Ken Starks (2:47)

Weird.

Jonathan Bennett (2:47)

Good to know. Yeah.

Jeff Geerling (2:49)

So if you have that problem, try a BIOS update now. Mine was, you know, a couple years old, I think, and so it was. I hadn't messed with it, so. But there I have an AMD motherboard. So it had some firmware, you know, the micro code or whatever.

Jonathan Bennett (3:09)

Age or Aegis, whatever. AMD's.

Jeff Geerling (3:13)

Yeah, whatever. Whatever. AMD's thing is, is that there was a few updates to that code. So that might have been what kicked everything off. Correct. So if you have a problem with your machine, maybe check your bios.

Jonathan Bennett (3:26)

Yeah. You know, it's funny, I remember when I, not that many years ago, actually doing computer stuff, the almost official recommendation was, if your machine is working, don't touch your bios, Leave it alone. If it works, don't update it. Yep, not so much.

Ken Starks (3:42)

Unless you like to live dangerously.

Jonathan Bennett (3:45)

Yeah. Unless you want.

Jeff Geerling (3:46)

Well, the old BIOS updates were a little funkier and a lot of them didn't have a way to flashback or anything. I mean, it was kind of a. We hope this is going to take. And I mean, you might do everything right and it still might. You might fight with it and have to reset and. Because I. I've had BIOS updates go bad and luckily I've never bricked one, but it. It was able to. There. There was some trickery I could use to reload the BIOS in, but now it's so much better than it was.

Ken Starks (4:17)

I think I actually did more firmware updates to my routers than I ever did to my PCs.

Jonathan Bennett (4:25)

Well, see, I have definitely done that because I've done Open WRT development, and that is just flashing your BIOS or flashing your firmware on your router all the time. That is what OpenArt OpenWRT development is. So.

Ken Starks (4:39)

And that's where I learned. Make a backup of your old BIOS first.

Jonathan Bennett (4:43)

Yeah, yeah.

Jeff Geerling (4:44)

Oh, yeah. Well, but a lot of them now open wrt, they'll have a. Was it Flashback bios, they call it, or something like that. It's twin images.

Jonathan Bennett (4:54)

Yeah, yeah.

Jeff Geerling (4:55)

It will take you back to where you should be. So if somebody forgets, it's like, okay, here's something. A factory version, which might be an old factory version, but it will take you back to where you need to be.

Jonathan Bennett (5:07)

On some of them, it's a physical switch. There's a literal physical switch on the firmware on the machine where it's like, okay, flick it here to go to a And then once you're good with A, flick it over to B and then flash B and then flick it. Each time when you go to do an update, it kind of goes back and forth between which of the images it uses. It's pretty cool. All right, let's talk about some news while we're here. There's some news. Rob has the first one.

Rob Campbell (5:32)

Rob.

Jonathan Bennett (5:32)

Rob wants to talk about NordVPN. Rob, what in the world is up with NordVPN?

Rob Campbell (5:40)

So, as open Source and Linux users, we kind of love when companies embrace Open source. And since we also care deeply about privacy and security, today's story hits both of those sweet spots. Nordvpn, one of the biggest names in online privacy, has been busy making some Linux friendly moves, and they are moves we can all appreciate. First up, Nordvpn has open sourced the graphical user interface for its Linux app, the same GUI they introduced earlier this year. They reportedly let or this reportedly led to a 70% jump in Linux users. This is now freely available under the GNU General public license version 3.0. So if you want to get that, you can head over to GitHub right now, grab the code, check it out, and the build instructions are there and you can even submit your own improvements. Before this, the Linux command line was already open source. So this release really completes the picture here. Under the hood, the app manages tunneling through Tontap firewall rules with iptables routing via IP Route 2 and DNS through systemd resolve D. Sorry NF5 users. It supports all the big distros, you know, ubuntu, Fedora, Debian, OpenSUSE. The the open source move also comes with an update to the official Snap package sorry Flatpak people which now includes the GUI and a first run permissions prompt help sandbox installs work smoothly. Marjuis Breidas NordVPN CTO stated Quote Linux is built on openness and community collaboration. It's it what? It's what makes it one of the most resilient ecosystems in the world. We share the same values and seek to better serve the Linux community. But wait, that's not all. After announcing the plans to shut down its Mesh Net feature earlier this month, Nordvpn faced some serious pushback from its users. And as a good steward of their software has done, they listened. The company has officially revisited Reverse course on and meshnet isn't going anywhere. Now for those unfamiliar meshnet lets you secure, securely connect up to 60 devices in your own private LAN. There are no central servers Involved it's great for like file sharing, remote access or even quick multiplayer session with friends. And now NordVPN says they'll be open sourcing meshnet itself in the near future. So meshnet, it's kind of like a clever use of wireguard that makes VPN style encryption usable in a home or small Office mesh network. WireGuard is under the hood. So for those who have all know about Wireguard it uses that. So no centralized servers or static IPs needed with, you know, traditional VPN setups. So that's two wins for privacy minded Linux users. Transparency through open code and a user driven feature saved by community feedback. You could check out NordVPN's Linux client on GitHub and keep an eye on their blog if you want more. That is a win for open source.

Jonathan Bennett (9:34)

I've been doing a little bit of poking on the NordVPN website and they support both OpenVPN and something based on Wireguard. And it looks like if you really want to you can sign up for NordVPN and just go grab the Wireguard config and run that directly. But now that they've got an open source client, I'm sure it makes that even easier.

Jeff Geerling (9:59)

So basically they open source the client but you're still going to pay to go through their servers, correct?

Rob Campbell (10:07)

Right, yeah, yeah. I mean if you're gonna use a vpn, you have to. The purpose.

Ken Starks (10:13)

I'd rather pay them than have maybe the product being.

Rob Campbell (10:18)

Yeah.

Jonathan Bennett (10:19)

Sold off.

Jeff Geerling (10:20)

No, but what I'm saying is so everybody notice knows that them open sourcing the client doesn't give you a free vpn.

Jonathan Bennett (10:28)

That's fair. Yes.

Jeff Geerling (10:29)

Unless. Unless you have one with your buddies that you're connecting.

Rob Campbell (10:34)

So as I was saying, you know the purpose for those maybe who don't know the purpose of a vpn at least this use case, there are other purposes. This use case of VPN that people use for privacy is so they can tunnel and come out of some other location essentially. And so you kind of are reliant on another server now being open source. See I could see somebody setting up or configuring it. So it could work with any kind of server potentially possibly it could be fork it if you had to.

Ken Starks (11:05)

I suppose though what I found interesting Rob, is you didn't touch on another feature that they're continuing to support that they were originally talking about dropping.

Jonathan Bennett (11:16)

What's that?

Ken Starks (11:17)

The mesh net.

Jonathan Bennett (11:18)

He talked about that? He mentioned it.

Jeff Geerling (11:20)

He did.

Ken Starks (11:20)

Okay.

Jonathan Bennett (11:21)

Didn't go into a lot of detail about how it works, but it sounds like that's the old idea. You and a bunch of buddies can go on the same mesh net and then connect to each other's, you know, kind of peer to peer to each other's gaming session to be able to play a game. You play Minecraft together from across the world, that sort of thing.

Rob Campbell (11:37)

It sounds a little bit like tailscale to me.

Jonathan Bennett (11:40)

Very much like tailscale.

Ken Starks (11:41)

It allows you to securely connect up to 60 devices on a private local area network without routing traffic through NORDVPN servers.

Rob Campbell (11:50)

Yep. That's why I said no, you can connect up to 60 using the WireGuard technology. It's. And yeah, it doesn't use any servers or any static IPs.

Jonathan Bennett (12:00)

Cool. Yeah, you can, obviously you can set most if not all of this stuff up yourself, but it is a pain to do it and you're going to have to have either a static IP or dynamic DNS, that sort of thing to be able to make it work. I think we've done a little bit of how to's on the OpenVPN and the Wireguard stuff over the years.

Rob Campbell (12:22)

Way back at the very beginning you did a video.

Ken Starks (12:25)

Yeah, two videos.

Jonathan Bennett (12:28)

Yeah, probably. All right, well if we're not doing VPN stuff, is it next time to do x86 stuff. Jeff, what's up in the x86 world?

Jeff Geerling (12:40)

An anniversary. There's a one year anniversary for the x86 ecosystem advisory group. AMD and intel formed a group along with other industry leaders and yes, Linus Torvalds is in there. The idea was to shape the future of the x86 platform. The goal was to allow more innovation but keep the platform on a more unified path with simpler instruction set, meaning there wouldn't be AMD instructions and intel instructions. And for those that have been around for a while, there were, there were points in the history where they didn't know they had their own set of instructions sometimes. It didn't always play nice. Now the basic ones were always the same, but these are like the special, you know, for example, it would be like AVX512, only AMD had a version and intel had a version and they weren't fully compatible. Well, this is supposed to say, okay, we're, we're, we're marching forward. And it would have a single set of instructions that both companies and the rest of the industry would follow so that everybody's aligned with the one year anniversary of the group. They're all reaffirming their commitment to the organization. So there's a little pomp and circumstance there. They're also happy about Fred being finalized. Fred is flexible return event delivery, which defines a new simple way to change privilege levels in the cpu. This would be the different ring levels that we talk about sometimes, which have different privileges based on which ring you're in. It's getting. When you're talking ring levels, I mean, you're usually talking pretty deep down into the kernel and into the cpu, but it's more to it. But it's basically a way to have simple privilege changes and that's the basis of the specification. So it just makes it simpler to change security levels. Also, there's every so often we talk about AVX 512, which I just mentioned, but when these are. These are for those that don't know advanced vector extensions. Well, now the group has also defined AVX10, which is the next iteration of these advanced vector extensions. Yeah, I know they didn't call it 1024 or whatever, but maybe they're thinking, let's just keep the name short, let's learn from the USB guys. You know, I don't know, but AVX10 is going to be the next vector extensions. They're used a lot for mathematical calculations, gaming, you know, things. Things where you're doing a lot of heav heavy lifting on your machine with either graphics or data. They've also defined CHK tag I. Don't change K tag I. It's just all one word is how they defined it. So chk tag, however you want to pronounce that. And it's going to officially be announced later this year. It's for memory tagging on the x86 chips, which should help to stop buffer overflows or mitigate it a lot more and use after free errors and exploits. So basically they're just trying to harden the memory against attackers. There are blog posts linked in the article if one would wish to dig deeper, a lot deeper into the details. They. It's one of those. It's not implemented yet, but it's. It's now been defined and made public. ACE is also coming, which is going to be defining the future of AMX Advanced Matrix Extensions. I don't know how they got ACE from amx. I don't know. Yeah, sometimes you just suspend belief, you know, you just have disbelief and we just roll with it. So ACE will unify how the different chip vendors handle Matrix Math is what it is. Matrix Math also is another one for compute gaming. A lot of, a lot of science and engineering is based on matrices and manipulation of them. And there, you know, that's just some of the things coming. There's a lot more they're planning for the future. And the, if you take a look at the article linked in the show notes, it goes into some of them, there's other links in there. You can dig into other press releases that the companies have had. And really, you know, for people that want to get into the nuts and bolts of it, it's there kind of an editorial on my part. You know, I know that AMD and Intel feel the pressure of, you know, RISC V and ARM and they're not a major threat right now, but I know the companies can see there could be a major shift in the future. So both AMD and Intel are trying to make sure that x86 is, you know, stays around. They can get more out of it, streamline it to better fight, you know, even, even Apple's M chips, you know, it, they, they want to preserve their place in Silicon history, I guess. Take a look at the article. Like I said, linked in the show notes. It's all the details, deep dives, just really deep into the technology if you so desire. And you know, but to me anyway, at least right now the future looks pretty solid for the X86, at least for the next few years anyway, until the next thing comes out.

Jonathan Bennett (17:58)

Is it fair to say that we're looking now at what the X86 V5 is going to be?

Jeff Geerling (18:06)

Yeah, you could probably say that. I was a little surprised because I've read other articles talking about they want to get rid of some of the 32 bit instructions, kind of like they did the 16 to clean it up, streamline more efficiency. They didn't directly talk about that right now. They just had in the article there's just, oh, here's new features, we're unified. But they've only been around a year and I do know, I've read in other places they're trying to basically make an X86 V5.

Jonathan Bennett (18:34)

Yeah, I know one of the things that they've struggled with in Linux land and even the open source compilers, GCC and all that, is that there's not, there's not unified versioning like AMD and Intel did not get together and decide what x86v3 was going to look like and x86v4 was going to look like. And so I just have to imagine that there's conversations going on behind the scenes. It's like, okay guys, we need to get your stuff Together so that we can figure out what this next generation Vex86 is going to look like so that we can actually compile for it and do all of that stuff.

Jeff Geerling (19:05)

Oh, okay, I misunderstood when you said V5. I was thinking we they're looking to make it more like the Risk chip and meaner Streamline. But yeah, because historically the, you know, like the Linux people, the kernel, the GCC Clang people, they're the ones that have kind of defined a lot of the version level based on the instructions there. You know, we'll just group this stuff together.

Jonathan Bennett (19:33)

Yes. Yeah. No, it seems like they're like if we're going to continue using x86 for another couple of decades, there's gotta be work on this where there's an agreement on, okay, this is what the next generation of X86 64 is going to look like. And all of these chips are going to have AVX512 and they've done this with other things like SSE and SSE2. Those things are there, you have some of that same process has happened over in ARM land because you know, there's ARM V7, ARM V8, neon extensions, all of those. And to really be a modern ARM processor, you've got to do those. Interestingly, that's one of the things that RISC V is really not done well to this point is that there are a bunch of these extra instructions floating around and there's not an agreement on, you know, okay, this is the set of instructions that all of these are going to have and we're going to make it, you know, RISC v1 and they're all going to have these. But nobody can get together and agree on that.

Ken Starks (20:38)

Advantage to being open source architecture. You can do whatever you want.

Rob Campbell (20:44)

Similar complaint to the fragmentation issue.

Jonathan Bennett (20:47)

It is, it's an ISA fragmentation issue. Yeah, for sure, for sure.

Jeff Geerling (20:51)

And just take it a step higher. For those who may not be as familiar with silicon, you know, the battle between we just need fewer instructions so they can go a lot faster to get more done or risk we. Yeah. Or we have a complex instruction that does so much more. It takes the place of a bunch of simple instructions, which is CIS complex instruction set that has been battled out back and forth over the years and it will continue to be. So less is not always better. You know, it kind of depends on where the technology is the silicon physics are at. Because over the years we've had faster RISC chips, we've had faster CISC chips, you know, so. But there is definitely going to be cruft and old technology legacy. That is kind of, I'm sure in the X86 that they're going to look at cleaning up and streamlining.

Jonathan Bennett (21:49)

Yeah.

Ken Starks (21:51)

From looking at the timing of the Michael's article and when intel put out their blog post, I'm wondering if that was right after he'd finished publishing it, then he had to go back in and update it later that night.

Jonathan Bennett (22:07)

Oh, probably. That's usually what these guys will do to you.

Jeff Geerling (22:10)

AMD's got a blog post out too. It's not, it's not in the article, but when you're, when I was doing some other research, it was, I ran across it. So it's out there as well.

Jonathan Bennett (22:20)

Yeah. So you mentioned CHK tag. I'm pretty sure that's check tag. It's where they're tagging memory and then checking it for security violations. Hopefully. The idea there being that you can define that this number of bytes is part of a buffer and if you write past the end of that buffer, the hardware is going to catch it for you.

Ken Starks (22:41)

Yeah.

Jeff Geerling (22:41)

They mentioned other silicon that had that ability. So they were trying to catch up.

Jonathan Bennett (22:47)

Yep, absolutely. All right. Well, coming up next, we've actually got an update on everybody's favorite 3D editor, Blender. But before we get to that, we're going to take a quick break and be right back.

Rob Campbell (23:00)

Hey, it's Ryan Seacrest for Albertsons and Safeway now through November 4th. Shop the annual beauty event and save $5 when you spend $25 on select beauty products. Shop in store or online for items like Dove Body Wash Native Body Wash, Cetaphil gentle skin cleanser, Dr. Squatch body wash, Neutrogena Hydro Boost Water Gel, Dial Liquid Hand Soap and Olay Body wash. And save $5 when you spend $25 or more. Offer ends November 4th. Restrictions apply. Offers may vary. Visit albertsons or safeway.com for more details.

Jonathan Bennett (23:31)

High interest debt is one of the toughest opponents you'll face unless you power up with a SOFI personal loan. A SOFI personal loan could repackage your.

Jeff Geerling (23:40)

Bad debt into one low fixed rate monthly payment.

Jonathan Bennett (23:43)

It's even got super speed since you could get the funds as soon as the same day you sign. Visit sofi.com PlanPower to learn more. That's s o f I.com p o w E R Loans originated By SoFi Bank NA Member FDIC Terms and conditions apply.

Rob Campbell (23:59)

NMLS 696891 hey everybody, it's Leo Laporte. Are you trying to keep up with the world of Microsoft. It's moving fast, but we have two of the best experts in the world, Paul Thurat and Richard Campbell. They join me every Wednesday to talk about the latest from Microsoft on Windows Weekly. It's a lot more than just Windows. I hope you'll listen to the show every Wednesday.

Jonathan Bennett (24:21)

Easy enough.

Rob Campbell (24:21)

Just subscribe in your favorite podcast client to Windows Weekly or visit our website at TWIT tv. WW Microsoft's moving fast, but there's a way to stay ahead. That's Windows Weekly every Wednesday on Twitter.

Ken Starks (24:35)

And Jonathan We've got this week Marius Nestor writing about public beta testing starting on Blender 5.0. Now, according to Marius, this beta release promises several exciting changes to include a new volume rendering algorithm based on null scattering, a new convert to display compositor node, support for displaying high dynamic range and wide gamut colors, and a working color space for blend files. Blender 5.0 now integrates the copy global transform into itself. Instead of having it as an add on that you would add on to it. It also promises a jump time by delta operator. Now this operator allows for jumping forward or backward in time by a user specified delta that could be either by frames or seconds. And if you write custom python scripts to use in your workflow, there may be some breaking changes for the Python API in Blender 5.0, including several bundled python modules being made private. Key updates for the user interface include overhauling the theming system to make it easier to create custom themes, and improvements to the node editor for easier navigation and providing a flatter appearance, and several genuine user interface refinements. Now, since I've only touched on some of the new features, I do recommend reading Maria's article for details and when the final Blender 5.0 release is expected. So who's going to play with Blender before the final version?

Jonathan Bennett (26:29)

I am not a good candidate for that because I have never really successfully done anything with Blender. I've tried a few times and every time it's like there's there's too many buttons to press. I don't know what does anything I.

Jeff Geerling (26:42)

I've played with it some but I don't know as I'd be a good candidate either because I'm pretty you're just crunching level level one, you know, start starter level.

Ken Starks (26:54)

More of what I've done lately with Blender is using it for making changes to STL files and then exporting it back out as an STL file for printing.

Jonathan Bennett (27:07)

I've done It. I've done a tiny bit of that. But even then to try to go in and edit anything inside the stl, I just. Not my thing.

Jeff Geerling (27:19)

Go ahead.

Rob Campbell (27:19)

One of the features I heard you talk about was HDR coming. You know, I catch you if you said it. But just a reminder for everybody out there, if you really want these modern display features like HDR and Blender, you have to be using Wayland.

Jonathan Bennett (27:35)

Yes.

Ken Starks (27:36)

And have a high dynamic HDR compatible monitor.

Rob Campbell (27:40)

I mean you could use it. You're just not going to see it.

Jonathan Bennett (27:46)

I don't even think you can turn it on if your monitor doesn't support it. So, you know, there's that.

Ken Starks (27:52)

I've got Waylon. I just need the monitor.

Jonathan Bennett (27:55)

Yeah. Honestly, I would say go with the tv. It's probably the way to go right now.

Ken Starks (28:00)

Then I need to get a new tv.

Jonathan Bennett (28:03)

Get a small TV and put it on. Do what I did. Get a small TV and put it on your desk. Replace your.

Jeff Geerling (28:08)

Or get a big monitor and put it on your desk like I did.

Jonathan Bennett (28:11)

Except for an HDR monitor that's that big, you got to pay a couple thousand dollars.

Rob Campbell (28:16)

No. For how big?

Jeff Geerling (28:20)

5K by 2k. There's no TV running this resolution that I know.

Ken Starks (28:25)

Have to see if my wife will give up the new 65 inch TV we got.

Jonathan Bennett (28:30)

Yeah, I'm just drag your desktop over and you plug into it for a while, then drag it back when you're done with it.

Jeff Geerling (28:36)

But see, I'm a firm believer in spend quite a bit on the monitor because you keep it for years. I mean it goes. It's. I, I have the same idea. Computer cases. I get a really good computer case. I mean it lasts for build after build after build.

Jonathan Bennett (28:54)

I mean, I mean, yeah, you get one you really like. You can put three or four or five different computers in there.

Jeff Geerling (29:00)

Yeah, I bet I've got one. I've got an old Silverstone fortress too. I bet you that thing's like 10, 15 years old. Still chugging away beautifully.

Ken Starks (29:10)

I know you said you could put three or four computers in there, but I don't think you meant all at the same time.

Jonathan Bennett (29:18)

Probably not, no.

Jeff Geerling (29:20)

But they do make cases like that if you really want to.

Jonathan Bennett (29:23)

Yeah, yeah.

Rob Campbell (29:25)

Here is a little tip for you all. If you have to get rid of a tower and the computer inside and e. Recycling. If they're going to charge you, if all you have is a place to charge you, you can put three or four inside of that case.

Jonathan Bennett (29:42)

Just load it up with all of the stuff that you want to get rid of. Here's my one computer.

Jeff Geerling (29:50)

137 pounds.

Jonathan Bennett (29:51)

Yes.

Ken Starks (29:53)

Think this floppy drive would fit in.

Rob Campbell (29:56)

There if you disassemble it.

Jonathan Bennett (29:59)

Don't recycle your floppy drive. There are retro computer enthusiasts that would want that. No, if you've got a place that wants to charge you, Staples will actually take them for free. Not monitors, but computers they'll take for free.

Rob Campbell (30:14)

Yeah, I think a lot of places do now.

Jonathan Bennett (30:15)

Yeah, a lot of places will. So we talked briefly about Blender and I'm going to sneak in an extra story here. That is Plasma 6.5 is actually going to release on Tuesday, so probably if you're watching live, that's in three days. I can count. That is three days from now. But if you're getting this on the recording, then there's a really good chance that it's today or.

Ken Starks (30:39)

Or yesterday.

Jonathan Bennett (30:40)

Or yesterday or some other time in the past, because wibbly, wobbly, timey, wimey. But yeah, for those that can't see.

Jeff Geerling (30:48)

And are only listening to the audio every once in a while. The reason we break into laughter is because Rob has an extreme Zoom.

Jonathan Bennett (30:55)

We were playing with Zoom before the show and Rob did this and I told him, hey, you should have a button you could press. I regret telling him this now, but he took me up on it and he's taunting me throughout the show with his button. Anyway, I've got a link right below Ken's story that is about the Plasma 6.5 release that is just about to happen. And of course, some preview of 6.6 and all of those I am personally looking forward to. Looking forward to getting and playing with KDE 6.5 when we come back and do the show next week. I may be running Rawhide on Fedora just to be able to play with.

Ken Starks (31:40)

It, but you're going to take the next week off.

Jonathan Bennett (31:45)

No, no, no, no, no, no. See, I have two computers. I have the laptop that I do the show from and I have the desktop that, well, I also work from, but I'm not as afraid to break it in fun and interesting and horrible ways.

Jeff Geerling (31:58)

You need to do the show from the one you can break like I do.

Jonathan Bennett (32:02)

I mean, I have been thinking about doing a Fedora install on the laptop here and I would probably go grab the beta.

Rob Campbell (32:12)

The problem is he's the one with the buttons and we don't want to get stuck on one of us where we just have to ramble like, you.

Ken Starks (32:20)

Wouldn'T want me stuck on the screen all night.

Jonathan Bennett (32:23)

It just happened a time or two. All right.

Jeff Geerling (32:27)

I might be on it as well because cash is pretty fast on the uptick, so I don't know, I wouldn't expect it Tuesday, but maybe Thursday or Friday wouldn't surprise me.

Jonathan Bennett (32:40)

Yeah, could be. So I've got something else coming on Tuesday, by the way. I promise this will make sense here in just a second. I got tired of my old OnePlus phone and the fact that it's continuing to break in new and unusual, and so I finally bit the bullet and I have ordered a Pixel 9a, supposed to come, I think, on Tuesday. Interestingly enough, Rob, you're about to tell me I should have waited for something even better than a Pixel 9a.

Rob Campbell (33:12)

Well, I don't know about waited. I think it may take a little time before you really see the effects of this. But yeah, as far as phones go, anyone who's been listening for a while has heard me say many times on the show that we need a real usable Linux phone. Not another Android skin, you know, not another Android like Jonathan ordered, not something halfway open, but a phone we could truly call our own. A phone we could tinker with and hack, modify, make ours. Which is why I often report when new Linux phones are announced, kind of, you know, in the hope that maybe this one will be the one, the one that makes a big difference. But, you know, they never really seem to make that big of a dent and it's like, ah, yay, cool. Maybe next time. So maybe, just maybe, the Free Software foundation is giving us that long awaited glimmer of Hope. At its 40th anniversary celebration in Boston, the FFFSF dropped the surprise announcement that the Libre Phone project. It's the most ambitious attempt yet to bring software freedom to the two mobile devices. And unlike most Linux phone efforts, this one isn't starting with Android or trying to ship new hardware. What they're trying to do is they're going straight for the hard part, freeing the proprietary blobs that lock down today's phones. If you're not familiar, these binary blobs are the closed source firmware and drivers baked into nearly every modern phone system on a chip. They control everything from your modem and GPU to your camera and power management, and they're completely opaque without them. Most Linux phone projects, they kind of hit a wall somewhere where they're not quite what you hope they would be. So Rob Savoy, the LibrePhone projects lead developer and longtime GNU contributor, puts it plainly, quote, making fully free software for modern commercial phone will not Be quick. So you got some time, easy or cheap, but our project benefits and from standing on the shoulders of giants who have done most of the work. So I think you're fine, Jonathan, with the pixel now maybe your next phone will come out of this. So anyway, in other words, this is a long game, but it's, it's one that could finally give a completely free mobile stack something no one has truly accomplished yet. Now, librephone isn't building, you know, like I said, it's not building a new phone or even a new os. You know, instead the goal is to reverse engineer and document the proprietary firmware so the developers, especially those outside of the DCMA jurisdictions, can build open replacements. You know, they're starting by identifying phones with a fewest freedom problems, then creating detailed specs for others to use. Even projects with respect to like Lineage OS or replicants still rely on closed blobs. Librephone could be the foundation that finally removes that dependency. So of course, you know, this won't happen without community help. The FSF is asking for volunteers, all types, for coders, testers, documenters, advocates. You know, like us, we're being advocates now. I am at least donors, basically anyone who believes in the dream of truly open phone. You know, if that's you, check out librephone.fsf.org to get involved because, you know, let's be honest, Android might run on the Linux kernel, but it's still Google Sandbox. You know, I don't want a phone where something like as simple as sideloading an app, my own app maybe, you know, maybe I want to create something just sideloaded. I don't want that to be a privilege, I want that to be a right with my phone. I want a phone that's mine. And if librephone, if the Libre Phone project succeeds, we might finally see what a real Linux phone can be.

Jonathan Bennett (37:42)

So I have, I have hesitations about this actually. I have a fundamental disagreement with the FSF's position on binary blob firmware. Because basically all chips at this point have firmware built into them. And where the FSF draws the line is if the user has to touch and load that firmware, that's where they're not fine with it being closed source. But if the firmware lives on the chip to where the user doesn't have to interact with it, then it's fine that it's closed source and they don't care. And personally I find that to be a really weird place to draw the line and not very helpful. Personally, I don't care about loading closed source firmware so long as there's, you know, an appropriate license given to the binary that allows it to be included with your distro or your, you know, your phone image, what have you. Obviously it's great to have open source firmware for all of these individual chips, but I think the fact that the FSF just looks at a chip that has that firmware built into it and just sort of closes their eyes and closes their ears, we don't see it like that's, it doesn't help anybody. So I find their whole position here to be just a little weird.

Rob Campbell (39:13)

Well, I feel like maybe I'm misunderstanding or misreading. I feel like kind of part of the point here is that, you know, because things that run, say the cellular modem is closed source and the, the manufacturers make that for Android, or I guess they aren't making it for iOS, but they're making it for Android. It's hard for a Linux distro to make it work, make that hardware work with Linux. And that would be a lot easier if, if they had access to that code and had open code.

Jonathan Bennett (39:49)

Yeah, but a lot of these pieces of hardware, those firmware blobs, they are distributed and they're distributed with a license on them that says, you can include this in your image. It's not a problem. The problem the SFS has with it is that the user, or the operating system in this case, has to interact with this piece of binary code that is not open source. And so to them, having any interaction with a closed source binary, you know, corrupts the whole thing. It's no longer libre according to Free Software Foundation. And I just, you know, I kind of take the opinion that the vast majority of the Linux distros do that. No, that's just not true. You know, we can load closed source binaries to hardware chips and still be an open source os.

Rob Campbell (40:39)

So are you saying, you're saying their, their position is further than yours? Like they expect it to be more open? They are looking, you're fine with like.

Jonathan Bennett (40:50)

They, they are looking for something to be more open, but they're looking for something to be more open in an almost hypocritical way. Okay, so let's take a stream deck, right? This is essentially a computer. This is likely a Linux computer, right? And it's hung off of usb. There's firmware that runs on this. In this case, the firmware is again, very likely a Linux install. Parts of this are open source because it's Linux. Parts of this are not according to the fsf. So long as when I plug this into my computer, when I plug the USB in, if it just comes up and says hello, I am a stream deck, then this piece of hardware respects my freedom. That's the term they use. If I plug this in and this hardware says I need you to provide the firmware for me to run and my computer then has to transfer over the USB cable a closed source firmware image, the FSF then says that does not respect your freedom. And the thing that I disagree with fundamentally with the FSF about this is what they consider to be the difference is whether I have to load that closed source firmware blob onto this or not. And in my opinion that doesn't matter at all. The only thing that matters is is there firmware running on this and can I get to the source of it? I actually consider it to be slightly better for the end user if you have the ability to load firmware on it because then you have some chance of fixing it, there's some chance of making it open, whereas if it's locked on there forever, it's in my opinion even more closed.

Rob Campbell (42:36)

Right. I agree with you there. I think it's, I think it's fine what you said, you know, if, if as long as you can make it work. I don't think that what the fss, fsf, even if they have a different opinion on, on where they want to go, I don't think it hurts those that have our opinion. I think their work that they hope to do towards these blobs can help those who don't care if there are still blobs there. But it's, it provides more openness in areas.

Jonathan Bennett (43:11)

Sure. Don't misunderstand me. I have absolutely no problem with the FSF trying to come along and reverse engineer some of these firmware images. I just have seen over the years that the FSF does things that are not very helpful and don't make sense. And so they have the deep lobbed Linux distro that they do that is very difficult to run. And they come out and they'll also, they'll advertise pieces of hardware that are like respects your freedom hardware and it's, you know, something that's 10 years old and the only reason it respects your, your freedom is because the firmware is baked onto it when you don't have to touch.

Rob Campbell (43:51)

And like they said here though, they're not making an os, they're not making a hardware, they're attacking, you know, each Individual blob here, one at a time. And then others who make phones can utilize the work that they've done, but obviously they can, they don't have to fully utilize it. They could take their code, they could take the closed source code, they can combine it together, but it gives them some access to stuff.

Ken Starks (44:17)

I think I'd be curious what the Free Software Foundation's take would be on a Linux based Fire tv.

Jonathan Bennett (44:28)

I mean, it's going to be this, it's going to be the same, right? Do you have access to all the code? If so, good. If you don't, then it's closed source and does not respect your freedom.

Jeff Geerling (44:40)

It gets me sometimes when ideologies turns into kind of a roadblock because it's a lot of people, I just want it to work. That's their opinion. And yeah, we want open source. But I personally, for me, my line is if it's firmware to help hardware run, I don't really have a problem with it. I want my operating system open source. But if I have to load a firmware blob for my graphics card or my mouse or whatever because it's supporting the hardware, it's not near as big a deal for me.

Ken Starks (45:19)

Basically the question is, are you willing to die for it?

Rob Campbell (45:24)

They, they could probably. I mean like, like, like you're saying they're, they're maybe focused on a little more on things that maybe aren't necessary. So I guess the downside here is that if they adjusted their focus and you know, maybe left some things alone that didn't need to be because it's fine, it could maybe speed up their progress and, and get us to that free phone future.

Jonathan Bennett (45:48)

So here is my take on what FSF should do. Rather than concentrate on these firmware blobs that are closed source, what they instead should do is look at the various pieces of hardware that don't have patches upstream in the Linux kernel. And there are a bunch of these because ARM vendors are terrible about this. Hardware vendors are terrible about this. Who, everybody is pretty bad about this. Almost, almost every hardware vendor. What they'll do is they'll have a, you know, a 2.6.23 Linux kernel and then a whole bunch of patches on top of that to make their stuff work. They'll publish that somewhere as a tarball and say yes, we have open source for this and nobody can use it. So like, if anything that the FSS should be doing to make Linux phones work, it would be to go and try to reverse engineer Linux support for like the Snapdragons and the various pieces of hardware, don't care about the firmware, get things upstreamed in the kernel so that people can actually use this stuff. And unfortunately that as far as I can tell, is not what they're doing. Anyway, we have a bunch more show to get to and when we come back we're going to let Jeff talk about some dynamic mitigations in AMD and probably Intel. We're going to get to that right after this.

Jeff Geerling (47:14)

Have you noticed that the way we use our phones is ironic? Phones are for connections, but we look at them more than we look at each other. That's ironic. So U.S. cellular created U.S. mode to help us reconnect. It helps us use phones a little less. Ironically, a phone company wanting people to use their phones less is ironic. Let's find US again with US mode from US Cellular. Visit uscellular.com built for us to get.

Jonathan Bennett (47:38)

Started 25 years ago, a small group of business and government leaders met in Washington, D.C. they envisioned the creation of an independent non profit organization with a mission to help people, businesses and government mitigate the growing threat of cyber attacks. Today, the center for Internet Security embodies that vision. For 25 years, it's worked with a global community of IT and cybersecurity experts to develop the CIS benchmarks and CIS critical security controls. These proven security best practices defend against common cyber threats and streamline compliance with industry frameworks, regulations and standards. Today, CIS provides cybersecurity services, threat intelligence and critical resources to help public and private sector organizations alike strengthen their Cyber defenses. Visit cisecurity.org today. That's the letters C I security.org to find out how CIS can help your organization as we create confidence in the connected world.

Rob Campbell (48:40)

This episode is brought to you by Cohesity. For security and IT professionals, resilience is not just a feature, it's a movement. Cohesity makes sure you're ready for the midnight alerts and morning reviews. With Cohesity, you can secure and protect your company's entire data estate with a single platform, reduce your risk from threat actors and quickly respond and recover from destructive cyber attacks, strengthening your company's resilience. That's why Cohesity is trusted by 70% of the Global 500. Learn more@cohesity.com Resilience everywhere hello everybody. Leo Laporte here. You know what a great gift would be, whether for the holidays or at just any time? A birthday? A membership in Club Twit. If you have a Twit listener in Your family, somebody who enjoys our programming and you want to give them a nice gift and support what we do, visit TWiT TV club TWiT. They'll really appreciate it and so will we. Thank you. Twit TV Club Twit.

Jeff Geerling (49:38)

I know Jeff doing another hardware story, who would have thought? But I found this really interesting because there was a big set of patches which are going to be controlling CPU security settings and not just during boot times. So AMD engineer David Kaplan, who some might remember from his work on attack vector controls, which is basically an easier way to turn off and on security in the cpu. So for things like retbleed inspector, things of that nature. So you. So you could have this, the control to turn them on or off based on what you were going to do. Well now he made it a lot simpler. Well, this, what we're talking about today is an extension of that work. The patches that were posted to the Linux kernel mailing list. And so now this isn't going in yet. This is. They put them out there for people to look at, but it will allow turning on and off various mitigations at runtime rather than only switches at the kernel boot time. So currently if you want to say turn on protection for RET bleed, you do it during kernel boot and you have some switches that, you know, command command line type switches is how you can think of it to that's how it's going to boot up. Well, David had this to say as about these patches. He says as the performance cost of CPU mitigations can be significant, selecting the right set of mitigations is important to achieve the correct balance of performance versus security. Now the way this works is described as runtime patching. And David goes on to explain a little more. He says repatching, and that's what he calls it. The kernel is expected to be a very rare operation, is done only under very big hammers. All tasks are put into the freezer and then repatching is done under the new Stop Machine NMI routine. To repatch the kernel, it is first reverted back to its compile time state. The original bytes from alternatives replenish, et cetera, are saved during boot so they can later be used to restore the original kernel image. After that, the kernel is patched based on the new feature flags. This simplifies the repatch process as restoring the original kernel image is relatively straightforward. In other words, instead of having to repatch from mitigation A to mitigation B directly, we first restore the original image and then patch from that to Mitigation B. Similar to the if the system had booted with mitigation B selected originally now the too long didn't listen is based on the need of the kernel. So whether it's a new set of programs or security alerts or whatever could trigger this. The kernel can then change the security mitigations when needed and not take the performance penalty when they're not. This also would be good on server or can't go down type machines so that you don't have to shut the machine down, reboot with a new set of switches to change or add mitigations. Take a look at the article linked in the show notes for full details and a link to the original Linux kernel mailing list where you can see the code and you can get again a lot more deeply into how this directly works. Because this was rather high level.

Jonathan Bennett (53:13)

That's some blackmagic stuff talking about doing live patching of the kernel the way that they're looking at doing this. Pretty interesting.

Jeff Geerling (53:20)

Yeah, that's why I'm saying this is very high level.

Jonathan Bennett (53:24)

Because yeah, we've talked a little bit about this but probably it'd be worth to take just a minute and remind folks of like what the, what the mitigations are, what the vulnerabilities are that we're talking about things like ret bleed and all of that. Specter. Let's see, what's the other one?

Ken Starks (53:42)

There's something that was recently reported.

Jonathan Bennett (53:44)

There is a new one of these about once a month.

Jeff Geerling (53:48)

There's a whole big. There was like a matrix of different mitigation. So it's not just like oh this, this. There's probably 15 or 20 of them. Matrix of most of most of these.

Ken Starks (54:01)

Are you saying 15 by 20?

Jonathan Bennett (54:04)

Not quite that many. Most of these are speculative execution. And so essentially it's talking about where you have a modern CPUs they don't just execute instructions in order to like when they take a branch. So you have say an if in code and if A you go do this and if B, you go do this. Well, modern CPUs will see that and they'll do both at the same time and then they'll finally figure out which branch was the right one on that if instruction and one of those branches they just jump to the end of it and the other one, they roll everything back. Speculative execution. The entire the whole ball of wax here as far as why it's a vulnerability is when you do that speculative execution, it actually changes things like what's loaded up in cache, what you can get to in memory faster and other, other things. Like there's, there's various side channels essentially that they found to be able to do this, to figure this out. But it means that you can read a memory like you can. You don't read it directly, but it's like you derive the contents of memory that you're not supposed to be able to get to. That's what almost all of this is. So then you think about that and the question is, do I as a Linux desktop user care? And almost always the answer is no, because I actually trust all of the processes that's running on my machine. I'm not in a server farm where I have an untrusted process because I'm hosting a website and somebody can run arbitrary code as part of that website hosting. I'm not hosting a whole bunch of virtual machines where people are running whatever they want to inside that vm and I have to worry about them doing a VM escape with one of these. So that's the reason why you would want to turn this off on your local Linux machine, because you don't have any need of all of these mitigations because you're not running any untrusted code.

Rob Campbell (55:59)

Yeah, any shared environment, really. Right.

Jonathan Bennett (56:02)

It's not a shared environment at all. The, the only, the only place, the only caveat there is there are a few of these that theoretically you can access from inside a web browser. And so if you go and spend enough time on a malicious website, then somebody can run untrusted JavaScript code. And so that's why there's a few of these mitigations that it might make sense to leave on on a desktop computer.

Ken Starks (56:27)

Especially if you're seeing memory just slowly climbing up.

Jonathan Bennett (56:31)

Well, I don't think you would even see memory climbing up.

Jeff Geerling (56:33)

No, it's not how it works.

Jonathan Bennett (56:36)

Yeah.

Rob Campbell (56:36)

Speaking of memory loss, Ken enters the room.

Jeff Geerling (56:42)

Yeah, it's all inside the cpu. So it's not a memory leak.

Ken Starks (56:47)

Right.

Jeff Geerling (56:47)

It's little visions into what's going on and getting access to information you shouldn't have, possibly even memory locations you shouldn't have. It's not adding, it's just you're getting into someplace.

Ken Starks (57:02)

It's caching.

Jonathan Bennett (57:04)

A lot of times it's because things get loaded into cache and then you can access that cache and see what gets loaded faster. And yes, it lets you sort of get an Oracle into what some other bit of. It's super impressive and really, really smart work that researchers have done. It's just the unfortunate thing is every time one of these gets found and fixed, they have to add something else to the Linux kernel into the Windows kernel for that matter too. But it's like, okay, well that means every time we move from user space code to kernel code, we have to explicitly empty the cache. Well, that takes time and it also means that things are slower the next time you go to access what should have been in your cache. So make sure everybody's computer runs.

Jeff Geerling (57:48)

Harold Finch says, what should I turn off on a desktop and what should I leave on? And I would say if you're just having a normal desktop, you know, you're not running virtual machines for external customers. You're not running a server. You're not, you know, you're like Rob, you're just playing your hello Kitty island adventure and that's all you're doing on your machine. You can leave them all off because that's not the target. The target is where the virtual machines, where you have a set of virtual machines because it's running services for people outside your home, you know.

Rob Campbell (58:26)

Well, I think his question is, you know, to Jonathan's point, he said some of them can be taken advantage of through JavaScript in the browser.

Jonathan Bennett (58:34)

Yeah, I don't think anyone is actually doing that at this point. I don't think anyone's seen anybody doing it in the wild.

Ken Starks (58:40)

Nobody's been caught doing it.

Jonathan Bennett (58:42)

Well, I mean, exactly. So like there is some level of how paranoid are you going to be about this?

Ken Starks (58:48)

That's easy. Be super paranoid. Turn everything on and then back it off until your computer can work.

Rob Campbell (58:55)

It depends what's on your computer and what you use it for. If you're only gaming and you're not banking or putting anything private on there or using passwords on there, doing anything.

Jeff Geerling (59:08)

And realistically part of it is the target because a lot of these are higher effort. This is not just, oh yeah, we're stumbling across stuff. So you're, you're super great safe cracker. It's not hanging around in my neighborhood. You know, there's, you know, they're going after where the, the rich people live, you know, they're going up on the hill and the mansions. We're, we're definitely have to have versus the reward is not there. So a lot of the normal stuff is just not on the radar. Unless, unless it's a script Kitty type thing. We're, we're too small of potatoes. We're, they're, they're going after, you know, political people, millionaires billionaires.

Rob Campbell (59:55)

Yeah. Mr. I buy whatever biggest monitor I want and I, and I'm not in a rich neighborhood because he bought that big monitor.

Jeff Geerling (60:05)

Yeah, but I'm driving a 35 year old pickup.

Rob Campbell (60:08)

So.

Jeff Geerling (60:08)

See it's, it's all, you know, it's all relative.

Jonathan Bennett (60:12)

Yeah, I think so. The safe answer there is just stick with the defaults that your distro uses and I know some distros do turn some of those off and leave some of them on. If your threat model does not include apts, if you don't know what an APT is, then you can probably turn all of them off and you will be fine. If you are doing defense work or you are a high level politician, then you should probably leave more of them on. But if you are one of those people then hopefully you have a actual security professional that you can go and talk to. So.

Ken Starks (60:47)

And they'll turn it all on.

Jonathan Bennett (60:49)

They will probably turn it all on for you. Yes, I would imagine.

Jeff Geerling (60:52)

And realistically if you really wanted to, you can turn it all on. It's just buy a little faster processor than you think you need. Buy a little more memory, memory a little more. You know, just beef it up more because it's just, it's just going to slow you down.

Jonathan Bennett (61:07)

Yep.

Jeff Geerling (61:07)

Some is all. I mean it's not going to cripple you. It's just. Okay, you now have like a 10% load on your machine all the time. I'm just swagging a number.

Ken Starks (61:17)

But it'll still be faster than that 16 bit system you used to work on.

Jonathan Bennett (61:22)

Yes. Yep. All right Ken, let's talk pipewire. I see that there is a new release just about to come out. What is new in the pipewire world?

Ken Starks (61:33)

Well, there's a lot new in the pipewire world. In fact, this week Bobby Borisov and Marius Nester wrote about what performance improvements we can expect from Pipewire 1.6. Now according to Bobby, one of the biggest changes is a complete refactor of the link negotiation code. Applications now have better control over default values and and can more precisely restrict available options, resulting in improved format matching and smoother audio and video handling. According to Marius, Hypewire 1.6 will include Bluetooth audio streaming for hearing aid support. I'm definitely looking forward to that one. And then there's also going to be MIDI 2.0 clip support in the tools, better support for explicit sync, a new timer queue helper to schedule timeouts, and support for Razer Black Shark version 3 or V3. There's also a new Dobies around and Dolby Prologic 2 example filter configuration as well as OnNX I want to say Onyx and FFMPEG filters added to the filter graph system for more flexible audio processing pipelines. As always I do recommend reading Bobby and Marius articles for more details.

Jonathan Bennett (63:07)

Yeah, reading through the changelog, there's a lot of latency stuff that they have done and so this is where people, people are trying to use pipewire for actual Pro audio use and have come back them and said you still don't have the latency quite right. Here let us help you. And it's getting better and better. So you know, hopefully that means that programs like Ardour are going to be better to use with pipewire even more so than they have been now. Better support for you know, FireWire Pro Level FireWire interfaces which a lot of us still have and would still love to use.

Ken Starks (63:40)

Because they still work.

Jonathan Bennett (63:41)

Because they still work. Yeah, they work great. It was good. Hardware and audio is not quite like the computer world. You don't. It's not necessarily dead and gone. After 10 years, you know there's still still 30 and 40 year old microphones being used in recording studios because they were built. Right.

Ken Starks (63:58)

They still work.

Jonathan Bennett (63:58)

They still work. Yeah.

Jeff Geerling (63:59)

Well and a lot of it is.

Rob Campbell (64:00)

Take care of it and it's going.

Ken Starks (64:02)

To work for generations.

Jeff Geerling (64:05)

Technology doesn't change that much. Right. You know a 20 year old speaker is still going to sound really good versus a new one. Well your 20 year old computer. Oh it's. That's a whole different ball game. You know it's, it's just the speed of the evolution of technology.

Ken Starks (64:23)

You like switching from kilobytes to gigabytes of memory. Yeah.

Jeff Geerling (64:31)

That 100 year old hammer works just fine.

Ken Starks (64:34)

Yeah.

Rob Campbell (64:34)

They start switching from kilohertz to gigabytes.

Jonathan Bennett (64:39)

Yeah. So I mean to drive this point home, one of the most popular microphones in the world is the Shure SM57. I've actually got one off in a box in storage, one of the storage rooms. You would know it if you saw it though. It is still one of the most popular microphones for doing particularly UCM for miking like a piano or other different kinds of instruments. It was originally released in 1965 and it is still one of the go to microphones 60 years later.

Ken Starks (65:10)

There was no changes to it.

Jonathan Bennett (65:13)

Correct. Now if you have one from 1965 it may be physically deteriorating because of some of the stuff that's in. It wasn't designed to last that long.

Ken Starks (65:24)

Or the Way it was treated.

Jonathan Bennett (65:25)

Or the way it was treated. Yes, but they are still making them essentially exactly the same. And none of us are running computers from 1965. Just not a thing.

Jeff Geerling (65:36)

Well, Ken might have something about it.

Ken Starks (65:39)

Trying to think. I have an Etch A Sketch somewhere.

Jeff Geerling (65:45)

He's wrapping wire around magnetic cores as we speak.

Ken Starks (65:50)

Yeah, no, I gave that up ages ago.

Jonathan Bennett (65:56)

That's funny.

Ken Starks (65:57)

That's for the grandkids to do now.

Jonathan Bennett (65:59)

Yes, yes. All right, let's see here. Rob, you want to talk about the UBO Pod? What in the world is that?

Rob Campbell (66:16)

All right. So Jonathan's idea of a smart home isn't asking Alexa to turn on the lights or Google to cool down the house. It's wiring up a thermostat using a Raspberry PI, a handful of sensors and some code he wrote himself. No Alexa, no Google Assistant, and absolutely no cloud connected microphones sitting around just listening. But here's something that might actually get him to set up build by a smart home speaker. After all. It's called the UBO Pod. It's a compact hackable AI assistant that's 100% open source, built by Merdad Majubi and a team of open source developers. Think of it as what would happen if Mycroft came back from the dead, learned docker and set up shop on a Raspberry PI. The Ooble Pod runs on a Raspberry PI 4 or 5 and supports local AI models for full privacy privacy first operations. It uses Vosk V O, S, K for speech recognition and Piper for text to speech, meaning all the processing happens right on the device, not in some mystery data center. If you do want to experience want to experiment with bigger cloud models, you can plug into Claude or OpenAI or Gemini, but the local stack is the default, not just an afterthought that got added on later. Physically, it's about the size of a chunky paperweight. 5.1 by 3.9 by 2 inches, weighing around 0.75 pounds. And it's built to be opened, upgraded and repaired. On the front you'll find a 1.54-inch IPS display and a 7 button soft touch keypad. There's even a physical camera curtain and a microphone disconnect switch for you or for when you want total silence. Dual mics and stereo speakers round out the hardware. Under the hood, UBO software architecture is module and event driven using centralized state management, so devs can extend or remix it without breaking everything else. It has a GUI you could control with the physical keypad. Or via a web browser. And it supports third party dockerized apps. Developers can even build their own integration using a low code approach through a language agnostic GRPC API. Perfect for scripting your own command or connecting it with your self hosted service. Like maybe home assistant. That last I knew. Jonathan also has never tried. The UBO Pod is now live on Kickstarter with open repositories for both software and hardware. So you could build your own, modify your own, or if you, if you'd rather roll it out yourself. Or you could purchase off a Kickstarter. If this sounds familiar, that's because it really does echo what Mycroft the old open source voice assistant used to be that sadly fell victim to patent trolls. Ubopod is like the spiritual successor, the smart device for people who don't trust smart devices like Jonathan. So for folks like Jonathan and probably a lot of the listeners here, this is the kind of innovation that might finally make a smart speaker worth having. Local AI, open code, hackable hardware and no big tech middleman listening in. Now that's the kind of assistant anybody should feel comfortable inviting into their home.

Jonathan Bennett (70:25)

Rob, you're going to tick my wife off by trying to convince me to spend money on stuff again.

Ken Starks (70:30)

Now you're supposed to convince her to spend money on it.

Jeff Geerling (70:36)

I was like, you know, and I know it's superficial, doesn't mean anything, but just know on that wood grain, it looks like a 1975 trailer house. Just no one no do something better.

Jonathan Bennett (70:48)

Oh no. See for, for, for some group of us, the wood grain is what makes it.

Rob Campbell (70:54)

Yeah. I mean did you never have a station wagon with the wood paneling?

Jeff Geerling (70:59)

I've seen them. This is like. No, that's what I think of it's. I would, I would, I would probably.

Ken Starks (71:07)

Plastic veneer that's been stained so it gives you that wood grain look.

Jonathan Bennett (71:14)

Painted. It's probably painted on wood grain. Yeah, likely.

Jeff Geerling (71:17)

You know, when you look at it, it's thin enough. It's builder.

Rob Campbell (71:20)

Yeah.

Jeff Geerling (71:20)

It's a veneer. It's pain. It's the sticker or something.

Rob Campbell (71:23)

I don't know, maybe raspberry PI 5 and you can get the hardware.

Jonathan Bennett (71:28)

So I went and looked. It is actually a little bit more than a Raspberry PI 5. It is a PI 5 with a custom hat and a custom enclosure.

Rob Campbell (71:34)

Right. So you build your own. You can use. It will work on a Raspberry PI 4 or 5.

Jonathan Bennett (71:40)

Yeah. They also have the hardware specifications looks like to be open hardware. So if you don't want to pay them money for it. I don't know why you would do this, but you certainly can. You can hire one of the fabs like jpl. I can't remember what they're called. There's a couple of different Chinese fabs, though, that really do well at making stuff like this is it jpl, you.

Jeff Geerling (72:08)

Know, people in a fab.

Jonathan Bennett (72:09)

Jlcpcb. That's it. That is the one I was trying to come up with. Not sponsored, but a lot of the toys that I play with come from there. A lot of the boards that we deal with. Yeah. So here in a minute.

Jeff Geerling (72:25)

You know somebody with, like I said, you know somebody in a fab, you know somebody with a wave solder machine. You know, that's true.

Jonathan Bennett (72:33)

Somehow I don't think I can send that someone my KICAD files and get him to make me stuff if I can. I need to have a talk with that someone, but I'd somehow he's got.

Ken Starks (72:44)

A whole bunch of projects he's wanting to do.

Jonathan Bennett (72:47)

I mean, let's do lunch sometime, do.

Ken Starks (72:52)

Some business pages worth.

Jonathan Bennett (72:55)

Anyway, Jeff, who is not at all related to that hypothetical, someone has some news about Fedora 43 that we are going to dive into right after this.

Rob Campbell (73:07)

Hey, it's Ryan Seacrest for Albertsons and Safeway. Now through November 4th. Shop the annual beauty event and save $5 with when you spend $25 on select beauty products, shop in store or online for items like Dove Body Wash, Native Body Wash, Cetaphil gentle skin cleanser, Dr. Squatch body wash, Neutrogena Hydro Boost Water Gel, Dial Liquid Hand Soap and Olay Body wash. And save $5 when you spend $25 or more. Offer ends Nov. 4. Restrictions apply. Offers may vary. Visit albertsons or safeway.com for more details.

Jeff Geerling (73:38)

Fedora 43, which was set for release very, very shortly, has been delayed. The decision team goes through a spaceship type of go, no go type of meeting to decide if they're ready for release or launch. And that for anybody that might not be familiar, whenever there's going to be a launch of a rocket, there's a lot of, you know, yelling out of subsystems. And then that person who's in charge of that says go or no go. And that helps define if everything's ready or not. Well, they had this go no go meeting on October 16th and they got a no go for the release. There were two main things that caused a delay. Now, the first is the number of outstanding blocker bugs. Now this means these are large bugs which need to be fixed. Now they include such things as the Andacano web UI installer drop down menu didn't work in kde. Well having your installer not work, that's a big deal. So problem another was there was a Linux firmware regression for the MediaTek MT7922 Wi Fi. So no network also seems like a deal breaker to me though there were also things like the rescue mode not being able to mount the slash boot and/boot EFI partitions which if you can't mount them then the rescue mode ceases to be ARM image installer had a problem and they had certain hardware failing to boot with the Fedora 43 images as well. So some pretty basic things which they need to get sorted out before they release it. Now they also the second issue is the amount of test coverage they had was also a huge concern. They wanted more testing over a larger set of hardware to make sure there are not any more other major bugs hiding. So they want them found before release, not after. And that's why a lot of distributions at various times call for people just try it, load it, run it, hammer it, see what happens. What happens is they're going to give it some time to get the bugs worked out and then there will be another Go no go meeting. So the original release date was October 21st. Now it's going to be October 28th. So it's not a huge push, it's just a little more time to get things right. So it's not like it's going out months or anything like that. So nothing to panic about. So even though 43 is going to be delayed a little, I'm sure in the coming weeks we're going to be talking about the new features that are already planned. You know now that 43 is going to be delayed a little but you know they're already working on 44 and I'm sure in the coming weeks we're going to be talking about what's going to be planned to go into 44. So take a look at the article linked in the show notes for more details and links to the announcement which also includes links to the meeting minutes and the full meeting log. So if you are really wanting to see what that go no go meeting, how it actually happened and who said what it's in there and I, you know, I look forward to the next version of Fedora and you know, and Jonathan already talked about it. I was going to ask if any of my co hosts are already trying the pre release version. Or maybe you have been because you're already using Rawhide, but Jonathan's thinking about it.

Jonathan Bennett (77:07)

Yeah, really thinking about it. It's also worth saying that Fedora used to be absolutely famous for every release getting pushed by a few weeks for stuff like this. And they really buckled down in the last few releases and got them out on time. So it's not, it's not a huge departure historically for Fedora to push a release out a week.

Ken Starks (77:28)

Well, if my laptop had a MediaTek MT7922, I definitely want them to push it back so I'd know my wi fi would work.

Jonathan Bennett (77:36)

Yeah.

Jeff Geerling (77:37)

You know, and I mean, I can respect that they want to make it right before they. They ship it. I. I would much rather have that than, look, we artificially made a deadline, but it. All sorts of stuff is broken and you know, so.

Ken Starks (77:52)

And like rescue moods failing.

Jeff Geerling (77:55)

Yeah. Like I said, the rescue mode that doesn't work ceases to be a rescue mode.

Jonathan Bennett (78:01)

Failed rescue.

Jeff Geerling (78:03)

Yeah. It's not a rescue.

Jonathan Bennett (78:06)

Indeed, indeed. Yeah, I very, very tempted to do a couple of Fedora 43 installs just. Just to give it a try. So there's.

Jeff Geerling (78:16)

Would you do 43 or would you just jump and say, ah, heck, let's just go right into Rawhide.

Jonathan Bennett (78:23)

It depends upon which machine. So if I do it on the laptop, I'll just go to with 43. If I do it on the desktop, I will probably grab 43 and then install KDE plasma from Rawhide. That seems to be a relatively good combination. You can install just your desktop from Rawhide and that way not everything is broken, it's just your graphical interface is broken.

Jeff Geerling (78:48)

So anybody that doesn't know Rawhide, who.

Ken Starks (78:50)

Needs a graphical interface.

Jeff Geerling (78:52)

Yeah. For anybody that doesn't know, Rawhide is the rolling, cutting edge part of Fedora. And every so often they kind of freeze it or certain points in there. They freeze it and say, okay, this is going to be 43, this will be 44. But Rawhide keeps rolling and you can get off the train at any time or you can be like me and sometimes not get off the train at the right time and things don't go as well.

Jonathan Bennett (79:17)

You accidentally roll forwards to the next pre release.

Jeff Geerling (79:20)

Yeah.

Jonathan Bennett (79:21)

Yes. Yeah, don't do that. That's not what you want to do.

Rob Campbell (79:24)

Yeah.

Jeff Geerling (79:25)

It's like I didn't end up where I wanted to be.

Jonathan Bennett (79:27)

Yeah. So there is another distro release that is just around the corner in the past, it just happened. And Ken wants to talk about Zorin OS18 and I'm so used to these release numbers that are either really big like Fedora 43 or based on the year Zorin OS 18 sounds like it's about six years old. Six or seven years old.

Rob Campbell (79:51)

This was it's based on the year they they made it. They just got it out finally.

Jonathan Bennett (79:55)

It's been that long in the work.

Jeff Geerling (79:58)

They thought, well, the 18th release.

Jonathan Bennett (80:01)

There you go.

Ken Starks (80:01)

But yep, Jonathan, as you said, this year we are hearing about the Release of Zorin OS18 from of all people, Suravrudra, Marius Nestor and Bobby Borisov. They all say this release introduces a refreshed look, sporting rounded corners, lighter accent palettes, and a floating curved panel. By default, the redesign system brings a more consistent look across both GTK and QT apps. According to Bobby, Zorin OS18 is built on Ubuntu 24.04 LTS. Some of y' all may call that Noble Numbat and it's powered by Linux kernel 6.14, so it's a relatively new kernel there now according to Marius, it comes with a powerful new window tiling manager that promises to boost productivity, a new built in web apps tool to make it even easier to install your favorite applications, as well as what having other options and according to Surov, you will appreciate how Zorin OS 18 handles Windows installers. Now you can launch a Windows app installer and the system proactively suggests Linux alternatives available in the software store or compatible web based versions that offer similar functionality, making the transition less done. Marius and Bobby also write about Zorin OS18 introducing OneDrive file integration. Now Bobby even wrote a follow up article about the Zorin OS teams, posting about an impressive milestone. In less than 48 hours, Zorin OS OS 18 has been downloaded over 100,000 times and that number keeps climbing, making it, in Zorin's words, our biggest launch ever. Now I have links to Sorv Morris, Marius and Bobby's articles in the show Notes if you do want more details, including Bobby's answer to the age old question is the year of Is this the year of the Linux desktop?

Jonathan Bennett (82:40)

Is it the year of the Zorin desktop? That's really the question.

Jeff Geerling (82:45)

I I was just for the heck of it looking to see if I could see where they got 18 and I'm not really sure. It's funny because they they first release was number 1 2, 3.245 and then they go up but sometimes There's a, you know, 7, 1, 8, 1, 10, 11, 12, 15, 16, 16.3, you know it. Sometimes there's a couple releases in a year.

Ken Starks (83:12)

There's a logical progression.

Rob Campbell (83:13)

Just like Windows 7, 8, skip 9 and go right to 10.

Jeff Geerling (83:19)

And yeah, so there's. Sometimes there's multiple releases in a year. Sometimes they Skip years. Like 15.3 came out in 2020. Now this is according to Distrowatch, the next release was 16.3 in 2023. Then they came out with 1 in 25, 17.3 in 2025. Now 18s in 2025. So I. I'm not sure how that their numbering system eludes me other than bigger is better.

Rob Campbell (83:54)

Did you catch though how it said more rounded corners? I believe you really like rounded corners, right?

Jeff Geerling (84:00)

Oh, I. Yeah, yeah.

Rob Campbell (84:03)

You like them sharp, but they hurt.

Jonathan Bennett (84:06)

So sharp they hurt. I tell you what I really don't. What I don't want is I don't want to put my Windows together and be able to see the desktop through the rounded corners. That's no fun.

Rob Campbell (84:19)

I like that. That feature is pretty cool. Where it recommends other alternative software or web or otherwise. And I'm wondering is that. Does it actually detect what you're installing? If you're installing, trying to install Microsoft Office, does it say, oh, Office, you know, you should try LibreOffice.

Ken Starks (84:42)

LibreOffice.

Jonathan Bennett (84:43)

See, I was hoping he was going to say that when you go to install something on Windows, it automatically suggests installing it into a new wine bottle because that would be really useful.

Rob Campbell (84:55)

I think they have their own wine integrations in Soren to try to make it easier. So whatever. It's probably some custom. I don't remember how it is.

Ken Starks (85:05)

And they've got the capability of taking a website and converting it and the tool that lets you make basically make it into a web app that you can pin on your desktop.

Jonathan Bennett (85:15)

Yeah, I mean that's, that's a fairly. It's a fairly understood thing. Other oss let you do that and your mobiles will let you do that.

Rob Campbell (85:24)

Yeah, they integrate it. Yeah, I assume, I assume that one feature where they recommend they must have a list. So if you're installing some obscure Windows, they're like, I don't know what this is.

Ken Starks (85:36)

I think we could actually say they probably have a database for that.

Jeff Geerling (85:40)

Well, there's actually websites and I draw in a blank at the top of my head. But if you say Linux equivalent to X, a lot of times you get a specific website that says, oh, here's your options you have in Linux for.

Rob Campbell (85:53)

This popular program alternative to or.

Ken Starks (85:57)

That's what alternatives to or alternatives Dot com.

Jeff Geerling (86:01)

Maybe. Maybe that's what it is.

Jonathan Bennett (86:03)

Yep.

Ken Starks (86:04)

If not, you need to grab that one real quick.

Rob Campbell (86:08)

Yeah, I've used some of those sites and I'll tell you, they're not always on the mark. They're not great sometimes, but.

Jeff Geerling (86:15)

No but it's sometimes just a launching point of, you know. Okay, it gets me in there.

Ken Starks (86:21)

Or you can start searching.

Jonathan Bennett (86:23)

Yeah. Here is what this class of application is even called.

Jeff Geerling (86:28)

Oh, yeah.

Jonathan Bennett (86:29)

Yes. For sure. All right, that is our news. And we are about to dive into the tips. And we've got four really fun tips for you. We're going to cover right after this.

Jeff Geerling (86:40)

Have you noticed that the way we use our phones is ironic? Phones are for connections, but we look at them more than we look at each other. That's ironic. So U.S. cellular created U.S. mode to help us reconnect. It helps us use phones a little less. Ironically, a phone company wanting people to use their phones less is ironic. Let's find US again with US mode from US Cellular. Visit uscellular.com built for us to get.

Jonathan Bennett (87:04)

Started 25 years ago, a small group of business and government leaders met in Washington D.C. they envisioned the creation of an independent non profit organization with a mission to help people, businesses and government mitigate the growing threat of cyber attacks. Today, the center for Internet Security embodies that vision. For 25 years, it's worked with a global community of IT and cybersecurity experts to develop the CIS benchmarks and CIS critical security controls. These proven security best practices defend against common cyber threats and streamline compliance with industry frameworks, regulations and standards. Today, CIS provides cybersecurity services, threat intelligence and critical resources to help public and private sector organizations alike strengthen their Cyber defenses. Visit cisecurity.org today. That's the letters cisecurity.org to find out how CIS can help your organization as we create content confidence in the connected world.

Rob Campbell (88:06)

This episode is brought to you by Cohesity. For security and IT professionals, resilience is not just a feature, it's a movement. Cohesity makes sure you're ready for the midnight alerts and morning reviews. With Cohesity, you can secure and protect your company's entire data estate with a single platform, reduce your risk from threat actors, and quickly respond and recover from destructive cyber attacks, strengthening your company's resilience. That's why Cohesity is trusted by 70% of the Global 500. Learn more@cohesity.com resilience everywhere.

Jonathan Bennett (88:38)

All right, Rob, what do you have for us?

Rob Campbell (88:40)

All right, my Tip for today is app. That's not what I've actually used, but reading into it, it sounded pretty interesting. So. And something maybe some of our listeners might be interested in. So I thought I'd share it in case you don't know about it. So do we have any Fast mail users listening? I'll wait for you to respond. Okay. If, if not, and you're looking for an alternative email provider to the likes of say Microsoft 365 or Google fast Mail might be one to check out. They have plans compared comparable to like the basic Office365 and Google Workspace accounts, you know, with email, calendar, contacts, but for almost, almost half the cost. You know, depending on which one you're looking at. The, the cheapest one starts like $3. Otherwise there's group ones and bulk ones.

Jonathan Bennett (89:37)

Probably enterprise plans and all that.

Rob Campbell (89:39)

Yeah, there's business and enterprise plans and all that stuff. So, you know, and what I read about, I looked in a little bit. You know, I've heard of fast mail, but I never really looked at too much. Fans say it's fast and secure and, and is that where they got the name from?

Jonathan Bennett (89:55)

Hey, it's fast, it's mail. Sorry.

Ken Starks (89:58)

Yeah, it's fast, it's mail.

Rob Campbell (90:01)

It's fast mail. And like I said, I'm not a user, but from what I looked at it, you know, it appears to have a clean email interface, which is something I really like. You know, that's why I don't use a lot of the, a lot of the email clients out there because I just feel like they look there. But I feel like a lot of webmail ones are really kind of, a lot of them, not all of them are doing pretty, a pretty good job these days. So what I really like about this one is that they have, they have something that Google doesn't even have in their offering and that is they have a desktop app for Lennox. So this app, it's okay, it's an electron app which makes it kind of web based but I mean it's using, it's. So it's using the same user interface. You know, it's going to be the same as the webmail interface but with OS integrations including desktop notifications. And it's going to respect your dark mode preferences more than a regular browser tab provides. So if you are a fast mail user or you want to become one, I suggest checking out the Fast Mail app available as a flat pack on flathub. And I wish I could have tried this myself as it looks beautiful I love the look of it for webmail, but I'm not looking to switch email providers at this time and I don't have time to just try it out, but to switch just for the sake of switching. But I do, I do wish others like Thunderbird could maybe improve their interface. Thunderbird has been improving over the years, I think, but I think they could improve it more, maybe look a little more refined like this one does. So if you're a fast mail user, they have a Linux app.

Jonathan Bennett (91:59)

Now, is it just Electron?

Rob Campbell (92:01)

It is just Electron, yes, that's what I said.

Jonathan Bennett (92:05)

So, yeah, well, okay, I guess I'll give it to you.

Rob Campbell (92:10)

It has the desktop integration, so it's a little more than just, you know, another website in its own little shell.

Jonathan Bennett (92:17)

It's not just the website in Electron. All right, fair enough.

Rob Campbell (92:20)

It's not just the website in it.

Jonathan Bennett (92:22)

And yeah, all right, Jeff, you've got Octopi. And when I first saw this I thought that's a 3D printer.

Ken Starks (92:29)

3D printing.

Jonathan Bennett (92:30)

Yeah, not that one, the other Octopi.

Jeff Geerling (92:32)

Not. Yeah, and this might, I think probably predates it. So having been on the Debian side of things for a lot of years with, you know, I had some small detours into Fedora over the years, but overall, you know, I know the APT package manager really well. Well, with being in the arch side of things now I'm learning Pac man, which is the Arch package manager or Cash OS in my case, but same thing. To make things a little easier, there's a graphical program which is used like a front end to pacman Octopi. It's a graphical user interface which makes things easier when you don't know the program like the back of your hand and don't feel like going through the Google learning curve. Now it's written in C, uses the QT toolkit that's, you know, KDE. The source code is on GitHub and it started back in 2013. So octopi consists, consists of a package browser, a sudo helper, a notifier cache cleaner and repository editor. And the link in the show notes even has a link to a YouTube channel that you can go and see it in the action if you so wish. Now through the GUI you can search for packages from both main and they say foreign repositories, meaning external to what your distribution normally has. So you're adding a different non standard repository you can install reinstall, you know, including local packages. So you can use it if you download, you know, a package and want to Put it on. Of course, remove upgrade. You can visualize the files in there and view repository changes and distribution Distribution news as well. So all package database actions that involve changes are performed using the Pac man command. So it's. You could do this on the command line if you so desired. It's just simply feeding Pac man the proper command line for privilege escalation. Qt Sudo is the only program which will work with Octopi, so you have to have QT and and I said kde. QTE isn't exclusive to kde, but in the Linux world they go pretty hand in hand. Your most QT applications are kde. I'm not going to go over how each of the features looks, but you can look at the link in the show notes for documentation on everything. They have a Frequently Asked Questions or a faq. So if you'd rather point and click than type it out for your package needs, check out Octopi. Happy installing?

Jonathan Bennett (95:26)

Yeah, very cool. Octoprint is the application I was thinking of. And Octopi is what they call the combined Raspberry PI image that has Octoprint on it. That's where the naming confusion comes from. All right, Ken, you are muted and you want to talk about AI Gemini. What is up with Gemini?

Ken Starks (95:54)

I don't want to talk about it, but I thought I'd share with you how you can access Gemini command line interface from your Linux terminal. I'm going to refer you to. Let me go ahead and bring up a browser real quick to get the Gemini GitHub page, which is right here and it's got instructions on how you can install it. And I've got a link in the show notes if you do actually want to play around with it, if you've got a Gmail account, you can play around with it for free as a personal device. Well, the quickest way to install it if you already have Node JX running on your system is to just copy this command here, npx, followed by the link to the GitHub and post that into your terminal and it will ask you if it's okay to proceed with installing it. I'm going to say yes, I'm live. I like living dangerously in a vm.

Jonathan Bennett (97:17)

Ah yes.

Ken Starks (97:20)

And as we're watching here, let me go ahead and bring up so y' all can see what I'm talking about. And is that easier to read?

Jonathan Bennett (97:32)

Yeah, I can see it. All right, you've told it that it is okay to proceed.

Rob Campbell (97:37)

Yep.

Ken Starks (97:42)

And y' all can see the command there it's just mpx followed by HTTPs://GitHub.com google gemini gemini desk cli easy to remember.

Jeff Geerling (98:01)

Trivial rolls off the tongue.

Jonathan Bennett (98:04)

Yeah.

Ken Starks (98:05)

And they're loaded it up.

Jonathan Bennett (98:09)

Very cool.

Ken Starks (98:10)

And now that we've got it loaded up, what can you do with it? Well, the first thing I would recommend doing is you type a slash followed by help and that'll give you help on using Gemini cli. It'll give you all the commands that you can use and how you can switch to shell mode from within it. So say you wanted to list what your current directory that you're in is. You do that and it lists all the files and directories that you may have. You can do that from the command line though right? Now let's go ahead and hit that colon again so we can get back to the Gemini prompt. And I'm going to use the command about to give you the version information. And as you notice it says this is a nightly build that I'm running. And it there are is a way that you can set it up so it's running in a sandbox if you've got Docker image set up that you want it to run in. But while you're here you can ask questions like what files are in my current directory. And now it's asking me if I can will allow it to execute ls. I'm going to say yes, I did that by hitting the number one. I could have just hit return with that highlighted and you saw what it did the same thing I did. And you can ask ask it more detailed questions as well.

Jonathan Bennett (100:24)

This is, this is an interface for running this as an agentic AI then because it actually gets to use these tools to tell you things.

Rob Campbell (100:30)

Yep.

Jonathan Bennett (100:31)

Ah, interesting.

Ken Starks (100:35)

And I'm going to do this. Can you summarize this page? And let's go back here and guess what page I'm going to ask it.

Jonathan Bennett (100:49)

To summarize Little AI navel gazing.

Ken Starks (100:56)

Since that's the easiest one to find. And here it is. And as I said, it prompts you. Do you want to allow it to. Yes, you can allow once, allow always, no suggest changes. So let's go ahead and say yes, allow once. And it begins. The web page announces now as you notice, it's got a where it says Web fetch and it's. That's one of the tools it uses. The other one was the shell. And then after it's processed from the prompt it comes back saying the Gemini CLI is an open source AI agent that brings Google's Gemini to your terminal. It's lightweight, has a free tier and gives you access to the Gemini 1.5 Pro model. It has built in tools for web search, file operations and running shell commands. You can also extend it with custom integrations. All right, now one of the commands that you can use is stats. And here's what's nice. I can hit tab and then it gives me do I want to do model or tools? So I'm going to go with model and there's a model Stats for nerds shows how many requests I made, how many tokens I've used, what the latency is. And as you look there, you'll see there's columns showing that There's a Gemini 2.5 flashlight, Gemini 2.5 flash and Gemini 2.5 Pro. And it looks like I did two requests to the flash and the Pro and three to the OR, two to the flashlight in the Pro and three to the flash. Now I'm going to show you how you can get out of this. That's just quit and I'd have to run this again and install which would install it again. So it's never on my system within the vm. Now having said that, on my Ubuntu system, let's go ahead and bring this up. I've actually got it installed. This one's installed via Homebrew and there it's loading the cache credentials. It uses that to verify that I'm authorized.

Jonathan Bennett (103:51)

And.

Ken Starks (103:53)

Again you do the help. Now what I want to demonstrate here is chat and I'm going to list saved conversation checkpoints. And there you see I have one that's list MPN bug. I just threw out a tag for it.

Rob Campbell (104:25)

And.

Ken Starks (104:32)

I'm going to go ahead and resume that from the checkpoint. And it starts by going back to show what you've already done.

Jonathan Bennett (104:48)

Cool.

Ken Starks (104:50)

And this is where I was trying to update something that gave me some error messages in Brew. I forget what it was now, it was earlier today, but I just took and asked it to find out why the command filled.

Jonathan Bennett (105:23)

Did it actually help you? Did it give you useful results?

Ken Starks (105:27)

Yeah, it told me that that's the command that was actually filling because I was getting it when I was doing a upgrade on all the different options I have for upgrading like to my system git my Rust and Cargo and Brew trying to think what all my top grade ends up upstating on this system because of where I get some of the applications I have running. And it showed that where is node is empty. So no JS isn't in standard locations and but as you can go through, you see it check to see if install brute packages for it. Brew list confirms node is installed and there it's went through to verify the executable location it said it couldn't access outside home. Dad. The error means node isn't in the path. So for whatever reason it wasn't at the path at the time that I did the top grade.

Jonathan Bennett (106:47)

All right, I've got a command line tip that I want to make sure we have time to get to as well. And that is, it's actually two of them. It's one we've talked about before and one that I'm not sure that we've talked about before. And this all came up because I have a hard drive that I needed to securely wipe because it came from a customer. And so I, about a week ago, week and a half ago, I sat down and figured this out. I was like, okay, how do I do this? And it will shred. And we've talked about the shred command before. You can shred a file on your Linux system, but you can also use shred to securely erase an entire hard drive. And so in that case you just would run like sudo shred and then a dash V and then the device. Not a partition on the device, but the whole device like dev, SDA or sdb. Be very careful when you do this that you use the right device, because if you shred your primary hard drive you will lose all of your data and you will be very sad. So that is what I used and then I went back and did a bit of looking because modern hard drives are fancy and complicated and they do things like wear leveling and they have extra blocks. And so it is possible that part of your data will survive that shred because of that wear leveling and it will be in the extra blocks, the spares. And so there is a second way that you can securely erase a hard drive and that is hdparm or HTP arm. It is a utility for working with hard drives. And I've got a second link here that goes to that.

Jeff Geerling (108:43)

And.

Jonathan Bennett (108:46)

It is essentially the security erase enhanced flag in hdparm and that will do a secure erase. And the thing to remember there is that different hardware, different pieces of hardware support this in different ways. And so a really well built hard drive will do a good job securely erasing something. But there have been reports where people run this command and about two seconds later their hard drive comes back and says, okay, I did it and maybe you didn't actually overwrite all of that data. So if you have a drive that you really need to erase, I would actually recommend running Shred first. And you can tell Shred to run multiple times. I think by default it's going to run two or three times. Yes. Random data three times. Shred by default, overwrites the blocks with random data three times. And then I would actually say if this is a drive that you really need to be erased, also go back, follow that up with the hdparm command to make sure that as much as that drive is capability of doing so, it goes back in and also clears those extra blocks and any other places where data might be hiding. Yeah, I learned that in these last couple of weeks and found it really interesting. Very nice. There you go.

Jeff Geerling (110:28)

Yeah, I just want to add in here that I wish I'd looked at the little closer at the tips because I was going to have a show title this week of no AI in this episode. Foiled again, Ken Foiled me.

Jonathan Bennett (110:46)

Yes, yes. Yeah. And of course, so now people are talking in our chat room about how do you actually destroy a drive. And yes, if it is a spinning platter hard drive, then magnets might do it. Actually, the better way I would say was splint, sledgehammer, no drill bit. Just run a drill bit down through. Because they're basically made of glass. Once they shatter, that memory is completely gone. I would not necessarily trust a drill bit for an ssd because the actual memory storage chips, the physical parts that store the memory are so tiny, it would be difficult to make sure that you got them all. So that's where it's nice to do some physical wiping.

Ken Starks (111:24)

Well, you'd have to do a lot of holes.

Jonathan Bennett (111:26)

Exactly.

Rob Campbell (111:29)

You really want to do it. You can have it shredded physically.

Jonathan Bennett (111:33)

It's true.

Rob Campbell (111:33)

Yeah.

Ken Starks (111:34)

Because through one of those shredders that you see cars going through.

Jeff Geerling (111:41)

Yeah, Only one set for like drive, so it's much tinier pieces because the drives, I mean, if, if, say you're super famous, you know, you're the president, you're the a billionaire or whatever, someone gets a hold of your drive, you can take those individual chips, deprocess them and get down to the cell level and start measuring the, the hysteresis on the cell to find out what things are. And I mean, you can, depending, depending what level of paranoia you have. It's, you know, even in a race and it's kind of funky because, you know, we had Harold and saying, well, just don't put all zeros in there. And actually, I don't know of a drive anymore that you can write all zeros to at the cell level because they put a hash in there because you don't want a huge block of zeros or ones because it'll cause field effects on other cells and can disrupt data. So you want to keep. Rather than having a large block of one potential, you want to have it kind of mixed up and spread out. It's not a hash for like security, but it's just a. Don't have too much in of one charge in one place.

Jonathan Bennett (113:02)

In the RF world, they call essentially that same thing data whitening to where you introduce some ones and zeros. A mix of ones and zeros because it makes the data actually more resilient in the airwaves. Very similar concept.

Jeff Geerling (113:21)

Yeah. I've also heard it calling swizzling.

Jonathan Bennett (113:25)

Yep.

Jeff Geerling (113:26)

Some of the old timers were.

Ken Starks (113:28)

Well, according to Gemini, by default, the shred command in Bash overwrites files three times, does not remove them after overriding, and uses random data for the final overwrite.

Jonathan Bennett (113:41)

Yes.

Ken Starks (113:42)

It also rounds up the file size to the next full block to override any slack space.

Jonathan Bennett (113:48)

Yeah, Shred is actually a pretty good utility for that. I was. I was pretty impressed by how well it did.

Ken Starks (113:55)

And it looks like it actually just.

Jonathan Bennett (113:56)

Read the manual, probably. All right, let's let each of the guys plug whatever they want to. We're gonna let Rob go first.

Rob Campbell (114:06)

All right. For those who appreciate what I do and want to get more of me, you can find me at robert p.campbell.com and that's my website for me, my personal one. Once you get there, there are links at the top for my LinkedIn, my Twitter, my blue sky, my mastodon, and a place to donate coffees to me in five dollar increments. Or if you want to donate to, say, Ken or Jeff, you could put it there and make it. Make sure to just put a comment. And I've already paid off Jeff one time, so yeah, you go ahead and do that. If you want to find out more of me, there's. You could scroll and see. See some more stuff about me too, on that page. That's all about me. Come find me, come connect, come learn, come say hi, whatever.

Jonathan Bennett (114:57)

Yep.

Ken Starks (114:58)

All right. And Ken, I don't really have anything this week, so I'm just going to recommend especially to you, Jeff, back up backup and backup. Jeff, did you ever figure out how to do snaps or reboot a snapshot of your casheos?

Jeff Geerling (115:23)

I Didn't. Not yet. I was working on the delayed reboot, so I got that. That was my fix for the week.

Jonathan Bennett (115:33)

One fix a week? Yeah. I get too excited here.

Jeff Geerling (115:36)

Yeah, I work a lot of hours. Okay. So this is. I don't really have much either. This is going to be Poetry Corner. And again, this is about something. So we're switching things up a little bit here. Using wires is so 2001. Five phones with no headphone jack make me feel alive. At first you must pair Then data moves through the air. This text name might make dentists cry. Bluetooth. Other than that, I don't have anything. So just everybody have a great week.

Jonathan Bennett (116:14)

Yeah. All right. I have been cleared to tell you all about something very cool coming up on Friday the 24th, the twit D&D adventure. It starts at four central. It's four to seven central time. That's two to five on the east coast and five to eight. No, five to eight on the east coast and two to five on the west coast. And yours truly was invited as one of the players. It is a fall themed one shot. And so if that is your thing and you're part of the club, come check that out. It will be a Club Twit exclusive. We'd love to see everybody there. Aside from that, if you want to follow me, you can find find my stuff on mostly Hackaday. That's where Floss Weekly is at these days and also where my security column goes live every Friday morning. Appreciate that. Other than that, we just want to say thank you to everyone that watches, that listens, that gets us live and on the download. And we will be back next week for another Untitled lending show.