Untitled Linux Show 226: Ubuntu Friendly Fire
Podcast: All TWiT.tv Shows (Audio)
Host: Jonathan Bennett (with Ken Starks, Robert P. Campbell, Jeffrey Tucker)
Date: October 26, 2025
Episode Overview
This episode dives into the week’s major open source and Linux news, with a focus on a startling Xubuntu website security breach (“Ubuntu Friendly Fire”). The panel discusses critical Linux security issues, a fresh Windows vs. Linux hardware benchmark, notable distro updates, advances in running Linux on Apple Silicon, Austria’s open source government pivot, and more. As always, the tone is relaxed, friendly, and geeky with plenty of practical tips and trivia for listeners.
Key Discussion Points & Insights
1. Xubuntu.org Website Hack: Security Lessons
- Summary: The official Xubuntu (Zubuntu) website was compromised and briefly served up Windows malware disguised as a Linux distro torrent.
- Details:
- The compromised file was “zubuntu-safe-download.zip” containing a Windows executable and a fake terms of service.
- The direct ISO downloads and checksums remained safe; only the torrent link was affected.
- The intent was apparently to target Windows users considering a switch to Linux—likely for cryptocurrency clipboard hijacking.
- The breach lasted likely just a day or two, and the team responded rapidly.
- Triggered the decision to replace their aging WordPress site with a static, simpler version for better security.
- Larger issue highlighted: open source software may be secure, but project sites can rely on outdated, leaky platforms.
- Quotes:
- “It’s a little startling when something like this happens, because that could have been so much worse...”
— Jonathan Bennett [09:26] - “The malware reportedly tried to intercept cryptocurrency links copied to the clipboard... if you’re a Windows user, you could have been at risk.”
— Robert P. Campbell [08:34] - “Even when the software itself is solid, the website behind it often relies on shared or outdated content systems like WordPress...”
— Robert P. Campbell [09:06]
- “It’s a little startling when something like this happens, because that could have been so much worse...”
- Comparable Incidents: References to recent npm and VS Code extension “worm” malware, showing what sophisticated threat actors could do if they breached Linux infrastructure.
2. Windows vs. Linux Performance on Ryzen 9 9950X/X3D
- Summary: Recent Phronix benchmarks reveal Linux significantly outperforms Windows 11 on cutting-edge AMD Ryzen hardware—especially in CPU-heavy workloads.
- Key Insights:
- Tests ran CPU workloads exclusively (not games) on identical hardware setups.
- Ubuntu 24.04 and 25.10 showed nearly negligible performance differences (kernel 6.17 didn’t regress or boost raw CPU performance).
- Linux was 11-13% faster than Windows 11—an amount large enough to be felt in real usage.
- Some kernel-level optimizations (cache-aware patch) are yet to be included; future benchmarks could see Linux pulling further ahead.
- Quotes:
- “Linux was faster by 11 to 13%... 10% is where you can really start to notice a difference.”
— Jeffrey Tucker [20:04] - “Windows seems like it went under a large regression when they went from 10 to 11...”
— Jeffrey Tucker [20:36] - “The old OSes really did run well, and the new stuff... is kind of terrible.”
— Jonathan Bennett [23:58]
- “Linux was faster by 11 to 13%... 10% is where you can really start to notice a difference.”
3. Clonezilla Live 3.3.0.33: Disk Cloning Tool Updates
- Summary: A major Clonezilla release adds new features for advanced disk/partition cloning and backup use cases.
- Notable Updates:
- Based on Linux 6.16 kernel, adds MTD/EMMC support for expert users, and tools for managing aliases and image merges.
- Locale and keymap selection improved for the live shell environment.
- Panel agrees: great tool for complete disk images and migrations, but less ideal for regular, versioned backups.
- Quotes:
- “It’s great as a whole disk backup... but as a daily backup tool? Not so much.”
— Robert P. Campbell [32:21]
- “It’s great as a whole disk backup... but as a daily backup tool? Not so much.”
4. Asahi Linux: Apple Silicon Advances
- Summary: Major milestones for running Linux on Apple Silicon, including new upstream kernel drivers, Rust-based bootloader improvements, and Windows gaming via Wine.
- Highlights:
- SMSC core drivers now merged—prepping for fully upstreamed WiFi/Bluetooth support.
- M1N1 bootloader gaining Rust for safety, with improved CI for up-to-date installer bundles.
- 64-bit Windows games like Hollow Knight and Nier Automata proven to run on M1 Pro MacBooks using Wine.
- Preliminary progress booting Linux on M3/M4 chips: currently just a blinking cursor, groundwork being laid.
- Fedora Asahi Remix dailies now available, aiming to simplify first-boot experience.
- Quotes:
- “The gaming experience on Asahi is better than the gaming experience on MacOS.”
— Jonathan Bennett [39:27] - “If you wanted to game on a Mac, you would have to install Asahi. And that day is sort of here.”
— Jonathan Bennett [39:53]
- “The gaming experience on Asahi is better than the gaming experience on MacOS.”
5. Multi-Kernel Linux Architecture: The Next Leap
- Summary: New kernel patches explored that would allow several kernels to run in parallel on a single system, each isolated and managing its own CPU cores.
- Why it Matters:
- Provides fault isolation, enhanced security, and fine-grained resource allocation without heavy hypervisors.
- Could allow, for example, a real-time kernel for media encoding alongside a standard kernel for desktops—on the same hardware.
- Still a long way from production, but growing core counts in CPUs (e.g., 32+ cores) make this more practical and desirable.
- Quotes:
- “Multiple independent kernel instances can coexist and communicate on a single physical machine... Each can run on a dedicated CPU core while sharing hardware resources.”
— Jeffrey Tucker [49:22] - “I’m excited to see where this could go... This could replace several physical machines.”
— Jeffrey Tucker [58:31]
- “Multiple independent kernel instances can coexist and communicate on a single physical machine... Each can run on a dedicated CPU core while sharing hardware resources.”
6. Mobian: The Debian for Phones Project
- Summary: Mobian, a Debian-based distro tailored for specific mobile devices, launches in parallel with growing interest in open Linux phones.
- Key Points:
- Supports PinePhone/PineTab, Pixel 3a, OnePlus 6/6T, Xiaomi Poco F1, and Purism Librem 5.
- Two variants offered: Phosh (GNOME phone shell) and KDE Plasma Mobile.
- The main hurdle for wider adoption: highly fragmented ARM hardware, lack of standardization, proprietary drivers, and locked bootloaders.
- Quotes:
- “Has somebody put together a working device tree? That’s about the hardest part for ARM.”
— Jonathan Bennett [63:57]
- “Has somebody put together a working device tree? That’s about the hardest part for ARM.”
7. Canonical & Ubuntu: AI, Rust, and Platform Pushes
- Summary: Canonical is doubling down on modernization—AI models as Snap packages, a new Canonical certification program, and a controversial move to Rust-based core utilities.
- News:
- Ubuntu 25.10 is transitioning it core utilities from GNU to Rust-based implementations.
- New bug: Rust coreutils broke Ubuntu’s own unattended-upgrade feature (auto-security updates), requiring a manual fix for users.
- Launch of AI model Snaps lets users install local, hardware-optimized LLMs with a single command (currently Intel/ARM64; NVIDIA/AMD soon).
- Certification program (Canonical Academy) launches; prices undetermined, but some details emerge: $100 for a Linux terminal cert.
- GIMP’s Snap package now officially maintained by the GIMP team, matching its direct releases.
- Quotes:
- “The bug came from a difference in how the new Rust version of the date command reports timestamps... minor, but it broke one of Ubuntu’s most important processes.”
— Robert P. Campbell [66:54] - “Canonical and Ubuntu are making strong pushes to be the leaders of Linux...”
— Robert P. Campbell [72:56]
- “The bug came from a difference in how the new Rust version of the date command reports timestamps... minor, but it broke one of Ubuntu’s most important processes.”
8. Austria Moves Federal IT to Open Source
- Summary: Austria’s Federal Ministry for Economic Affairs, Energy and Tourism (BMWet) migrates to local IT infrastructure based on Nextcloud and Collabora (LibreOffice).
- Motivation: Digital sovereignty, privacy concerns over foreign/cloud providers.
- Execution: Accomplished in 4 months with integration to existing workflows; some Microsoft Teams use remains for external meetings.
- Context: Part of a wider EU trend of government bodies dropping proprietary solutions for open source alternatives.
- Quote:
- “This one’s already in the can. It’s a done deal...”
— Ken Starks [82:53]
- “This one’s already in the can. It’s a done deal...”
9. Other Notable News & Tips
- KDE 6.5 Rolls Out:
- Anticlimactic in a good way—“it still works, just like before.”
- “Anticlimactic... but that’s the sort of problem you want.”
— Jonathan Bennett [05:11]
- Digikam 8.8 Image Manager:
- Adds blur, facial recognition, expanded language support (61!), Wayland fixes, and deep metadata features.
- “Facial recognition finds baby pictures by comparing them to teens—really impressive.”
— Jeffrey Tucker [81:43]
- Backup and Command-line Tips:
- Backup Tools Debate: Clonezilla (full images), rsync/rclone (incremental/daily), Proxmox Backup, or plain tar.
- Lazy SSH: A new tool for quick, organized SSH access to multiple systems (demo by Robert).
- Barrier: Software keyboard/mouse KVM for controlling multiple machines—cross-platform, open source.
- Printf/Echo on CLI: Ken covers formatting output with printf (demos right/left-aligned strings, variable substitution).
- Cataclysm DDA (“Dark Days Ahead”): Terminal-based open source roguelike game demoed.
Notable Quotes & Memorable Moments
-
On the Xubuntu Hack’s Unintended Limitations:
“The malicious actors are listening to our show right now being like, oh, why didn’t I do that?”
— Robert P. Campbell [10:14] -
On Old vs. New Operating System Responsiveness:
“You would click on something and immediately Windows would pop up... This is what we had that they took from us.”
— Jonathan Bennett [23:17] -
On Privacy and Open Source Success in Austria:
“What happens in Vegas stays in Vegas... That’s their approach to information control.”
— Ken Starks [85:08] -
On Linux’s Public Awareness:
“It’s broken into the public consciousness. It’s kind of hit mainstream.”
— Jonathan Bennett [87:58]
Timestamps for Key Segments
- [06:13] Xubuntu.org Security Breach: Malware and Response
- [16:03] Windows vs. Linux Ryzen 9 Benchmarks
- [28:21] Backup Tools: Clonezilla, Rsync, Rclone
- [34:58] Asahi Linux and Apple Silicon Progress
- [48:24] Multi-Kernel Linux Architecture discussion
- [62:05] Mobian: Debian for Phones
- [66:21] Canonical’s Rust Coreutils and AI Snaps; Canonical Academy
- [82:53] Austria Migrates Federal IT to Nextcloud
- [91:35] Command-Line Tips & Tools: Lazy SSH, Barrier, Printf, Cataclysm DDA
Original Tone & Panel Vibe
- Fun, relaxed, and nerdy with lots of camaraderie
- Frequent deep dives, historical context, and witty asides
- Quick transitions between news analysis, practical tips, and playful banter
- Emphasis on empowering listeners with knowledge, caution, and curiosity
Conclusion
This episode offered both in-depth and accessible coverage of a headline-making Linux website security incident, robust hardware benchmarks, practical admin advice, advances in ARM and Apple Linux, distro updates, open source advocacy in government, and creative tools for power users. The wide-ranging tone and topics make it useful for newcomers and seasoned Linux geeks alike.
Final advice:
“Backup, backup, and don’t let it burn!”
— Ken Starks [112:54]
And as always:
“We’ll see you next week on the Untitled Linux Show.”
— Jonathan Bennett [114:01]