Summary8 min read

Untitled Linux Show 241: A Very Hot Sandwich

Date: February 8, 2026
Hosts: Jonathan, Ken McDonald
Podcast: All TWiT.tv Shows (Audio)

Overview

This episode of the Untitled Linux Show dives into a packed set of open source, Linux, and tech topics, with a special focus on recent major updates in open source software, the rising cost of RAM (especially as it affects Raspberry Pi enthusiasts), community challenges within Debian, the impact of AI on open source contributions, and notable releases like Ardour 9 and Shotcut 26.1. The episode sees Jonathan and Ken McDonald volleying in-depth technical discussions, personal insights, and some classic Linux humor, while skipping the usual three-parter format due to Rob and Jeff’s absence.

Key Discussion Points and Insights

1. LibreOffice 26.2: Major Update Breakdown

[02:06–08:09]

Performance & Responsiveness: Drastic performance improvement, especially for handling large documents.
Security: New password-based ODF "wholesome" encryption using AES-GCM and Argon 2 ID.
Macro Management: New macro manager dialog, improved BASIC code completion.
Spreadsheet Improvements: Calc gains faster hidden column scrolling, better Excel (BIF12) clipboard format support, and over 2,000 community commits (notably from Collabora Productivity).
Database Upgrades: Base (database module) becomes fully multi-user.
Presentation Tweaks: Simpler hyperlink insertion and screenshot copy-paste.
Distribution Note: Updates roll out slowly across major distros (e.g., Fedora).
Quote:
"I don't even know if I have LibreOffice installed which is... ah, look, LibreOffice it is on there. Let's see what version it is. Help. And about 25 I'm living in the past." — Jonathan [04:44]

2. The Price of Memory: Raspberry Pi’s AI-Driven Price Hikes

[08:09–14:40]

Big Price Increases: 16GB Raspberry Pi 5 model now $205; combined with Argon One laptop shell, a full Pi laptop rises to $600.
Price Justification: RAM crunch due to AI demand; expected to abate when AI trends calm down.
Hardware Innovations: Introduction of Pi 4 boards with dual RAM chips—potential cooling and upgrade implications (aka “the very hot sandwich”).
Long-Term Vision: Dual RAM experience could enable higher capacity Pis in the future.
Hardware Ecosystem Realities: Pi used to be “dollar computer for the masses,” now creeping into mid-range laptop territory.
Quotes:
"These things are getting to be quite expensive, like $200 in some cases for a Raspberry PI, which is quite the departure from the doll computer it started out to be." — Jonathan [09:37]
"Are we making a very hot sandwich here?" — Jonathan [13:52, referencing thermals of dual-sided RAM boards]

3. GIMP 3.2 & Krita 6: Major Open Source Graphic Software Leaps

[19:52–26:43]

GIMP:
- GIMP 3.2 to focus on stability, non-destructive editing (catching up to proprietary tools), accelerated image ops, color pipeline & text tool overhaul.
- Presentation at FOSDEM 2026 discussed upcoming feature roadmap.
- Non-destructive editing expected to be a "game changer."
Krita 6:
- Ships with Qt6 (but retains old code for Android/Chrome OS support).
- Gains HDR/color management, improved vector/text handling, and better file format support.
- Introduction of a Python plugin API, boosting extensibility.
Quotes:
"That's going to be a big change for GIMP and it is going to elevate it to the next level of being able to do things." — Jonathan [22:12]
"Digital art is not something that I'm good at at all... but it's cool to see Krita and GIMP, both of them together, continuing to push the envelope." — Jonathan [25:52]

4. GNU Coreutils 9.10: The Unseen Linux Backbone

[27:55–32:43]

Fixes & Regressions: Addresses copy/move bugs with sparse files, improves hyperlinks formatting, multi-character support for 'paste' command, and more.
Ongoing Improvement: Original Coreutils still receives fixes and features, not just Rust/C alternatives.
Quote:
"Believe it or not, it's not done software. Every once in a while we talk about a program that's like, it's pretty much done. These are not, not quite." — Jonathan [31:10]

5. The State of GNU: The 70% Solution?

[32:53–33:30]

Brief mention that the original GNU OS is reportedly “about 70% complete” decades on, reflecting on the longevity and pace of certain OSS projects.

6. Toyota’s Surprise: An Open Source Flutter/Dart Game Engine

[33:31–38:25]

Why a Car Company Needs a Game Engine:
- Toyota Connected NA is developing "Fluorite," a console-grade engine in Flutter/Dart (used in their in-car dashboards).
- Could be for infotainment games or simulation/training.
Technical Perks: Hot reload, fast dev cycles.
Tangents: Trademark joke about “Dart” (as in Dodge) vs Google’s Dart language.
Quote:
"I was trying to think, it's like what is Toyota doing here? Why does Toyota need a game engine?... I think it's great. I love having additional open source video game engines." — Jonathan [36:29]

Community & Ecosystem Updates

Debian Community Challenges: Inactivity and AI Scraping

[40:24–48:17]

Inactivity ("MIA"):
- Current challenge with developers fading out quietly.
- Proposal for periodic automated email checks for potentially inactive developers.
- Quote:
  "Debian has a structural challenge that's easy to overlook precisely because we are a volunteer project..." — Andreas T., Debian Project Leader (quoted by Ken McDonald) [41:41]
AI and LLM Scraping:
- Heavy AI scraper traffic forces CI infrastructure to require login and add firewall filtering, to preserve bandwidth and service integrity.

Commentary

Reflection on how project maintenance naturally ebbs and flows, but critical projects like Debian may need more formal gating and communication mechanisms.
"It's just a fact of life. People just need to work harder to communicate better." — Jonathan [46:06]

AI’s Chaotic Impact on Open Source Contributions

[47:24–58:29]

Bug Bounties & Hallucination Spam:
- Libcurl kills bug bounties after being drowned in ChatGPT-generated bogus issues.
- AI-generated pull requests (“vibe coding”) cause TLDRAW to deny PRs from outsiders by default.
Open Source Model Under Stress:
- The “bazaar” model is creaking as AI-driven low-quality nonsense threatens maintainers’ time and sanity.
Quote:
"Are we going to see the pendulum swing back and open source projects are going to become more cathedral-like because AI has made the bazaar far too chaotic?... I'm seeing a movement in that direction." — Jonathan [56:58]

Notable Quotes & Memorable Moments

On the Pi Price Hikes:
"Man, it's a hard time to be a Raspberry Pi enthusiast. It's kind of a hard time to be a computer enthusiast actually. Goodness." — Jonathan [14:37]
On Non-Destructive Editing in GIMP:
"That's one of those sorts of features that really lets you get in and sort of nail the effect that you want." — Jonathan [22:12]
On Old Open Source: "The fact that this automated system only kicks in after six months... that's a long time... if you're talking about security vulnerabilities, even six weeks is a long time." — Jonathan [46:06]
On AI Contributions: "The incentives were messed up... it was so easy for someone to write one of these bogus, use an LLM, and write one of these bogus things. It didn't cost anyone anything to do that, but the possibility that they were going to get paid for it was so tempting, the incentives were upside down." — Jonathan [53:44]

Timestamps for Important Segments

[02:06] LibreOffice 26.2 feature discussion
[08:09] Raspberry Pi memory price hikes and “hot sandwich” dual RAM innovations
[19:53] GIMP 3.2 and Kreat 6 open source creative tool updates
[27:55] Coreutils 9.10 fixes and ongoing utility relevance
[32:53] GNU’s slow road to “completion”
[33:31] Toyota’s surprising open source game engine
[40:24] Debian’s “missing in action” devs and LLM scraper problems
[47:24] The spammy impact of AI (“vibe coding,” bug bounties ruined)
[58:59] Ardour 9 and Shotcut 26.1 – major audio/video production releases
[69:43] Command line tips: systemd-analyze (Ken), gpio-get (Jonathan)

Reviews: Ardour 9 & Shotcut 26.1

[58:59–68:17]

Ardour 9:
- Adds piano roll windows, region-based FX, improved MIDI/automation, cue editing for live looping, and multi-touch GUI support.
- Anticipated to become a full “looper” for live performance.
Shotcut 26.1:
- Gains hardware video decoding (except Nvidia on Linux), aimed at tackling timeline lag.
- May pull Kdenlive users away if performance proves strong.
Quotes:
“If you are like me, an audio mixer nerd, Ardour 9 looks really cool and I'm going to have to go play with it.” — Jonathan [65:26]

Tips & Tricks

Command Line Tool: systemd-analyze

[69:43–74:01]

View system boot times, unit service exposure/security, architecture support, TPM status, etc.
Quote:
"There's a bunch of different things you can do with systemd analyze. I sat down while you were talking and played with just a few of them and reminded myself that there's way more here than I remembered." — Jonathan [73:29]

Command Line Tool: gpio-get

[74:01–82:35]

For querying GPIO line status on Linux devices (works on Raspberry Pi or modern laptops with kernel support).
Supports setting pull-up/down/unchanged bias, returns pin states—handy for scripting.
Discussed quirks with argument flags and hardware support.
Installation via libgpiod-utils package.
Quote:
"Raspberry Pi was one of the—it was the gateway drug, let's say, for a lot of us to get to play with real hardware and GPIOs." — Jonathan [74:01]

Additional Notes

Fun Exchange:
"Digital art is not something that I'm good at at all. I'm not even good at making art on pen and paper... but it's cool to see Krita and Gimp both... continuing to push the envelope." — Jonathan [25:52]
Linux Humor:
"It's Hurd. H U R D and H E R D. That's the one that's a doubly recursive acronym." — Jonathan [83:08]

Conclusion & Sign-Off

[82:35–end]

Listeners are encouraged to check the show notes for links and further reading, including a piece on the perennial GNU/Linux naming debate and fun recursive acronyms.
Find Jonathan on Hackaday’s FOSS Weekly, and hear a thank you to everyone participating and listening—live or on download.

For full technical details, community discussions, and to see what’s next, tune in for the next Untitled Linux Show episode!

Loading summary

Transcript217 lines

[00:00]
Jonathan
This week we're talking about AI and the price of memory and how it's coming to a Raspberry PI near you. And then, of course, there's the GNU. Lots of updates and releases this month. LibreOffice, GIMP, GNU, Coreutils, Debian, Ardor9, ShotCut. It is a smorgasbord of version bumps. You don't want to miss it, so stay tuned. Podcasts you love from people you trust.
[00:30]
Ken McDonald
This is Twit.
[00:34]
Jonathan
This is the Untitled linux Show, episode 241, recorded Saturday, February 7th. A very hot sandwich. Hey, folks, it is Saturday and as always, you know what that means. It is time to get geeky. We're going to talk Linux and hardware and software programming, open source. We're going to talk about artificial intelligence. Maybe not put that last one in the best light, although, you know, we'll see. But it's time for the Untitled Linux show. And today I have a singular co host. I have Mr. Ken McDonald with me. Hey, Ken, welcome to the show.
[01:08]
Ken McDonald
Hello, Jonathan. I'm glad I could make it.
[01:11]
Jonathan
I am glad you could make it, too. So Rob skipped out with some excuse about a kid's robot competition, and I.
[01:18]
Ken McDonald
Can see where that would be more important.
[01:20]
Jonathan
And Jeff skipped out saying something about his sinuses acting up. I don't know. It's just the two of us though, either way. But we're gonna have some fun.
[01:27]
Ken McDonald
I think Jeff was worried about hurting his voice.
[01:31]
Jonathan
Yeah. Really get to know where his priorities were at. Right. Well, we've got some. We've got news to talk about. We've got some updates to talk about on reviews. We're actually going to kick into the news first. And I'm gonna let Ken go first. We're gonna go back. It's gonna be like ping pong today. We're gonna go back and forth. There's no third talking head here, which. That's all right. We can make it work. We're gonna let Ken go first and he's got. Well, it's. Apparently we're channeling the weekdays. Not the weekend yet, because you've got an office update.
[02:06]
Ken McDonald
Everything revolves around the office, especially if it's LibreOffice and Jonathan. This week we see just about everyone writing about at least my favorite open Source Office suite, no matter what OS you use. As Jonathan said, we are going to be talking about, in this case, LibreOffice 26.2. Now, according to Jack Wallen, it improves performance and responsiveness across all of the LibreOffice tools. It also makes working with larger documents smoother. According to Marcus Nestor. A couple of new experimental features that you can opt into have been added as well, such as new password based ODF encryption mode called ODF wholesome encryption using AES, GCM authenticated encryption and Argon 2 ID key derivation, as well as a new consolidated macromanager dialog and basic ID code completion. According to Saurav, Rudra Calc has received major performance and format upgrades. Pasting content from Excel is better now thanks to Bif12 that's Biff12 clipboard format support and scrolling in sheets with many hidden columns is notably faster too. Saurav even mentions the folks from Calabara Productivity have contributed over 2000 commits to this release. According to Joanne Sneddon base the LibreOffice database component is now truly multi user. You can work on databases at the same time as others without encountering annoying file lock quirks that force you to take turns on edits. According to Bobby Borisov, presentation workflows gain practical additions such as inserting hyperlinks directly from the context menu and copy and dialogue screenshots to the clipboard. In fact, with so much written about LibreOffice 26.2, I recommend reading the multiple articles I have linked in the show notes to get every single detail squeezed out of them.
[04:32]
Jonathan
Yeah, so I feel like most of our listeners are going to get this update maybe automatically or you know, the next time they install updates on their machine.
[04:41]
Ken McDonald
Since that I haven't checked if I've gotten it yet.
[04:45]
Jonathan
I don't. You know, honestly on this laptop I don't even know if I have LibreOffice installed which is. Ah look LibreOffice it is on there. Let's see what version it is. Help. And about 25 I'm living in the.
[05:01]
Ken McDonald
Past and that's probably the one that came with that installation of Fedora.
[05:07]
Jonathan
Yeah, running Fedora on this. Let's see see if I install an update for LibreOffice what happens LibreOffice Core we'll just say core see if the updates out there.
[05:23]
Ken McDonald
Well let's see if you if it bogs down your machine enough to cause your video shouldn't it shouldn't.
[05:32]
Jonathan
No. It looks like there's not an update ready to go here. So Fedora is with it just being.
[05:37]
Ken McDonald
Released, you'll probably see it come out in the next couple of weeks to the various distros.
[05:42]
Jonathan
Yeah, takes a little bit to get out. Nobody wants to ship nobody wants to ship new code right away and for good reason. But except for Fedora Ro Rawhide yeah, that's Rawhide. That's where it probably lands first. Although even in Rawhide they, back a few years ago they came out and said look, we're going to sort of try to make it less broken.
[06:03]
Ken McDonald
So we'll give stuff a week to filter out.
[06:08]
Jonathan
Pretty much make, make more of an attempt to not make it broken. I, I like that the, the copy and paste and I assume that would also imply that opening full opening files from, from the, into sheets, the old spreadsheet stuff into sheets works better and then obviously performance improvements.
[06:26]
Ken McDonald
Well, I think this has to do with the clipboard format support that they're using more so than with opening files.
[06:35]
Jonathan
Yeah, I went and looked at the, the BIF format which I've got to wonder like what did that stand for? And it sort of, it sort of implied that it was also an on the disk file format. So seems like it probably will help there too. I don't know. I don't write, I don't write LibreOffice. I don't have any patches in LibreOffice. I don't know what the inside of it looks like. It may still run on Java for all I know. I hope not, but it probably does at least some.
[06:59]
Ken McDonald
Somewhere Trying to think. Have they gotten to where you can use Python as the scripting language for their calc?
[07:09]
Jonathan
I think in some cases, yes. I don't, I don't know. I've, you know how long it's been since I've sat down at a spread at a conventional spread spreadsheet and actually.
[07:19]
Ken McDonald
Not one that's web based.
[07:21]
Jonathan
Correct. So much has moved to the web these days from doing my work.
[07:25]
Ken McDonald
Then you probably need to check out Calera Productivity's other options to, to do.
[07:32]
Jonathan
LibreOffice in the, in the browser. Yeah, yeah, but then you got to set it up or you got to pay somebody for it and it's like we, we just, I'm going to make an admission we just use Google Workspace.
[07:44]
Ken McDonald
Here's a question. Which is cheaper? Google works or paying?
[07:50]
Jonathan
Actually paying probably in the, in what I'm thinking of. It would probably be cheaper to go with collaboration. Calibera, Collabora, however they pronounce that it would probably be.
[07:59]
Ken McDonald
Especially if you're an enterprise. Yeah, yeah, but personal use, if you don't care about giving every bit of information about yourself away to Google, then go with Google Workspace.
[08:10]
Jonathan
I mean you're just, you're, you're just customizing the global universal AIs to know more about you. That's that's what it is, I'm sure. All right, let's, let's move on. Rather than talking about office suites for the whole show, I want to talk, talk about something more cheerful. The price of memory these days. Oh, that.
[08:32]
Ken McDonald
I hope it doesn't get too expensive. I'm having trouble with my memory already.
[08:36]
Jonathan
Well, that too, but I'm talking about in computers. So we're going to return to this.
[08:42]
Ken McDonald
Thing.
[08:46]
Jonathan
The laptop, the Raspberry PI laptop, which I've done some further testing with it, by the way, and let's see if we get another screenshot for the show. Notes. Anyway, I've got an actual 40 pin hat hanging off the side of it and that does work as expected. By the way. Jeff Geerling did a review on this and he had basically the same thoughts that I did. Really well made, surprisingly useful. But the price is a hard sell. And here's the thing, the price is now an even harder sell on something like that or even the Raspberry PI in general. Because now, for the second time in two months, Raspberry PI has announced price increases across the line for their devices. And it's really pretty steep. So on the 16 gig Raspberry PIs, the 500, the 500 plus the Pi5, it goes up by 60 bucks for 16 gig, which really means that these things are getting to be quite expensive, like $200 in some cases for a Raspberry PI, which is quite the departure from the doll computer it started out to be. Now, in their defense, I believe you can still buy $35 Raspberry PIs, but if you want, you know, the PI 5 with 16 gigs of RAM, you're going to have to pay significantly more than that. Evan Upton says it's temporary. And hopefully when the AI craze lets up and the price of RAM comes down universally, they'll be able to drop the price back to something reasonable. It looks like the Raspberry PI 516 gig is $205 on the various places right now. Goodness, that's expensive. So you think $205 for the PI, the CM5, the compute module is going to be somewhere in that same ballpark if you want 16 gigs. And then the one up itself is for just the core. Let's see. Just the core system is surely not $550. Let's see. I must be looking at, must be looking at the wrong one. There's no way that the. There's no way that just the core without the pie in there is $550. All products one. Here we go. $400. There we go. The shell. That's it. The core is the whole thing. The shell is just the laptopy bits. So $400 for the Argon one shell and then $200 for the PI CM5. So you're talking about a 600. That thing's a $600 laptop. And it's not terrible, but it's not the most performant laptop ever. The port selection is not the greatest ever, although it does have some tricks that only it has, like being able to run a Raspberry PI hat like I was doing there. So it's a tough sell right now. I still like it a lot. I'm glad I bought it when I did. So I got the Argon one shell at the early Bird pricing, and then I bought the CM5 right away because I knew I wanted to do it. And so I immediately went, okay, where's the CM5 in stock? And bought it then. And so I got to pay the. Before the RAM prices went nuts price for it. And, you know, at. At that, it was a pretty reasonable deal. Now $600 is a lot. When you can go buy a, you know, a MacBook M1 and throw Asahi on it, you can probably get those used for less, probably significantly less than that for the M1. Raspberry PI does have yet another trick up their sleeves. You may have seen. I had not seen this until today. There's a new model of the Raspberry PI 4. I don't think they're calling it. Like, it's not. It doesn't have a different sku, from what I understand, but it's a dual RAM module. And so traditionally on the PIs, you've had the CPU and then there's like a RAM wafer stacked underneath it, and all of that gets soldered onto the board. And now with this new version, you have the CPU and potentially some RAM on one side and then a secondary RAM chip on the other side of the board, which is really interesting. Now. When I saw this, I immediately thought, what is that going to do for people's temperature, like their thermal cooling solution? So one of the things that has been. It's been kind of nice that it's stacked together because that means there's really only one chip surface you have to cool. And I guess I'm not sure is it going to be more so if you put, let's say, some goop and a heat sink on now on both sides of this, where you've got some RAM on the bottom and some RAM on the top with the cpu. Is it going to be more efficient because you've got an extra heatsink or is it going to be less efficient because you're making a very hot sandwich? I don't know. It's going to be different and I think people are going to have to experiment and play around with this. Particularly like if you do overclocking on the PI 4, it's going to make a difference. It'd be very interesting to see what happens with that. And then also in the show notes, we've got the link off to Gearling's video because of course he did. He did a great job talking about the, talking about the one up the, the, the argon 41 up and the issues around the Raspberry PI. So I mean I'm still a huge, I'm still a huge Raspberry PI fan but man, it's, it's a hard time to be a Raspberry PI enthusiast. It's kind of a hard time to be a computer enthusiast actually. Goodness.
[14:41]
Ken McDonald
But yeah, found that article by, I want to say Joey Sneddon very interesting in regards to the dual chip, especially since it followed it went down the rabbit hole to a PDF that listed says that the change is because they're able to get multiple sources of RAM devices that have been qual for use on the Raspberry PI 4 model B. And it's that model B that has, that is. Has the dual RAM and one of the manufacturers that it lit that PDF list is Racin. They can get 1 gig, 2 different types of 1 gig memory, 2 different types of 2 gig memory and 1 type of 4 gig. So if they do that with the 4 gig, is that potentially 8 gigabytes of memory for the PI 4?
[15:45]
Jonathan
That would be interesting if they were to go retrofit and do. I doubt it. I doubt they would.
[15:50]
Ken McDonald
Well, no, it's going to be a new board.
[15:53]
Jonathan
Right. I guess you could see now that they've experimented with it, you could see potentially in the future with something like the six series of Raspberry PI. Do they do this arrangement and do a 32 gig Raspberry PI 6? I don't know. It'd be interesting to think about.
[16:15]
Ken McDonald
Maybe the price works.
[16:17]
Jonathan
The, the cost of RAM would have to come way down for that price to work. I think that would be an expensive board.
[16:25]
Ken McDonald
Right now I'm saying that they're probably doing this with the pi4 to get that price back down lower than it.
[16:32]
Jonathan
Went up Right, Yeah. But I'm thinking like, you know, once your engineers have the experience of doing a design and then also like the manufacturing steps, because that's a huge deal on these sorts of things too. And like, they've gone through all the trouble of making sure this works, of doing the design. It's now going to be an idea that's in their back pocket. Like, we've done split RAM designs and so when they go to work on this Pi6 or whatever comes next, there's this thought of we've done split RAM designs. Could we do something interesting with that? With this board?
[17:04]
Ken McDonald
Yep. For those that are interested in it, you're going to have to, if you're wanting to get the dual RAM version, you're going to have to actually check to make sure that's what you're getting. And when you do get it, you're probably going to need to flash it with the latest Raspberry PI OS so you can update to the PI Eprom 20260109 Ben or later. Because I'm probably going to come out with something here soon. Hopefully they'll be able to come up with a way to have it on the system already as they come out with the new releases of it.
[17:50]
Jonathan
Yeah, well, I mean, you, you figure that they're making, they're making these new chip, these new boards. They're going to flash whatever's newest on it. I imagine that if you get one of these boards that are split ram, it's going to have the update on it already. But I guess I don't know that for sure anyway.
[18:07]
Ken McDonald
But you don't. I definitely want to do that before you try installing any of the, the pre existing images out there like Ubuntu's.
[18:20]
Jonathan
Are they, are they going to break?
[18:22]
Ken McDonald
Well, they'll have the older firmware on them by default.
[18:27]
Jonathan
Yeah.
[18:28]
Ken McDonald
So you're not going to see all the ram.
[18:31]
Jonathan
Oh, does it need the firmware update to see all the ram? Yeah, I think probably the way that's going to work then is you're going to have to install the old version and then do the update. You got kind of a chicken and egg problem there. I see what you mean.
[18:46]
Ken McDonald
Now just have a SD card, flash the latest Raspberry PI OS onto it, and then after you've got it up on that, run through the standard RPIE.
[18:56]
Jonathan
PROM update, you're still going to run if your board ships with the old firmware, because I think the firmware is installed on the board itself. All of that stuff initially.
[19:09]
Ken McDonald
That's why you'll need to update.
[19:12]
Jonathan
I don't know. We'll see. All right, let's talk about gimp, the graphical image manipulation program. And we're going to do that right after this. Hey Sal, Hank, what's going on? We haven't worked a case in years. I just bought my car at Carvana and it was so easy. Too easy. Think something's up? You tell me. They got thousands of options, found a great car at a great price. Uhhuh. And it got delivered the next day. It sounds like Carvana just makes it easy to buy your car, Hank. Yeah, you're right. Case closed.
[19:47]
Ad Voice
Buy your car today on Carvana. Delivery fees may apply.
[19:52]
Jonathan
Take it away, sir.
[19:54]
Ken McDonald
Well Jonathan, as you mentioned, we're going to be talking about an update to at least my favorite image manipulation program since this week Michael Erbo and Lucas Green wrote about I apologize because I know I'm going to butcher this. Andre Mikel's recent presentation at Fosdem 2026. Andre shared his experiences as a GNU image manipulation program developer and discussed GIMP 3.2 development and what lies ahead. According to Lucas, GIMP version 3.2 is expected to bring further stabilization and refinements. Both Lucas and Michael look forward to the full implementation of non destructive editing. According to Michael, GIMP will include hardware accelerated image operations using modern APIs. Andre also shared that planned improvements aim to streamline ICC profile handling, improve soft proofing capabilities, ensure that GIMP's color pipeline behaves predictably across different output targets. Another area of significant planned improvement is GIMP's text tool. Post 3.2 plans indicate that text handling will receive substantial attention with the goal of making GIMP a more viable tool for design work that involves significant typographic elements. Now, since I've just touched on some of the highlights, I do recommend reading Michael and Lucas's articles for more details. Anything in particular that you're interested from these articles?
[21:48]
Jonathan
The non destructive editing is really interesting and you could sort of do this with GIMP in the past, but the fact that they're now making it like a key part of the workflow is really interesting. That's the sort of thing that lets you get in.
[22:03]
Ken McDonald
I think that was the one and possibly only big seller for some of those proprietary options.
[22:13]
Jonathan
That's one of those sorts of features that really let you get in and sort of nail the effect that you want. Because I've done audio and video editing and while it's a very different thing from image editing, you still have that idea of some of them are non destructive editors. That just essentially means that everything that you're doing is just a layer that you put on top of the original files. You can go back and sort of sift through each one of those steps and undo them or tweak them. And that's going to, you know, that's going to be a big change for gimp and it's really going to, it's going to, it is going to elevate it to the next level of being able to do things. I also like the fact that they're working on color management and high bit depth workflows, which that's a fancy way of saying that essentially they're doing HDR work. I'm not sure if they call out KDE in particular, but I know some of the other projects in this space which we're about to talk about, talk about using KDE in particular to make this work. Yeah, very cool. Well, speaking of which, I did not mean to segue myself, but I guess I did. One of the other tools that's only sort of in this space, gimp, is specifically for picture manipulation, whereas Krita is intended for drawing and it is a digital paint program. It is a very nice one though, and I know some people use it professionally. Creda6 now has a beta release. In fact, the first beta release is out. And of course, as you would, as you would assume, there's lots of new things in there. There is a bit of an interesting Note here that Krita 6 ships to Qt6 toolkit, but Qt6 doesn't work very well on Android and Chrome OS. And so they are also forced to continue to maintain the old Krita 5 code. So that's a bit of a bummer. But Krita 6 with the new QT toolkit gives them again on Wayland support for HDR and color management capabilities, which this is more than just making brighter colors by the way. Color management also includes things like loading up a color profile for your exact monitor. And that way you can know that when you get your colors right on the screen and then you print them out, you have the professionally printed. The colors are going to be a really, really, really close match, which is a big deal again for people doing things like this professionally. Probably anyone that has gotten business cards designed and printed has experienced this. It's like my business cards. It's a lovely shade of blue. I have some business cards somewhere. I can show you this and then you get it printed and it's like it's purple. It wasn't supposed to be purple, it was supposed to be blue. It's exactly this. It's because colors when you print them are different than colors when you show them on your screen. And so being able to do things like color management, loading your color profiles helps with that a lot. Krita also is working on text objects and rewrites, vector object work support for more file formats, better JPEG XL image support, Python plugin API enhancements. I didn't know that there was a Python plugin API for credo. That's pretty cool. But you know, this is, this is one of these open source projects that does get used by some professionals and it's a, it's a very neat project. Digital art is not something that I'm good at at all. I'm not even good at really making art on pen and paper or with any of the mediums, but I appreciate those that are. And it's cool to see Krita and gimp, both of them together, continuing to push, push the limits, push the envelope.
[26:01]
Ken McDonald
Now with Creta, having a Python plugins makes you wonder, are the plugins, the Python plugins for GIMP compatible with Krita?
[26:14]
Jonathan
Probably not.
[26:15]
Ken McDonald
Yeah, you would be nice.
[26:20]
Jonathan
You could do, you could write like a core library and then create wrappers around it that would then talk to the CREDA and GIMP API. So like, if you had something really, really interesting that you wanted to do in a plugin, you could write it once and then wrap it and do it in both places. I'm sure that would be possible. But yeah, I don't think they have a shared API.
[26:43]
Ken McDonald
But what I found interesting and probably what'll help people who do use it in a professional capacity is that as a side effect of the text work, vector shape editing is actually now a little faster.
[26:58]
Jonathan
Yeah, very cool. So when you get those business cards made, you can do it in Krita.
[27:05]
Ken McDonald
And then you save the file.
[27:09]
Jonathan
Save it, save it and open it in Gimp if you want to. Yep, yep, yep. Fun stuff. All right, I think we're time to move on and Ken is going to talk about core utils. Not the rust core utils, not the rusty core utils, the original ones. But it is that time of the show for yet another break. We'll be right back.
[27:28]
Ad Voice
New Year, new me. Cute. But how about New Year, new money? With Experian, you can actually take control of your finances, check your FICO score, find ways to save and get matched with credit card offers, giving you time to power through those New Year's goals you know you're going to crush. Start the year off right. Download the Experian app Based on FICO Score 8 model offers an approval not guaranteed. Eligibility requirements and terms apply subject to credit check, which may impact your credit scores. Offers not available in all states. See experian.com for details.
[27:56]
Ken McDonald
Experian this year's tax changes Better not get caught snoozing.
[28:03]
Jonathan
Miss one deduction, lose thousands, not a million.
[28:09]
Ad Voice
Big tax changes can mean bigger refunds at Jackson Hewitt and right now get a hundred dollars just to try us.
[28:14]
Jonathan
Don't worry tax filers. If money is tight, get a hundred dollars from Jackson Hewitt so you'll sleep better at night. Limited time offer for new clients. Participating locations only.
[28:27]
Ken McDonald
Details@jackson hewitt.com yes Jonathan, this week we have Bobby Borisov and Michael Lerbel who both wrote about the release of a new stable version of the essential collection of basic file, shell and text manipulation utilities that form the backbone of nearly every Linux and Unix like system. I am talking about the GNU is not Unix Coreutils 9.10 this release addresses several regressions introduced into version 9.9 affecting the CP install and MV or copy install and move commands when copying sparse files using the Seek whole function. This issue could surface in file systems such as ext4 when sparse files were actively updated and copy offload was unavailable. It also includes improved formatting of hyperlinks with LS hyperlink or hyperlink tools such as FMT NUM, FMT MD5Sum and the SHA Sum family. Also receive fixes covering error handling, suffix parsing and line ending translation. If you do want more details about all this, as always you can look at follow the links we have in the show notes to the actual articles to get more details.
[30:11]
Jonathan
Yeah, I didn't know there was a paste command. Looking through the different notes here and the paste command is now fully multi character. What does paste do in core utils? Right lines consisting of the sequentially corresponding lines from each file separated by tabs to standard output. It copies stuff from files. It pulls the things it reads from files. Basically like cat. It's sort of like cat. It's like cat. Similar it's cat with extra decorations.
[30:46]
Ken McDonald
And we'll have to do that as one of our future command line tips. Jeff, if you're listening, make a note.
[30:53]
Jonathan
Make a note of it. We'll talk about it. I'm sure there's cool stuff you can do with is an interesting reminder. You know the the rust core utils they caught so much attention and also flack for having, daring to have bugs. And you know, people, people made the comment that Ubuntu in particular. Oh, you went to these too early, which may still be true. But the reminder here being the original Core Utils also still have bugs or sometimes get regressions. Or sometimes have regressions. Yes, believe it or not, it's not, it's not done software. Every once in a while we talk about a program that's like, it's pretty much done. These are not, not quite things are.
[31:34]
Ken McDonald
Still, there's still features that can be added.
[31:37]
Jonathan
Absolutely.
[31:39]
Ken McDonald
As the Rust core Utils are showing with the copy command.
[31:44]
Jonathan
One of the other interesting things that, that happened with the, the Rust core Utils and the other project. I forget the details of the other project. There's one that's redoing it in C. But one of the interesting things that those projects have done is they've helped develop the coreutils test suite because all of those projects sort of share the same test suite. And there are things that were just sort of assumed in the original core Utils project that never got documented, never got tested. And then, you know, these other programs come along and make a different decision or what have you, and then suddenly someone complains that it doesn't work the same. Well, suddenly, hey, there is something we can document about coreutils and add to the test suite. And so like, even if you don't run the Rust version of Core Utils, you can still say thank you to them because they've made your program a little bit better and a little bit more stable. So there's that.
[32:43]
Ken McDonald
And it definitely helped with us getting to Coreutils 9.10 gnus, not Unix core utils. Yes, GNU.
[32:54]
Jonathan
I saw a story this week, speaking of GNU, I saw a story, I think it was this week about how that GNU is now, what do they say, 70% complete. And we're not talking about coreutils, we're not talking about the GNU umbrella. We're talking like the actual GNU os and that's been in development for, oh goodness, decades now. Longer. Linux has didn't. When Torvalds first wrote the pasted the Linux source code to the mailing list, didn't he say something like it's never going to be a big professional OS like GNU will be?
[33:31]
Ken McDonald
Yeah, I think you're right, he did.
[33:33]
Jonathan
Yeah, it was something like that. Oh, and unfortunately, when you, when you Google for this, gnu is now 70%. You get, you get dumb political stuff that is not you you disappoint me. Google. That is not what I was looking for. But I saw, I saw a new store, I think it was week that like gnu Unix is 70% complete or something like that. It's like, I don't know if that project is ever going to go anywhere. But I guess good for them for continuing on. Yes, fun, fun. All right, so that wasn't my story. My story is about Toyota and Toyota doing something that I did not expect them to do. Playing games, building games, which I, I don't, I'm, I'm sure there's a reason why they did this. But as Michael Laravel says here in Pharonix, it's an unexpected combination. So Toyota Connected North America is developing a console grade open source game engine and they're building it in the Flutter toolkit with Dart and they're calling it Fluorite. So first off I need to interview them and we need to have Randall Schwartz on as the co host when we interview him over at Floss because he would be able to ask all the intelligent questions about Flutter and Dart. But this is not what you normally think of video games getting programmed in. And it, they, they've got some screenshots and some videos actually if you go to Fluorite Game is their website and then they also had a presentation at fosdim and it already works like they've already got lighting in it and, and it looks like you can walk around inside these virtual worlds. Things are already put together. It does have some neat ideas because of Flutter Dart. Like you can do hot reload which is always really interesting, can make your programming cycles a lot faster when you can do hot reload. The stuff I do, I spend so much time compiling and waiting for something to finish compiling and then upload to the little gizmo I'm playing with. Hot reload would be really nice there but it's just, I was trying to think, it's like what is Toyota doing here? Why does Toyota need a game engine? And so one of the things they mentioned here is Toyota of course all cars now have these infotainment centers built in screens in the cars and apparently Toyota already uses Flutter in those. Flutter, Yocto, Linux, Wayland, that's sort of their stack already. And are they wanting to add video games into the cockpit? And so like you can, you can imagine, I don't know if they're going to do this or not, but you can imagine so many cars these days are essentially all fly by wire. It's like turn the car off, but leave the console on and then hit a button to enter the game and suddenly you're driving with your steering wheel and your accelerator and your brake pedal. But they' feeding into the video game and instead of, you know, out into the real car. That is sort of the ultimate driving setup experience. It's also a little terrifying. Is that, is that the sort of thing they're doing? Is this going to be for internal testing? Is it going to be for advertising? I don't, I don't know exactly what all Toyota is doing with this but apparently, apparently there's somebody, there's some group of people inside of Toyota that think that this is what they needed to do and I'm here for it. I think it's great. I love having additional open source video game engines. I think that's really cool and maybe we'll get to talk to them. It'd be fun.
[37:22]
Ken McDonald
I can think of one advantage to this.
[37:24]
Jonathan
What's that?
[37:24]
Ken McDonald
They could get some professional drivers to sit in the cars, actually drive the cars, have the game engine record the responses to live stimuli, then feed that into a machine language learning model, have it create the responses and as maybe come up with some sort of feedback loop so that then they could try to automate those responses within the game engine.
[37:58]
Jonathan
I mean I'm sure there is some interesting, interesting things you can do with that. I don't know that you need to write your own engine to make that.
[38:05]
Ken McDonald
Happen, but it may be easier.
[38:08]
Jonathan
It may, it may be easier, more fun. There you go. That's probably, I'm sure that's a big part of it. Definitely more fun. But yeah, we'll see, we'll see if anything, if, if things become of this is, is this going to be the new Dart and Flutter thing that people are going to start making game engines in it, making gaming in it? I don't, I don't know.
[38:26]
Ken McDonald
Well, they got to be careful because Dodge has got a trademark for Dart as well.
[38:33]
Jonathan
Oh, the Dodge Dart. Right. Yeah. Well, okay, so, so hang on, hold, stay with me. Now when you think about big American companies, those of us of a certain age, we may think of car companies, but Google has Dart, the programming language and Google's pockets are way deeper than Dodge's. Google can pretty much just buy Dodge, I am quite certain.
[39:00]
Ken McDonald
And Google's got. It currently has a very good revenue flow.
[39:04]
Jonathan
Yes.
[39:05]
Ken McDonald
Whereas Dodge probably doesn't.
[39:07]
Jonathan
It's, it's. Yeah, I don't, I don't think Toyota has to worry too much about Dodge.
[39:12]
Ken McDonald
Especially If they've got Google backing them.
[39:14]
Jonathan
Exactly that. That seems like one of those places where Google would want to step in and protect their own trademarks. Anyway. All right, so what's up next? We talked about Toyota. Oh yes. Oh yes. Ken's going to talk about Debian and then we're going to talk about AI. And this is going to be interesting because I've got thoughts, we've got stories here, so let's take a quick break.
[39:42]
Ken McDonald
And then I was going to say let's take a long break first.
[39:45]
Jonathan
Well, I don't know how long for us. They're real short. But yeah, we'll take a quick break and then we'll come back and talk about Debian right after this.
[39:55]
Ad Voice
Kids, they grow up so fast. One day they're taking their first steps and the next they don't fit into the tiny sneakers they took them in. You blink your eyes and their princess dress is two sizes too small. And their dinosaur backpack isn't cool anymore. But don't cry because they're growing up. Smile because you can profit off of it for real. There are a bunch of parents on Depop looking for the stuff you're kid just grew out of. Download Depop to start selling.
[40:24]
Ken McDonald
And now that we're back from the break, Jonathan, I think it's time to talk Debian now. I want to thank Michael Arabell for the two articles he wrote about challenges and changes within the Debian community. First, we have the challenge of developers drifting away without properly communicating their status. According to Michael Debian Project Leader Andreas Tel, I hope I'm saying that right, has been looking into this situation and summarized it in a recent mailing list post for the Debian developers. Quoting from the post, the following thoughts are not specific to the recent changes around the FTP Master or dfsg, but reflect a more general pattern I have observed across different areas of Debian over time. During my time as director of Project Debian Project Leader, an earlier gut feeling has gradually turned into clearer observation. Debian has a structural challenge that is easy to overlook precisely because we are a volunteer project. Debian exists because people freely choose to spend their time on it. That is something I deeply value and it is a large part of why Debian works as well as it does. At the same time, most of us joined with enthusiasm, not with an explicit agreement to later announce when our available time, energy or interests change, life circumstances shift, priorities evolve, interests fade. All of this is a normal, normal and entirely legitimate. What we largely lack, however, is our lightweight and reliable ways to communicate those changes to each other. Now Andreas went on to outline some ideas around the MIA team are missing an action team as well as keeping packages approachable and handling of delegates. A proposed process being discussed is to have an automated communication system to email individuals flagged as potentially being inactive contributors after a period of time and then monthly follow up automated emails to try to solicit a response about the individual status. If there isn't a reply to previous emails Michael links to Andrea's post in the first article I've got in the Show Notes now the second article covers Debian response to increased bandwidth usage caused by LLM scrapers. Paul Givers on the behalf of the Debian Continuous Integration or CI team laid out some steps they needed to take in order to survive all of the scraper Traffic to the CI.devian.net resource first, all Debian CI data pages except the direct links to test log files now require users to be authenticated before being accessed. The second change is adding a filter band based firewall to address abusive traffic patterns. This step took a little longer due to some adjustments made to correct for initially blocking some legitimate Debian contributors from the Debian CI portal. Michael second article links to the team status update post where you can get more details instead of listening me to ranting on.
[44:18]
Jonathan
Yeah, so let's talk about the first thing first. The, the. The first story when I first saw this headline I was actually afraid that he was going to talk about, you know, as people age out and the pool of contributors get smaller and smaller, which I know is a thing that.
[44:35]
Ken McDonald
And that could be part of the why there's not that much communication from them anymore.
[44:40]
Jonathan
Right. Well so that's something I know like in the kernel itself that they think a lot about is how do we onboard new people so that it's not just the old ones around because the old ones are eventually going to age out and you've got to have fresh blood if you want the project to be able to continue into the future. But this is more about just the the normal ebb and flow. People get busy, they have other things. Like I have multiple times in multiple projects moved on because I've had other things come up I could tell you oh goodness. I used to maintain a couple of packages in Open wrt. I don't really do that anymore because I just don't have the time to I used to work on the FW KNOP firewall a lot and have moved on from that. I used to work on Zone Minder A lot. And I've moved on from that, too. In those cases, it's because either the project now does what I needed it to do, or I found another better way to do it. So, you know, you kind of get to the point where you're like, you've scratched your itch and all right, it's time. It's time to move on. And I guess in a lot of projects, it does just. It happens organically that people figure out, oh, he's not around as much anymore, we'll take over what he was doing. Debian is important enough, though, that I'm kind of surprised that they haven't made this more official before now. And I'll be frank, reading through this, the fact that this automated system only kicks in after six months, like, that's a long time.
[46:07]
Ken McDonald
Well, if you're talking where you look at one point, I saw where it was six weeks.
[46:12]
Jonathan
Okay, six weeks is a little bit more reasonable. But, like, if you're talking about security vulnerabilities that need to get patched, like, even six weeks is a long time. Yeah, but six months is a really long time. So. And obviously I don't. I don't know what the answer is for this other than, like, most things in life, people just need to work harder to communicate better. I think that's just a fact of life. And just about whatever realm you're in.
[46:34]
Ken McDonald
That'S always the weakest link, isn't it?
[46:36]
Jonathan
It tends to be. It tends to be.
[46:40]
Ken McDonald
Especially when you talk with the group. We're talking about developers.
[46:46]
Jonathan
Mike Jones says maybe you can get an AI agent to update Debian when no one's got the time. Thanks, Mike. No.
[46:59]
Ken McDonald
Let the AI agent handle the email for us.
[47:02]
Jonathan
Maybe I don't even trust it to do that. There's a. There's a real short list of things that I actually trust the agent to do. Taking notes during meetings. It does fairly well with that. But other than that, sitting timers sometimes, man, I don't know.
[47:24]
Ken McDonald
As long as it gives you a good verbal response that it's sitting it.
[47:28]
Jonathan
And how long exactly it's setting it. Please set a timer for five minutes. Okay, Ken, I've set a timer for five years from now. No, so the other thing you mentioned is the data scraping. And, you know, we've talked about that. We talked famously about the anime Cat Girls protecting the Linux kernel back several months ago, and we sort of talked about how the math on that particular project didn't actually work. And I think what, what Debian has done here with requiring logins while it, it kind of sucks is what's going to have to, it's what's going to have to be going forward if, if projects want to avoid their data being scraped like, well, it's not that they.
[48:11]
Ken McDonald
Want to avoid it, it's costing them. Stop and think about it. The bandwidth that it's using.
[48:18]
Jonathan
Yep.
[48:19]
Ken McDonald
Debian's paying for.
[48:22]
Jonathan
And that really is, that really is the problem that most, most places have with it. I know, you know, in some cases there is the, if it weren't for.
[48:30]
Ken McDonald
That, I bet Debian would be happy to have them scrape it and then maybe provide some feedback maybe through an authorized channel.
[48:41]
Jonathan
So that, that, that, that has been a problem as well. And I don't think we've talked about this. I've got this here in parentheses because I don't think we talked about Teal Draw. I don't think we talked about Curl either recently on this show.
[48:57]
Ken McDonald
So Daniel Stenberg, Steve Gibson talked about it recently.
[49:00]
Jonathan
Okay. Okay. I'm glad he covered it because it's, it's a big deal. Daniel Stenberg is the lead developer over at Curl, which Curl is in the running for the most widely installed library ever because it's, it's in basically everything there, There may be more Curl installs on the planet than there are people. Yes. Lib girl. Yes. I mean that literally there are probably more Lib Curl installs than there are people. And they had a, they had, they had a very healthy bug bounty where security researchers could look at the Curl code, find problems, send, you know, document the problem, send it in, get paid money to for finding these problems. I've made some money from doing this not with Curl. I actually found a problem in Starlink of all things. And I, you know, I paid for basically my entire, the entire time that I've had Starlink I paid for, I got paid that amount that I was paying for all at once because I, I, I've ran a, I ran an IP scan and I found that they had accidentally exposed one of their internal machines to their, to their customers. And so because I was connected to their network through a Starlink terminal, I could talk this remote procedure call Endpoint that I was not definitely not supposed to be able to talk to.
[50:25]
Ken McDonald
Shouldn't have been able to.
[50:26]
Jonathan
Yes, yes. And they forget how several thousand dollars they paid me for finding that, writing it up.
[50:32]
Ken McDonald
Thank you for letting us know to shut this off.
[50:35]
Jonathan
Yes, that's exactly what they said. So that has been a great thing for Fiddlers like me, but also people that do it professionally. There is the profession, and has been for a while of finding security vulnerabilities, sending it in, and that is how you make your money or that's how you make your pocket change.
[50:53]
Ken McDonald
Part of your money.
[50:54]
Jonathan
Part of your money. Yeah. Although some guys that are very successful about it make six figures doing this. You come across and come up with really novel ideas. You can make a lot of money with it.
[51:05]
Ken McDonald
And then the money they get for talks and articles they write, just, that's the chump change.
[51:11]
Jonathan
Oh well, yeah. So anyway, the problem is that AI has started making it so easy to write plausible security vulnerabilities, vulnerability write ups. And you know, some people I'm sure were doing this innocently, ignorant people were doing it very innocently. You know, you read somewhere that oh, somebody made six figures, somebody made a hundred thousand dollars for turning in security vulnerabilities. Okay, well what's a good project to go start looking for security vulnerabilities? Curl. Okay, hey chatgpt, find me a security vulnerability in curl. And the way modern AIs work, you ask them to do something like that and they're not going to say, I guess some of them now have gotten to the point to where they'll start telling you I can't do that. But for the longest time, and I think most of them still are like this. Okay, here it is. And what they're doing is, you know, they're, they're, they're pulling out of their database all of the different security vulnerabilities they know about and they're just splicing them together in a way that seems reasonable to actually get. And researchers have had success with this by the way of actually getting LLMs to find security vulnerabilities. But it's way more involved than just asking ChatGPT, ChatGPT to do it.
[52:25]
Ken McDonald
They, they tell it to download the source code.
[52:29]
Jonathan
Well, review the source code, what they, what they do. Actually I've, I covered this back when I was writing for Hackaday. I covered this. They would have about three or four different LLMs together and they would have it do that. So like try to find one and then run it through the test suite and then look at the output of the test suite and you know, 99.9% of the time it wasn't finding anything, but they would run through so many iterations that eventually they would find something. So like there is something to be said for having an LLM find vulnerab these, but it's not, it's not Joe Bob typing it into Chat GPT. And the problem is that the people doing that were then sending these bogus reports in to Lib Curl. And so Daniel Stenberg finally came out. He was one of the first ones to come out and say this is going to be a problem. And he has finally recently come out and said we're going to have to wind down our bug bounty program because so many people are sending in these bogus vulnerability reports. It is swallowing up all of our time. And so I think that is now the case. If it's not, it will be soon that libcurl no longer has a bug bounty program. You can still report to them, but they're not going to pay anything for it because the, it, it's, it just made it too tempting, right? Like the.
[53:41]
Ken McDonald
Too tempting, too time consuming.
[53:44]
Jonathan
The incentives, the incentives were messed up. It was so easy for someone to write one of these bogus, use an LLM and write one of these bogus things. It didn't cost anyone anything to do that. But the possibility that they were going to get paid for it was so tempting, the incentives were upside down in it and so they've had to kill it. Well, more recently, TLDraw, another open source project, came out with a different statement. This time not about bug bounties, but about pull requests. And so this is something else that we have been fighting with as sort of the open source world in the last couple of months. Not only do LLMs make it trivial to write bogus vulnerability reports, they make it trivial to write bogus pull requests and in some cases not entirely bogus pull requests. And that's what makes this so difficult, is because like you can vibe code something that works. The problem is that it tends to not fit very well with the project that you're trying to vibe code it for. And then you also have this issue where like people don't actually understand the code that they have written and they're trying to get into your project. And so TLDraw is an open source project. It's a product, a relatively popular open source project. It's got 45,000 stars on GitHub. You know it, it does, it's a library for creating infinite canvas experiences in React. It's a REACT library for drawing. They put a statement out about three weeks ago update on the tldraw policy in regards to contributions. For the good of the project, we're going to begin automatically closing pull requests from external contributors. We'll of course continue to welcome issues, bug reports and discussions. He says this is a temporary policy until GitHub provides better tools for managing contributions. And so what they're doing is they're saying, hey, if you have contributed in the past and you are a known good contributor, keep doing it. If you are someone that we've never gotten a good contribution from before, automatically close. We're not even going to look at it because they're getting so many of these drive by Vibe Coded contributions, and so many of those are not necessarily bogus, but they'll do things like make 5,000 changes across 300 source files. They'll rename your project. I've seen vibe coded PRs that's like, let's rename the project. While we're at. It's like, oh my goodness. Did you. Did you even try to read through this before you hit the submit button? Maybe not. Maybe the agent.
[56:42]
Ken McDonald
They're asking the AI submitted format.
[56:45]
Jonathan
I think in some cases that is the miracle that agentic AI has given us.
[56:51]
Ken McDonald
Write this and submit it for me.
[56:53]
Jonathan
Yeah, yeah, I think so. I think that's what some people are doing. So anyway, now move to the next.
[56:57]
Ken McDonald
One and keep doing it.
[56:58]
Jonathan
Tldraw is going to a closed submission process, which is interesting. It kind of is a throwback to the old cathedral versus the bizarre analogy. And so are we going to see the pendulum swing back and open source projects are going to become more cathedral like because AI has made the bazaar far too chaotic? I don't know for sure, but I'm seeing a movement in that direction. I'll put it that way. I did also see. And I probably won't be able to find it now, of course, but there is a. There's apparently a. It was. It was the register. I'm not going to be able to find it now. I thought I had it open anyway, where they're talking about Essentially, Microsoft realizes that there's a problem on GitHub and they're trying to figure out how to fix it. And maybe Copilot wasn't such a great idea after all. As part of what the article says, I actually like Copilot itself. I don't think it's the biggest problem, but GitHub definitely needs better tooling around this to detect junk AI contributions and make them easier to deal with. So I don't know what the open source world is going to do, like what kind of a conclusion people are going to come to and how we're going to fix this, but it's definitely it's definitely a problem.
[58:29]
Ken McDonald
Yep.
[58:32]
Jonathan
Don't do. Don't do AI kids.
[58:36]
Ken McDonald
And we may even see AI getting into the kernel.
[58:41]
Jonathan
Yeah, I saw that too.
[58:42]
Ken McDonald
That there was a machine learning library.
[58:45]
Jonathan
Yeah.
[58:46]
Ken McDonald
Proposed for the kernel.
[58:48]
Jonathan
Yeah.
[58:48]
Ken McDonald
But let's get away from that and maybe get to something a bit lighter.
[58:55]
Jonathan
Yeah. We should talk about Ardour. Ardour and Shotcut, right?
[59:00]
Ken McDonald
Yes.
[59:00]
Jonathan
Okay, so Ardour 9 is out. I've been looking forward to this for quite a while and I must admit, I have not downloaded it and played with it yet. It just came out a couple of days ago as we're doing the show. And I've not gotten a chance to do the download yet, but it will soon. Ardour9 has some really cool new features in it. It's got piano roll windows, which I saw a. A hilarious back and forth on the Ardor discourse about this. There's a member says, yeah, thank you for the separate piano roll window I was suggesting back then. Apparently it was this guy's idea. Paul Davis, who is the man behind our door. He goes, you're welcome, but I still hate it and think it is stupid. Tickled meal. I got a quite kick out of that when I read that sometimes that's the way it goes. You end up implementing things that you really don't love. We've also got MIDI and auto cue editing, where the cue page now allows direct editing of the contents of MIDI cues. And you also get a piano roll area that opens up. And part of that is you can now record directly into cue slots. And what this does is it lets you use Ardour in sort of a looper since. And so you've probably all seen videos where someone, you know, it'll be an artist in front of a live crowd and he'll be like, give me a song name. Somebody throws out a song name. And, you know, sometimes it'll be, okay, this other guy, give me a genre. And then he'll. He'll sit down, he'll push a button or whatever he's got in front of him, he pushes a button and then he lays down a quick little drum track and he pushes another button and that drum track plays on loop. And then the guy, you got a girl, you know, so pull the bass guitar, play along with it, and build a song live based on loops. And the technology that lets it happen. The kind of. The underlying engine is called a looper. Well, Ardour now has support for this sort of thing. I've played with this a little bit in ardour. And you've been able to do some of it in the past with MIDI stuff. You had to do a lot of setting up ahead of time. And so it sounds like now they're actually leaning into that idea of, all right, let's build the cues live and then immediately loop the cues into the performance, which is really going to make this work a lot better. I look forward to hearing people do that loop style of music with our door. I think it's going to be a lot of fun. You've also got Region fx, which is another really cool feature. As I read through these. I'm excited to go play with it. I want to add an effect, an audio effect to my track, but I only want to add it to part of the track. Like I only want this little part of the song to have this big boomy echo on it. For whatever reason or, you know, at the very beginning of the song, we want to do this crazy EQ thing, but we won't. Don't want to do it for the rest of it. So in our door previously, what you've had to do is split your track up and separate it into different tracks and then you could throw your EQ on one of those and not the other. Well, now they've got Region fx, which essentially is. It's exactly this. You can plug the FX in for only a certain portion of the track. It's also got the real time Perceptual analyzer is one of the other new things that they talk about. And this really is interesting to me because this is the sort of thing that you could already do with plugins, like with VST plugins. Some of the caf plugins do some of these similar things. They've pulled this into ardour itself, also giving you a little bit better tooling because it'll show it appears that looking at the screenshot, not only will you get the spectrum, but it also can put your different tracks in different colors so that you can see visually which track is the result or is causing the result in the spectrum that you're seeing. Which sounds, you know, really does sound interesting and like it could be a great tool. They talk about note brushing to be able to set up patterns in your. In your piano roll on your MIDI keyboard driven automation. Being able to do more things with keyboard modifiers, saving and importing mixer strips. I could use that if that's doing what I think it's doing. You know, if you like, when I do a podcast edit, you know, every one of these Mixer Strips gets the same trio of effects put on it. We do an eq, we probably do a noise reduction and then we also do a compressor on it. Well, if you can save those three as a pre saved strip and just throw it on each of them, that's going to make that a lot quicker. And then one of the other really interesting things is that they have apparently added Multi Touch GUI inside of Linux and Windows. And so I think this is primarily for reach out on a laptop screen and pinch and touch multiple places and all of that. It makes me wonder if they're also working on like mobile ports because that's where you think more about Multi Touch GUI being a thing is on a tablet. But it's pretty cool that on Linux and Windows they have this and that should be fun to play with as well. All kinds of. All kinds of really cool stuff. I mean, there's more. I didn't talk about all of it. Those are some of the things that really jumped out at me. And then of course, lots and lots of improvements. I will say this is Ardour 9.0. I expect to see Ardour 9.1 follow pretty quickly, or maybe they'll call it 9.0.1. But like as many things as there are in here, I would assume that there are going to be some bugs that they find now that more of us are going to go start banging on it. So keep an eye out for that. But if you are like me, an Audio Mixer Nerd, Ardor 9 It looks really cool and I'm going to have to go play with it. There's one other really interesting release that came out that I wanted to Highlight and that's ShotCut. ShotCut 26.1. And this is another one that I've not played with yet. For video editing I usually use kdenlive. And what I've had to do in the past is when I've had a particularly difficult like a complicated edit to do, I will pull it up in shotcut. And the problem that I've had is that in the past ShotCut has been so laggy, particularly with the timeline. Well, Shotgun 26.1 is out and it might fix that because it's got support for hardware video decoding. It's going to be supported on all platforms except Drumroll Linux systems with an Nvidia gpu. You guys are just out in the cold. Sorry Jeff, but all the rest of us, we get hardware video decoding, which maybe that'll solve the problems that I have and maybe I'll become a Shotcut guy instead of a kid and live guy. I don't know. I'm going to give it a try. So two of these things now that I have to play with, that is Ardor 9 and Shotcut 26.1. The future sounds and looks bright for this stuff. Ken, do you do any of this? Do you play with Ardour or Shotcut?
[66:10]
Ken McDonald
Not on a regular basis. Occasionally try to bring up Ardor and fiddle around with it with my keyboard and usually I find it's obs that I play with more.
[66:27]
Jonathan
That makes sense. Yep, that makes sense. I I, yeah, I probably use, I probably use obs R door and currently it's kdenlive about the same amount each week right now because that's, that's basically my floss weekly workflow. Right. The recording habits in obs. Move it over to Ardor, extract the audio out, move that into Ardor to do an audio edit and then mash the two together in kdenlive.
[66:53]
Ken McDonald
What do you use to extract the audio?
[66:56]
Jonathan
Just it's an FFMPEG script. I mean, let's be honest, no matter what it is that you're using, it's using FFMPEG underneath.
[67:03]
Ken McDonald
I was going to say that's always been my way for getting audio out of a video.
[67:09]
Jonathan
Yeah, we talked about Lib Curl being one of the programs in the running for the most installed FFMPEG may be one of the others. Probably depends upon how you measure that.
[67:19]
Ken McDonald
I would say FFMPEG is a close second to Lib Curl.
[67:25]
Jonathan
If you're talking about like CPU seconds. FFMPEG was used a lot.
[67:31]
Ken McDonald
Talking about as far as users.
[67:37]
Jonathan
Indeed. I'm just, I'm just saying that which one comes out on top is going to depend upon how you count it because things like FFMPEG are going to get a lot of CPU seconds because they're chewing on these big files a lot.
[67:48]
Ken McDonald
And FFMPEG is going to be. You're going to find used anywhere somebody is using some sort of device for displaying video and possibly even for listening to audio. Whereas Lib Curl you're going to find used anywhere you need to stream any type of data.
[68:11]
Jonathan
Just about.
[68:12]
Ken McDonald
I think Lib Curl might be just a touch ahead of FFMPEG in that case.
[68:17]
Jonathan
Possible. It'd be very difficult to actually try to count those. Both of them installed in lots and lots of places for sure.
[68:24]
Ken McDonald
And problem this is both of them probably installed right beside each other.
[68:29]
Jonathan
Yes, yes, absolutely. I was just thinking about that. It's like I Bet just about every one of these weird systems like we talked about Toyota and the car thing. So all of these car infotainment systems, they are all going to have libcurl and they're all going to have FFMPEG in some way or another on them.
[68:46]
Ken McDonald
FFMPEG for providing the data that's used to generate that video display and possibly the data used for the audio you're hearing out of the infotainment system. Lib Curl's going to be the way it gets that data.
[69:04]
Jonathan
So it does updates. I mean Lib Curl, honestly, libcurl may be the way that one component in the car talks to another component in the car. I would not surprise me at all.
[69:15]
Ken McDonald
Yep.
[69:16]
Jonathan
All right, well let's, let's take our, our final break and then let's get back and do some tips, some command line tips. I know we've got some interesting stuff for this evening, so we'll be, we'll be right back. Ready for this. We heard you.
[69:29]
Ken McDonald
Nine years of bring back the snack.
[69:30]
Jonathan
Wrap and you've won. But maybe you should have asked for more. Say hello to the hot honey snack wrap. Now you've really won. Go to McDonald's and get it while you can.
[69:43]
Ken McDonald
This week I have a great command line tip that you may find useful for determining system boot up performance statistics and for retrieving other state and tracing information from the system and service manager and to verify the correctness of unit files. It's called systemd Analyze and it is can also be used to access special functions useful for advanced system manager debugging. Let me go ahead and bring up my screen here and is that large enough for everybody to see?
[70:22]
Jonathan
It looks good.
[70:23]
Ken McDonald
Okay, and you probably recognize the command I'm about to enter. Switch to it here, but it's going to play what I previously recorded for demonstrating the systemd analyze command. There's the systemd analyze and with it by itself all it does is what is called the system deanalyze space time by default. And there you see it shows my startup when I last time I started up my system it finished in 16.422 seconds. That's the firmware. The loader took 10.311 seconds plus 5.619 seconds for the kernel plus another 16.455 seconds for the user space which came to a 48.799 seconds. Now I'm going back to look at the file system and this shows all the file systems that systemd will recognize. The next option is security and here it lists all the services that you have. You can even scroll through it. You'd hit Q to exit out of that. And the way it works is it gives you the unit name for the service. It for each unit it can go in, you can actually get more information on those. But it takes various areas against the unit and comes up with a exposure rating which then is comes rounded off to either being exposed medium or unsafe. And as you see here, the ALSA state service is considered unsafe. The next one is TPM is whether or not you have a TPM two. And on this system it's partial. It has the firmware driver system subsystem. This doesn't have all the libraries. I'm missing the library tss2rc.so0. Now you can also do a systemd analyze of architectures and it tells you all the architectures that systemd recognizes and whether or not you've got the support for it on your current system. And in this case I've only got the native. X8664 is the only one. X86 is secondary. I'm wondering if I've got a 32 bit system running somewhere. I've got Steam OS on here or Steam Valve Steam, but that's system D if you want to learn more. Definitely use the man page to look into it.
[73:29]
Jonathan
Very cool. There's a bunch of different things you can do with systemd analyze. I. I sat down while you were talking and played with just a few of them and reminded myself that there's way more here than I I remembered and I But it would not.
[73:44]
Ken McDonald
That's why I only touched on some of them. Yes, and as I said, use a man page and I've got a link in the Show Notes that takes you to an article that talks how you can use it to analyze and possibly speed up your bootle time.
[74:02]
Jonathan
Yeah, absolutely. All right, I've got a command line tip for you and that is all about GPIOs. And this comes from fiddling around with that thing, the Raspberry PI laptop and the hat hanging off the side of it. Well, Raspberry PI was one of the. It was the gateway drug, let's say, for a lot of us to get to play with real hardware and GPIOs. And the kernel has now the Linux kernel now supports it in a really nice way. I've got to say I didn't love it when this transition first happened, but it's growing on me and I kind of like it. So on a lot of computer, even desktop computers with a Modern Linux kernel, you're going to have a dev GPIO chip, GPIO chip zero in many cases. Although this laptop has Both a GPIO chip 0 and a GPIO chip 1, that is a block device that allows you to talk to your GPIO subsystem. So it lets you talk from user land us on the command line on the terminal up to the kernel to be able to actually, you know, poll and also set GPIO status. Well, you don't do it directly. Now, if you're writing C code, you can use actual system calls and do it directly. But there are tools on the command line and one of the tools, the one I'm talking about right now is GPIO git. And so if you have the permissions to be able to access that GPIO chip and you know the pins that are on there, and we talked about GPIO info in the past, that's going to be the one that lets you list those pins out. And if there's labels on them, you can see what's on the labels and know what pin is. Which. Well, that's going to let you see what those pins are called, but it's not going to let you see what those pins are. Actually their state is GPIO get will let you get the state. And so, you know, on this laptop, I've got, I've got a bunch of GPIO pins. A lot of them are not doing anything on GPIO chip one here. GPU fan enable, that's line 41. So I can do a. I don't think I'm in the GPIO user group, so I'm gonna have to use sudo to do this, but I can do a sudo GPIO get. And then you, you specify the. Which GPIO chips. GPIO chip 1 in this case, and then the number. And I said that the one I was looking at was what, 40, 41. 41. Cannot find line GPIO chip one. That's interesting. So I believe, well, this is what I get for doing it live. It works on the Raspberry PI. I'm not sure why it's not working here. In some cases, with older versions of GPIO git, you have to use a dash C and then specify your GPIO chip on the latest Raspberry PI release. That is not a thing that you have to do. Yeah, I'll have to play with this and figure out why it's not working here. That does kind of bother me. And then one other thing, and again, this is Raspberry PI specific. You can Also specify the bias of that GPIO line. And basically what that means is if nothing else is happening with it, is that GPIO line going to default to high or is it going to default to low? And some pieces of hardware actually have. They're called. They're built in pull up or pull down or both resistors and it lets you bias that line to be high or low. And with GPIO git, you can actually do a dash dash bias and then specify pull up or unchanged or none. I think you can also specify pull down in many cases. Again, that's going to depend upon whether your hardware supports it. I'm going to play around with this a little bit more on this laptop because this bugs me that I. I'm getting an invalid argument message here when I know that this is a thing that I can do. But anyway, GPIO get super useful for.
[78:18]
Ken McDonald
That was on the argon.
[78:20]
Jonathan
Yeah, no, this is on my framework. So I ran GPIO info and I see that GPIO chip one has 93 lines. One of those lines is line 41. It's already set up as an input. I should be able to just. Just read it. I should be able to do a sudo and then just read it. And I'm not sure why I cannot.
[78:44]
Ken McDonald
What's a GPIO can use for?
[78:48]
Jonathan
Do you know it controls the GPU fan. It's the GPU fan enable. Options lines.
[79:02]
Ken McDonald
And you've got a fan connected to it?
[79:03]
Jonathan
Yep, I think the GPIO does have one. But even if there's not, it doesn't matter if there's a fan connected. Like the. The GPIO line itself is real, it exists.
[79:12]
Ken McDonald
So you should be able to see something from it.
[79:15]
Jonathan
And even if there's no fan connected, I should be able to read the state of that line. And I'm not sure why I can't. And it kind of bothers me. Yeah. Cannot find line 41, but I know it's right there.
[79:28]
Ken McDonald
I can see it. I'll keep it separate group needed to actually see more details.
[79:36]
Jonathan
I'm running to pseudo. Ah, there we go. I had to do a dash A.
[79:44]
Ken McDonald
What's dash A?
[79:45]
Jonathan
As is. So when I talked about. You can specify the bias. Apparently on this version of it, you can't just leave that unstated. You have to specify whether you want to leave it as is or bias it up or bias it down. Yeah. So dash A. So the. The whole thing ends up being GPIO. Get dash A, dash C, GPIO chip 1, dash N41 and line 41 is active. You can also dash dash numeric will give you just a zero or a one, which is going to be very useful if you're actually doing this in a bash script.
[80:31]
Ken McDonald
One other question about GPIO git. Is it already installed by default or do you need to install something for it?
[80:38]
Jonathan
I. When I ran GPIO info for the first time, Fedora offered to install libgpiod utils, which I believe is also what's going to control. Going to contain these programs.
[80:56]
Ken McDonald
That's when you ran GPIO info.
[80:59]
Jonathan
I ran GPIO info. I think they're both. I think both packages are in the same. Both binaries are in the same package, I believe.
[81:07]
Ken McDonald
And for Ubuntu 2510, it looks like it's asking me to install GPIOD.
[81:14]
Jonathan
Makes sense. Yeah. That's the.
[81:16]
Ken McDonald
I'm assuming that's a daemon.
[81:19]
Jonathan
It is a daemon, but. But it's also going to include the binaries that just allow you to talk.
[81:25]
Ken McDonald
To the pins, the utilities that you need for the day.
[81:27]
Jonathan
Yeah, that's going to include the utilities. And I don't think you have. I don't think you have to start the daemon to be able to use it. It's going to talk directly to the kernel over those.
[81:35]
Ken McDonald
Is the daemon controlled by System D?
[81:40]
Jonathan
Probably, but probably off by default? I'm not sure. Honestly, I've not looked into the daemon side of gpio D. I don't know even for sure that that's what the D stands for there, because, I mean, like, honestly, how often do you need a Damon to control your GPIOs? It's. It's just sort of a. I don't know.
[81:57]
Ken McDonald
That's.
[81:57]
Jonathan
It's not the way it works on most systems anymore, but maybe on most.
[82:01]
Ken McDonald
Machines, maybe on an Abyss bitted system, you might want a Damon.
[82:04]
Jonathan
But maybe. I mean, in. In my experience, you're going to want another program that I guess is working as a daemon, but it's not just a dedicated daemon for gpio. So. I don't know. Know. I don't know. Do something to look into for the future. All right, well, that's the show. We finally got there with the. With the tip. And I'll have to do some more looking into this because I. I now have questions. But anyway, Ken, appreciate you being here. It's been a lot of fun. Is there anything you want to plug before we let folks go?
[82:36]
Ken McDonald
Well, not so much plug, but give people the opportunity if they were missing Rob's rants, because I've got a link in the show notes under ending notes. That's where I suggest reading Bobby Borisov's personal opinion on the GNU Linux naming debate.
[82:56]
Jonathan
That'll be fun. All right.
[83:00]
Ken McDonald
Yeah, that's kind of what led me to saying GNU is not Unix.
[83:08]
Jonathan
It's Hurd. H U R D and H E R D. That's the one that is a doubly recursive acronym that they stand for each other. That one's fun, too. Some of those. Some of those in jokes are a lot of fun. All right. Yeah, very cool. Appreciate you being here. If you want to find more of me, well, there is. Here's Hackaday. And while I'm not doing the security column anymore, I am still holding down Floss Weekly over there. And we have a lot of fun there. So come and check us out. Tagaday.comfloss and other than that, just want to say thank you. Appreciate everyone that's here, those that watch and those that listen, whether you get us live or on the download. And hey, we'll be back next week for another Untitled Living Show.