630: Google's Garden Lockdown

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:11):
Hello, friends, and welcome back to your weekly Linux talk show. My name is Chris.
My name is Wes.
And my name is Brent.
Hello, gentlemen. Well, coming up on the show today, it appears Google is laying
the groundwork to start locking down sideloading on Android.
You can imagine we have some thoughts on that news. So what we'll do is we'll
push Wes's pixel further than Google ever imagined or dreamed possible.

(00:35):
Then we'll round out the show with some great boosts and picks and a lot more.
So before we get to all of that, let's start by saying time-appropriate greetings
to our mumble room. Hello, Virtual Log.
Hello there. Hello, Brent.
Hello. And hello, everybody up there in the quiet listening,
too. Got a good showing up there as well.
Of course, we're doing this here podcast live on a Sunday. We start around 10 a.m.

(00:57):
Pacific time, but you can get that converted to jupiterbroadcasting.com slash
calendar. Or here's a pro tip.
Use the podcasting 2.0 app, and it'll just be right there in your list.
Easy peasy. And a big thank you to Defined Networking at Defined.net slash unplugged.
Go meet Managed Nebula from Defined Networking.
They took the brilliant, beautiful, fully open source Nebula Mesh VPN network

(01:23):
and built this product around that anyone can use.
It's Managed Nebula, a decentralized VPN built on what we think is the best
open source Mesh VPN platform.
And the entire stack is optimized for speed, simplicity, and industry-leading security.
Slack has been using it since day one, but we hear more and more stories from

(01:43):
you out there in the audience using it to point it on your home labs or for
work or whatever it is, and as a result, keep sending them in.
We've been seeing some pretty cool tools sent into the network,
but this one was actually made by one of our own.
Deckbot, listener Deckbot, has made Nebulous CertMaker, a simple YAML and Python
script to create certificates for all of your mesh nodes.

(02:06):
So I think, Wes, the way it works is it looks like you have a list of all your hosts.
It'll walk through that list and create a new Nebula certificate and generate
and sign the certificates for each one of the hosts in that file.
Exactly, yes. Like Nebula itself provides the primitives for managing the certs
and all that kind of thing.
And you can build on top of it. And DeckBot has, which is awesome.

(02:27):
And we're seeing more and more of that, which is great to see.
Shout out to DeckBot for making something just real simple but really useful.
And the nice thing about Nebula is when you deploy Nebula, you are in control.
You can run the entire infrastructure. It's not bits of it that are kind of
like this weird fork and you can kind of run part of the infrastructure.
No, you can run all of it or you can take advantage of their managed product.

(02:51):
Go right now to define.net slash unplugged and get 100 hosts absolutely free.
Take advantage of top tier encryption. Take advantage of the leading industry
product that is lean, mean, and fast on your host.
100 hosts absolutely free. No credit card required. Go to define.net slash unplugged.

(03:13):
Okay, it's on. It's definitely on. Texas Linux Festival, October 3rd through
the 4th in Austin, Texas, at the Commons Conference Center in Austin.
We're all road tripping. Brent's coming down from the East Coast,
coming down in the van to Texas.
And Wes and I are going to load into my car and road trip down on the West Coast.

(03:35):
So we'll be coming down individual coasts at the same time. That's kind of cool.
So meet us there, why don't you?
Coast to coast.
Coast to coast Texas Linux Fest. We don't have swag yet, but we will probably
midweek have some Texas Linux Fest swag in the Jupyter Garage.
So I'll put a link in the show notes.
So midweek after this came out, go check that out. So, you know,

(03:56):
the first week of September.
And once again, I'm going to be coming to you asking to help us get there with some boosts.
We're in conversation with one potential sponsor, but it hasn't really gotten
anywhere yet. And I'm not sure it will in time for us to make it to Texas Linux
Fest. So we're going to self-finance this one way or another.
My hope is that we can get some boosts that come in. And then what we're going

(04:17):
to do, and the reason why the boosts are going to be useful,
is I'll be completely frank with you.
I'm going to throw them into a loan. I'm not going to sell them.
I'm going to throw them into a loan.
And if somehow for something happened and the price crashed and we got margin
call, it's fine. It's the same as selling them then.
But we're going to put them into a loan. We're going to do that to finance our
ability to get down to Texas Linux Fest.
Now, Chris, why would you do something like that? That's crazy.

(04:40):
I am really committed to trying to cover these events in a way.
I know this sounds sort of, well, you know, sort of self, self, um, I don't know.
It's sort of, it's not a brag, but I just, I feel strongly that if these events don't get covered.
And they're not streamed online or anything like that. It's like it's in a way
they don't really happen except for in this small little pocket.

(05:02):
And they don't make often a huge impact outside of that.
And these are really unique to the Linux community. These fests that are put
together by just volunteers that care about Linux and free software.
And it's a real pain in the butt. And they go through all of the work.
A year-long job. Every year.

(05:23):
Without the, you know, corporate style of it kind of budget or time allocation or anything like that.
Constantly trying to juggle venues and budgets and networking and community expectations.
And they put together something that brings us together across different cultures
and different beliefs. But we come together around Linux and free software.

(05:43):
And the connections you make there are truly like they take something maybe
like somebody you've known online. You meet them in person and they become true friendships.
And it's not just about the networking these are
really special events and they're unique to our community
they're unique to our culture other things
they have their kind of community events but nothing's like a linux fest and

(06:06):
i feel really strongly that it's one of the things the show can do as a contribution
to the linux community at whole is try to document and capture these things
as they happen and then they become part of the show's tapestry over time so
five years you listen and back,
you know, you can hear the 2025 Texas Linux Fest. It's a time capsule.
And then the difference of us going and not going is the difference of that

(06:28):
getting covered and getting captured.
And plus, we meet our fellow community members there.
It's our opportunity and our chance to actually convert numbers on a dashboard
to real faces. And it gives us this kind of motivation that you just don't get
scrolling social media and reading the email feedback.
So it's probably one of the most expensive things we do and probably one of

(06:53):
the most important things we do.
And, you know, screw me if I have yet to figure out a way to really make a profit
at it. But it's still something I feel is extremely important we do.
And it's also a form of genuine, unique content and journalism.
I think that's kind of maybe don't call it that, but it's in the category of we're going there.
We're doing original reporting that isn't being covered anywhere else.

(07:15):
We're capturing something that's unique to our community, and we have an inherent
expertise and understanding on the topic matter and on the culture and of the people,
so we're perfectly positioned to cover it and capture it.
So it just feels like it's extremely important to me that we actually do this.
And I felt this way for years, but it's really been crystallized in the last couple of years.

(07:39):
But that doesn't mean there's commercial interest in there. There's not a lot
of companies that are going to make a lot of money financing that.
Now, there's some that want to do it, but it hasn't materialized yet.
But I think it's important, and I would like your help if you would like to
boost in and help us get there.
We're going to take those sats. We're going to throw them in a SALT loan.

(08:01):
There is a margin of insurance there.
And then we're going to use that to finance it to get us down there.
And then I'm going to pay it off probably myself personally over the next year
or so. Or we'll sell the SALT, whatever we have to do.
But it gives us some optionality. We have the option to or not to sell them.
So it gives us flexibility there.
And when it's in that SALT loan, we'll have cash that we can use to get our

(08:23):
butts down there and rent hotels and whatever else we have to do.
so that's the goal it's a bit ambitious and we only have until the end of this
month really next month september to do it because i think by my math we need to hit the road,
by september 28th so the episode we do on september 28th we basically after

(08:47):
the episode we pack up and we hit the road.
Well we got to get there because i got the good news that my talk was accepted
so i'll be sharing an updated version of my mesh networking on nix os talk.
Well, now we got a mission. We got to get Wes to Texas Linux Fest so he can
give us a talk. And then we'll meet up with Brent.
He'll be there in his van at Texas Linux Fest, and we'll hang out in Austin
with you guys and with Brent and everybody.

(09:10):
And then we're going to caravan back up to the Pacific Northwest in my car and Brent's van.
Operation Homeward Bound.
Yeah. So it's super ambitious, but we hope, we hope, we hope you will help us
with that. You can send us a boost. The easiest way to do it is Fountain FM.
Now, again, the reason why we're doing boosts is because we're going to be using
that in a particular way.
So Fountain FM is probably the most straightforward way to do it because they

(09:32):
self-host all that infrastructure.
Now, if you can't do that or you don't want to participate in that,
later in the week, we should have some Texas LinuxFest swag up in the Jupyter
Garage at JupyterGarage.com.
And, you know, inflation has hit the prices of swag. I was complaining to the
boys that even like before we price it, these things are ridiculous.
list, but we'll try to keep it reasonable, but something in there that can still

(09:55):
put some fuel in the tank and whatnot.
And we'll have that up at jupytergarage.com, which could be another way.
And just anybody that does even consider it. Thank you very much.
So it's a wild thing we're doing here, making a Linux podcast for a very niche
audience, caring about these kinds of esoteric things.
There's not a lot of people out there that get it. So if you're one of them,
we really appreciate you.

(10:19):
Well, we wanted to follow up on the Bcash FS saga, as it has now been officially
marked as externally maintained by Linus Torvalds,
which means essentially Bcash FS has lost its seat at the dinner table and it's
going to go sit at the kids table again,
which is a big shift since it was really,
really close to being declared stable.

(10:41):
But Linus has officially moved it from the supported category to,
quote, externally maintained in the kernel's maintainer's file.
Now, you guys know if you've been listening to the show, this is after months
of back and forth that sort of broke down after Linux 6.17 and have led to this.
Yeah, as Linus said in his commit, as per many long discussion threads, public and private.

(11:04):
Yeah.
But we don't know a ton about exactly what that means. I did take a little peek
in the maintainer's file. it has a self-description on like this status line,
which could be supported, which is someone is actually paid to look after this,
could be maintained, which is somebody actually looks after it.
Then there's odd fixes, there's orphan, and there's obsolete listed there.

(11:24):
But then if you actually go grep in the file, there's a few more things that
you find like an orphan slash obsolete, some specific references to different architectures.
There's also one that's called buried alive in reporters, which is actually
what is listed at the very bottom under the arrest which has linus listed as the maintainer what.
Is buried under alive in reporters does that mean air reports or does that mean media.

(11:48):
I think people you know talking to him he's basically the person
of last resort you know yeah yeah but in
there there's only right so standing out as a single entry
is this externally maintained and there's no real other references i could find
in the kernel source really so at this point i don't know what it means exactly
in terms of like official status obviously it seems to be implied that linus
is not intending to accept any pull requests for bcashfs at least anytime soon

(12:11):
but we don't have any like official explanation as far as i've been able to find.
So it doesn't it doesn't implicitly mean anything by externally maintained.
Well, I mean, it surely has some meaning. We can seemingly infer that it's no
longer being maintained in the kernel, but it did not come with like a description
or update to the docs around the precise meaning.
I wonder if you picked up on this. My sense was is so you read Linus and what

(12:34):
he says, and it kind of sounds like there's been conversations in public and private, he says.
And you get the sense that maybe everybody's on the same page.
But then when I went to see what Kent's reaction was, it seemed like maybe that's not the case.
In fact, it seemed like maybe Kent didn't even really know what was going on.
Did you get that same picture?
Yeah, I mean, to look at some of his public comments...
Again, we should say the author of BcashFS.
Right. He says things like, I know as much as the rest of you.

(12:58):
We don't know what externally maintained means, though.
It's all speculation. As far as I know, it means... What it means hasn't been
communicated to anyone outside the inner circle. Certainly not me.
So it seems to say that Kent's seen the update in the source tree in the reporting
like everyone else, but it wasn't what externally maintained at least and what
that implies for the future had not been communicated elsewhere.

(13:20):
I don't know. Brent, do you think it's worth considering users taking action here?
Like if more of us as users figure out whatever method it might be to use this
file system, does that put pressure back on the Linux kernel developers to figure
out a way to incorporate this, even if it is through an ambassador or something?
Is there some action we can take in that regard, do you think?
I'm not sure the number of people using it is part of the decision here.

(13:45):
It seems like a lot of it is just interpersonal...
challenges we've certainly seen this
i think on the show as maybe the worst case for
the file system so i i hope this is like a new status that maybe considers the
project in some decisions instead of being 100 external and maybe there's a

(14:08):
chance for it to come back in a year or two but this feels uh like a sad day
at least that's how i'm feeling.
I mean it does make it harder to use going forward it does seem like um kent
and team are already working on publishing some dkms packages so that will definitely
be an option at some point here in the short term i expect,
and you know there may be also uh distros that decide to just build custom kernel

(14:32):
variants with it compiled in or you know there's a few options for um and well
i think we'll have to see exactly what that looks like on the ground as things move forward yeah.
He did share recently on friday he
says quote i think we're approaching a month since the last critical
bug report that's a milestone things have stabilized faster than i expected
at least from the look of things that's really good i mean a month since the

(14:54):
last critical that's a good milestone it's nice that he can keep those things
in mind i i have a bad habit i tend to completely ignore the successes and just focus on the.
Next big.
Thing that has to be fixed and it is good to recognize those kinds of things.
He did go on in that little update to kind of list a few of that like there's
a performance bug and accounting bug and a bug with some of the compression
stuff, but they all seem like normal things you shake out in a file system.

(15:18):
It sounds like progress is ongoing. So it doesn't seem like,
at least on the development side, if you are willing to jump now through the
extra hurdles to actually get access to the file system, it will be continuing
to be worked on and hopefully stabilize.
I just find it interesting how different this go-around is with bcachefs than butterfs.
I think bcachefs has benefited from having somebody who's out there articulating

(15:42):
the point of view and and if you will i'm sorry the story,
Even today, if you go on our Linux, you will see a thread that is extremely
critical of Kent and continues to push the whole narrative of Kent tried to
push features during an RC window and he's a bad person.
And it's really unfortunate because it's such a singular view in which you take

(16:05):
one event and you dismiss a decade of contributions.
And I think something like BcashFS would be actually a lot worse off right now
if it weren't for Kent and his communication.
And while so much of that has been a focus of criticism recently,
I think if you look at what ButterFS went through and the damage to its brand

(16:26):
and reputation, even now, even after six or so solid years of continuous improvements,
its brand is such that people still don't trust it. And they still talk about,
oh, I'm afraid I'm going to lose data.
And I think in part it's because there hasn't been anybody out there that's
a lead ButterFS developer articulating their point of view like Kent does.

(16:46):
And if you're willing to focus in on the message from Kent and not get distracted
by clickbaity headlines that tried to drive attention based on kernel drama,
and you actually focus on the work, it's quite impressive what continues to happen over there.
And Kent's actually pretty good at articulating that to his community on Reddit and his Patreon.
And I think part of this is because he is an independent developer.

(17:10):
So he doesn't have to go through a corporate PR communications, right?
if Kent goes and talks to somebody about it he doesn't have to get it cleared
first and so he's able to take direct response and direct action online and
communicate directly and he's a good communicator and I think that's been criticized
a lot lately but if you follow him and his community.
He's very responsive and he's very clear and he's also upfront about what still

(17:33):
doesn't work and what he's not, he's not blowing smoke. He's not hyping things up.
I just think it's interesting and I wonder if you agree, Wes,
that if Butterfess had had somebody that was communicating like Kent is now,
if perhaps Butterfess's brand, if you will, or reputation maybe is a better
way to go, would be in a different state.
Yeah, that seems like a fairly plausible theory. I think Kent is doing a great

(17:57):
job of being, you know, for folks willing to engage and ask for support of,
you know, if you have a bug, he will, he will work with you to fix your file system.
And that's probably goes a long way to getting people to actually try to use
it for things, you know, knowing that you actually do have some support and
it's a sort of identifiable human or team of people or whatever behind it that

(18:17):
you can see consistently do that.
Brent, I have a question for you. When it comes to defining a code creator being
too toxic to be allowed in the Linux kernel, do you think it's more or less
toxic to murder your wife than to criticize ButterFS?
Well, one is related to the work that's being implemented into the kernel and

(18:38):
the other isn't. So there's that way to look at it.
I suppose I'm just saying we kept a murderer's file system in the Linux kernel
for years after he was convicted of murdering his wife.
I don't think that should be accepted in society in general,
if that's really your question.
I'm just pointing that out. As far as I know, Kent hasn't murdered his wife.

(18:59):
But, you know, I don't know. Maybe Hans was great to work with on the list.
Yeah. That's the thing.
That's the closer to the issue.
Right?
Very polite on the mailing list. Even when Linus got nippy, he probably was
still very polite about it.
Yeah. But it's interesting that, like, the Linux kernel is one of the most successful
open source projects in history.

(19:19):
This kind of shows that it's not necessarily open to everyone, right?
If you're creating friction in that, well, you might not have the opportunity
to have your otherwise great code be implemented necessarily.
As much as it's software, it's also a human endeavor.
And speaking of benevolent dictators, Google has made it official.

(19:41):
They are laying down plans to block the sideloading of unverified developers'
apps starting next year in their Android operating system.
It's big news, and I've probably been sent this link a dozen times this week,
and I agree. It's a big story.
So what they're calling them is unverified apps, which is basically every app

(20:02):
that you sideload right now. And this is going to impact what are called certified
Android devices, which is any device that gets any of the Play stuff.
And so developers who distribute apps outside the Play Store will have to start
verifying their identity through a new Android developer console that Google is currently building.
So you can think of it as equivalent to the Google Play console that exists

(20:24):
for Play Store developers right now.
But now they're making something they say will be more streamlined for verification.
So don't worry, it's going to be streamlined, but it'll let you now,
they're going to let you now publish outside the Play Store if you go through
this new console that they're building.
Yeah, it's right there in the name, isn't it? Android developer console.
They're responsible for all of Android.

(20:45):
And they will ask you things like your legal name, your address,
your email, and your phone number, just so that way they can,
you can have an APK that users can sideload.
So this starts in October of 2025, and then it goes to broad developer access in March of 2026.
But the first user rollouts will be in Brazil, Indonesia, and Singapore and

(21:08):
Thailand, and those start next year in September of 2026, and then go global to all users by 2027.
So any Android with Google services, which is like basically all the ones sold
in the West, will be impacted by this.
And, of course, it is worth noting that this is likely Google's BS response

(21:30):
to the courts ordering them to allow competing app stores.
This is what they're going to do is they're essentially taking a page from Apple's
playbook, and they're going to make it worse while complying with the courts.
Because, you know, all of a sudden, side loading is this huge risk after all these years.
We've got to clamp it down. Product VP Susan Faye said that in a recent analysis,
they found 50 times more malware from Internet sideloaded sources than apps on Google Play.

(21:55):
I just, is there really this like epidemic of people enabling sideloaded?
So like most people don't even know that it's enough.
And that statistic's like they probably scanned all of GitHub.
Right.
Every freaking fork of every legitimate thing. And then they compared it to
like, you know, the 20,000 apps in the Play Store.
Mm-hmm.
Many people would also be totally fine with just making it harder to enable,
put it behind the developer menu or, you know, like there's a fair options to

(22:16):
make it like where I don't think my mom is going to just do that,
even when instructed by a malicious actor, or at least has a lot of opportunity
to second guess that decision.
That seems like such a reasonable solution, Wes. How dare you?
I know. I know. it's.
This this is the worst like example of google no longer following don't be evil
because it's a cynical response i believe it's a cynical response to what is

(22:41):
a court order like well if we're going to have to do it we're going to do it
this way and then they're going to accomplish a wider goal and say but look
we're just doing what we're told.
Yeah i mean and you can kind of you can kind of tell
too right they they see the benefits that apple gets
from its style of ecosystem i'm sure there's been many internally for
years who've sort of wondered well maybe is that strategy we should
be doing and i just think you know i was

(23:02):
just recommending to someone who was you know they wanted
to watch youtube but they did not like what they were getting from the algorithm
and i was like oh there's here's some apps that you can use those are probably
exactly the kind of thing that maybe even if they don't you know maybe they
violated terms of service but not the law but if you know if google is not incentivized
to like them will they stop showing up as something regular people can even try to use it.

(23:23):
Uh to me it feels like for years and years now well basically since the start
of android we've all for those of us who really value the privacy side of things
and the ability to modify the software that's running on your own you know purchased phone,
we kind of knew this was a possibility at
least i did and yet maybe it's

(23:46):
arguable that we haven't done enough to give ourselves great
options when this would come to
pass which sounds like we're there we got
what a year to go so this feels
like a huge loss in terms of what is
possible for us to do with our
own software on our own phones in the future and i

(24:07):
hope somehow those of us who are smart enough to be able to write software that
can push on this little decision that uh that we get there i uh feel like that's
a super important thing from a privacy and also software freedom perspective
so we could have done better here we are.
Yeah we should have known better.

(24:28):
As as jeff says um as much as this makes me angry i'm not that worried as long
as we can still get rude or roms one way or another and it is worth pointing
out does seem like you know us graphene folks this won't really impact in the
same way uh so i think there is still an element of that,
I'd kind of just worry about the ordinary folks using the platform,

(24:51):
even if they would never use this.
It makes things like F-Droid and Obtainium on stock Android perhaps unusable
and untenable for some developers.
Or at least a very different experience. And that's where I think it's like,
okay, even if this first version isn't the world falling apart for Android,
the philosophy and the change in that and not sort of respecting that at the root is very worrying.

(25:14):
But the trend is not our friend here. I mean, our previous story that was also
a step backwards was the news that they've removed pixel device tree drivers
or whatever it is from the upstream Android source code.
And so it makes projects like Graphene OS and others more difficult.
And so these things are in isolation kind of bad. But when you put them all

(25:37):
together, it starts to paint a picture that's real bad.
And you worry about the long-term viability of things like Graphene OS.
Would any of us be shocked to learn that the Pixel 10 is the last one that you
can ever run Graphene OS on?
I wouldn't be. And I know the project's concerned about enough that they've
been trying to work with a hardware OEM to add the hardware support they need
so that way an existing hardware OEM could enable Graphene OS support.

(26:02):
Please let it be Motorola. I would love a Motorola flip.
I'm also a little bored with the Pixel hardware.
This also kind of sucks in the middle ground too. I was just thinking like,
okay, you still can use Graphene, But if more things use play integrity and
stuff, there's already kind of this like,
well, if there's a certain set of core apps that you have to have,
you might be forced to be on either iOS or upstream Google, Android.

(26:27):
Then now if you can't load the other apps that you actually want, that's rough.
This to me also seems like it's a trend that continues as long as Apple gets
away with this type of stuff.
Because Apple, what happens is,
Oddly and grossly enough, Google's incentives are to align with Apple because

(26:48):
then they get more control and they set a standard.
They're the Coke and Pepsi of smartphones in the United States and in the West.
And if Google says, actually, we've done research and we concur with Apple's
position here, side loading is dangerous.
That strengthens both their positions. Google has no incentive to fight this.
And so I think they trend towards Apple's walled garden over time.

(27:11):
That's my main concern. And if that happens, then why not just get iOS and use
that fancy iCloud privacy mode that they have and just say screw it?
It's really disappointing.
I don't like this trend at all.
And it seems to me that we're watching
Android drift more towards the iOS experience over time. Do you agree?

(27:34):
I think I would agree. i'm wondering if for a moment maybe we can try to find
some kind of positive in this decision is there a positive for end users like
are there is this an actual problem is this good for somebody other than google.
I mean there probably.
Is a some slight.
Security benefit maybe sure you could make the same argument about windows you

(27:58):
know if microsoft would have done this in the windows xp day,
you probably would have had less people get malware and crap on Windows XP.
But Microsoft chose to keep it an open platform and let people install their own applications.
Because it does, right? It means at least like, okay, if they do find malware
from a developer, they can then immediately filter out anything else that developers
made or things like that.

(28:20):
So in cases of breaches of trust or bad faith developers, that is a new option.
Okay, I want to bounce this to you guys. And also, I'd say I'm bouncing this to the audience.
So if you have an opinion and looking for an excuse to support the road trip,
why is Google rolling this out to the smaller markets first?
What is the reason there?

(28:41):
Why not roll it out to the West first?
Well, it's not even small. I mean, maybe smaller monetary, but it's,
I mean, by people, it's got to be a lot.
Yeah.
Right? I mean, Brazil and Indonesia.
Yeah. Yeah. I guess so. Yeah. I mean, smaller, I meant an economic size, but yeah.
You think it's, I just wonder, is it because if things go wrong,
it'll get less attention in the West?
I just, what would be the reason for that? I just don't really understand why.

(29:04):
Is this somewhere where they've seen more malware or more security implications?
Do they think that culturally it'll be more accepted there? I have no idea.
Shape some sort of legal precedent first doing it this way? I don't know.
It's interesting that they don't roll this out everywhere at the same time,
and it makes me wonder if they're hesitating about the decision.
Why would you not roll it out? You can still do it in phases, but worldwide.

(29:29):
So it's interesting to choose certain markets.
I think the biggest takeaway, red flag here, is the community this impacts the
most is free software developers.
Free software developers that don't want a KYC just to publish an Android app.
Imagine if the three of us used an APK for doing the show, like you put together
some tiny APK that does automations for us. We would now.

(29:53):
Now I have to go register and make an account.
Yeah. And you're on Google's, you're on Google's map now.
Even if you just wanted to use Obtainium to fetch it from the GitHub that I
published as open source.
That sucks. And it fundamentally changes the value proposition of Android because
it was the, it was, this is going to be a huge deal in businesses,
small businesses and medium and large businesses have vendors or create their

(30:14):
own internal APKs all the time.
That's one of the reasons why Android was a little bit more successful,
like on manufacturing floors.
That deal just got changed on you. Surprise, surprise. So like this is the user
base that gets impacted the most. It's free software and those types of users.
And it stinks because in another five years, Google could slap a $25 fee on

(30:34):
there or they could say no for some reason.
And they in the press release, they talk about one of the reasons they want
to do this is they want to be able to turn these apps off.
So if one of them turns out, God forbid, think of the children.
if one of them turns out that there's an apk out
there that goes malicious even if you didn't get through the

(30:55):
play store the core benefit that google gets they can
still turn it off because they can revoke its cert and when the os runs the
app now it's checking to see if it has valid certs for all these apps and its
certification check will fail so your os will refuse to launch the application
you asked it to because somebody at google hq turned it off.

(31:15):
Just gross that is bonkers.
That's where we're at now.
It gets me questioning whether some smaller open source projects who have chosen
maybe not to be a part of this larger Google ecosystem at this point,
if they'll just find a huge, massive drop in users and maybe the project can't

(31:38):
continue because of these changes, that would be quite a sad thing for these
smaller projects that many of us rely on.
This is one of those Google changes where GrapheneOS users and other,
I think GrapheneOS in particular, because on GrapheneOS, you can still have
the Google Play services, but they're sandboxed and they run at user level privileges.

(31:58):
So here we kind of, we get the best of both worlds for once.
We're not getting something really taken away from us.
And this doesn't minimize the viability of GrapheneOS. I think this makes GrapheneOS more viable.
like if you're a small business and you want to get a generic Android device
like a Pixel and you want something you can publish your own APKs on well maybe
the solution now is just deploy Graphene OS on there and then install the couple of play apps you do need.

(32:21):
I would love to see that especially if we get some sort of critical mass to
be able to pressure some apps to watch what they do with the integrity stuff.
1password.com slash unplug take the first step to better security for your team
by securing credentials and protecting every application, even unmanaged shadow IT.

(32:41):
That's 1Password, the number 1Password.com slash unplugged. And it's all lowercase.
Go learn more at 1Password.com slash unplugged and support the show.
Here's something I can really connect with.
And if you're in IT or if you're in security specifically, you probably can too.
The reality is there's a mountain of devices out there and more and more SaaS

(33:02):
applications all the time. And that creates a mountain of security risk.
The reality is that's getting harder and harder to deal with.
Unless you check out 1Password Extended Access Management. That can help you
conquer the mountain of security risks that are coming at us all the time.
When surveyed, over a half of IT pros say that securing their SaaS apps is the

(33:24):
biggest challenge, specifically for the reasons I just outlined.
Well, Trellica by 1Password can discover and secure access to your apps, managed or not.
It inventories every app in use at your company. It has pre-populated app profiles
that know where to assess and what to look at for different SaaS risks.
And it lets you manage access, optimize spend, and even enforce best practices

(33:47):
across every app your employees use.
So you can manage the shadow IT stuff, which is something I used to struggle with so much.
You can securely onboard and off-board employees, have a real process for that,
and meet compliance goals.
That's what Trellica by OnePass provides, a complete solution for SaaS access governance.
It's just one of the ways that extended access management helps teams strengthen

(34:10):
compliance and security.
I had so many clients over the years that I'd show up and they'd have passwords under their keyboard.
And this was a big battle for many years, was helping users understand the risks
of that and then getting them tooling to solve that problem.
And of course, one password came in and beautifully provided that tooling.
Well, we're in a new era now, and that's where Trelica and extended access management

(34:34):
come in. So go take the first step to better security for your team by securing
credentials and protecting every application, even the unmanaged shadow IT.
Learn more at 1password.com slash unplugged. That's the number 1password.com
slash unplugged, all lowercase.
You check it out, they have more information, and it's a great way to support
the show. Just go to 1password.com slash unplugged.

(35:00):
Well that all being said in good linux unplugged fashion we've been doing well
wes mostly has been doing crazy things with his android phone just to prove
i don't know that you can maybe it's your last chance wes what the hell have you been doing what's.
Going on wes pain.
Well hey i don't want to throw chris under the bus here because we've both been
mucking around with it um but We sort of remembered that Android has that Linux terminal now.

(35:26):
And we did maybe mention it on the show or play with it a tiny bit, but...
All I had seen is that, oh, Graphene offers it now. I'll install it.
And then I saw it was a Debian VM, essentially.
And, oh, yes, I can install Nix in it. And then I didn't really kind of mess with it after that.
But we thought there's got to be, you know, more we can do with a full,
proper Linux environment.

(35:47):
Yeah, who needs their damn Play Store? Who needs their Play API and their authorized apps?
This probably is something we should have tried earlier, honestly,
because it's been around since Android 15.
Yeah, they started plumbing up at least the early bits.
Yeah, and then it was like a little
bit later, they had a graphical Linux application, so there's actually...
I think that's still pending, too. Like, that's, and you need kind of bleeding-edge 16 builds for that.

(36:09):
And you're going to need Wayland apps for that, too, right? But I think it's
kind of neat, because it turns your Android device into, potentially,
a full developer machine. No laptop required.
You can SSH into it from an existing machine, or bring it right up there on your screen.
And then eventually play Doom, too.
Well, the community reaction has been pretty big on this one.
So finally, Androids can do real dev work.

(36:32):
People are spinning up Node, Node.js on their phones of all places.
Love it.
But of course, there's a caution. Google has a history of kneecapping these
community tools like Turmux.
We've seen that. So some see this as a co-optation rather than some empowerment.
And Wessel let us know how he felt.
Drama.
Privacy advocates though um they do worry this funnels developers into google

(36:57):
controlled sandboxes and leaves um open source projects at a risk of being sidelined i.
Guess it is technically a uh sandbox.
I mean that is true yeah i mean it uses the android virtualization framework
and then it uses um cross vm which is like a super security focused it basically
takes the role of qemu when you run it on top of kvm it's the virtual machine

(37:20):
manager or the vmm as they call it and it's the thing that sort of sets everything up and it,
It's organized around safety first and foremost, as their docs say.
So you can tell they are trying to get their sandboxing to be at least decent.
I guess you could say that's Google trying to control things,
but I think that's just good practices for something like this.
Yeah, and it's a lot of how the rest of this framework is built to support that,

(37:41):
and they've been using that tool. They've made it in-house and everything.
Interestingly, though, as a result, what you actually see when you open this
terminal app is it looks kind of like a regular terminal interface,
right? You've got a couple tabs. You can make tabs up at the top,
and then you get a basic terminal.
Yeah, and if it's been a minute since you've run it, it even takes a bit to
get everything started.

(38:02):
Yeah, it boots it up.
Yeah.
That's actually a web terminal.
What?
Yeah. Uh-huh, that's a web terminal based on TTYD. So TTYD is running in the
host, serving that, and then the app connects over HTTPS on port 7681,
although I think it has a client certificate to authenticate to do that,
and then it shows you the TTYD web terminal.

(38:23):
Did you get it working in another web browser?
No, I have not tried that as yet, but that's, I guess, how the plumbing works under the hood.
That's cool because that would mean that, in theory, it would be pretty straightforward
for another developer to come along and build a nicer wrapper around that,
you know, a better, more powerful user terminal.
Although it's not a bad terminal for a phone.
Yeah, I do recommend using something that lets you do external input,

(38:45):
like, how do you say it, Brent, our favorite tool?
Is there a source copy? or screws for a screen.
Copy i don't know screen.
Screen copy why not just use kd connect guys you make it hard here just use kd connect.
Well you get full like video mirroring too oh.
You get video.
Uh-huh oh you gotta try it.
Yeah i do.
You can just do like input control well.
I didn't need it for what i was doing where i was going we didn't need roads

(39:10):
but it's quaint that you got it working.
Uh it is kind of interesting you get presented an ext4 root image um can we
put bcashfs on i don't know i.
Mean it's debian so you're gonna remember there's a little bit of a.
Yeah you do you do have debian i guess there's also
like it runs a debian service internally that
talks over grpc and i think part of that is

(39:31):
there's a they do have like a little demon running in user space it's like a
helper and it watches for open ports and then it'll prompt you with what you
want to do with those ports so it'll see apps like you can dynamically open
a port or whatever you're running and then the interface will pop down with
the notification asking if you want to prove it and there's like a little it'll
bring you to a menu where you can toggle each port on and off.
Yeah in the settings you can go in there and just see all of them listed.

(39:53):
Now by default that just opens it listening on local host essentially yeah so
then if you want to do that wider you have to find another app that can do the
next layer of forwarding to make it actually public to like your local area network.
Or use ADB on your machine and you can You can map ports using ADB to localhost
and then just connect to it that way.

(40:15):
Well, thanks. That's a really fascinating little breakdown of how it works under the hood, Wes.
I want to hear about what you did, but I'll tell you about my short adventure
before you get into your ridiculousness, because it's great.
I decided, why not go all the way? And I found, I believe by a Chinese developer,
which I'll link in the show notes, a really handy bash script that you download
in your Android environment.

(40:36):
And then inside the Linux shell in the Android terminal, it mounts your downloads
folder to slash mount slash shared.
And so you go into Mount Shared and you Chmod Plus X, this shell script that
you just randomly downloaded from a stranger.
But again, you're in a sandbox. Who really cares? So I run this script.
And at first, it asks you for your language. The Chinese or English. And I say English.

(40:59):
And then the next, it's a menu prompt system of what desktop environment would
you like? And it has Plasma.
Although, let me tell you, it's not like a minimal version of Plasma.
It's the full Plasma goodness. So you better resize your disk image because
it will fill that disk image.
But it's also got Mate, LXQ, XFCE, which is what I went with.

(41:20):
Yeah, worth calling out as you say that you can resize. I think it starts at 8 gig.
There's a menu for that. And then you can also recover and wipe it from that
same menu if you screw things up like I did several times.
Yes, because the Plasma install was so long and I was barbecuing and things
like that, I would walk away from the phone and I would come back.
And it took longer than 30 minutes and the screen went to sleep because I had
like caffeine running for 30 minutes.

(41:41):
screen falls asleep and it kills the entire
process also i once tabbed away to respond to a message and it killed the entire
process and because i'm an idiot i was thinking oh well it's a container running
as a service and this terminal is just a front end so if i swap away it'll continue
to run in the container in the back in the back end it does not.

(42:03):
You maybe want to tweak some of its settings because i've had not 100 success
but i've had a lot of reasonable success with that of having to just run steady
state in the background.
Like I've been able to swap like if I'm at the command line and I'm not doing
anything. I've been able to swap out and then like swipe back to the app and still use it.
But if I'm in the middle, anytime in the middle of installing packages with

(42:23):
apt and I swipe out and swipe back, every single time I come back and the app
process has been killed and I'm just sitting back at the command line.
I broke dpkg three separate times.
I had to go in and do the whole configure repair three separate effing times
because of this. So do be aware of that.
But is that unusual?

(42:44):
Feels brittle. Brent, it feels brittle. But the script continues.
It asks you a few more questions like you need to set up the password for the
Droid user and then you need to get ADB working on your local host and you can connect it over USB-C.
And then when the script is done, it spins up a VNC server that's running the
desktop environment of your choice on your phone.

(43:05):
Oh, that's great.
It is really cool.
So bonkers.
So this is like an alternative approach, not using the updated Wayland blessed
path. This is like, well, we got Linux here, so we could just do VNC.
It works right now. And because you're doing it over USB-C, the performance
is great because it's local.
the only requirement of course is you just when you plug in your phone make sure that you have,

(43:27):
all your udev rules set up and that you have usb debugging and
all that turned on on the pixel device itself or whatever device you're
using and then you can run this on any
android device that has the android terminal and you can get a little gui running
inside vnc to have like a little private desktop session in there and it's all
outside the play store other than the terminal app which comes with the phone

(43:50):
so it felt it felt pretty neat i broke it so many times that it,
ultimately i'm not going to use it and it felt more like a tech demo but i'd
love to hear stories of people to get it working yeah.
I think even in the earlier versions than we're playing with like you kind of
had to assemble some of the vm config and pass it to it.
That's gotten a lot easier really it's very simple now because they give you
all the commands on the github.

(44:10):
Sounds like mini mech you gave it a try.
Well not on android in fact i bought um second-hand Chromebook just like a week
ago and I wanted to test out that Linux container thing.
By the way, there are some videos on YouTube. If it's the same kind,
these are simple LXC containers and it's really interesting.

(44:32):
So the base distribution is in fact Debian and you can install every kind of
graphical applications and that will show up in the app menu of the Chromebook.
And that works flawlessly. So I was pretty amazed. I was pretty amazed.
Yeah, I have seen some speculation. Maybe this is sort of pre-planning as they
move away from CrimOS and push
more Android, then now they have this functionality there as well, right?

(44:54):
That's exactly what this is. You, though, you, Wes, you did the right thing
and pushed it way beyond anything's reasonable to the point of,
I think it's actually almost hilarious.
Tell us what you've done in your Android terminal.
Well, you know, I heard about some of your apt problems and I thought...
We really got to get you a better OS in there. And so I did some research to

(45:16):
see if we could, in fact, get Nix OS in our Android terminal.
And thanks to the brilliant work of MKG200001, we, in fact, can.
You got Nix packages running inside the terminal?
Not just, I mean, you can get Nix packages. It's so easy.
Oh, you got Nix OS?
This is Nix OS.
Oh, my goodness!
With a regular configuration.nix that you can do a rebuild switch.

(45:36):
Oh, my.
Well done, sir.
And as a test, I am, in fact, running a Jellyfin server.
that I can connect to with the Jellyfin app on my phone. And you can connect
to over the land of people.
So you get Jellyfin server running in the Linux terminal and the Jellyfin client, that's great.
And it's just services.jellyfin.enabled equals true on the next side.
And so I've pulled it up here on my machine. On my computer,

(45:57):
in my web browser, I have Wes's IP, which how are you even getting an IP inside this sandbox?
So it gets its own internal IP, but it's the double port for it, basically.
so the app will forward it to local host and then i got another app
off the play store that can do port forwarding to your local network

(46:17):
and so then i set that up and so that means that means the phone is yeah it
is it was pretty straightforward you can also i have um like if you have nebula
or tailscale or netbird or whatever running inside that works great yeah uh
even like before the ui would pop up it would connect to that under the hood
and so i could just ssh in immediately from my laptop and.
So then jellyfin was in the mesh network yeah that's good it's hilarious so

(46:42):
you could watch it from your home tv off your android.
I did that was another test oh that's.
So cool all right so let's see so i'm going to try to play the big buck bunny video uh famous.
I've got h top over here so we'll see you'll.
See yeah i wonder if it does hard it probably doesn't do hardware decoding right
so we're gonna see if it'll play in my web browser over the land off of the.
No i Because I think we have like the Virgil style, some sort of virtualized,

(47:06):
maybe Virgo GPU. I don't know.
All right, let's see. Tell me what, okay, here we go. I'm hitting play.
What's your resources look like?
Looking pretty good so far.
Really?
Load average is still .08.
What's your CPU usage?
Not much.
Really? Can I see?
Yeah.
Holy crap.

(47:27):
It must just really just be streaming it over there. It isn't like whatever their MP4 was.
Because the most.
We should get a weird web end or something.
You have one core that's like around 4% to 6% CPU.
One core out of, sorry to take from, eight cores. so he's got he's got of course
htop running on there right now and you can see all eight cores of the android
device while i stream big buck bunny from his freaking nix os running inside

(47:48):
the android terminal running jellyfin.
You know what was really impressive about this setup is like they have some
manual instructions but i think maybe some of that needed like you needed to
have root because you had like use adb to copy stuff over to replace the stock
image and stuff But they managed to set up a companion app that I just sideloaded.

(48:09):
So, you know, that's super handy.
That did pretty much all the work. Like you open the app, it would download
their built image and then write it to the right spot.
And then they would kind of similar, they would expose a script that you could run.
And then that would do more work. And then, yeah. And then the next time you
close and open the terminal, it booted into Nix OS.

(48:29):
It was really easy. Yeah, you should try it.
So we're going to put a link to that in the show notes.
Absolutely.
Okay. We should also put a link to that app you're using to do the port forwarding off of local host.
Yes.
That's really nice. This, to me, this makes me feel a little bit better, right?
This makes me feel a little bit better about the Play Store changes for external
apps because, or I should say the outside Play Store changes,

(48:50):
because this is still something you're never going to be able to do.
Well, maybe, but I don't think you could ever do this on iOS.
Maybe you could, I don't know.
You know, actually, even just when I was on the Debian side with Nix installed, I
was updating a flake totally separate unrelated and
I realized like I often leave in the a arch 64 support just because you know
why not but I don't have a machine to test that except yeah now I totally do
wait so like so instead of having to like do a cross compile on my machine I

(49:14):
can just do nix builds on my phone to test just as like a smoke test of like does it build on them I.
Love how casually too you're just like ssh into your phone all the time now and stuff and run it.
Especially with the mesh it's just so it was so slick.
That is really cool.
It starts It's up on boot automatically.
I kind of want that on my phone. We should set that up. That's pretty great. Well, so there you go.
That didn't require any kind of verification or signing. We're going to have

(49:36):
some great links in the show notes this week.
So head over to linuxunplugged.com slash 630 to get stuff that we're talking
about, including that bash script that's pretty much just answer the questions
and let it run if you want to try getting that VNC environment going.
Yeah, I got to try that one.
Yeah, it's pretty fun.
Unraid.net slash unplugged. Unleash your hardware, support the show,

(49:58):
and check out Unraid at Unraid.net slash unplugged.
They just wrapped up the big birthday stream. I checked it on it. It was awesome.
Some really cool rigs people sent in.
Unraid gives you the flexibility to take advantage of the hardware you have
today, to build a NAS operating system powered by Linux for those that want
control, flexibility, and efficiency in managing your data, deploying applications.

(50:24):
Unraid lets you mix and match drives of any size, and you can build with no
restrictions, and it supports all the file systems you might want.
It has fantastic virtual machine
and container support, and they're always cooking up something new.
In fact, Unraid OS 7.2.0 Beta 2 launched just a few days ago.

(50:44):
Really nice refresh to the web GUI. It's nice and fast and responsive.
Also, you can now do a single sign-on via Unraid or was it OIDC?
OIDC, I think, because I've never used it, but I can't remember.
But I think with the bigger deal that's coming in the new 720 that people are
really going to love to see is ZFS RAIDZ expansion one drive at a time.

(51:09):
Of course, you've still got Extended
2, 3, 4, NTFS, XFS, all of the file systems. Maybe not BcacheFS yet.
But if ever got accepted into the kernel, they would support it because they're
building on top of modern Linux kernels.
They also have a built-in API for new tools that I saw some people talking about
on X that look really cool, including new possibilities for apps and things like that.

(51:33):
But the thing I want you to really take away about Unraid is it lets you get
started today with the stuff you have.
And you can start deploying within a few hours the things we talk about all
the time here on the show.
Inside containers, inside virtual machines, you can pass through hardware.
I recently talked about Frigate. People are using Unraid for Frigate like crazy.
You know you're always going to have the best virtual machine and container

(51:54):
support possible with a ton of flexibility for the storage underneath.
And recently, you know, within the last major release, they also built in wireless
networking support. So if you're in a situation like me where you can't run
Ethernet, they have support for that now right out of the box and a ton of great stuff.
Unraid is always under active development and they have this great path where

(52:14):
you can check it out. They have the betas and the RC process,
so you can stay tuned and follow that process.
And then they have incredibly active community where the people,
if you have a problem, the people are there, man.
They are there to help you. They are there to support you, work you through whatever it might be.
That was one of my biggest surprise takeaways. Besides the amount of applications
you can deploy, it's just how active and engaged the community is because it

(52:37):
doesn't just, I mean, it's not just support, right? They're building things too.
They're building a lot of things that make the Unraid experience even more enjoyable
for power users. So it doesn't really matter your skill level, though.
Just get started by going to unraid.net slash unplugged. You take it as far
as you want. Just unleash the hardware you have with Unraid and support the show.
Unraid.net slash unplugged.

(53:00):
Well, we teased last week that there was one last bootleg promo membership and
listener Woody got it. So congrats to Woody for grabbing that one.
And that was the entirety of the membership set up. They love a deal.
People love a deal. I understand. Thank you, though, Woody.
Appreciate you. Hope you enjoy the bootleg. That's also an option to our new

(53:23):
members as well as the ad-free version.
It still has all the producer do's fine touches and lovin's.
And there's the Jupiter.party membership, which gets you the supports for all
the shows and gets you the bootlegs of the shows that have the bootlegs.
It'll make sense once you see it.
Now, we did get some listener feedback this week. Chris, you figured out how

(53:45):
to pronounce this one, right?
This is Poos Baboon.
Poos Baboon.
He sent some great feedback. He has been pushing Frigate, which I mentioned
is the DVR system or NVR system I want to set up. He's been trying it on low-end
hardware with a Coral, or without a Coral, I should say, and he's been making it work.
But this is the key thing that I loved, is he says, check out the WANsView W7.

(54:06):
You can put Thingio on there, we've talked about this before,
which is an alternative ROM, and you get solid performance, low light visibility, low cost.
I mean, that sounds nice.
This thing, Wes, this thing's ridiculous.
If you buy it directly from WANsView.com, $29.99 for this sucker.
Oh, that's crazy. And then you can put, you can put a firmware on there that

(54:29):
lets you do the RTSB streaming, all of that.
So anyways, just want to say thank you to Baboon for sending that in.
I'll put links to the goodies he mentioned in his email in the show notes.
We also got a note from Sebastian here. Hey there. Last week,
I finally got around to write a Thunderbird add-on.
Its purpose is to be able to upload documents directly to a paperless NGX instance.

(54:51):
And it might be something our dear self-hosted enthusiasts appreciate.
Oh, cool. That's a great idea.
Really good idea. I mean, how often do important documents and whatnot come
in via email that you want to save?
I really think both of you and me are the prime target market for paperless and GX.

(55:12):
I agree.
Look at Brent over there with his freaking mobile lifestyle.
Yeah, who needs paper, right? I use it to start fires and that's actually I
don't even use it to start fires.
Paperless upload Thunderbird. We'll put a link to it. It's an add-on for Thunderbird.
It lets you upload PDF attachments from your emails.
It does local processing, no third-party servers, simple config to just set
up your paperless NGX instance, and optional notifications.

(55:38):
Seamless integration with Thunderbird's UI, and it's MIT as well.
Well done. Thanks for sending that in. You know, Sebastian, we love it.
If you make something like that, you build something like that,
send it in. We'd love to see it.
And we do have a batch of boosts to get to, and Quirrell94 comes in as our baller at 50,000 sats.

(56:06):
My AlbiHub was down for a minute while I figured out what was wrong.
Here's a boost for all the great information you produce.
Thank you, and coming in kind of last minute, too, helping bring up the average
on this episode in a big way.
Thank you there, Karel94. Appreciate that baller boost.

(56:27):
The dude abides boosts in with 42,000 sats.
Hey, isn't that the answer to everything?
Hey, I realized it's been a month since I last boosted.
Regarding the low boost amounts, I believe it's because of summer vacations.
At least, that was my case.
You know what they say. Summertime, it's fun time.

(56:47):
It's also very hard to keep up when kids are home 24-7, as I'm sure Chris can relate.
Let me tell you, buddy. Boy, can I. Should have seen me trying to set up this,
run this bash script on my Android device while I'm just trying to like,
you know, talk to kids and feed kids. And oh my God, it was a disaster.
As for the BcashFS drama, I think I agree with you.
In the end, it's the users that lose. As far as I understand,

(57:10):
all the talks have been made through the mailing list and various blog posts, right?
If it were me, I'd schedule at least a video chat or even better,
try and meet in real life. I'm sure they could figure things out while drinking a beer.
Oh man, no kidding. If this had gone down at an in-person event,
it would have taken 25 minutes and we'd have BcacheFS as stable in the kernel with this next release.

(57:32):
Let that sink in.
That actually kind of feels like it hurts just a little bit.
Great point, the dude abides. Appreciate that boost. Good to hear from you. Missed you.
Excellent abiding.
Well, Distro Stew boosted in, what is this, a row of sticks? 11,111 sets.
My Nix configs started from a template I found online, many hosts,

(57:56):
but all sharing a single flake.lock.
This seems like common practice when I look at other people's setups,
but why do you think that is?
This effectively means that when I update the package versions on one machine,
I'll do the rest of the machines too.
I don't really want this, so I'm going to rework my setup, but am I missing something here?

(58:16):
Well, one of the plus sides and sometimes negative sides of Nix is there's a
thousand ways to do things and you kind of get to decide the structure yourself.
That is where things like those templates come in pretty handy to get you a
structure out of the box.
But it does mean the template imposes its own thoughts on how much that matters to their setup.
I think for some people, you know, especially maybe on the stable channels,

(58:38):
those kinds of, you know, suddenly you're updating everywhere.
Sometimes it might be a big deal. Sometimes it might not be a big deal. you do
have some flexibility i think you could definitely have more nix
packages inputs if you wanted like you could have different ones
for different machines that you pass through that they use instead of
all being using the same sharing the same input you could
also do something with you know git where you

(59:00):
you know you don't necessarily have to follow all all of the updates or you
can maintain separate branches or stuff you can also have indirect flakes like
i have a single flake that i use just to pin stuff that i sort of want to keep
shared between a common set of projects and I don't put all projects on that
pin so it's like one more layer of indirection.
So there's a few different options or you can just split more things up.

(59:22):
Also with NixOS configurations in particular, you can also move some of your
stuff into their own modules and then that's a little easier to sort of share
and pass between multiple flakes.
I don't know, that's a long Nix ramble, so hopefully any of that's helpful.
But I'm curious where to go and thank you for sharing your link.
I always love taking a look at NixConfig links.
Yeah, thank you Distro Stu. Good to hear from you. Superior's Tom comes in with 3,333 sets.

(59:50):
He said, Flameshot is the way to go for screenshots. I typically use Spectacle
on KDE, but Flameshot works great on everything else. Even Windows.
Oh, I didn't know that.
I didn't know Flameshot was still around. I think I remember using it,
but feeling like it had a lot of buttons. It's got a lot.
There's a lot of functionality.
A lot of buttons. And I want to draw a box. I want to go to my clipboard.

(01:00:13):
That is the only functionality I want. Ideally, it's a PNG. I can live with a JPUG or even a WebP.
I don't know if you saw a Hyper Shot?
Yes.
Have you tried that one?
From Sending by the Matrix.
Uh-huh.
I think that might be the one I go with. I have not yet tried it.
But, because, you know, I got to play around with, like, my buying key options.
Because I think I might want one that's, like, a full screenshot.

(01:00:36):
And then one that's just, you know, check a box.
You mean you haven't vibed that in yet?
No. Although I've made a lot of updates to the Hyper Vibe setup.
Including a total re-kind of tooling of the way things work.
So, Superius Tom, I appreciate that. I might use Flameshot until I really lock
it down, and then maybe I'll just end up keeping using it.
You know, maybe you should turn your Vibe setup over onto Distress Juice.
I know. You'd probably have.

(01:00:56):
Muck it up for him.
I think so. I'm down for that.
Free KVH comes in with 16,944 cents.
But I can boost the bootleg feed. Ah, yeah, yeah. This is in response to us
talking about other folks not being able to boost the bootleg feed.
And Cast-O-Matic is delightfully, has a great implementation that lets you do this.

(01:01:19):
because they check the feed itself directly and are not totally relying on the podcast index API.
Right. Castomatic uses the feed as a source of truth, whereas Fountain is using
the index API, and because it's a private feed, there is no index API answer.
But whereas Castomatic can just read, it's right there in the RSS feed.
That's what Fountain would have to do, is they'd have to implement reading it

(01:01:39):
right there from the XML.
And thank you for boosting us, and for being a member.
Jordan bravo sent in a row of ducks a
few years ago i started using distros that are atomic
aka immutable and i'm never going back
to the legacy way of doing things unbootable systems

(01:02:01):
are a thing of the past i started with silver blue and then moved to nix os
of course where i have been ever since however blend os looks interesting would
be great if you all could review it immutable declarative and arch based sounds interesting hmm.
Yeah.
I think that is one we've had our eyes on over.

(01:02:21):
Time or.
At least been curious about i haven't super tried it recently.
The fact that it's still going yeah.
That's a good sign.
Probably a sign we should check in on it put it on the list boys brent we put
that in the future list we should put that in the list you know what i'm saying.
It's more of a grab bag than a list but i'll throw it in there thank.
You appreciate that thank you jordan bravo,

(01:02:45):
Fuzzy Mistborn comes in also with a Rodex. That's 2,222 sats.
Frigate is amazing. I wouldn't recommend the Corals anymore, even the PCI version.
They haven't seen updates in a while and are basically end of life.
Yet another product killed by Google.
Instead, though, you can use a GPU for object detection, and it works great.

(01:03:06):
Yeah, I've heard folks are even using QuickSync.
Oh, that's neat.
Uh-huh. I mean, I'm happy not to buy a Coral, although it is disappointing.
It seems like it was something people really liked.
Google buys the company and then kills the freaking product.
It's getting old. It's getting old. But that is really good to know because,
honestly, the Odroid, it doesn't have, like, crazy great quick sync,

(01:03:30):
but it's got passable quick sync for a couple of cameras.
I might give that a try if people out there say it's working.
I've also heard from people that they're using NVIDIA GPUs, too,
and that I won't be doing.
Right. Well, not until you get your new framework.
I wish. I got a Texas Linux Fest to get to.

(01:03:51):
Well, 8565 boosts in with 10,000 sets.
All right.
I am way behind on boosting. Life has been lifing. Just want to make sure you get some value from me.
Thank you.
Since I've ditched my smartphone and carry a flip phone, I don't actually have quick access to boost.
Just a little update on my disconnect from society. Still rocking the flip phone since November.

(01:04:14):
Wow.
And my Zune is once again my best friend.
The Zune! I love it! I hope it's brown.
I upgraded the 30 gig, oh, from a hard drive to a 64 gig SSD.
Well, that thing's basically going to last forever as long as you have a battery that works.
And the automatic podcast pull is a lifesaver. That sounds pretty great.
I do remember. Are you still using, like, the Zune desktop?

(01:04:36):
You've got to tell us more about how you're managing this.
I do remember using it for podcasts.
I'll get roughly three days of constant play. Honestly, aside from losing podcast
2.0 features, it has been the biggest life-improving thing I've ever done.
Thanks for being awesome, and I'm still here listening, even if I'm crazy busy.
I do. I appreciate that check-in.
Yeah, totally.
You know, 8565, too, when life isn't so busy, right, as if, you could take a

(01:05:01):
Saturday afternoon and set up AlbiHub, and then you could boost from the podcast index.
You don't need a mobile app at all.
I love the flip phone check-in, too, and the Zoom stuff. Want more of that.
Come back soon. It's good to hear from you.
Well, door or nail 7887 boosted in 2000 sats.

(01:05:21):
It looks like this one's just a whittle boost, they say.
A whittle boost.
Just a whittle boost.
Thank you very much. We appreciate it. Dumb Oz here with 2,000 sets.
You guys ever actually hit the watch all activity on the Nick's Packages repo?
Sure gave my inbox a workout. No way.

(01:05:43):
People don't appreciate how big that is. It's a whole universe out there. You maniac.
I love it. All kinds of automated stuff coming through.
Now what you need to do is throw it into some sort of filter to just sort out
the stuff you really care about. Might be possible. You never know.
WH-20,250 boosts in with 8,000 sats.

(01:06:05):
A few sats to help you get to Texas Linux Fest.
Hey, thank you.
Thank you.
If you drive jupes down and make an overnight stop in the panhandle,
I'll throw a brisket on the pit if the timing lines up with my work schedule.
Oh my gosh, man.
Now that's an offer.
Well, we're going to be coming down in my car. It's going to be Wes and I coming
down the West Coast and Brent coming down the East Coast.
And then we'll also be together coming up the West Coast. So we will actually have two passes at it.

(01:06:28):
You never know. I would be down for that.
Not having the RV, which was a tough decision, but it means we can pull into driveways.
We can meet people at restaurants, at places where the RV couldn't pull into.
So there's some perks to it that I'm going to embrace.
So we'll try to stay in touch. It's a great idea.
A dude is trying stuff for 10,000 sats.

(01:06:53):
Did I hear the words useful and self-hosted? Take my money.
Also, was that a sneaky self-hosted podcast sound effect at the end of the last one password ad read?
Never.
I'm on to you, fellas. Thanks for the nod. And I'm attending my first Texas

(01:07:14):
Linux Fest this year, and I hope to see you there.
Oh, right on it, dude. Yes, we'll be there one way or another.
Very excited. Thank you.
Looking for that. If you're making it and you boost in, let us know.
We want to shake your hand. That's for sure.
Right now, virtual shake to everybody who boosted in, including those of you
who come in under the 2000 sat cutoff.
We really appreciate it. And of course, our sat streamers too.

(01:07:37):
Oh yeah.
We had 18 of you sat stream. As we did the episode last week,
you just sat streamed and you stacked 31,165 sats. When you combine that with
our boosters, we got a little low this week, but I'm still really grateful.
193,663 sats. And here's the good news. Sats are on sale again, boys.

(01:08:00):
So go out, support the show, get Fountain FM and get us to Texas so we can do
our unique style of coverage while you support the show.
And, you know, it's also just a lot of fun to read your messages above 2000
sats and we'll read them on the show. I love that, too.
Of course, you can do it the whole self-hosted route with something like AlbiHub
and there's a whole plethora of apps at podcastapps.com.

(01:08:22):
If you're on iOS, Castomatic is really great.
Also, a brand new app doesn't support boost yet, but it has a bunch of podcasting 2.0 features. Podhome.
There's a Podhome app now.
Is that right?
And if you pay, you'd love this, Wes. If you become a premium member,
Barry has integrated pod pings, live streams.
So you can, it's just a, it's just a stream of podcasts that are getting published

(01:08:45):
right there in the app. I paid just for that.
Anyways, thank you everybody who supports the show.
We really do appreciate it. If it's a membership, if it's a boost,
if it's word of mouth, it really does make a difference. And that's why the
show continues to go so many years later and has become the world's largest
Linux podcast is because of your support.

(01:09:07):
I mean it, and we appreciate it. So with that, let's get you a pick and get you out of here.
So let's say this is pronounced Cavisto.
Cavisto, what do you think?
Cavitzo?
Cavitzo?
What do you think, Brett?
Cavitzo? You guys are missing that sits in there. There's S-I-T-S.

(01:09:29):
Okay, let's go. Cavitzo, I'm sorry we have to do this. But it's worth it.
It is a little bit different.
It is a search focused approach to an Android launcher, but with a bias towards
beautiful placement of widgets in kind of a list view.
So this replaces the stock launcher and you can pin your favorite apps to the top.

(01:09:53):
it also supports gestures and one of the things that i like about this especially
if you're coming from ios is it's it's competitive
with apple's integrated search and launch functionality which
somehow bafflingly so google has yet to rip
off it strikes me as user hostile that a you have to swipe from the bottom up
in just the right way because one way is your app switcher and the other way

(01:10:16):
is a call to home and then the other way pulls up your app drawer and then because
they're absolutely monsters that design this UI,
it doesn't default to the search being active.
So you have to tap the search and then start typing. It's crazy.
I have in person seen your rage around this particular lack of feature.

(01:10:40):
It's very entertaining.
So you can imagine I have completely switched to this launcher now because you
swipe down briefly, quickly in a natural gesture and it brings up the launcher
defaulting to switch and are defaulting to search it's a super fast search well.
This is nice i just installed it sideloaded it in fact.
Yes i installed it through obtainium yeah.
It was easy.
Uh it also the search you can have it trigger to search for the

(01:11:01):
web or google or other things and i really like the combination of pin favorite
apps plus it figures out the apps you use most recently you can have multiple
tabs in there and it has really great search and then when you go to the home
screen it's all my heads up information with my widgets really nicely laid out
you do have to kind of get go in there and mess with them a little bit to get them to look good.
When you do, it's just beautiful. It's very fast and actually gives me more

(01:11:26):
information just glancing at my screen than traditionally.
And so with this combined with Graphene OS and something like Obtainium,
it truly honestly feels like my phone.
A lot of times when I use a modern phone, it feels like I'm using Apple's experience
or I'm using Google's products and I'm kind of like renting it.

(01:11:47):
But when you go with Graphene OS and you sideload your apps with Obtainium and
F-Droid, and you replace the launcher with this thing, it is a unique experience
that has nothing that feels like Google on it.
And this is a truly better way to launch applications, especially if you're
a maniac like me, that really has five to ten core apps I use on the regular.

(01:12:09):
You know, maybe five, really, ten.
And yet my phone has nearly 300 apps installed on it.
because I might use them one day. I might need that app, and when I might need
it, I don't want to be in a place where I can't get it because of a low signal,
so I'm going to have it installed just in case.
This makes sorting through all of that so much better. Also,
focusing on the apps I do use, focusing on the information in the widgets I

(01:12:31):
do use, it's really nice.
You don't have to be on Graphene OS, but the combination, it feels like true freedom.
And it's GPL 3.0.
that's great i think if you tried it and you really try it for three or four days i'm.
Gonna switch right now and just see.
See if it sticks i think you will like it i i really is a little different it

(01:12:55):
took me playing around with it and messing with the widgets and now i've been
using it yeah i think it's like middle of last week and i'm totally i'm forever now what.
Do you think will you give it a go.
You know, I think I've used this one in the past. I was like very, very,
very unhappy with, um, I think it was a launcher that came with like a,
I don't know, Motorola phone or something like that and was doing the deep dive

(01:13:19):
on basically installed every single alternative launcher.
And I think this was one of them. And I think it made like the top three for me.
So I'll give it another shot. I mean, it has Chris's blessing.
So it might not be that bad.
I recommend, you know, um, you got to kind of like go in and like recrop the
widgets and stuff for like some of the apps, but I really like it.
What would you say is the minimum number of days to give it a proper try?

(01:13:44):
Probably three.
Oh, I'm in then.
Unless you use your phone a lot, but yeah, I'd say probably three.
Yeah. Give it a shot. We'll put a link in the show notes. I think you're going to like it.
I was surprised by it. And I'm, you know, I was like, I'll just give this a
quick try because Wes shared an article where it just got like a really brief mention.
And I was like, while I was reading the article, I'm like, wait a minute,
I'm going to go try that out.

(01:14:05):
Yeah, it was someone talking about, I mean, really just why they were going
to continue to be using Graphene OS into the future, which was great to see
in general. And, yeah, it turns out they had some good tips.
Yeah, just ironically, that was not the focus, but that was my takeaway.
Yeah, threw in the end. Well, the rest we kind of already agreed on.
Yeah, I suppose that's probably true. And, you know, so from now on,
that's my launcher choice.

(01:14:25):
And we'll put a link to it in the show notes at linuxunplugged.com slash 630.
All right, well, that's going to wrap us up right there, boys.
We're going to get out of here. And I want to remind everybody that we are trying
to put together some funds to get to Texas Linux Fest.
We may have news about, like, meetup locations and swag and things like that midweek.
So keep an eye out on the Jupyter Garage for that type of stuff.

(01:14:48):
Hopefully be in the work soon. And then we have more details about,
like, when we're actually going to be in Austin.
I imagine we'll put something up on our meetup.com slash Jupyter broadcasting
page. So if you're going to be at Texas Linux Fest I'd say right now at this
stage The two top tips I would have Would be A. Let us know,
And get in the Texas LinuxFest Matrix chat room. I think we have one of those.
We should probably put a link to that in the show notes, boys.

(01:15:10):
What else do they need to know if they're going to? Oh, meetup.com slash Jupyter
Broadcasting, I suppose. That's probably it.
That'll probably be it. All right. Well, I don't want to leave, but it is that time.
I hate to leave you, but then again, I love sitting down and getting to do it
all over again. So come back.
We will be here next week.
That's right. For 631. Wes, there's probably some power user features they should know about.

(01:15:34):
Yeah, do you not like some of the stuff we talk about? Or you just can't wait
to hear our take or bad take on something?
Or did we name something and you want to hear what it was again?
Yeah, well, we have two things for you. One is transcripts for the whole darn
show, so you can see everything we say, or at least what the AI guesses we said,
which is pretty close most of the time.
And then we also have chapters, which get the more human touch in our,

(01:15:57):
you know, probably the easiest way to just jump right to the content you want.
Yep. All right, thank you for being here. Of course, you can join us next week.
We have the details at jupiterbroadcasting.com slash calendar.
And we'll see you next Sunday, as in Tuesday.

All Episodes

Episode Transcript

Popular Podcasts

Dateline NBC

Stuff You Should Know

My Favorite Murder with Karen Kilgariff and Georgia Hardstark

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}630: Google's Garden Lockdown

Episode Transcript

Popular Podcasts

.css-r6mb8g{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:1;overflow:hidden;}Dateline NBC

Stuff You Should Know

My Favorite Murder with Karen Kilgariff and Georgia Hardstark

All Episodes

630: Google's Garden Lockdown

Dateline NBC