NordVPN, one of the biggest names in online privacy, has been busy making some Linux friendly moves, and they are moves we can all appreciate. First up, NordVPN has open sourced the graphical user interface for its Linux app, the same GUI they introduced earlier this year. They reportedly let or this reportedly led to 70% jump in Linux users. This is now freely available under the GNU General Public license platform version 3.0. So if you want to get that, you can head over to GitHub right now, grab the code, check it out and the build instructions are there and you even submit your own improvements. Before this, the Linux command line was already open source.
Rob Campbell [00:06:19]:
So this release really completes the picture here. Under the hood the the app manages tunneling through Tontap firewall rules with IP tables, routing via IP Route 2 and DNS through systemd resolve d sorry NF5 users. It supports all the big distros, you know, ubuntu, Fedora, Debian, OpenSUSE. The open source move also comes with an update to the official SNAP package sorry Flatpak people, which now includes the GUI and a first run permissions prompt to help sandbox installs work smoothly. Marjorie Breidas, NordVPN CTO stated quote Linux is built on openness and community collaboration. It's what makes it one of the most resilient ecosystems in the world. We share the same values and seek to better serve the Linux community. But wait, that's not all.
Rob Campbell [00:07:28]:
After announcing the plans to shut down its mesh. Net feature earlier this month, NordVPN faced some serious pushback from its users. And as a good steward of their software has done, they listened. The company has officially reversed course on and meshnet isn't going anywhere. Now for those unfamiliar meshnet lets you secure securely connect up to 60 devices in your own private LAN. There are no central servers involved. It's great for like file sharing, remote access, or even quick multiplayer session with friends. And now NordVPN says they'll be open sourcing more meshnet itself in the near future.
Rob Campbell [00:08:17]:
So meshnet it's kind of like a clever use of Wireguard that makes VPN style encryption usable in a home or small Office mesh network. WireGuard is under the hood. So for those who have all know about Wireguard it uses that so no centralized servers or static IPs needed with, you know, traditional VPN setups. So that's two wins for privacy minded Linux users. Transparency through open code and a user driven feature saved by community feedback. You could check out NordVPN's Linux client on GitHub and keep an eye on their blog if you want more. That is a win for open source.
Jonathan Bennett [00:09:04]:
I've been doing a little bit of poking on the NordVPN website and they support both OpenVPN and something based on Wireguard. And it looks like if you really want to, you can sign up for NordVPN and just go grab the Wireguard config and run that directly. But now that they've got an open source client, I'm sure it makes that even easier.
Jeff Massie [00:09:29]:
So basically they open source the client but you're still going to pay to go through their servers, correct?
Rob Campbell [00:09:37]:
Right, yeah, yeah. I mean if you're gonna use a vpn, you have to. The purpose.
Ken McDonald [00:09:42]:
I'd rather pay them than have maybe the product being.
Rob Campbell [00:09:48]:
Yeah.
Jonathan Bennett [00:09:48]:
Sold off.
Jeff Massie [00:09:49]:
No, but what I'm saying is, so everybody notice knows that them open sourcing the client doesn't give you a free vpn.
Jonathan Bennett [00:09:57]:
That's fair.
Jeff Massie [00:09:58]:
Yes, unless. Unless you have one with your buddies that you're connecting.
Rob Campbell [00:10:04]:
So as I was saying, you know, the purpose for those maybe who don't know the purpose of a vpn at least this use case, there are other purposes. This use case of VPN that people use for privacy is so they can tunnel and come out of some other location essentially. And so you kind of are reliant on another server now being open source. See, I could see somebody setting up or configuring it. So it could work with any kind of server potentially. Possibly it could be fork it if you had to, I suppose.
Ken McDonald [00:10:35]:
Though what I found interesting, Rob, is you didn't touch on another feature that they're continuing to support that they were originally talking about dropping.
Jonathan Bennett [00:10:46]:
What's that?
Ken McDonald [00:10:47]:
The mesh net.
Jonathan Bennett [00:10:48]:
He talked about that? He mentioned it.
Rob Campbell [00:10:49]:
He did.
Ken McDonald [00:10:50]:
Okay.
Jonathan Bennett [00:10:51]:
Didn't go into a lot of detail about how it works, but it sounds like that's the old idea. You and a bunch of buddies can go on the same mesh net and then connect to each other's, you know, kind of peer to peer to each other's gaming session to be able to play a game. You play Minecraft together from across the world, that sort of thing.
Rob Campbell [00:11:07]:
It sounds a little like tailscale to me.
Jonathan Bennett [00:11:10]:
Very much like tailscale.
Ken McDonald [00:11:11]:
It allows you to securely connect up to 60 devices on a private local area network without routing traffic through NordVPN servers.
Rob Campbell [00:11:20]:
Yep. That's why I said no, you can connect up to 60 using the WireGuard technology. It's. And yeah, it doesn't use any servers or any static IPs.
Jonathan Bennett [00:11:30]:
Cool. Yeah, you can. Obviously you can set most, if not all of this stuff up yourself, but it is a pain to do it and you're going to have to have either a static IP or dynamic DNS, that sort of thing to be able to make it work. I think we've done a little bit of how to's on the OpenVPN and the Wireguard stuff over the years.
Rob Campbell [00:11:52]:
Way back at the very beginning you did a video.
Ken McDonald [00:11:54]:
Yeah, two videos.
Jonathan Bennett [00:11:57]:
Yeah, probably. All right, well if we're not doing VPN stuff, is it next time to do x86 stuff? Jeff, what's up in the x86 world?
Jeff Massie [00:12:09]:
An anniversary. There's a one year anniversary for the x86 ecosystem advisory group. AMD and intel formed a group along with other industry leaders and yes, Linus Torvalds is in there. The idea was to shape the future of the x86 platform. The goal was to allow more innovation, but keep the platform on a more unified path with simpler instruction set, meaning there wouldn't be AMD instructions and intel instructions. And for those that have been around for a while, there were, there were points in the history where they didn't know they had their own set of instructions sometimes it didn't always play nice. Now the basic ones were always the same, but these are like the special, you know, for example, it would be like AVX512, only AMD had a version and intel had a version and they weren't fully compatible. Well, this is supposed to say, okay, we're, we're, we're marching forward.
Jeff Massie [00:13:08]:
And it would have a single set of instructions that both companies and the rest of the industry would follow. So that everybody's aligned with the one year anniversary of the group. They're all reaffirming their commitment to the organization. So there's a little pomp and circumstance there. They're also happy about Fred being finalized. Fred is flexible return event delivery, which defines a new simple way to change privilege levels in the cpu. This would be the different ring levels that we talk about sometimes, which have different privileges based on which ring you're in. It's getting, when you're talking ring levels, I mean you're usually talking pretty deep down into the kernel and into the cpu, but it's more to it.
Jeff Massie [00:13:54]:
But it's basically a way to have simple privilege changes. And that's the basis of the specification, so it just makes it simpler to change security levels. Also there's every so often we talk about AVX 512, which I just mentioned, but when these are. These are for those that don't know Advanced vector extensions. Well now the group has also defined AVX10, which is the next iteration of these advanced vector extensions. Yeah, I know they didn't call it 1024 or whatever, but maybe they're thinking let's just keep the name short, let's learn from the USB guys. You know, I don't know, but AVX10 is going to be the next vector extensions. They're used a lot for mathematical calculations, gaming, you know, things.
Jeff Massie [00:14:44]:
Things where you're doing a lot of heav heavy lifting on your machine with either graphics or data. They've also defined chk tag I. Don't change K tag I. It's just all one word is how they defined it. So chk tag however you want to pronounce that. And it's going to officially be announced later this year. It's for memory tagging on the x86 chips, which should help to stop buffer overflows or mitigate it a lot more and use after free errors and exploits. So basically they're just trying to harden the memory against attackers.
Jeff Massie [00:15:24]:
There are blog posts linked in the article if one would wish to dig a lot deeper into the details. They. It's one of those. It's not implemented yet, but it's. It's now been defined and made public. ACE is also coming, which is going to be defining the future of AMX Advanced Matrix Extensions. I don't know how they got ACE from amx.
Ken McDonald [00:15:51]:
I don't know.
Jeff Massie [00:15:53]:
Sometimes you just suspend belief, you know, you just have disbelief and we just roll with it. So ACE will unify how the different chip vendors handle Matrix Math is what it is. Matrix Math also is another one for compute gaming. A lot, a lot of science and engineering is based on matrices and manipulation of them. And there, you know, that's just some of the things coming. There's a lot more they're planning for the future. And the. If you take a look at the article linked in the show notes, it goes into some of them, there's other links in there.
Jeff Massie [00:16:24]:
You can dig into other press releases that the companies have had. And really, you know, for people that want to get into the nuts and bolts of it, it's there kind of an editorial on my part. You know, I know that AMD and Intel feel the pressure of, you know, RISC V and arm and they're not a major threat right now, but I know the companies can see there could be a major shift in the future. So both AMD and Intel are trying to make sure that x86 is, you know, stays around, they can get more out of it, streamline it to better fight, you know, even, even Apple's M chips, you know, it, they, they want to preserve their place in silicon history, I guess. Take a look at the article. Like I said, linked in the show notes. It's all the details, deep dives, just really deep into the technology if you so desire and you know, but to me anyway, at least right now the future looks pretty solid for the X86, at least for the next few years anyway, until the next thing comes out.
Jonathan Bennett [00:17:27]:
Is it fair to say that we're looking now at what the X86 V5 is going to be?
Jeff Massie [00:17:35]:
Yeah, you could probably say that. I was a little surprised because I've read other articles talking about they want to get rid of some of the 32 bit instructions, kind of like they did the 16 to clean it up, streamline more efficiency. They didn't directly talk about that right now, they just had in the article, there's just, oh, here's new features, we're unified. But they've only been around a year and I do know, I've read in other places they're trying to basically make an X86 V5.
Jonathan Bennett [00:18:04]:
Yeah, I know one of the things that they've struggled with in Linux land and even the open source compilers, GCC and all that, is that there's not, there's not unified versioning like AMD and Intel did not get together and decide what x86v3 was going to look like and x86v4 was going to look like. And so I just have to imagine that there's conversations going on behind the scenes. It's like, okay guys, we need to get your stuff together so that we can figure out what this next generation Vex86 is going to look like so that we can actually compile for it and do all of that stuff.
Jeff Massie [00:18:34]:
Oh, okay, I misunderstood when you said V5. I was thinking they're looking to make it more like the RISC chip and meaner streamline. But yeah, because historically the, you know, like the Linux people, the kernel, the GCC clang people, they're the ones that have kind of defined a lot of the version level based on the instructions there. You know, we'll just group this stuff together.
Jonathan Bennett [00:19:03]:
Yes, yeah, no, it seems like they're like, if we're going to continue using x86 for another couple of decades, there's gotta be work on this where there's an agreement on, okay, this is what the next generation of X8664 is going to look like. And all of these chips are going to have AVX512 and they've done this with other things like SSE and SSE2. Those things are there. You have some of that same, that same process has happened over in ARM land because you know, there's ARM V7, ARM V8, neon extensions, all of those. And to really be a modern ARM processor, you've got to do those. Interestingly, that's one of the things that RISC V is really not done well to this point is that there are a bunch of these extra instructions floating around and there's not an agreement on, you know, okay, this is the set of instructions that all of these are going to have and we're going to make it, you know, RISC 5.1 and they're all going to have these. But nobody can get together and agree on that.
Ken McDonald [00:20:06]:
That's the advantage to being open source architecture. You can do whatever you want.
Rob Campbell [00:20:13]:
Similar complaint to the fragmentation issue.
Jonathan Bennett [00:20:16]:
It is, it's, it's an ISA fragmentation issue. Yeah, for sure, for sure.
Jeff Massie [00:20:20]:
And, and just, just take it a step higher for those who may not be as familiar with silicon, you know, the battle between we just need fewer instructions so they can go a lot faster to get more done or risk we. Yeah. Or we have a complex instruction that does so much more. It takes the place of a bunch of simple instructions, which is CIS complex instruction set that has been battled out back and forth over the years and it will continue to be. So less is not always better. You know, it kind of depends on where the technology is the silicon physics are at. Because over the years we've had faster RISC chips, we've had faster CISC chips, you know, so. But there is definitely going to be cruft and old technology legacy that is kind of, I'm sure in the X86 that they're going to look at cleaning up and streamlining.
Jonathan Bennett [00:21:19]:
Yeah.
Ken McDonald [00:21:20]:
From looking at the timing of the Michael's article and when intel put out their blog post, I'm wondering if that was right after he'd finished publishing it, then he had to go back in and update it later that night.
Jonathan Bennett [00:21:36]:
Oh, probably. That's usually what these guys will do to you.
Jeff Massie [00:21:40]:
AMD's got a blog post out too it's not in the article, but when I was doing some other research I ran across it. So it's out there as well.
Jonathan Bennett [00:21:50]:
Yeah, so you mentioned chk tag. I'm pretty sure that's check tag. It's where they're tagging memory and then checking it for security violations. Hopefully. The idea there being that you can define that this number of bytes is part of a buffer and if you write past the end of that buffer, the hardware is going to catch it for you.
Jeff Massie [00:22:10]:
Yeah, they mentioned other silicon that had that ability, so they were trying to catch up.
Jonathan Bennett [00:22:16]:
Yep, yep, Absolutely. All right, well, coming up next, we've actually got an update on everybody's favorite 3D editor, Blender. But before we get to that, we're going to take a quick break and be right back.
Rob Campbell [00:22:31]:
Hey everybody, it's Leo laporte.
Ken McDonald [00:22:33]:
Are you trying to keep up with the world of Microsoft? It's moving fast, but we have two of the best experts in the world, Paul Thurat and Richard Campbell. They join me every Wednesday to talk about the latest from Microsoft on Windows Weekly. It's a lot more than just Windows. I hope you'll listen to the show every Wednesday.
Jonathan Bennett [00:22:50]:
Easy enough.
Ken McDonald [00:22:50]:
Just subscribe in your favorite podcast client to Windows Weekly or visit our website at TWIT tv. WW Microsoft's moving fast, but there's a way to stay ahead. That's Windows Weekly every Wednesday on Twitter.
Ken McDonald [00:23:04]:
And Jonathan, we've got this week Marius Nestor writing about public beta testing starting on Blender 5.0. Now, according to Marius, this beta release promises several exciting changes to include a new volume rendering algorithm based on null scale battery, a new convert to display compositor node, support for displaying high dynamic range and wide gamut colors, and a working color space for blend files. Blender 5.0 now integrates the copy global transform into itself. Instead of having it as an add on that you would add on to it. It also promises a jump time by delta operator. Now this operator allows for jumping forward or backward in time by a user specified delta that could be either by frames or seconds. And if you write custom Python scripts to use in your workflow, there may be some breaking changes for the Python API in Blender 5.0, including several bundled Python modules being made private. Key updates for the user interface include overhauling the theming system to make it easier to create custom themes, and improvements to the node editor for easier navigation and providing a flatter appearance, and several genuine user interface refinements.
Ken McDonald [00:24:41]:
Now, since I've only touched on some of the new features. I do recommend reading Maria's article for details and when the final Blender 5.0 release is expected. So who's going to play with Blender before the final version?
Jonathan Bennett [00:24:58]:
I am not a good candidate for that because I have never really successfully done anything with Blender. I've tried a few times and every time it's like there's too many buttons to press. I don't know what does anything.
Jeff Massie [00:25:12]:
I've played with it some, but I don't know as I'd be a good candidate either because I'm pretty. You're just crunching level one, you know, start starter level.
Ken McDonald [00:25:23]:
More of what I've done lately with Blender is using it for making changes to STL files and then exporting it back out as an STL file for printing.
Jonathan Bennett [00:25:36]:
I've done it. I've done a tiny bit of that. But even then to try to go in and edit anything inside the stl, I just. Not my thing.
Jeff Massie [00:25:47]:
Go ahead.
Rob Campbell [00:25:48]:
One of the features I heard you talk about was HDR coming.
Jonathan Bennett [00:25:52]:
Yeah.
Rob Campbell [00:25:53]:
And you know, I catch you if you said it. But just a reminder for everybody out there, if you really want these modern display features like HDR and Blender, you have to be using Wayland.
Jonathan Bennett [00:26:05]:
Yes.
Ken McDonald [00:26:05]:
And have a high dynamic HDR compatible monitor.
Rob Campbell [00:26:09]:
I mean, you could use it. You're just not gonna see it.
Jonathan Bennett [00:26:15]:
I don't even think you can turn it on if your monitor doesn't support it. So, you know, there's that.
Ken McDonald [00:26:21]:
I've got Waylon. I just need the monitor.
Jonathan Bennett [00:26:24]:
Yeah, I. I honestly, I would say go with the tv. It's probably the way to go right now.
Ken McDonald [00:26:29]:
Then I need to get a new tv.
Jonathan Bennett [00:26:32]:
Get a small TV and put it on. Do what I did. Get a small TV and put it on your desk. Replace your.
Jeff Massie [00:26:37]:
Or get a big monitor and put it on your desk like I did.
Jonathan Bennett [00:26:40]:
Except for an HDR monitor that's that big, you got to pay a couple thousand dollars.
Rob Campbell [00:26:45]:
No. For how big?
Jeff Massie [00:26:49]:
5K by 2k. There's no TV running this resolution that I know.
Ken McDonald [00:26:54]:
Have to see if my wife will give up the new 65 inch TV we got.
Rob Campbell [00:26:59]:
Yeah.
Jonathan Bennett [00:27:00]:
Drag your desktop over and you plug into it for a while. Then drag it back when you're done with it.
Jeff Massie [00:27:05]:
But see, I'm a firm believer. And spend quite a bit on the monitor because you keep it for years. I mean, it goes. I have the same idea. Computer cases. I get a really good computer case. I mean it lasts for build after build after Build. I mean.
Jonathan Bennett [00:27:24]:
I mean, yeah, you get one you really like, you can put three or four or five different computers in there.
Jeff Massie [00:27:29]:
Yeah, I bet I've got one. I've got an old Silverstone Fortress 2. I. I bet you that thing's like 10, 15 years old. Still chugging away beautifully.
Ken McDonald [00:27:39]:
I know you said you could put three or four computers in there, but I don't think you meant all at the same time.
Jonathan Bennett [00:27:47]:
Probably not, no.
Jeff Massie [00:27:49]:
But they do make cases like that, if you really want to.
Jonathan Bennett [00:27:52]:
Yeah, yeah.
Rob Campbell [00:27:54]:
Here is a little tip for you all. If you have to get rid of a tower and the computer inside and e. Recycle. And if they're going to charge you, if all you have is a place to charge you, you can put three or four inside of that case.
Jonathan Bennett [00:28:11]:
Just load it up with all the stuff that you want to get rid of. Here's my one computer.
Jeff Massie [00:28:19]:
137 pounds.
Jonathan Bennett [00:28:21]:
Yes.
Ken McDonald [00:28:22]:
Think this floppy drive would fit in there?
Rob Campbell [00:28:26]:
You disassemble it.
Jonathan Bennett [00:28:28]:
Don't recycle your floppy drive. There are retro computer enthusiasts that would want that. No, if you've got a place that wants to charge you, Staples will actually take them for free. Not monitors, but computers they'll take for free.
Rob Campbell [00:28:43]:
Yeah, I think a lot of places do now.
Jonathan Bennett [00:28:44]:
Yeah, a lot of places as well. So we talked briefly about Blender and I'm going to sneak in an extra story here. That is a Plasma 6.5 is actually going to release on Tuesday. So probably if you're watching live, that's in three days, I can count. That is three days from now. But if you're getting this on the recording, then there's a really good chance that it's today or. Or yesterday or yesterday or some other time in the past, because. Wibbly wobbly timey wimey.
Jonathan Bennett [00:29:15]:
But yeah, for those that can't see.
Jeff Massie [00:29:17]:
And are only listening to the audio every once in a while. The reason we break into laughter is because Rob has an extreme zoom.
Jonathan Bennett [00:29:25]:
We were playing with zoom before the show and Rob did this and I told him, hey, you should have a button you could press. I regret telling him this now, but he took me up on it and he's taunting me throughout the show with his button. Anyway, I've got a link right below ken's story that is about the Plasma 6.5 release that is is just about to happen. And of course, some preview of 6.6 and all of those I am personally looking forwards to. Looking forward to getting and playing with KDE 6.5 when we come back and do the show next week. I may be running Rawhide on Fedora just to be able to play with it.
Ken McDonald [00:30:10]:
Are you going to take the next week off?
Jonathan Bennett [00:30:14]:
No, no, no, no, no, no. See, I have two computers. I have the laptop that I do the show from and I have the desktop that, well, I also work from, but I'm not as afraid to break it in fun and interesting and horrible ways.
Jeff Massie [00:30:27]:
You need to do the show from the one you can break, like I do.
Jonathan Bennett [00:30:31]:
I mean, I have. I have been thinking about doing a Fedora installed on the laptop here and I would probably go grab the beta.
Rob Campbell [00:30:41]:
The problem is he's the one with the buttons and we don't want to get stuck on one of us where we just have to ramble.
Ken McDonald [00:30:49]:
Like, you wouldn't want me stuck on the screen all night.
Jonathan Bennett [00:30:52]:
It just happened a time or two.
Jeff Massie [00:30:55]:
All right, I might be on it as well because cash is pretty fast on the uptick. So there you go. There you go. I don't know, I wouldn't expect it Tuesday, but maybe Thursday or Friday wouldn't surprise me.
Jonathan Bennett [00:31:09]:
Yeah, could be. So I've got something else coming on Tuesday, by the way. I promise this will make sense here in just a second. I got tired of my old OnePlus phone and the fact that it's continuing to break in new and unusual ways, and so I finally bit the bullet and I have ordered a Pixel 9a, supposed to come, I think, on Tuesday. Interestingly enough, Rob, you're about to tell me I should have waited for something even better than a Pixel 9a.
Rob Campbell [00:31:41]:
Well, I don't know about weighted. I think it may take a little time before you really see the effects of this. But yeah, as far as phones go, anyone who's been listening for a while has heard me say many times on the show that we need a real usable Linux phone. Not another Android skin, you know, not another Android like Jonathan ordered. Not something halfway open, but a phone with we could truly call our own. A phone we could tinker with and hack, modify, make ours. Which is why I often report when new Linux phones are announced, kind of, you know, in the hope that maybe this one will be the one, the one that makes a big difference. But, you know, they never really seem to make that big of a dent.
Rob Campbell [00:32:31]:
It's like, ah, yay, cool. Maybe next time. So maybe, just maybe, the Free Software foundation is giving us that long awaited glimmer of Hope. At its 40th anniversary celebration in Boston, the FFFSF dropped the surprise announcement that the Libre Phone project. It's the most ambitious attempt yet to bring software freedom to mobile devices. And unlike most Linux phone efforts, this one isn't starting with Android or trying to ship new hardware. What they're trying to do is they're going straight for the hard part, freeing the proprietary blobs that lock down today's phones. If you're not familiar, these binary blobs are the closed source firmware and drivers baked into nearly every modern phone system on a chip.
Rob Campbell [00:33:29]:
They control everything from your modem and GPU to your camera and power management, and they're completely opaque without them. Most Linux phone projects, they kind of hit a wall somewhere where they're not quite what you hope they would be. So Rob Savoy, the Libre Phone projects lead developer and longtime GNU contributor, puts it plainly, quote, making fully free software for modern commercial phone will not be quick. So you got some time, easy or cheap. But our project benefits from standing on the shoulders of giants who have done most of the work. So I think you're fine, Jonathan, with the pixel. Now maybe your next phone will come out of this. So anyway, in other words, this is a long game, but it's one that could finally give a completely free mobile stack something no one has truly accomplished yet.
Rob Campbell [00:34:31]:
Now, librephone isn't building, like I said, it's not building a new phone or even a new os. Instead, the goal is to reverse engineer and document the proprietary firmware so the developers, especially those outside of the DCMA jurisdictions, can build open replacements. You know, they're starting by identifying phones with a fewest freedom problems, then creating detailed specs for others to use. Even projects with respect to like lineage OS or replicants still rely on closed blobs. Librephone could be the foundation that finally removes that dependency. So of course, you know, this won't happen without community help. The FSF is asking for volunteers, all types, for coders, testers, documenters, advocates. You know, like us, we're being advocates now.
Rob Campbell [00:35:25]:
I am at least donors, basically anyone who believes in the dream of truly open phone. You know, if that's you, check out librephone.fsf.org to get involved because you know, let's be honest, Android might run on the Linux kernel, but it's still Google Sandbox. You know, I don't want a phone where something like as simple as side loading an app, my own app maybe, you know, maybe I want to create something just sidelong. I don't want that to be a privilege. I want that to be a right. With my phone, I Want a phone that's mine. And if Libre phone, if the Libre Phone project succeeds, we might finally see what a real Linux phone can be.
Jonathan Bennett [00:36:11]:
So I have hesitations about this. Actually, I have a fundamental disagreement with the FSF's position on binary blob firmware because basically all chips at this point have firmware built into them. And where the FSF draws the line is if the user has to touch and load that firmware, that's where they're not fine with it being closed source. But if the firmware lives on the chip to where the user doesn't have to interact with it, then it's fine that it's closed source and they don't care. And personally I find that to be a, a really weird place to draw the line and not very helpful. Personally, I don't care about loading closed source firmware so long as there's an appropriate license given to the binary that allows it to be included with your distro or your phone image, what have you. Obviously it's great to have open source firmware for all of these individual chips, but I think the fact that the FSF just looks at a chip that has that firmware built into it and just sort of closes their eyes and closes their ears, we don't see it like that's. It doesn't help anybody.
Jonathan Bennett [00:37:38]:
So I find their whole position here to be just a little weird.
Rob Campbell [00:37:42]:
Well, I feel like maybe I'm misunderstanding or misreading. I feel like kind of part of the point here is that, you know, because things that run say the cellular modem is closed source and the manufacturers make that for Android, or I guess they aren't making it for iOS, but they're making it for Android. It's hard for a Linux distro to make it work, make that hardware work with Linux and that would be a lot easier if they had access to that code and had open code.
Jonathan Bennett [00:38:18]:
Yeah, but a lot of these pieces of hardware, those firmware blobs, they are distributed and they're distributed with a license on them that says you can include this in your image. It's not a problem. The problem the SFS has with it is that the user or the operating system in this case has to interact with this piece of binary code that is not open source. And so to them, having any interaction with a closed source binary, you know, corrupts the whole thing. It's no longer Libre according to Free Software Foundation. And I just, you know, I kind of take the opinion that the vast majority of the Linux distros do that. No, that's just not true. You know, we can load closed source binaries to hardware chips and still be an open source os.
Rob Campbell [00:39:08]:
So are you saying, you're saying their position is further than yours? Like they expect it to be more open?
Jonathan Bennett [00:39:17]:
They are looking for.
Rob Campbell [00:39:17]:
And you're fine with like they are.
Jonathan Bennett [00:39:19]:
Looking for something to be more open, but they're looking for something to be more open in an almost hypocritical way. Okay, so let's take a stream deck, right? This is essentially a computer. This is likely a Linux computer, right? And it's hung off of usb. There's firmware that runs on this. In this case, the firmware is again very likely a Linux install. Parts of this are open source because it's Linux. Parts of this are not. According to the fsf, so long as when I, when I plug this into my computer, when I plug the USB in, if it just comes up and says, hello, I am a stream deck, then this piece of hardware respects my freedom.
Jonathan Bennett [00:40:05]:
That's the term they used. If I plug this in and this hardware says I need you to provide the firmware for me to run and my computer then has to transfer over the USB cable a closed source firmware image, the FSF then says that does not respect your freedom. And the thing that I disagree with fundamentally with the FSF about this is what they consider to be the difference is whether I have to load that closed source firmware blob onto this or not. And in my opinion that doesn't matter at all. The only thing that matters is is there firmware running on this and can I get to the source of it? I actually consider it to be slightly better for the end user if you have the ability to load firmware on it, because then you have some chance of fixing it, there's some chance of making it open, whereas if it's locked on there forever, it's in my opinion even more closed.
Rob Campbell [00:41:05]:
Right. I agree with you there. I think it's, I think it's fine what you said, you know, if, if, as long as you can make it work. I don't think that what the fss, fsf, even if they have a different opinion on, on where they want to go, I don't think it hurts those that have our opinion. I think their work that they hope to do towards these blobs can help those who don't care if there are still blobs there. But it provides more openness in areas.
Jonathan Bennett [00:41:40]:
Sure. And don't misunderstand me, I Have absolutely no problem with the FSF trying to come along and reverse engineer some of these firmware images. I just have seen over the years that the FSF does things that are not very helpful and don't make sense. And so they have like the deep lobbed Linux distro that they do that is very difficult to run and they come out and they'll also, they'll advertise pieces of hardware that are like respects your freedom hardware and it's, you know, something that's 10 years old and the only reason it respects your freedom is because the firmware is baked onto it when you don't have to touch it.
Rob Campbell [00:42:20]:
And like they said here though, they're not making an os, they're not making a hardware, they're not, they're attacking, you know, each individual blob here one at a time. And then others who make phones can utilize the work that they've done, but obviously they can, they don't have to fully utilize it. They could take their code, they could take the closed source code, they can combine it together but it gives them some access to stuff.
Ken McDonald [00:42:46]:
I think I'd be curious what the free software foundations take would be on a Linux based Fire tv.
Jonathan Bennett [00:42:56]:
I mean it's going to be the same, right? Do you have access to all the code? If so, good. If you don't, then it's closed source and does not respect your freedom.
Jeff Massie [00:43:09]:
It gets me sometimes when ideologies turns into kind of a roadblock because a lot of people, I just want it to work, that's their opinion. And yeah, we want open source but I personally, for me my line is if it's firmware to help hardware run, I don't really have a problem with it. I, you know, I want my operating system open source, but if I have to load a firmware blob for my graphics card or my mouse or whatever because it's, it's supporting the hardware, it's, it's not near as big a deal for me.
Ken McDonald [00:43:46]:
Yeah, basically the question is are you willing to die for it?
Rob Campbell [00:43:53]:
They could probably, I mean like, like, like you're saying they're, they're maybe focused on a little more on things that maybe aren't necessary. So I guess the downside here is that if they adjusted their focus and you know, maybe left some things alone that didn't need to be because it's fine, it could maybe speed up their progress and get us to that free phone future.
Jonathan Bennett [00:44:16]:
Yeah. So here is my take on what FSF should do. Rather than concentrate on these firmware blobs that are closed source. What they instead should do is look at the various pieces of hardware that don't have patches upstream in the Linux kernel. And there are a bunch of these because ARM vendors are terrible about this. Hardware vendors are terrible about this. Who, everybody is pretty bad about this. Almost every hardware vendor.
Jonathan Bennett [00:44:50]:
What they'll do is they'll have a 2.6.23 Linux kernel and then a whole bunch of patches on top of that to make their stuff work. They'll publish that somewhere as a tarball and say yes, we have open source for this and nobody can use it. So like if anything that the FSF should be doing to make Linux phones work, it would be to go and try to reverse engineer Linux support for like the Snapdragons and the various pieces of hardware, don't care about the firmware, get things upstreamed in the kernel so that people can actually use the this stuff. And unfortunately that as far as I can tell is not what they're doing. Anyway, we have a bunch more show to get to and when we come back we're going to let Jeff talk about some dynamic mitigations in AMD and probably Intel. We're going to get to that right after this. Hello everybody.
Ken McDonald [00:45:44]:
Leo laporte here. You know what a great gift would be whether for the holidays or at just any time? A birthday? A membership in Club Twit. If you have a Twit listener in your family, somebody who enjoys our programming and you want to give them a nice gift and support what we do, visit TWiT TV club TWiT. They'll really appreciate it and so will we. Thank you. Twit TV Club Twit.
Jeff Massie [00:46:10]:
I know Jeff doing another hardware story, who would have thought? But I found this really interesting because there was a big set of patches which are going to be controlling CPU security settings and not just during boot times. So AMD engineer David Kaplan, who some might remember from his work on attack vector controls, which is basically an easier way to turn off and on security in the cpu. So for things like retbleed inspector, things of that nature, so you could have the control to turn them on or off based on what you were going to do. Well now he made it a lot simpler. Well, this, what we're talking about today is an extension of that work. The patches that were posted for to the Linux kernel mailing list and so now this isn't going in yet. This is. They put them out there for people to look at but it will allow turning on and off various mitigations at runtime rather than only switches at the kernel boot time.
Jeff Massie [00:47:20]:
So currently if you want to say turn on protection for retbleed, you do it during kernel boot and you have some switches that you know command, command line, type switches is how you can think of it to that's how it's going to boot up. Well, David had this to say as about these patches. He says as the performance cost of CPU mitigations can be significant. Selecting the right set of mitigations is important to achieve the correct balance of of performance versus security. Now the way this works is described as runtime patching and David goes on to explain a little more. He says repatching, and that's what he calls it. The kernel is expected to be a very rare operation, is done only under very big hammers. All tasks are put into the freezer and then repatching is done under the new stop machine NMI routine to repat to repatch the kernel it is first reverted back to its compile time state.
Jeff Massie [00:48:24]:
The original bytes from alternatives replenish, et cetera, are saved during boot so they can later be used to restore the original kernel image. After that the kernel is patched based on the new feature flags. This simplifies the repatch process as restoring the original kernel image is relatively straightforward. In other words, instead of having to repatch from mitigation A to mitigation B directly, we first restore the original image and then patch from that to mitigation B. Similar to the if the system had booted with mitigation B selected originally. Now the too long didn't listen is based on the need of the kernel. So whether it's a new set of programs or security alerts or whatever could trigger this. The kernel can then change the security mitigations when needed and not take the performance penalty when they're not.
Jeff Massie [00:49:17]:
This also would be good on server or can't go down type machines so that you don't have to shut the machine down, reboot with a new set of switches to change or add mitigations. Take a look at the article linked in the show notes for full details and a link to the original Linux kernel mailing list where you can see the code and you can get again a lot more deeply into how this directly works because this was rather high level.
Jonathan Bennett [00:49:45]:
But that's some blackmagic stuff talking about doing live patching of the kernel the way that they're looking at doing this. Pretty interesting.
Jeff Massie [00:49:52]:
Yeah. And that's why I'm saying this is very high level because yeah.
Jonathan Bennett [00:50:00]:
We'Ve talked a little bit about this, but probably it'd be worth to take just a minute and remind folks of what the mitigations are, what the vulnerabilities are, are that we're talking about things like ret, bleed and all of that. Spectre. Let's see, what's the other one?
Ken McDonald [00:50:14]:
There's something that was recently reported, there.
Jonathan Bennett [00:50:17]:
Is a new one of these about once a month.
Jeff Massie [00:50:20]:
Yeah, there's a whole big. There was like a matrix of different, different mitigation. So it's not just like, oh, this, this there, there's probably 15 or 20 of them.
Jonathan Bennett [00:50:31]:
Yeah.
Jeff Massie [00:50:31]:
Matrix of most of these.
Ken McDonald [00:50:33]:
Are you saying 15 by 20?
Jonathan Bennett [00:50:36]:
Not quite that many. Most of these are speculative execution. And so essentially it's talking about where you have modern CPUs, they don't just execute instructions in order, like when they take a branch. So you have say an if in code and if A, you go do this and if B, you go do this. Well, modern CPUs will see that and they'll do both at the same time and then they'll finally figure out which branch was the right one on that if instruction. And one of those branches they just jump to the end of it. And the other one, they roll everything back. Speculative execution.
Jonathan Bennett [00:51:13]:
The whole ball of wax here, as far as why it's a vulnerability is when you do that speculative execution, it actually changes things like what's loaded up in cache, what you can get to in memory faster and other things like there's various side channels essentially that they found to be able to do this, to figure this out. But it means that you can read a memory like you can. You don't read it directly, but it's like you derive the contents of memory that you're not supposed to be able to get to. That's what almost all of this is. So then you think about that and the question is, do I as a Linux desktop user care? And almost always the answer is no, because I actually trust all of the processes that's running on my machine. I'm not in a server farm where I have an untrusted process because I'm hosting a website and somebody can run arbitrary code as part of that website hosting. I'm not hosting a whole bunch of virtual machines where people are running whatever they want to inside that vm and I have to worry about them doing a VM escape with one of these. So that's the reason why you would want to Turn this off on your local Linux machine because you don't have any need of all of these mitigations because you're not running any untrusted code.
Rob Campbell [00:52:31]:
Yeah, any shared environment, really.
Jonathan Bennett [00:52:33]:
Right. It's not a shared environment at all. The only place, the only caveat there is, there are a few of these that theoretically you can access from, from inside a web browser. And so if you go and spend enough time on a malicious website, then somebody can run untrusted JavaScript code. And so that's why there's a few of these mitigations that it might make sense to leave on on a desktop.
Ken McDonald [00:52:57]:
Computer, especially if you're seeing memory just slowly climbing up.
Jonathan Bennett [00:53:03]:
Well, I don't think you would even see memory climbing up.
Jeff Massie [00:53:06]:
No, it's not how it works.
Rob Campbell [00:53:08]:
Yeah, Speaking of memory loss, Ken enters the room.
Jeff Massie [00:53:15]:
Yeah, it's all inside the cpu, so it's not a memory leak.
Jonathan Bennett [00:53:19]:
Right.
Jeff Massie [00:53:19]:
It's. It's little visions into what's going on and getting access to information you shouldn't have, possibly even memory locations you shouldn't have. It's not adding, it's just you're, you're getting into someplace.
Ken McDonald [00:53:34]:
It's caching.
Jonathan Bennett [00:53:37]:
A lot of times it's because things get loaded into cache and then you can access that cache and see what gets loaded faster. And yes, it lets you sort of get an oracle into what some other bit of. It's super impressive and really, really smart work that researchers have done. It's just the unfortunate thing is every time one of these gets found and fixed, they have to add something else to the Linux kernel and to the Windows kernel for that matter too. But it's like, okay, well, that means every time we move from user space code to kernel code, we have to explicitly empty the cache. Well, that takes time, and it also means that things are slower the next time you go to access what should have been in your cache.
Jeff Massie [00:54:19]:
So Harold Finch says, what should I turn off on a desktop and what should I leave on? And I would say if you're just having a normal desktop, you know, you're not running virtual machines for external customers. You're not running a server. You're not, you know, you're like Rob, you're just playing your hello Kitty island adventure and that's all you're doing on your machine. You can leave them all off. Because it, that's not the target. The target is where the, the virtual machines, where you have a set of virtual machines because it's running services for people outside your home.
Rob Campbell [00:54:57]:
You Know well I think his question is, you know to Jonathan's point he said some of them can be taken advantage of through JavaScript in the browser.
Jonathan Bennett [00:55:06]:
Yeah, I don't think anyone is actually doing that at this point. I don't think anyone's seen anybody doing it in the wild.
Ken McDonald [00:55:12]:
Nobody's been caught doing it.
Jonathan Bennett [00:55:15]:
Well I mean exactly. So like there is some level of how paranoid are you going to be about this?
Ken McDonald [00:55:20]:
That's easy. Be super paranoid. Turn everything on and then back it off until your computer can work.
Rob Campbell [00:55:27]:
It depends what's on your computer and what you use it for or if you're only gaming and you're not banking or putting anything private on there or using passwords on there doing anything.
Ken McDonald [00:55:40]:
And.
Jeff Massie [00:55:40]:
Realistically part of it is the target because a lot of these are higher effort. This is not just oh yeah, we're stumbling across stuff so you're super great safecracker. It's not hanging around in my neighborhood. You know there's you know they're going after where the, the rich people live. You know they're going up on the hill in the mansions. We're, we're definitely have to have versus the reward is not there. So a lot of the normal stuff is just not on the radar Unless, unless it's a script kitty type thing. We're, we're too small of potatoes.
Jeff Massie [00:56:20]:
We're, they're, they're going after political people, millionaires, billionaires.
Rob Campbell [00:56:27]:
Yeah Mr. I buy whatever biggest monitor I want and I'm not in a rich neighborhood.
Ken McDonald [00:56:34]:
Because he bought that big monitor.
Jeff Massie [00:56:38]:
Yeah but I'm driving a 35 year old pickup so See it's all relative.
Jonathan Bennett [00:56:44]:
Yeah I think so. The safe answer there is just stick with the defaults that your distro uses and I know some distros do turn some of those off and leave some of them on. If your threat model does not include apts, if you don't know what an APT is then you can probably turn all of them off and you will be fine. If you are doing defense work or you are a high level politician then you should probably leave more of them on. But if you are one of those people then hopefully you have a actual security professional that you can go and talk to.
Rob Campbell [00:57:17]:
So.
Ken McDonald [00:57:18]:
So and they'll turn it all on.
Jonathan Bennett [00:57:21]:
They will probably turn it all on for you.
Jeff Massie [00:57:22]:
Yes, I would imagine and realistically if you really wanted to you can turn it all on. It's just buy a little faster processor than you think you need. Buy a little more.
Ken McDonald [00:57:34]:
Memory.
Jeff Massie [00:57:35]:
Memory a Little more. You know, just beef it up more. Because it's just, it's just going to slow you down. Yep, some is all. I mean, it's not going to cripple you. It's just. Okay, you now have like a 10% load on your machine all the time. I'm just swagging a number.
Ken McDonald [00:57:50]:
But it'll still be faster than that 16 bit system you used to work on.
Jonathan Bennett [00:57:54]:
Yes. All right, Ken, let's talk pipewire. I see that there is a new release just about to come out. What is new in the pipewire world?
Ken McDonald [00:58:05]:
Well, there's a lot new in the pipewire world. In fact, this week Bobby Borisoff and Maurice Nester wrote about what performance improvements we can expect from Pipewire 1.6. Now according to Bobby, one of the biggest changes is a complete refactor of the link negotiation. Code applications now have better control over default values and can more precisely restrict available options, resulting in improved format matching and smoother audio and video handling. According to Marius, PipeWire 1.6 will include Bluetooth audio streaming for hearing aid support. I'm definitely looking forward to that one. And then there's also going to be MIDI 2.0 clip support in the tools, better support for explicit sync, a new timer cue helper to schedule timeouts, and support for Razer Black Shark version 3 or V3. There's also a new Dolby Surround and Dolby Prologic 2 example filter configuration as well as OnNX, I want to say Onyx and FFMPEG filters added to the filter graph system for more flexible audio processing pipelines.
Ken McDonald [00:59:32]:
As always, I do recommend reading Bobby and Marius articles for more details.
Jonathan Bennett [00:59:40]:
Yeah, reading through the changelog, there's a lot of latency stuff that they have done and so this is where people are trying to use pipewire for actual Pro audio use and have come back to them and said you still don't have the latency quite right here, let us help you. And it's getting better and better. So hopefully that means that programs like Ardour are going to be better to use with pipewire even more so than they have been now. Better support for, you know, FireWire Pro Level FireWire interfaces which a lot of us still have and would still love to use.
Ken McDonald [01:00:12]:
Because they still work.
Jonathan Bennett [01:00:14]:
Because they still work. Yeah, they work great. It's good. It was good. Hardware and audio is not quite like the computer world. You don't. It's not necessarily dead and gone after 10 years. You know, there's still 30 and 40 year old microphones being Used in recording studios because they were built.
Rob Campbell [01:00:30]:
Right.
Ken McDonald [01:00:30]:
They still work.
Jonathan Bennett [01:00:31]:
It still work. Yeah.
Jeff Massie [01:00:32]:
Well, and a lot of it take.
Ken McDonald [01:00:33]:
Care of it and it's going to work for generations.
Jeff Massie [01:00:37]:
Technology doesn't change that much. Right. You know, a 20 year old speaker is still going to sound really good versus a new one. Well, your 20 year old computer, oh, it's. That's a whole different ball game. You know, it's just the speed of the evolution of technology.
Ken McDonald [01:00:56]:
Like switching from kilobytes to gigabytes of memory.
Jeff Massie [01:01:03]:
Yeah, that hundred year old hammer works just fine.
Ken McDonald [01:01:06]:
Yeah.
Rob Campbell [01:01:07]:
At least we're not switching from kilohertz to gigabytes.
Jonathan Bennett [01:01:12]:
Yeah. So I mean to drive this point home, one of the most popular microphones in the world is the Shure SM57. I've actually got one off in a box in storage, one of the storage rooms. You would know it if you saw it though. It is still one of the most popular microphones for doing particularly UCM for miking like a piano or other different kinds of instruments. It was originally released in 1965 and it is still one of the go to microphones 60 years later with no changes to it. Correct. Now if you have one from 1965, it may be physically deteriorating because of some of the stuff that's in.
Jonathan Bennett [01:01:54]:
It wasn't designed to last that long.
Ken McDonald [01:01:56]:
Or the way it was treated.
Jonathan Bennett [01:01:57]:
Or the way it was treated. Yes. But they are still making them essentially exactly the same. And none of us are running computers from 1965. Just not a thing.
Jeff Massie [01:02:08]:
Well, Ken might have something about it.
Ken McDonald [01:02:11]:
Trying to think. I have an etcho sketch somewhere.
Jeff Massie [01:02:17]:
He's rapping wire around magnetic cores as we speak, you know.
Ken McDonald [01:02:22]:
Yeah, no, I gave that up ages ago.
Jonathan Bennett [01:02:28]:
That's funny.
Ken McDonald [01:02:29]:
That's for the grandkids to do now.
Jonathan Bennett [01:02:32]:
Yes, yes. All right, let's see here. Rob, you want to talk about the UBO Pod? What in the world is that?
Rob Campbell [01:02:48]:
All right, so Jonathan's idea of a smart home isn't asking Alexa to turn on the lights or Google to cool down the house. It's wiring up a thermostat using a Raspberry PI, a handful of sensors and some code he wrote himself. No Alexa, no Google Assistant, and absolutely no cloud connected microphone sitting around just listening. But here's something that might actually get him to set up build by a smart home speaker. After all. It's called the Ubo Pod. It's a compact hackable AI assistant that's 100% open source built by Merdad Majubi. And a team of open source developers.
Rob Campbell [01:03:36]:
Think of it as what would happen if Mycroft came back from the dead, learn Docker and set up shop on a raspberry PI. The UvoPod runs on a Raspberry PI 4 or 5 and supports local AI models for full privacy first privacy first operations. It uses Vosk Vosk for speech recognition and Piper for text to speech, meaning all the processing happens right on the device, not in some mystery data center. If you do want to experience want to experiment with bigger cloud models you can plug into Claude or OpenAI or Gemini, but the local stack is the default, not just an afterthought that got added on later. Physically it's about the size of a chunky paperweight, 5.1 by 3.9 by 2 inches, weighing around 0.75 pounds and it's built to be opened, upgraded and repaired. On the front you'll find a 1.54-inch IPS display and a 7 button soft touch keypad. There's even a physical camera curtain and a microphone disconnect switch for you or for when you want total silence. Dual mics and stereo speakers round out the hardware.
Rob Campbell [01:05:12]:
Under the hood, UWA software architecture is module and event driven using centralized state management so devs can extend or remix it without breaking everything else. It has a GUI you can control with the physical keypad or via a web browser and it supports third party dockerized apps. Developers can even build their own integration using a low code approach through a language agnostic GRPC API perfect for scripting your own command or connecting it with your self hosted service like maybe Home assistant that the last I knew Jonathan also has Never tried. The UvoPod is now live on Kickstarter with open repositories for both software and hardware. So you could build your own, modify your own or if you if you'd rather roll it out yourself, or you could purchase it off a Kickstarter. If this sounds familiar, that's because it really does echo what Mycroft the old open source voice assistant used to be that sadly fell victim to patent trolls. Ubopod is like the spiritual successor, the smart device for people who don't trust smart devices like Jonathan. So for folks like Jonathan, and probably a lot of the listeners here, this is the kind of innovation that might finally make a smart speaker worth having.
Rob Campbell [01:06:44]:
Local AI, open code, hackable hardware and no big tech middleman listening in. Now that's the kind of assistant anybody should feel comfortable inviting into their home.
Jonathan Bennett [01:06:57]:
Rob, you're going to tick my wife off by trying to convince me to spend money on stuff again.
Ken McDonald [01:07:03]:
Now you're supposed to convince her to spend money on it.
Jeff Massie [01:07:08]:
I was like, you know. And I know it's superficial, doesn't mean anything, but just know on that wood grain, it looks like a 1975 trailer house. Just no one. No do something better.
Jonathan Bennett [01:07:20]:
Oh, no. See, for. For. For some group of us, the wood grain is what makes it.
Rob Campbell [01:07:26]:
Yeah. I mean, did you never have a station wagon with the wood paneling?
Jeff Massie [01:07:31]:
I've seen them. This is like. No, that's what I think of. It's.
Ken McDonald [01:07:39]:
Probably a plastic veneer that's been stained. So it gives you that wood grain look.
Jonathan Bennett [01:07:46]:
Painted. It's probably painted on wood grain. Yeah, likely.
Jeff Massie [01:07:49]:
You know, when you look at it, it's thin enough. It's builder. Yeah. It's a veneer. It's pain. It's the sticker or something.
Jonathan Bennett [01:07:55]:
I don't know.
Rob Campbell [01:07:56]:
Maybe Raspberry PI 5 and you can get the hardware so.
Jonathan Bennett [01:07:59]:
Well, so. So I went and looked. It is actually a little bit more than a Raspberry PI 5. It is a PI 5 with a custom hat and a custom enclosure.
Rob Campbell [01:08:06]:
Right. So you build your own. You can use. It will work on a Raspberry PI 4 or 5.
Jonathan Bennett [01:08:12]:
Yeah. They also have the hardware specifications. Looks like to be open hardware. So if you don't want to pay them money for it. I don't know why you would do this, but you certainly can. You can hire one of the fabs like jpl. I can't remember what they're called. There's a couple of different Chinese fabs though that really do well at making stuff like this Is it jpl?
Jeff Massie [01:08:39]:
Maybe, you know, people in a fab.
Jonathan Bennett [01:08:41]:
Jlcpcb. That's it. That is the one I was trying to come up with. Not sponsored, but a lot of. A lot of the toys that I play with come from there. A lot of the boards that we deal with.
Jeff Massie [01:08:54]:
Yeah.
Jonathan Bennett [01:08:55]:
So here. In a minute.
Jeff Massie [01:08:57]:
You know, you know, somebody with. Like I said, you know, somebody in a fab. You know, somebody with a wave solder machine. You know, that's true.
Jonathan Bennett [01:09:05]:
Somehow I don't think I can send that someone my KICAD files and get him to make me stuff if I can. I need to have a talk with that someone. But I'd somehow he's got a whole.
Ken McDonald [01:09:17]:
Bunch of projects he's wanting to do.
Jonathan Bennett [01:09:19]:
I mean, let's do lunch sometime. Do some business pages worth. Anyway, Jeff, who is not at all related to that hypothetical someone, has some news about Fedora 43 that we are going to dive into right after this.
Jeff Massie [01:09:40]:
Fedora 43, which was set for release very, very shortly, has been delayed. The decision team goes through a spaceship type of go no go type of meeting to decide if they're ready for release or launch. And that for anybody that might not be familiar, whenever there's going to be a launch of a rocket, there's a lot of, you know, yelling out of subsystems and then that person who's in charge that says go or no go. And that helps define if everything's ready or not. Well, they had this go no go meeting on October 16th and they got a no go for the release. There were two main things that caused a delay. Now the first is the number of outstanding blocker bugs. Now this means these are large bugs which need to be fixed.
Jeff Massie [01:10:30]:
Now they include such things as the Andacana web UI installer dropdown menu didn't work in kde. Well, having your installer not work, that's a big deal. So problem another was there was a Linux firmware regression for the MediaTek MT7922 Wi Fi. So no network also seems like a deal breaker to me. Though there were also things like the rescue mode not being able to mount the boot and slash boot EFI partitions which if you can't mount them then the rescue mode ceases to be. ARM image installer had a problem and they had certain hardware failing to boot with the four fedora 43 images as well. So some pretty basic things which they need to get sorted out before they release it. Now they also the second issue is the amount of test coverage they had was also a huge concern.
Jeff Massie [01:11:28]:
They wanted more testing over a larger set of hardware to make sure there are not any more other major bugs hiding. So they want them found before release, not after. And that's why a lot of distributions at various times call for people just, just try it, load it, run it, hammer it, see, see what happens. You know what happens is, is they're going to give it some time to get the bugs worked out and then there will be another go no go meeting. So the original release date was October 21st. Now it's going to be October 28th. So it's not a huge push, it's just a little more time to get things right. So it's not like it's going out months or anything like that.
Jeff Massie [01:12:11]:
So nothing to panic about. So even though 43 is going to be delayed a little, I'm sure in the coming Weeks we're going to be talking about the new features that are already planned now that 43 is going to be delayed a little, but they're already working on 44 and I'm sure in the coming weeks we're going to be talking about what's going to be planned to go into 44. So take a look at the article linked in the show notes for more details and links to the announcement, which also includes links to the meeting minutes and the full meeting log. So if you are really wanting to see what that go no go meeting, how it actually happened and who said what it's in there and I, you know, I look forward to the next version of Fedora. And you know, and Jonathan already talked about it. I was going to ask if any of my co hosts are already trying the pre release version or maybe you have been because you're already using Rawhide, but Jonathan's thinking about it.
Jonathan Bennett [01:13:09]:
Yeah, really thinking about it. It's also worth saying that Fedora used to be absolutely famous for every release getting pushed by a few weeks for stuff like this and they really buckled down in the last few releases and got them out on time. So it's not, it's not a huge departure historically for Fedora to, to push a release out a week.
Ken McDonald [01:13:30]:
Well, if my laptop had a MediaTek MT7922, I definitely want them to push it back so I'd know my wi fi would work.
Jonathan Bennett [01:13:38]:
Yeah.
Jeff Massie [01:13:39]:
You know, and I mean I can respect that they want to make it right before they, they ship it. I, I would much rather have that than look, we artificially made a deadline but it, all sorts of stuff is broken and you know, so, and like rescue moves filling. Yeah, like I said, the rescue mode that doesn't work ceases to be a rescue mode.
Jonathan Bennett [01:14:03]:
Failed rescue.
Jeff Massie [01:14:04]:
Yeah, it's not a rescue.
Jonathan Bennett [01:14:08]:
Indeed. Indeed. Yeah, I, I very, very tempted to do a couple of Fedora 43 installs just to just to give it a try.
Jeff Massie [01:14:18]:
So there would you do 43 or would you just jump and say oh heck, let's just go right into Rawhide.
Jonathan Bennett [01:14:25]:
It depends upon which machine. So if I do it on the laptop I'll just go to with 43. If I do it on the desktop I will probably grab 43 and then install KDE plasma from Rawhide. That seems to be a relatively good combination. You can install just your desktop from Rawhide and that way not everything is broken, it's just your graphical interface is broken.
Jeff Massie [01:14:50]:
So anybody that doesn't know Rawhide Cool interface. Yeah. For anybody that doesn't know, Rawhide is the rolling, cutting edge part of Fedora. And every so often they kind of freeze it or certain points in there, they freeze it and say, okay, this is going to be 43, this will be 44. But Rawhide keeps rolling and you can get off the train at any time or you can be like me and sometimes not get off the train at the right time and things don't go.
Jonathan Bennett [01:15:17]:
As well as they should. You accidentally roll forwards to the next. The next pre release.
Jeff Massie [01:15:22]:
Yeah.
Jonathan Bennett [01:15:23]:
Yes. Yeah, don't do that. That's not what you wanted.
Rob Campbell [01:15:26]:
Yeah.
Jeff Massie [01:15:27]:
It's like I didn't end up where I wanted to be. Yeah.
Jonathan Bennett [01:15:30]:
So there is another distro release that is just around the corner. In the past it just happened and Ken wants to talk about Zorin OS18 and I'm so used to these release numbers that are either really big like Fedora 43 or. Or based on the year Zorin OS 18 sounds like it's about six years old. Six or seven years old.
Rob Campbell [01:15:53]:
This was. It's based on the year they, they made it. This kind of finally.
Jonathan Bennett [01:15:57]:
It's been that long in the works.
Jeff Massie [01:16:00]:
They thought, well, 18th release.
Jonathan Bennett [01:16:03]:
There you go.
Ken McDonald [01:16:03]:
But yep, Jonathan, as you said, this year we are hearing about the Release of Zorin OS18 from of all people, Suravrudra, Marius Nestor and Bobby Borisov. They all say this release introduces a refreshed look, sporting rounded corners, lighter accent palettes and a floating curved panel. By default, the redesign system brings a more consistent look across both GTK and QT apps. According to Bobby, Zorin OS18 is built on Ubuntu 24.04 LTS. Some of y' all may call that number or Noble Numbat. And it's powered by Linux kernel 6.14, so it's a relatively new kernel there now. According to Marius, it comes with a powerful new window tiling manager that promises to boost productivity, a new built in Web apps tool to make it even easier to install your favorite applications, as well as having other options. And according to Surov, you will appreciate how Zorin OS 18 handles Windows installers.
Ken McDonald [01:17:33]:
Now you can launch a Windows app installer and the system proactively suggests Linux alternatives available in the software store or compatible web based versions that offer similar functionality, making the transition less daunting. Marius and Bobby also Write about Zorin OS18 introducing OneDrive file integration now. Bobby even wrote a follow up article about the Zorin OS teams, posting about an impressive milestone in less than 48 hours Zorin OS OS 18 has been downloaded over 100,000 times and that number keeps climbing making it in Zorin's words, our biggest launch ever. Now I have links to Sorv, Morris, Marius and Bobby's articles in the show notes. If you do want more details, including Bobby's answer to the age old question is this the year of the Linux desktop?
Jonathan Bennett [01:18:42]:
Is it the year of the Zorin desktop? That's really the question.
Jeff Massie [01:18:47]:
I was just for the heck of it looking to see if I could see where they got 18 and I'm not really sure. It's funny because the first Release was number 1 2.3.245 and then they go up but sometimes there's a, you know, 7, 1, 8, 1 10, 11, 12, 15.3, you know, sometimes there's a couple releases in a year, there's a logical.
Rob Campbell [01:19:14]:
Progression just like Windows 7, 8, let's skip 9 and go right to 10.
Jeff Massie [01:19:21]:
And yeah, so there's sometimes there's multiple releases in a year, sometimes they Skip years. Like 15.3 came out in 2020. Now this is according to DistroWatch. The next release was 16.3 in 2023. Then they came out with 1 in 25, 17.3 in 2025. Now 18 is in 2025. So I, I'm not sure how their numbering system eludes me other than bigger is better.
Rob Campbell [01:19:56]:
Did you catch though how it said more rounded corners? I believe you really like rounded corners, right?
Jeff Massie [01:20:02]:
Oh I, yeah, yeah.
Rob Campbell [01:20:05]:
You like them sharp? They hurt.
Jonathan Bennett [01:20:07]:
So sharp they hurt. I tell you what, I really don't, what I don't want is I don't want to put my windows together and be able to see the desktop through the rounded kernel corners. That's no fun.
Rob Campbell [01:20:21]:
I like that feature where it recommends other alternative software or web or otherwise. And now I'm wondering does it actually detect what you're installing? If you're installing, trying to install Microsoft Office, is it say oh Office, you know, you should try LibreOffice.
Ken McDonald [01:20:44]:
LibreOffice.
Jonathan Bennett [01:20:45]:
See I was hoping he was going to say that when you go to install something on Windows it automatically suggests installing it into a new wine bottle because that I think that would be really useful.
Rob Campbell [01:20:57]:
I think they have their own wine integrations and Soren to try to make it easier. So whatever. It's probably some custom, I don't remember how it is.
Ken McDonald [01:21:06]:
And they've got the capability of taking a website and converting it the tool that lets you basically make it into a web app that you can pin on your desktop.
Jonathan Bennett [01:21:17]:
Yeah, I mean that's a fairly understood thing. Other oss let you do that and your mobiles will let you do that.
Rob Campbell [01:21:26]:
Yeah, they integrate it. I assume that one feature where they recommend they must have a list. So if you're installing some obscure windows, they're like, I don't know what this is.
Ken McDonald [01:21:38]:
I think we could actually say they probably have a database for that.
Jeff Massie [01:21:42]:
Well, there's actually websites and I drawing a blank at the top of my head. But if you say Linux equivalent to X, a lot of times you get a specific website that says, oh, here's your options you have in Linux for.
Rob Campbell [01:21:55]:
This popular program alternative to or.
Ken McDonald [01:21:59]:
That's what alternatives to or alternatives dot com.
Jeff Massie [01:22:03]:
Maybe that's what it is. Yep.
Ken McDonald [01:22:06]:
If not, you need to grab that one real quick.
Rob Campbell [01:22:09]:
Yeah, I've used some of those sites and I'll tell you, they're not always on the mark. They're not great sometimes, but.
Jeff Massie [01:22:17]:
No but it's sometimes just a launching point of, you know. Okay, it gets me in there where.
Ken McDonald [01:22:23]:
You can start searching.
Jonathan Bennett [01:22:24]:
Yeah, Here. Here is what this class of application is even called.
Jeff Massie [01:22:29]:
Oh, yeah.
Jonathan Bennett [01:22:31]:
Yes, for sure. All right, that is our news and we are about to dive into the tips and we've got four, four really fun tips for you. We're going to cover right after this. All right, Rob, what do you have for us?
Rob Campbell [01:22:45]:
All right, my tip for today is app. That's not what I've actually used, but reading into it, it sounded pretty interesting. So. And something maybe some of our listeners might be interested in. So I thought I'd share it in case you don't know about it. So do we have any fast mail users listening? I'll wait for you to respond. Okay.
Ken McDonald [01:23:06]:
If.
Rob Campbell [01:23:06]:
If not. And you're looking for an alternative email provider to the likes of say Microsoft 365 or Google Fast Mail might be one to check out. They have plans compared comparable to like the basic Office365 and Google Workspace accounts, you know, with email, calendar, contacts, but for almost, almost half the cost. You know, depending on which one you're looking at.
Ken McDonald [01:23:34]:
The.
Rob Campbell [01:23:34]:
The cheapest one starts like $3. Otherwise there's group ones and bulk ones.
Jonathan Bennett [01:23:42]:
Probably enterprise plans and all that.
Rob Campbell [01:23:44]:
Yeah, there's business and enterprise plans and all that stuff. So you know, and what I read about, I looked in a little bit. You know, I've heard of fast mail, but I never really looked in too much. Fans say it's fast and secure and.
Jonathan Bennett [01:23:57]:
And is that where they Got the name from. Hey, it's fast. It's mail. Sorry.
Jeff Massie [01:24:03]:
Yeah, it's fast.
Rob Campbell [01:24:05]:
It's mail. It's fast mail. And like I said, I'm not a user. But from what I looked at it, you know, it appears to have a clean email interface, which is something I really like. You know, that's why I don't use a lot of the. A lot of the email clients out there, because I just feel like they look there. But I feel like a lot of webmail ones are really kind of. A lot of them, not all of them are doing pretty.
Rob Campbell [01:24:32]:
A pretty good job these days. So what I really like about this one is that they have. They have something that Google doesn't even have in their offering and that is they have a desktop app for Lennox. So this app, it's. Okay, it's an electron app, which makes it kind of web based. But I mean, it's using. It's. So it's using the same user interface.
Rob Campbell [01:24:59]:
You know, it's going to be the same as the webmail interface, but with OS integrations including desktop notifications, and it's going to respect your dark mode preferences more than a regular browser tab provides. So if you are a fast mail user or you want to become one, I suggest checking out the fast mail app available as a flat pack on flathub. And I wish I could have tried this myself as it looks beautiful. I. I love the look of it for webmail, but I'm not looking to switch email providers at this time and I. I don't have time to just try it out, but to switch just for the sake of switching. But I do, I do wish others like Thunderbird could maybe improve their interface. Thunderbird has been improving over the years, I think, I think they could improve it more, maybe look a little more refined like this one does.
Rob Campbell [01:25:59]:
So if you're a fast mail user, they have a Linux app.
Jonathan Bennett [01:26:04]:
Now, is it just electron?
Rob Campbell [01:26:06]:
It is just electron, yes. That's what I said.
Jonathan Bennett [01:26:10]:
So, yeah, well, okay, I guess I'll give it to you.
Rob Campbell [01:26:15]:
It has the desktop integration, so it's a little more than just, you know, another website in its own little shell.
Jonathan Bennett [01:26:22]:
It's not just the website and electron. All right, fair enough.
Rob Campbell [01:26:25]:
It's not just the website in it. And. Yeah.
Jonathan Bennett [01:26:28]:
All right, Jeff, you've got octopi. And when I first saw this, I thought, that's a 3D printer.
Ken McDonald [01:26:34]:
3D printing.
Jonathan Bennett [01:26:35]:
Yeah, not that one, the other octopi.
Jeff Massie [01:26:38]:
Yeah. And this might, I think, probably predates it. So having been on the Debian side of things for a lot of years with you know, I had some small detours into Fedora over the years, but overall, you know, I know the apt package manager really well. Well with being in the arch side of things now I'm learning Pacman, which is the arch package manager or cash us in my case but same thing. To make things a little easier, there's a graphical program which is used like a front end to Pacman Octopi. It's a graphical user interface which makes things easier when you don't know the program like the back your hand and don't feel like going through the Google learning curve. Now it's written in C, uses the QT toolkit that's you know, KDE. The source code is on GitHub and it started back in 2013.
Jeff Massie [01:27:31]:
So octopi consists of a package browser, a sudo helper, a notifier cache cleaner and repository editor. And the link in the show notes even has a link to a YouTube channel that you can go and see it in the action if you so wish. Now through the GUI you can search for packages from both main and they say foreign repositories, meaning external to what your distribution normally has. So you're adding a different non standard repository you can install reinstall, you know, including local packages so you can use it if you download you know a package and want to put it on. Of course, remove upgrade, you can visualize the files in there and view repository changes and distribution news as well. All package database actions that involve changes are performed using the pacman command. So you could do this on the command line if you so desired. It's just simply feeding pacman the proper command line for privilege escalation.
Jeff Massie [01:28:47]:
Qt sudo is the only program which will work with octopi, so you have to have qt and I said kde. QTE isn't exclusive to kde, but in the Linux world they go pretty hand in hand.
Jonathan Bennett [01:29:02]:
Most.
Jeff Massie [01:29:05]:
QT applications are kde. I'm not going to go over how each of the features looks, but you can look at the link in the show notes for documentation on everything. They have a frequently asked questions or a faq. So you know, if you'd rather point and click than type it all out, you know, for your package needs, check out Octopi. Happy installing?
Jonathan Bennett [01:29:31]:
Yeah, very cool. Octoprint is the application I was thinking of. An octopi is what they call the combined Raspberry PI image that has octoprint on it. So that's where the naming confusion comes from. All right, Ken, you are muted and you want to talk about AI Gemini. What is up with Gemini?
Ken McDonald [01:29:58]:
I don't want to talk about it, but I thought I'd share with you how you can access Gemini command line interface from your Linux terminal. I'm going to refer you to. Let me go ahead and bring up a browser real quick to get the Gemini GitHub page, which is right here, and it's got instructions on how you can install it. And I've got a link in the show notes if you do actually want to play around with it. If you've got a Gmail account, you can play around with it for free as a personal device. Well, the quickest way to install it if you already have no JX running on your system is to just copy this command here, npx, followed by the link to the GitHub and post that into your terminal and it will ask you if it's okay to proceed with installing it. I'm going to say yes. I'm live.
Ken McDonald [01:31:19]:
I like living dangerously in a vm.
Jonathan Bennett [01:31:22]:
Yes.
Ken McDonald [01:31:25]:
And as we're watching here, let me go ahead and bring up so y' all can see what I'm talking about. And is that easier to read?
Jonathan Bennett [01:31:37]:
Yeah, I can see it.
Ken McDonald [01:31:39]:
All right.
Jonathan Bennett [01:31:39]:
You've told it that it is okay to proceed.
Rob Campbell [01:31:42]:
Yep.
Ken McDonald [01:31:47]:
And y' all can see the command there. It's just MPX followed by Gemini coi. Easy to remember.
Jeff Massie [01:32:06]:
Trivial rolls off the tongue.
Jonathan Bennett [01:32:09]:
Yeah.
Ken McDonald [01:32:10]:
And they're loaded it up.
Jonathan Bennett [01:32:14]:
Very cool.
Ken McDonald [01:32:15]:
And now that we've got it loaded up, what can you do with it? Well, the first thing I would recommend doing is you type a slash followed by help and that'll give you help on using Gemini cli. It'll give you all the commands that you can use and how you can switch to shell mode from within it. So say you wanted to list what your current directory that you're in is. You do that and it lists all the files and directories that you may have. You can do that from the command line though, right now let's go ahead and hit that colon again so we can get back to the Gemini prompt. And I'm going to use the command about to give you the version information. And as you notice, it says this is a nightly build that I'm running. And it there are is a way that you can set it up so it's running in a sandbox.
Ken McDonald [01:33:36]:
If you've got a Docker image set up that you want it to run in but while you're here, you can ask questions like what files are in my current directory. And now it's asking me if I can will allow it to execute LS I'm going to say yes, I did that by hitting the number one. I could have just hit return with that highlighted and you saw what it did the same thing I did. And you can ask ask it more detailed questions as well.
Jonathan Bennett [01:34:29]:
This is, this is an interface for running this as an agentic AI then because it actually gets to use these tools to tell you things.
Ken McDonald [01:34:35]:
Yep.
Jonathan Bennett [01:34:36]:
Ah, interesting.
Ken McDonald [01:34:40]:
And I'm going to do this. Can you summarize this page and let's go back here and guess what page I'm going to ask it to summarize.
Jonathan Bennett [01:34:56]:
Little AI navel gazing.
Ken McDonald [01:35:01]:
Since that's the easiest one to find. And here it is. And as I said, it prompts you. Do you want to allow it to. Yes, you can allow once, allow always, no suggest changes. So let's go ahead and say yes, allow once. And it begins the web page announce. Now, as you notice, it's got a where it says web fetch and it's.
Ken McDonald [01:35:30]:
That's one of the tools it uses. The other one was the shell. And then after it's processed from the prompt it comes back saying the Gemini CLI is an open source AI agent that brings Google's Gemini to your terminal. It's lightweight, has a free tier, and gives you access to the Gemini 1.5 Pro model. It has built in twos for web search, file operations and running shell commands. You can also extend it with custom integrations. All right, now one of the commands that you can use is stats. And here's what's nice.
Ken McDonald [01:36:11]:
I can hit tab and then it gives me do I want to do model or tool. So I'm going to go with model and there's a model Stats for nerds. Shows how many requests I made, how many tokens I've used, what the latency is. And as you look there, you'll see there's columns showing that There's a Gemini 2.5 flashlight, Gemini 2.5 flash and Gemini 2.5 Pro. And it looks like I did two requests to the flash and the Pro and three to the OR, two to the flashlight in the Pro and three to the flash. Now I'm going to show you how you can get out of this. That's just quick. And I'd have to run this again and install which would install it again.
Ken McDonald [01:37:15]:
So it's never on my system within the vm. Now Having said that, on my Ubuntu system, let's go ahead and bring this up. I've actually got it installed. This one's installed via Homebrew and there it's loading the cache credentials. It uses that to verify that I'm authorized. And again you do the help. Now what want to demonstrate here is chat and I'm going to list saved conversation checkpoints and there you see I have one that's list MPN bug. I just threw out a tag for it and I'm going to go ahead and resume that from the checkpoint.
Ken McDonald [01:38:45]:
And it starts by going back to show what you've already done.
Jonathan Bennett [01:38:53]:
Cool.
Ken McDonald [01:38:55]:
And this is where I was trying to update something that gave me some error messages in Brew. I forget what it was now, it was earlier today, but I just took in asked it to find out why the command failed.
Jonathan Bennett [01:39:28]:
Did it actually help you? Did it give you useful results?
Ken McDonald [01:39:32]:
Yeah, it told me that that's the command that was actually filling because I was getting it when I was doing a upgrade on all the different options I have for upgrading like to my system get my Rust and Cargo and Brew trying to think what all my top grid ends up stating on this system because of where I get some of the applications I have running. And it showed that the where is node is empty. So node JS isn't in standard locations. And but as you can go through, you see it check to see if installed brute packages for it. Brew list confirms node is installed. And there it's went through to verify the executable location it said it couldn't access outside home dat. The error means node isn't in the path. So for whatever reason, it wasn't at the path at the time that I did the top grade.
Jonathan Bennett [01:40:52]:
All right, I've got a command line tip that I want to make sure we have time to get to as well. And that is it's actually two of them. It's one we've talked about before and one that I'm not sure that we've talked about before. And this all came up because I had a hard drive that I needed to securely wipe because it came from a customer. And so I about a week ago, a week and a half ago, I sat down and figured this out and it's like, okay, how do I do this? And it will shred. And we've talked about the shred command before. You can shred a file on your Linux system, but you can also use shred to securely erase an entire hard drive. And so in that Case you just would run like sudo shred and then a dash V and then the device.
Jonathan Bennett [01:41:41]:
Not a partition on the device but the whole device like dev, SDA or sdb. Be very careful when you do this that you use the right device because if you shred your primary hard drive, you will lose all of your data and you will be very sad. So that is what I used and then I went back and did a bit of looking because modern hard drives are fancy and complicated and they do things like wear leveling and they have extra blocks. And so it is possible that part of your data will survive that shred because of that wear leveling and it will be in the extra blocks, the spares. And so there is a second way that you can securely erase a hard drive and that is hdparm or HTP arm. It is a utility for working with hard drives. And I've got a second link here that goes to that and it is essentially the security erase enhanced flag in hdparm and that will do a secure erase. And the thing to remember there is that different hardware, different pieces of hardware support this in different ways.
Jonathan Bennett [01:43:13]:
And so a really well built hard drive will do a good job securely erasing something. But there have been reports where people run this command and about two seconds later their hard drive comes back and says, okay, I did it. And maybe you didn't actually overwrite all of that data. So if you have a drive that you really need to erase, I would actually recommend running Shred first and you can tell shred to run multiple times. I think by default it's going to run two or three times. Yes, random data three times. Shred by default overwrites the blocks with random data three times. And then I would actually say if this is a drive that you really need to be erased, also go back, follow that up with the hdparm command to make sure that as much as that drive is capability of doing so, it goes back in and also clears those extra blocks and any other places where data might be hiding.
Jonathan Bennett [01:44:25]:
Yeah, I learned that in these last couple of weeks and found it really interesting. Very nice. There you go.
Jeff Massie [01:44:33]:
Yeah, I just want to add in here that I wish I'd looked at the little closer at the tips because I was going to have a show title this week of no AI in this episode.
Jonathan Bennett [01:44:47]:
Foiled again, Ken.
Jeff Massie [01:44:50]:
Foiled me.
Jonathan Bennett [01:44:51]:
Yes, yes. Yeah. And of course so now people are talking in our chat room about how do you actually destroy a drive? And yes, if it is a spinning platter hard drive, then Magnets might do it. Actually, the better way I would say was splint, sledgehammer, no drill bit. Just run a drill bit down through. Because they're basically made of glass. Once they shatter, that memory is completely gone. I would not necessarily trust a drill bit for an ssd because the actual memory storage chips, the physical parts that store the memory are so tiny, it would be difficult to make sure that you got them all.
Jonathan Bennett [01:45:27]:
So that's where it's nice to do some physical wiping.
Ken McDonald [01:45:29]:
Well, you'd have to do a lot of holes.
Jonathan Bennett [01:45:31]:
Exactly.
Rob Campbell [01:45:34]:
You really want to do it. You can have it shredded physically.
Jeff Massie [01:45:38]:
Yeah.
Ken McDonald [01:45:39]:
Because through one of those shredders that you see cars going through. Yeah.
Jeff Massie [01:45:46]:
Only one set for, like, drive, so it's much tinier pieces because the drives, I mean, if. If, say you're super famous, you know, you're the president, you're the. A billionaire or whatever, someone gets a hold of your drive, you can take those individual chips, deprocess them, and get down to the cell level and start measuring the. The hysteresis on the cell to find out what things are. And I mean, you can. Depending. Depending what level of paranoia you have. It's, you know, even in a race.
Jeff Massie [01:46:22]:
And it's kind of funky because, you know, we had Harold saying, well, just don't put all zeros in there. And actually, I don't know of a drive anymore that you can write all zeros to at the cell level because they put a hash in there because you don't want a huge block of zeros or ones because it'll cause field effects on other cells and can disrupt data. So you want to keep. Rather than having a large block of one potential, you want to have it kind of mixed up and spread out. It's not a hash for, like, security, but it's just a. Don't have too much in. Of one charge in one place.
Jonathan Bennett [01:47:07]:
In the RF world, they call essentially that same thing data whitening to where you introduce some ones and zeros. A mix of ones and zeros because it makes the data actually more resilient in the airwaves. Very similar concept.
Jeff Massie [01:47:26]:
Yeah. I've also heard it called swizzling.
Jonathan Bennett [01:47:30]:
Yep.
Jeff Massie [01:47:31]:
Some of the old timers were.
Ken McDonald [01:47:33]:
Well, according to Gemini, by default, the shred command and bash overwrites files three times, does not remove them after overwriting, and uses random data for the final overwrite.
Jonathan Bennett [01:47:47]:
Yes.
Ken McDonald [01:47:47]:
It also rounds up the file size to the next full block to override any slack space.
Jonathan Bennett [01:47:53]:
Yeah, Shred is actually a pretty Good utility for that. I was, I was pretty impressed by how well it did.
Ken McDonald [01:48:00]:
And it looks like it actually just read the manual, probably.
Jonathan Bennett [01:48:05]:
All right, let's let each of the guys plug whatever they want to. We're gonna let Rob go first.
Rob Campbell [01:48:11]:
All right. For those who appreciate what I do and want to get more of me, you can find me at robert p.campbell.com and that's my website for me, my personal one. Once you get there, there are links at the top for my LinkedIn, my Twitter, my blue sky, my mastodon, and a place to donate coffees to me in five dollar increments. Or if you want to donate to, say, Ken or Jeff, you could put it there and make it. Make sure to just put a comment. And I've already paid off Jeff one time. So, yeah, you know, go ahead and do that. If you want to find out more of me, there's.
Rob Campbell [01:48:52]:
You could scroll and see, see some more stuff about me too on that page. That's all about me. Come find me, come connect, come learn, come say hi, whatever.
Jonathan Bennett [01:49:02]:
Yep.
Ken McDonald [01:49:03]:
All right. And Ken, I don't really have anything this week, so I'm just going to recommend especially to you, Jeff, Back up, back up and back up. Jeff, did you ever figure out how to do snaps or reboot a snapshot of your Cashios?
Jeff Massie [01:49:28]:
I didn't. Not yet. I was working on the delayed reboot, so I got that. That was. That was my fix for the week.
Jonathan Bennett [01:49:38]:
One fix a week.
Jeff Massie [01:49:39]:
Yeah.
Jonathan Bennett [01:49:39]:
Let's not get too excited here.
Jeff Massie [01:49:41]:
Yeah, I work a lot of hours. Okay.
Jonathan Bennett [01:49:44]:
So this is.
Jeff Massie [01:49:45]:
I don't really have much either. This is going to be Poetry Corner. And again, this is about something. So we're switching things up a little bit here. Using wires is so2015. Phones with no headphone jack make me feel alive. At first you must pair. Then data moves through the air.
Jeff Massie [01:50:05]:
This text name might make dentists cry. Bluetooth. Other than that, I don't have anything. So just everybody have a great week.
Rob Campbell [01:50:19]:
Yeah.
Jonathan Bennett [01:50:19]:
All right. I have been cleared to tell you all about something very cool. Coming up on Friday the 24th, the twit D&D adventure. It starts at 4 Central. It's 4 to 7 Central time. That's 2 to 5 on the East coast and 5 to 8. No, 5 to 8 on the East coast and 2 to 5 on on the West Coast. And yours truly was invited as one of the players.
Jonathan Bennett [01:50:47]:
It is a fall themed one shot. And so if that is your thing and you're part of the club, come check that out. It will be a Club Twit exclusive. We'd love to see everybody there. Aside from that, if you want to follow me, you can find my stuff on Mostly Hackaday. That's where Floss Weekly is at these days and also where my security column goes live every Friday morning. Appreciate that. Other than that, we just want to say thank you to everyone that watches, that listens, that gets us live and on the download.
Jonathan Bennett [01:51:16]:
And we will be back next week for another Untitled Linux show.
