Rob Campbell

Hey.

Jonathan Bennett

This week we start with a review of an Android tablet and then talk about the coming Android apocalypse. We've got age verification legislation coming to a Linux distro near you. And then there's the fight within sudo RS over asterisks. It's all great, you don't want to miss it, so stay tuned.

Rob Campbell

Podcasts you love from people you trust.

Jonathan Bennett

This is Twit. This is the Untitled linux Show, episode 244, recorded Saturday, February 28th. Torture the metaphor. Hey folks, it is Saturday and that means it's time to get geeky about Linux open source software. We're going to talk about some hardware, some gaming, all kinds of fun stuff. You don't want to miss it. This is the Untitled Linux Show. I'm your host, Jonathan Bennett and we've got. Well, we've got the whole gang with us today. Again, nice to have everybody. Jeff, Ken and Rob, thank you guys all for being here.

Jeff

Always glad to be here.

Ken

We all been looking forward to this

Jonathan Bennett

all week, of course, every week, all the time. I'm going to start us out with something a little different today actually I've got a hardware review and this time it's not something that Rob talked me into buying, but it is something we'll say Linux adjacent. I won't take a whole lot of time with this because again, it's not a Linux device exactly. But I picked up the Lenovo tab. Let's see, it's the Legion Tab 3 by Lenovo and I figured I would do a quick review on it. It's a nifty little device. I actually like it quite a bit. I am a sucker for 8 inch tablets. I do not like the big 9 plus, 10 plus or bigger than that tablets. They're too huge. Like I'm walking around with a monitor in my hands. Do not like. Not my thing. I've had several 8 inch tablets, 7 to 8 inch tablets that I really like and this one ticked about half of the boxes for what I wanted out of a tablet. It's got a really good screen. It's like 2560 by 19, 28 inch screen, which is really good. It does have dual speakers. Sounds really good. The size is just right. I can in fact take it out of the. It came with a nice little case, magnetic case and all of that. I can in fact take it out of the case. Let me show you. This is the coolest thing for me because I almost always dress like this. This is not just for on camera. I do actually have a Sport coat on of some sort. Most of the time when I go out of my house, I know it's weird, but it's me. And one of the things I like about the 8 inch tablet is that you can actually take them and on a sport coat you have a pocket here and it will just barely pop into that pocket. And I've had several tablets throughout the years that'll do that and I just love it. It's really nice to be able to pull one out and have a bigger screen than your phone. It also has 12 gigabytes of RAM, which is really nifty to have. And it's got something else I've never seen on a device like this before. It has dual USB C ports. So there's one here. So on the, you know, if you're holding it phone style on the bottom and then if you hold it landscape style, it has another one, what is now the bottom there. It's got two USB C ports. You can actually do pass through charging. I've not tried that yet, but it is a, it's a really nifty potential feature to be able to, you know, have one USB cable and charge both this thing and your phone. So that is something I will definitely have to try here soon. Things that are just okay about it. The camera. The camera is serviceable. It's okay. I've not been blown out of the water by the camera yet, but it's, it's perfectly serviceable. It did come with some bloatware, basically all uninstallable though. I was very annoyed when I first turned it on and it started downloading games automatically and, and not like the games that I play, but, but dumb games that I wouldn't ever play. I won't name them so that I don't offend people that actually do play these games, but I just was not interested in any of them. So it's like, okay, we're going to uninstall all of these. And I'm pretty sure I had a moment where I started uninstalling them, flipped away, went back to my list of applications. Some of them were back and then there were extras there. It's like, oh, this better not be a thing that it continually installs these. But no, no, I let it do its thing, went through, uninstalled them again and they were finally gone for good. So the bloatware you can indeed get rid of. There's a couple of things that I didn't realize when I bought it. I really am not A fan of. I knew this one, it has no lte, so you can't put a SIM card in there. You can't get LTE Internet on it. It's WI fi only, which is fine. It does not have a GPS chip in it. I didn't realize that that was a thing. That's kind of a weird. I expected all these would have GPS built into them at this point, but no gps and then also no fingerprint reader, which. That one I didn't know that I'd gotten used to as much as I had. But it really does kind of bug me. It has facial recognition, which of course is not going to be quite as secure as fingerprint reader is. And then obviously you set a password if you want to as well. So it's a serviceable tablet. It's the right form factor, particularly for me. It's got the horsepower to be able to run games. If you want to branch off into emulation, you can do all of that stuff. And I've been told that it does very well emulating even relatively modern platforms. I will say that trying to actually get the thing delivered to my door was a nightmare. Like really a pain. The UPS destroyed it down in Texas and I had to call into Lenovo three times, if I remember correctly, to get them to actually ship me the replacement. And once they did that, it happened. It came before for too much longer, but all told, it took weeks to actually, from ordering it to finally getting it in hand, it took weeks to get it, if not a full month. It was pretty ridiculous on that front. But that said, it is a nice little Android tablet. You can install Termux on it, you can grab a keyboard and you can have almost a Linux computer out of it. And yeah, it's pretty handy. I've enjoyed it so far. So that's the tech review corner with Jonathan this time, not stuff that Rob talked me into buying. Yeah.

Rob Campbell

So unfortunately you can only almost install Linux. Not quite though.

Jonathan Bennett

Well, I mean, it depends upon how you want to look at it. There are actually some apps where you can do like a.

Rob Campbell

Can you get Android off there completely?

Jonathan Bennett

You know, I've not looked into whether it has a locked bootloader or not. If you can unlock the bootloader, then yes, it is possible. A lot of these devices you can do a vanilla Linux install on, probably not this one yet, but I would not be surprised if eventually people set up images to be able to do so.

Jeff

You know, at 8 inches, that's getting pretty blurred lines between like some of those foldable phones, you know, the ones that get a little bigger.

Jonathan Bennett

And I've, I've looked at the foldable phones. The problem with them, Two problems with them. One more than two problems.

Rob Campbell

Very expensive.

Jonathan Bennett

That's one of the, one of the problems, yes. Those are still ridiculously expensive. That was like 420 bucks for the tablet and you'll easily pay three times that for a foldable phone. I'm not convinced that the longevity is there for the foldable phones. They tend to fall apart after a while. In reading the reviews, they think that that's better on the newest models. And then the thing that bugs me so much about the foldable phones is very few people make them with one screen. All of these foldable phones, they have the big screen and then a small screen on the outside. And so you fold it and you're looking at small screen, you unfold it, you're looking at the big screen. It's like, no, just do a Z fold so that you're looking at one third of the big screen. When the thing's closed. It probably irritates me more than it should, but it bugs me a lot that only one company makes one that is a Z fold that way. And unfortunately they're one of the ones on the bad list. And we're not even allowed to get a hold of their hardware in the United States. So it is what it is anyway. Rob, you want to talk about. Well, Jeff, if you have comments.

Jeff

No, I just didn't. Didn't think about some of that.

Jonathan Bennett

I.

Jeff

That's not my niche in hardware.

Ken

So I'm just wondering what will you be using that Lenovo Legion Tab Gen 3 for?

Rob Campbell

To sit in his pocket

Ken

and deflect bullets?

Jonathan Bennett

Yeah, it'll do some of that. No, it's going to be a. It'll serve multiple roles. For one thing, it'll kind of work like a media device, like my phone, but with a bigger screen. So the nice thing is it fits between my phone and I do have like a 10 inch iPad. It sits between those. As far as screen size versus carryability, it's a little easier to carry around than the big full size iPad is. I also needed an additional device to do some app testing for things like Atak, the Android Tactical Awareness Kit. That's meshtastic stuff, but that's part of

Rob Campbell

the purpose of it.

Jonathan Bennett

And then also it'll do some emulator things, I'm sure.

Ken

Possibly documentation.

Jonathan Bennett

Probably not a whole lot of documentation. Probably won't do much documentation unless I get a, like a Bluetooth keyboard for it. But if I really want to sit down and type out a bunch of stuff, I've got.

Rob Campbell

So what Ken is trying to say, you're not going to install a nice office suite on there.

Jonathan Bennett

You're probably not, Rob.

Ken

Are you going to even. Are you going to need to install it?

Jonathan Bennett

Are there any alternatives to installing an

Rob Campbell

office to install it? So let's drive off on Ken's Segway there that he tried so hard to squeeze in. And, and, yeah, I had to, you know, kick in the gear. Let's, let's get on with this. So it's, it was, it's been only a few months, only a few months ago that we're talking about the popular online office suite from Collabora Productivity back in November, actually making a real play for the desktop back then. I installed the new Collabora Office release at the time and I showed it off on the show and, you know, like I said then, it looks sharp, a modern, clean interface that feels like it's been designed for how people actually work today and, you know, want their system to look, you know, especially when you compare it to the classic look you still get in LibreOffice. And Collabora's whole pitch was simple. You know, bring that familiar streamline Collabora Online experience down to your own machine, you know, your files, your devices offline first and still open source. But this week, the story flips because while Collabora has been moving the the from the web to the desktop, LibreOffice is officially trying to move from the desktop to the Web again by reviving LibreOffice online. So if you remember, which I didn't, but There was a LibreOffice online effort several years ago, and then it was effectively put on ice. Back in 2022, the Document foundation voted to freeze it and move it to the attic. But a few days ago, the Document foundation announced the board has reversed that decision and wants to give the project a fresh start. The chairperson, Elaine Domingos, framed it as, quote, freeing LibreOffice online and building a web version by the community and for the community. Sounds like they don't want to be too involved in it, I don't know. But anyway, the important caveat, because they're not too involved, I don't know, they're not promising to host it for you, and they're not promising enterprise support. This is just about reopening that repository, warning people if, you know, it may be rough at first, and inviting contributors to help modernize the tech QA and even marketing so while the open source office world is converging from both sides, both directions, one project is turning web UI into a desktop app, or they already have, and the other is trying to rebuild its desktop into an online version. You know, I think it's good to have an online option, another one as everything's really online these days, I, if the functionality is there, I prefer an online version. But I really do wish that LibreOffice would improve their aesthetics of their user interface of their desktop app first,

Jonathan Bennett

frankly,

Rob Campbell

actually I follow them on social media and something came up. I made a comedy. I told them in a response to one of their social media posts that, you know, and there was some good back and forth but I told them that it'd be nice if they could update their look so it's not so much like 2005 anymore. And they asked me, you know, what do you mean, what do you like to see? And you know, I talked about like we got tabs and stuff. It was kind of funny. Like we got tabs. I'm like, yeah, your tabs look, you know, they got the, the old fashioned tab gray boxes, you know, usually in documents, tabs are new documents instead with them, tabs are like, they're ribbon kind of. So that, that was kind of why I talked about that. I'm going on a tad you here but it was a good conversation. Maybe they'll, maybe they'll take some of my advice, you know, and, and you know, tabs shouldn't be a menu. Tabs are for multiple documents. Move the menu stuff into a menu stuff and you know, streamline it cleaner. I also told them the icons local. I mean that's such a small thing. Just. I'm sure there's better theme packs out there, but yeah. Anyway, this is all to say the Libre office is opening up their online release again and you know, looking for a community to get involved and help work on that too.

Jonathan Bennett

Interesting. It's cool.

Jeff

Yeah, it's cool that they interacted with you. You should mock up some stuff just to say, hey, it should kind of look like this. This is what I'm talking about.

Jonathan Bennett

I mean, I can't that Rob has any artistic skill at all.

Jeff

He doesn't have to. He's got AI.

Leo Laporte

Oh, that's right.

Ken

His language everybody's using.

Jeff

Maybe somebody else can mock up something.

Rob Campbell

Yeah, yeah, I told him what was in my head in words and, and yeah, I mean if I could come up with the interface that looked nice, mine would look like 2005 too. Probably more like 1995 yeah, I watched,

Jonathan Bennett

I watched part of a talk that a UX guy did at an Ubuntu summit last year, I think and he was making the comment that Linux, the Linux desktop in general has been stealing from Windows and Mac for years now. And he said, but when you look at what Windows and Mac are doing right now, they have no good ideas either. So he was trying to make the point that you guys should really innovate and try to come up with something interesting and then let Windows and Mac steal from you. Because right now we're just all sort of stagnated in. The desktop is terrible.

Rob Campbell

I mean frankly the Windows 7 look is kind of stolen from KDE.

Ken

Somewhat change, just hint towards something you might want to copy Xerox parc.

Jonathan Bennett

Well that was, that was part of his, that was part of his point is that it's all been copied from everybody else and you have very few people that are actually doing some taking steps forward with these original ideas. And so the Linux desktop sort of has an interesting opportunity to be one of those original idea incubators.

Rob Campbell

Original ideas would be nice, but at the very least at this point with all these ideas out there, various things in use here, you think somebody would be able to grab the best idea of every one of those and put it together into one perfect for today.

Jeff

Well, and that was, I heard that talk too, Jonathan, and it was from a professional UI designer that was basically his job and he was talking about a lot of Linux needs more or Open Source in general, needs more UI designers to go in and just really innovate and make things a lot better because we're not really like Jonathan said, we're not really going too far.

Jonathan Bennett

He also said that he interviewed for the like chief of the Windows UI team or no lead of Windows UI at Microsoft a couple of years ago. It's like I didn't get the job. In retrospect I really dodged that bullet.

Rob Campbell

Yeah, I mean realistically, I mean, I don't know what, what could you do? Maybe we're just so stuck in this paradigm that we can't think of it another way. And what you really need is somebody who's never seen a computer to come in and design it.

Jonathan Bennett

Well, no, I don't even think that's accurate. So one of the, one of the examp that he used of something that Linux has done that has been very innovative is the virtual desktops. Oh yeah. And I think ideas like that where you're not completely tearing everything down and starting from scratch, but you're coming up with new things that sit on top of it nicely. And I think the virtual desktops is a really good example of the sort of innovation that is lacking and I think we could pull off.

Rob Campbell

Yeah.

Jonathan Bennett

Now don't ask me to give you an example of something that nobody's ever done before. I'm not that creative.

Rob Campbell

Yeah, Linux did that, what, decades ago. I think they were around when I first used Linux and now everybody has something similar.

Ken

Yeah, I think part of what's holding the expansion on what you can do with the desktop is that we're right now stuck in a paradigm where we think of that desktop as being on our monitors and the devices that we use to interface with it. How old are they?

Jeff

Well, and some of the stuff he talked about were even small little things like, and I know Ken's trying to segue again, but was like focused on release of a click. Well, you might be so ingrained now, Ken, you don't even realize you're doing it. But it was a small thing. It was like focus on release of a click instead of the initial click because it had some little improvement. And some of the stuff he talked about was very small little quality of life things. It wasn't like totally redoing the desktop. It was just the little, hey, why do we have this? It's more convenient if we did this other thing. So it doesn't always have to be huge paradigm shifts. It can be just be, hey, we just made this a little bit better.

Rob Campbell

So instead of on click on release, which makes a lot of sense because sometimes you actually click and instead of picking up your mouse, you can move it to where you mean to it to do it and then pick up. You can fix your mistakes that way.

Jeff

That sounds. I'll see if I can find that talk and post it in the discord. It was a nice little.

Jonathan Bennett

All right, Jeff. Speaking of. Well, speaking of Jeff, Jeff's turn is up and he is here to talk about laptops and benchmarking. What you got for us. How many years back are we going?

Jeff

Oh, we're going back away. So, you know, this comes from Pharonix and there's a lot of benchmarking that Michael Larable does over at Pharonix. But most of the time he's comparing the next gen hardware, you know, the latest, greatest or the latest greatest software, soon to be released software, whatever, to last gen. Well, this is someone like that. But he's going way back in time, 18 years to be exact. He took the oldest still working laptop that he had and benchmarked every generation of laptops since. Now the goal was basically to see how much intel laptop CPUs have progressed over the almost two decades. So these are only Intel. I think the next interesting thing is even if you're running an old laptop and you want to upgrade, but maybe you're not able to afford anything but another old laptop, you'll better be able to judge how much of an increase you'll get. So you might not be getting the latest greatest, but a few generations back you can look at the charts and just see, oh, this will be a nice improvement or yeah, there's not a whole lot here. Now there's 15 laptops in total, which he ran benchmarks on and he used Ubuntu 26.0 for development on all of these. The oldest was the Core 2 Duo T9300 Penryn processor and it has two cores but no hyper threading and the frequency was up to 2.8 GHz. In the article, they go through all the laptops and they talk about their hardware capability, what's in the laptop and all that. You know, I'll save the listeners all that, you know, cornucopia of data. Just know that the tests include CPUs from, you know, and this just few examples like Sandy Bridge, Haswell, Tiger Lake, Meteor Lake. You know, I'm, I'm skipping a lot of lakes here and I only cherry picked a few. So like I said, there's, there's 15 and they're all different generations. The newest is Panther Lake and it's a Core Ultra X7 358H which you know, when compared to the Core 2 duo has 4P cores. So that's 4 performance cores, 8 efficiency cores and 4 low power efficiency cores. And it's got the ability to handle 16 threads and it clocks up to 4.8 GHz. So massive difference between the two. It looks like the power rating is less, you know, on the, on the newer one. But you know, the Core 2 Duo use uses TDP, which is not a direct power rating is, it's, there's a formula behind it and I didn't research if they changed it over the years. I know somebody did a while, you know, 10 years ago or something like that, they changed the TDP numbers you got. You can't use those as direct power numbers. He did measure power on a lot of the laptops, but the oldest two generations did not have the ability to feedback power information. So there is a little Gap in the power there. Most of them though did have power numbers just kind of though figure it's probably about from the oldest to newest, is the newest, probably uses a little less power, but they're pretty close. And some of that could be because the Core 2 Duo, even though it's only got two cores, it's a 45 nanometer process node and the 358H is a 3 nanometer process node. So huge, huge differences there, not counting, you know, natural design efficiencies that Intel's picked up over the years. Now I do want to point out, while you know, some of the results are extreme, you know, these are being tested in laptops. So memory's different. You know, you're going from 4 gigs of DDR2 to 32 gigs of LPDDR5 and everything in between. Not to mention the other items in the laptop package which has also had speed up and process increases, you know, over the years. So you know, drive speeds and all that kind of stuff. So they focus, he focuses on CPUs but it's entire laptop system. So the just the natural hardware differences are going to be included in that performance difference. Now Michael ran over 150 benchmarks on them and as you might already know if you saw the headline of the story, the biggest jump was with a 95 times improvement. Now that was the extreme case though, which was found in the open SSL testing. So the latest greatest laptop was 95 times faster than the Core 2 Duo. But if you look at the geometric average, which as I've said in the past, reduces the impact of flyers or extreme results, so it doesn't skew your data so much, you still have a 21.5 average speed up from the oldest to the newest. Now a few things jumped out at me looking at the overall results and one of them is the jumps in performance. There will be two or three CPU generations which are grouped near the same performance and then there's a jump. So it's kind of a flat place stair step, flat place stair step. It's kind of interesting that way. So for example, if you have a Core I7 8550U Cabby Lake, a Core I7 85 856U Whiskey Lake or a Core I7 1065 G7 Ice Lake, there isn't a huge difference between them. So I mean you've got three generations that, you know, if you were, if you were going from Cabby Lake to Ice Lake, yeah, it's faster but not a lot. If you go one generation newer, you'd have a much, much bigger performance improvement now there, you know, and in the examples I gave, the rest of the laptop could have an influence, but in that case they were also all three Dell XPS 13 laptops. So and maybe that's why they were all near in performance. There's several cases like that in the results. I just picked out one to give an example of. You can have two or three generations that there's not much difference in. Now I didn't dive super deep into the specific laptop hardware or the differences or anything like that, so I'm not going to be able to talk to deep diving on there. But I would like to note that if you're running a Core i7 1280p or newer, you're doing okay. Yeah, it's slower than the core Ultra 7 models, but unless you're doing a lot of gaming or heavy work, I think you're going to be just fine. You know, you're not that far out of the performance race. A lot of the older machines are decent as well. If you're not stressing them and you're not, you know, okay, make take a little longer to get your work done but you know, if you're not really pushing anything, are you really going to care or notice that much? I know personally, you know, I purchased a laptop a few months ago but the only reason I did is because my old laptop screen delaminated and it wasn't worth fixing. And you know, I'm probably fall under like a lot of people, I don't like throwing away still functioning hardware and in my case the laptop isn't doing a ton of heavy lifting. So for me, you know, yeah, my old laptop was a little slow but I was still using it, you know, and I'd still be using it now if it wasn't for the fact that it, it broke. But if you want to, you know, get more information, take a look at the article in the Show Notes and see where your laptop sits with the use case you have and see if you need to upgrade. And you can also see if you have a good deal on an older laptop which might be an upgrade or a good laptop for a friend or family member that you might want to give them just to just as you upgrade your fleet.

Jonathan Bennett

Absolutely. So one of the things that really sticks out to me is when you think about this and the different generations of processor across these different laptops, the two things that really does matter about the laptop itself around the CPU is Thermals, how well it can dissipate heat and power, how much voltage and power it can actually push into that cpu. Those are the two things that are going to be different between your various laptops because some of them really work very hard at getting rid of heat and allow your CPUs spool up higher. Some of them are just little hot boxes and do not do that very well.

Jeff

Yeah, and that's why I kind of wanted to mention that there's a lot of hardware difference and they're not all Dell, so there's hps and frameworks. So when they say cpu, how well did the manufacturer implement the whole cpu as you said, the cooling, the power? Because when you get a CPU from a manufacturer, you have a window that you can operate in. And depending on what you want out of that laptop, if you're stressing better battery life, you're not going to crank it up as much as if you want the performance numbers. So take it with a grain of salt. But I thought it was kind of interesting just how like I said, a lot of them were pretty similar and there's a lot of them that really aren't that bad. I mean you might be three, four generations behind and it's like you're still doing pretty darn good.

Jonathan Bennett

It wasn't that long ago that I was telling people that, man, as long as you've got more than one core and you're running the 64 bit, that is still a usable processor. I don't know if that's quite true anymore, but there's still some life in there.

Ken

Well, is there anything that you might need more than 2 cores for?

Jonathan Bennett

Plenty of things. But yeah, you could do interesting things with hardware. If it's dual core or more in 64 bit. I mean you can put things to use older than that still, but for actual daily use, at least at that time, that's where I was drawing the line.

Rob Campbell

With the prices of RAM and hard drive storage, storage, SSDs and all that, we're all going to be having to use computers. That's going to make a big comeback.

Jeff

Yeah, well, but RAM prices are coming down.

Jonathan Bennett

Oh, they already started coming down, are they?

Jeff

Yeah, a little bit. I mean they're still, they're still a lot higher, but I think the one to five. Yeah, I mean, but it's, but you can see where it peaked and it's, it's kind of coming down a little bit now and I think the panic buying that certain companies did is, is eased up a little bit. So It's, I mean it's not, I'm not saying it's, it's great. But we've, I think we peaked price wise and we're coming down slightly, so.

Rob Campbell

Well now hard drives and SSDs are up there.

Jonathan Bennett

So you know.

Jeff

Well, they were already up there.

Rob Campbell

They're like double what they were only a few years ago.

Jonathan Bennett

Yeah, yeah.

Rob Campbell

And a lot of them are sold out. I've heard too, like some of the

Ken

big ones that Western Digital, Nothing available until 2027.

Jeff

Well, memories, the same memory, hard drives, SSDs, it's, it's all sold out.

Rob Campbell

Yeah. So if you can't buy it, so

Jonathan Bennett

the price to a year and then

Ken

all those companies that bought all that will start selling off their surplus.

Jonathan Bennett

Yeah, you have a glut after a while. It's what happens.

Rob Campbell

Yeah. Their surplus or their used equipment when they're replacing and then you can buy that.

Jonathan Bennett

Yeah, yeah. All right, let's move on. Let's move on to something else. A little bit more, a little bit more uplifting than talking about the hardware shortages. Ken, if we do happen to have some hardware and we are interested in music or at least audio recording, there's a tool out there that we can use and they just had an update. What's going on in our door?

Ken

Yes, Jonathan, we can thank Bobby Borisoff and Mars Nestor since they both wrote about two hotfix releases to correct a number of bugs in the Ardor 9.0 release. Now, according to Barbie, Ardor 9.1 was released to restore the bottom pane in the editor which was broken during selection changes involving regions and tracks due to last minute changes in 9.0. According to Bobby and Marcus, the latest release introduces a couple of notable new features like MIDI note chasing, allowing a long note and a MIDI track to start when the transport starts, and MIDI note duplication allowing you to duplicate selected MIDI notes right after the end of the last note or to the next snap point after the last Note. Now, Ardour 9.2 is a second hotfix release that fixed an issue with ruler visibility in 9.1, plus a couple of other fixes to prevent a crash that occurred when dragging both ends of a range at the same time or re enable the ability to delete patch changes. According to Marcus, Zoom to Session has been updated as well. Now as always, I do recommend reading Bobby and Marcus's articles for more details because I just touched on some of the highlights they went over.

Jonathan Bennett

Yeah, it's interesting. We went for months and months without an Ardour release and then they did 9.0 and now we're already up to 9.2. Not terribly surprising. They had sort of settled on a stable release. Then they did the big 9.0 with a whole bunch of new stuff in it and things were broken, which normally happens with big feature releases.

Ken

That's why you wait till 9.3 or 9.9dot. Yeah, 9.3 or 9.4 before you actually update to it.

Jonathan Bennett

Right? Yeah.

Jeff

Well, it seems like maybe. Jonathan, you remember, but wasn't there something too. With 9.0 they were waiting for some other package or something. There was something. There was. That was kind of holding them up for a while. It seemed like.

Jonathan Bennett

I know there were some things that they wanted to get done inside of our door. I think that was the main thing. I don't remember any external. I don't remember any external delays. It doesn't mean that it wasn't there.

Ken

But was there anything they were waiting on in relation to either Wayland or pipewire?

Jonathan Bennett

I don't think so.

Jeff

Maybe I'm just thinking they were like, we're going to have this feature done. And it was kind of holding up everything, I think, because. Yeah, that's one of the reasons it took so long to get out. Yep.

Jonathan Bennett

Yeah, but neat to see. Neat to see. I've installed 9.0. I'll have to upgrade to 9.2. Doing some audio editing. I've done just a little bit.

Ken

Not have you run into any of the problems they talked about?

Jonathan Bennett

No, I haven't crashed it yet. I haven't done a lot with it. We've had a.

Ken

Maybe that's a good thing.

Jonathan Bennett

Yeah, we've had a couple of interesting weeks in my life. The kids are just getting over being sick, so didn't have a whole lot of time for coming in here and doing the audio editing stuff.

Jeff

Somebody really a power user?

Jonathan Bennett

I don't know. All right, we're going to move into MESA here in just a second, but first we're going to take a quick break. We'll be back right after this.

Leo Laporte

Hey, guys. This episode of Untitled Linux show, brought to you by OR Spitwarden, the trusted leader in passwords, passkeys and secrets management. It's open source and if you ask me, that's critical. I would not trust anything with crypto to anything that's not open source. You don't want closed source projects. And Bit Warden is open source. It's also consistently ranked number one in user satisfaction by both G2 and software reviews. They've got 10 million users now across 180 countries, more than 50,000 businesses. I'm one of them. I love Bitwarden. Whether you're protecting one account, just yours, or thousands, Bitwarden keeps you secure all year long with consistent updates. They've added something for business that's vital. They call it Bitwarden's access intelligence. With this, organizations can automatically detect weak reuse or exposed credentials and immediately guide remediation. They will help your employees replace their bad risky breached passwords with strong unique ones. And that is a major security gap. Credentials are probably the top cause of breaches, but with Bit Wardens access intelligence, no fear. They become visible, prioritized and corrected before exploitation can occur. I think you ULS listeners are going to like this one. Introducing Bitwarden Lite Bitwarden Lite delivers a lightweight self hosted password manager. This is perfect for home labs, for personal projects, any environment that wants quick setup, minimal overhead. This is because Bitwarden listens to their users. You Bitwarden by the way, has enhanced all accounts with that real time vault health alert that we just talked about. That means those password coaching features will help you identify weak, reused or exposed credentials and immediately take action to strengthen your security so you don't have to ever worry about that. Bitwarden also supports direct import from your browser. So a lot of people the first password manager they use is their browser's password manager. But it's less convenient. It's only on the browser. In some cases it's less secure. You really want to move on to something that is a full true password manager. You want to move to Bitwarden. They can now directly import. In fact, when you install Bitwarden it'll say hey, I see you have passwords in Chrome, Edge, Brave, Opera, Vivaldi, let's set that up on Bit Warden and even optionally delete them from the browser so that your passwords are now safe and convenient. And on every device you use, it does this directly too. There's no export to a clear text file that you then have to import and remember to delete. That not only simplifies migration and eliminates the exposure of having that clear text password vault sitting on your hard drive there. G2 Winter 2025 says Bit Warden continues to hold strong as number one in every enterprise category. And that's not just for the most recent quarter, that's for the sixth most recent quarter, six straight quarters. Bit Warden setup is easy. I can tell you, you know, from personal experience, when I moved from that other Guy Steve Gibson and I both did this roughly the same time. It was a snap, took a couple of minutes and now I feel safe. I'm on bit warden.

Rob Campbell

I love it.

Leo Laporte

The import is almost automatic from almost every password management solution. And again, it's open source. That means the open source code is regularly audited by third party experts. You probably saw the report from ZTH Zurich talking about the risks if a malicious hacker can get into and host your password vault and actually access it. Because it's open source, ZTH Security Zurich was able to use Bitwarden along with other password managers, examine their code, find some attacks. Bitwarden said, thank you zth, we appreciate the work you've done. And they responded. They hardened their security. It's not a surprise. Bitwarden meets SoC2 Type 2 GDPR, HIPAA CCPA compliance, ISO 27001:2002 certified regular third party audits. You can look at the source code. That's what you want. Get started today with Bitwarden's free trial of a teams or enterprise plan. And you know what if you're not using it, Good news individuals. It's free across all devices. Unlimited passwords, passkeys, secrets, management. It will generate and store your SSH keys and then deliver them when you go into ssh. That is so great. That's all free for individual users. For Life Forever. I pay a little extra. I pay 20 bucks a year for the premium. You don't need to. Free forever. Bitwarden.com TWIT I'm sure you're using Bitwarden. If you're not, check it out. Works great on Linux too, by the way. That's where I use it. They also have a command line version on Linux. Bitwarden.com TWIT they have an MCP server for your. You know you're coding so you don't have to let your credentials. You know you want to open Claw, you can use the MCB server so it never gets the credentials. Things like that. These guys are always thinking. Bitwarden.com you know who else is always thinking? Jonathan Bennett and the Untitled Linux show crew. Back to you.

Jonathan Bennett

All right, so in the continuing and ongoing drama between Open Source and AI, there is yet another project that is wrestling with this problem opportunity. Mesa. MESA itself. There is a draft AI policy that is now it's a merge request within mesa. Carol Herbst is actually the one working on it, which a friend of mine. We've talked about his stuff before and rather than being prescriptive in this he is simply laying out some potential solutions and it's things like disallow any autonomous AI agents, which I would recommend because you never want to see the oh, I didn't know my AI agent opened this pull request. Sorry. It's just, it's not good for the project. One of their proposals here is no substantial AI generated code, which that one's probably not going to pass. That one is maybe throwing the baby out with the bathwater. We'll say a complete AI ban is another part. And there are projects that have taken this approach, by the way, but completely banning AI because of legal, ethical and quality reasons. These are all proposals. These are not necessarily the things that they're going to do. These are just options that he is putting out. Another proposal is full AI transparency, which is if you use AI, you've got to, you've got to let folks know.

Rob Campbell

Or

Jonathan Bennett

it looks like the. Another proposal here is that they specify individual files and subdirectories that AI is either allowed or not allowed in that particular place. That seems to be. And that's, that's mainly around the idea of sub projects. So a per sub project rule. And I just, again, I think it's interesting to see all of these open source projects wrestling with this problem because it is, it's such a big and present problem because what, you know, what we've done in pushing out all these AI tools is this thing that used to be sort of almost elite activity of writing code. Not that people couldn't do it, but it took a lot of work to do. It is now opened up a lot more people can participate in it. Well, by doing that you've also introduced the same problems that you have when lots of people participate in something. And that is not all of those people are good actors. And having that sort of influx sort of overwhelms the policies and the things that are in place in the individual projects. And so you've got, you've got everything from bad code being written all the way up to. We just don't have enough reviewers to try to review all of this code that's being written. And we've talked about this before, so I won't, I won't belabor the point. It's just, it's interesting to see now yet another project mesa working on this and I look forward to seeing what they come up with. It'll be, it'll be very interesting. Quite a few, quite a few comments on it. I've not read through the comments yet, but I expect that to Be interesting as well. Any thoughts?

Jeff

My prediction is they're going to make submitting code harder and if you have total garbage, maybe ban you for a certain amount of time, you know, like, okay, you're on a six month probation. Because the way I understand it, a lot of problem with the AI stuff is just people are just, oh, look for problems, throw it in and send it in. And nobody's checking anything. Nobody's really even understanding it. It's just garbage. And the problem isn't the AI code as much as it is. Nobody's really looking at what comes out and testing it and going, oh, okay, this is actually a valid thing. Now let me send it in.

Rob Campbell

Yeah, like when I used AI and it completely deleted my. What was it? I think it was on my VPs's online. I had to restart.

Ken

I recovered it for you.

Rob Campbell

No, no, that was somebody else. Who? That wasn't me. That was a story I did last week. Who. It deleted some directories and recovered it. I was trying to do something with Ansible and my online VPs and it deleted instead of whatever I was trying to get to do.

Ken

Just a suggestion, you can fork it and throw AI at that. Fork all you want.

Rob Campbell

I, I saw a headline this week about something about AI fixing a, a Linux WI fi driver. I didn't, I didn't go in and read it, but I thought we had enough AI stories and I could take a break on that.

Ken

But,

Jeff

well, and, and the reason I, I made my comment is because I think the authors and maintainers of these programs don't care as long as they get quality code. If all the submissions, they suddenly get 5x more submissions, but everything's like, oh yeah, this is great, you're really fixing things. This is good. It's been tested. I think they'd be thrilled. It's just, you got to weed through so much garbage now.

Jonathan Bennett

I think that's only part of the problem. You have a couple of other elements to this one. There's a large and maybe growing group of people that just believe that because of the way AI is trained on existing work, it is in and of itself unethical. It is, you know, to that group of people, it is stealing the work of other people. And I am, personally, I'm not entirely convinced of that. But I am also not unsympathetic towards that viewpoint.

Rob Campbell

And then there's the complete opposite in the spectrum where AI is like a baby or somebody learning and it's learning from that code just like a person learns from that code. And when we learn from code, we unknowingly probably actually copied lines.

Jonathan Bennett

I am also not unsympathetic to that viewpoint as well.

Leo Laporte

Right.

Jonathan Bennett

I get both of those arguments.

Jeff

Because you could bring in, oh, you looked at Stack Overflow, therefore you're taking somebody's code.

Jonathan Bennett

Yep.

Ken

Well, isn't that the optimal way to do it?

Jonathan Bennett

Well, but when you look at Stack Overflow, there's. I don't know if you guys have looked into this. There's actually a Stack Overflow license. There is a legal requirement when you copy and paste code from Stack Overflow and they use one of the existing licenses with a slight modification which basically just says the only thing that you're required to do is when you copy and paste this code, include a link to the Stack Overflow answer where you got it from.

Ken

Huh.

Jonathan Bennett

It's interesting. Yeah, there's literally a Stack Overflow license in that.

Rob Campbell

I've never done that, anything I've ever copied from there, but I've never published anything either that's been copied from there.

Jonathan Bennett

Oh, okay. Well, you're probably, you're probably fine. I'm not a lawyer, but you're probably fine.

Jeff

I'm not a coder either, so I didn't know it.

Jonathan Bennett

The other problem with that, Jeff, is that even if you're getting good code, there's a couple of questions and it depends on what project you're talking about. But like there's questions about even though this code is good, is the thing that is attempting to do the direction that you want the project to go. In mesa, that may not be quite as big of a deal because they sort of have some clear cut thing like, okay, here's the standard. We want to support all of the standard. We want to get as high a frame rate as possible. Grossly oversimplifying, I'm sure, what MESA does, but there's already a framework of here's what you wanted to do, but you think about another project that has much less of a set framework of what the project is supposed to be about. LibreOffice. Let's just say someone vibe codes a new feature that is you push this button and it automatically rewrites all of your. It makes all of your writings more concise. Well, the code to do that may be just immaculate and beautiful, but half of the people that look at that are you. No, that's dumb. We don't want that button to be in LibreOffice at all. And so there is kind of a difference here between like the quality of the code versus the direction that you want the project to go. And I think that's part of the. I mean, that's part of the thing you have to think about here because you're allowing all of these people that have not spent time in the project to suddenly write what may, you know, as AI gets better, it's going to be better and better quality code. But they may not have the same, like, philosophy as what the direction the project should go.

Rob Campbell

I mean, that's true, but a person could do that too. Like, Right. You know, a good coder could go and be like, I really wish this had this button and nobody's doing it. So I'm going to go on there, write this code and I'm going to commit it just like that. If they don't want it, they decline the commit.

Jonathan Bennett

So here's the difference. When you're talking about a person doing that, you will get one or two of those a month. Now with AI, you're getting one or two of those a day.

Ken

So it's not an hour.

Rob Campbell

And being flooded.

Jonathan Bennett

You're getting flooded. Yeah. And the more popular projects is even more so. Why? Some popular projects have said, look, we're just going to close all the. Only, only existing committers now get to open port.

Rob Campbell

I mean, you could even get flooded with good codes. You could get flooded potentially, I'd imagine, with multiple people doing the same thing from AI different ways. Like if you have five people that want it and, and they all commit the same thing, but obviously different ways because one's using Gemini, one's using Chat, GPT or whatever. Yep.

Ken

But like I said earlier, those individuals always have the option to just fork it and make the changes within that fork.

Jonathan Bennett

Absolutely. Is that is part of the point of the gpl.

Rob Campbell

I'm going to fork Mesa, call it AI Mesa, and it's all going to be

Ken

Rob's AI Mesa. We're going to have to specify because there's going to be another. By me.

Jeff

You got to play in it. We're not doing Mesa. We're doing.

Jonathan Bennett

But you're going to call it Flat Hilltop. But yeah. All right, what about Android? Little birdie has told me that we've got some Android news, or at least ponderings here. I think that's one of Rob's stories.

Rob Campbell

Yes, we do. And I don't know, maybe it's time for you to look for something other than that Android tablet. I don't know. But so, because, because, you know, a few months from now, I think we've, I think this has came up in the show, but now there's a website, an open letter to Android. But here's.

Ken

Here's.

Rob Campbell

Here's the show, here's the. Here's the gist of it all. A few months from now, Android could quietly become a lot less. I don't know Android or open or whatever, but there is a campaign site called keepandroidopen.org and it's raising the alarm about a policy shift Google says is coming starting in September 2026. Apps on certified Android devices may need to be tied to a verified developer in order to be installed, even if you are not using the Play Store. On paper, developer verification sounds like good security. You know, less malware, fewer scams, more accountability. But the concern is what happens when that verification becomes a gate. Once a distribution requires centralized registration, you don't just get safer apps. You also get a single point of control. Developers can be blocked. Entire categories of apps can be chilled out of existence just for whatever reason they want, really. And users lose something that has always made Android different. The ability to install whatever you want from where you want because you own the device. One of the things I always liked about Android was I could write my own little hobby app. Like, there was a thing. I don't even know if it's around. I haven't done it for a while, but there was an old thing called MIT App Inventor that made it easy, right? App I could just silo the thing on. And I played with that quite a bit, you know, and just. I just played around. But if I'm not a, you know, registered developer, I can't even do that on my own device. This is why the stakes are bigger than a technical policy update. For years, we've lived with a balance of one totally closed system, the iPhone, and one that was fairly open. Android. I'd like to see it be even more open. But, you know, that mix gave us choice. You could choose Apple's walled garden, you could choose Android's flexibility, but if Android starts moving towards software only when approved that, you know, the choices collapse. You know, suddenly we're not choosing between two philosophies, we're choosing between two versions of the same lockdown future. There's just, you know, no difference or even much of a real reason to choose one over the other anymore. They're all just appley, whatever. Nothing's wrong with if you like Apple, but choice. I like to, you know, my device, my device, my choice. Right. You know, and that's exactly why it's important that we get the Linux phone ecosystem going. I mean that's, this is my own side opinion to this open letter to Android. You know, they just want Android to be open and I don't know if anyone's going to listen to them. This is why I think we just need to get the Linux phone ecosystem going. I mean there's been attempts, but I don't know, you know, we need, we need more. Not as just a hobby project, not as maybe someday we'll be there as a real third option. A platform where distribution, distribution is controlled by a single company, where sideloading isn't treated like a problem to be solved and where openness is a design principle, not a marketing slogan. But you know, once, once openness is gone in Android, it's, or anywhere, you know, it's incredibly hard to get back. You know, they're never going to give it back to us later. They're. It's just going to get locked down tighter and tighter. In fact, I don't know, aren't they moving away from, they're moving them away from Chrome os, that's what. But anyway, you know, we're gonna need somewhere else to go and so somebody, you know, maybe my future story that I have come up here, my third story is a step that will help that it's. I don't know, we'll see. We, we need something if all we're gonna have these lockdown Android and iPhone and whatever's available to us.

Jonathan Bennett

Yeah, you know, I very much agree but at the same time I've covered security long enough to understand that there is a problem that there's a very real problem that Google is trying to address here and that is that being able to sideload APK so easily gets lots of people infected with malware. And that is a real problem too. So I don't, I don't know what the answer is, but making it harder to side load APKs for normal people is probably a net good thing. But making it impossible for people that know what they're doing to sideload APKs is a very bad thing. So I'm stuck in the middle. I understand both of these.

Rob Campbell

I can understand making it hard. It's not like it's really easy. I mean you have to put in developer mode and get the app. Last time I sideloaded you had to switch into developer.

Jonathan Bennett

I downloaded the RetroArch APK and installed it in about 20 seconds. Did not have to go into developer mode. There's just an option there. Do you Want to accept APKs from this source you click Accept APKs from Google. Click Google Chrome because it's where I downloaded it from. Click OK it installed it. It was very fast.

Rob Campbell

Then maybe all they have to do is go back to the way it used to be when you had to turn on developer mode because I haven't siloed an Android. I haven't had an Android tablet for a while or, or any. I mean I still have it. I haven't used it for a while but back in the day the directions I followed you had to. You had to jump through a lot of hoops. You had to put in developer mode and I don't know it wasn't, it wasn't that easy.

Ken

Just question because I don't know off the top of my head but for are how many uncertified Android devices are available?

Jonathan Bennett

Not very many. You can get sketchy ones made in. I don't want to be sketchy ones. Some third party nations in other countries.

Rob Campbell

Yes, it's pretty much the ones that don't have the. I mean if they're not certified they can't run the Play Store.

Jonathan Bennett

Correct.

Rob Campbell

And you don't see that very much.

Jonathan Bennett

That is essentially what it is uncertified that it's talking about access to the Play Store, access to Google Play services. So Google has this whole. And this is how Google has exerted more control over Android while maintaining the Android open source project as being GPL is. A lot of features have moved out of AOSP into Google Play services and you're only allowed to run Google Play services on a certified Google Android device. And there's all these things that you've got to do for it to be certified. One of those is now going to be only running these signed APKs.

Jeff

So I hope, I hope this is a safe space to just say this, but I've never sideloaded an app.

Jonathan Bennett

Yeah, there are, there are some interesting things that you can do with side loading. I think for a while

Ken

you can put another operating system on the application or the device. That's what I did with my nukes that I had put another launcher on there.

Rob Campbell

Yeah. Instead of launching Straighten up F Droid so you can have a different package in the Play Store. You're back. You were staring off into the distance there.

Ken

Now I'll have to admit I have side loaded Google Play and Google Play services onto a Kindle just so I can get access to some of those Google services.

Rob Campbell

I guess there's one right there. I guess the open choice for Android is going to be kindle now actually

Ken

no, because they're switching to a new operating system, aren't they?

Rob Campbell

I don't know. Not that I heard, but.

Jonathan Bennett

All right, I think I'm back.

Jeff

You're back.

Jonathan Bennett

All right.

Rob Campbell

You're back again.

Ken

We hear you and see you lips move.

Jonathan Bennett

So I came back the first time and I couldn't hear any of you guys saying anything, but I heard the sound of a car driving by, which is the weirdest thing. Like nobody was saying anything. It was just

Rob Campbell

you got somebody else's audio.

Jonathan Bennett

It was weird anyway.

Rob Campbell

But yeah, maybe, you know, if we can't get a Linux phone, maybe we'll get some more open AOSP phone options. Which, which the prob. The hard thing I think for that is I think not only. And maybe this got shot down. I remember there being a thing that like let's first say Samsung. If Samsung, if they have a certified Google phone with the Play Store on it, they can't also make another one with aosp. I think that was at one point, I don't remember. I think there's some legal stuff. Maybe it got shot down. But that was something that on point.

Jonathan Bennett

I mean that sounds, that sounds like the kind of thing a company would try to do that would be due to be sound a bit sound business idea, honestly. Maybe not the, the best thing for the consumers, but on the business side of things that would be a sound idea. One of the other, one of the other things with this is to be able to get DRM like Wide vine, you've got to, you've got to be certified which essentially means, you know, do you want to be able to watch Netflix and Amazon prime video on this device? And if you, if you don't have, you know, if you can't pass the Google certification and get on the Google Play store, you also don't get your widevine certificate.

Rob Campbell

Well, if you got a Kindle, you're not a Google certified, you could, you can watch Amazon and Netflix. I don't know.

Jonathan Bennett

Yeah, that's true. I think Amazon has their own, their own system, their own way to do that within those. But I mean outside of that, if you don't have, you know, a multi billion dollar corporation backing your product.

Rob Campbell

Gotta be right.

Jonathan Bennett

Anyway, anyway, let's move on. Now that we've talked about Android, let it twice break now. Yeah, well we're not breaking it, we're just changing it. Jeff, what is up with Sudo rs?

Jeff

Oh, this is. We. We got another one coming. Vim or Emacs, which one is better? Pearl vs Python systemd vs init.

Jonathan Bennett

Actually, I use Nano and that's.

Jeff

You should be using Fresh. You're just behind. That's okay. What's the best distro? These are all topics which a lot of people in our audience are going to have possibly very strong feelings on. Well, we have a new one to add to the list. Should sudo show stars when you type in your password or not. Now, this is showing up on Ubuntu 26.04 development release, and the sudo in question is sudo RS, which is the Rust rewrite of the sudo command. Now, if you remember, a lot of the core utilities are being rewritten in Rust to speed them up, make them safer and make them more secure. And we've covered that in the past. And that's the set of core utils that Ubuntu is going with. Well, with this rewrite, there's a change and it's ruffled a lot of feathers on both sides. So now when you issue a sudo command when you type in your password, it will show asterisks for each character that you type, pretty much like everything else does when a password is needed. Well, this was enabled by default two weeks ago by setting the PW feedback option. And the reason for this change, and this is a quote from the authors, change the default. So asterisks are shown when entering passwords. It's still possible to disable the asterisks by explicitly turning off PW feedback off. So this is not undoable, it just changes the default. This fixes major UX pain points for new users, basically interface points for users. Security is theoretically worse since password links are exposed to people watching your screen. But this is an infinitesimal benefit, far outweighed by the UX issue. Outside the sudo login, no other password entry interfaces omit asterisk, including others on Linux. So basically they're just saying everybody else is already doing this. So, okay, removing this one, adding asterisks for this one case, not really that big a deal, versus, you know, help helping new users with their interface so they understand that when they're typing, it's actually going in. This does break with tradition, and some have filed it as a bug report. And the bug reports is, if you look at them, can tell there's some very strong feelings involved. You know, when they're creating, when someone's creating these reports, they're enthusiastic, we'll say. Currently, the bugs filed because of the asterisks are being flagged as won't fix. Now, personally, I don't have really strong feelings on this, and I agree that if you have a good password, just knowing the length is not going to help crack it a lot. I mean, especially for the average person. You know, we don't have huge monster machines trying to crack what, what our password is to our, you know, machine that we play Steam on. But, you know, and honestly, if I was shoulder surfing and wanted to know someone's password, I'm not going to look at the screen. I'm going to be looking at your fingers on the keyboard and trying to figure out, you know, figure out what you're typing, you know. And I also agree with the authors on this change that the pseudo command is like really only one of the places that doesn't give feedback to show that a character was typed. Now, just in case somebody's, you know, listening to this and they just hate this, all it's needed to do is change. To change back to the old method is just add the line default space, exclamation point pw feedback in their sudo config file and it'll operate like it always has in the past. So, so is this is. This isn't something that can't be undone. It just changed the default. Take a look at the article linked in the Show Notes for more details on this and let us know what your thoughts are on the Club Discord. And I'm curious if any of my co hosts have any opinions on this.

Rob Campbell

So I'm mostly indifferent, but I know from like a perspective I do have on this is something recently experienced. I mean, I've experienced more than just recently, but also recently is like some switches, Cisco switches and various things like that. The command line interface also does not show asterisks when you're typing in a password. And I know from that experience, you know, managing other switches like that, that sometimes not being able to know if your keys are typing in or if they're typing incorrectly, especially if it's remotely. And sometimes you get weird things like double key hits and weird and keys missing, they can lead to bad password hygiene. Like myself this week, I was trying to log into a switch. The password wasn't working. I'm like, I'm typing it really slow. Isn't that. Is it working or what? So then I type it in like a, a text editor or a URL bar or somewhere where I could see it, and I type it out there, see that it's there, right? Copy it and paste it. So anyway, not being Able to know if, if, if. If you're actually getting your keys in there can lead to some. Some bad hygiene.

Ken

Just don't make the mistake of hitting enter on the URL.

Jonathan Bennett

How many of us have accidentally typed our password into Discord before? Come on, guys, raise your hands. I know you've done it.

Rob Campbell

I don't know if I've done it, actually.

Ken

I don't type my password. I just use pull out my phone and scan the QR code.

Rob Campbell

I know I've typed it into various chats before. I don't remember if discord was one specifically, but I have typed it into

Ken

places I shouldn't have where the username goes.

Rob Campbell

Well, I've done that too.

Jonathan Bennett

But, yeah, I believe I have done it. But I've seen other people do it multiple times too, and each time it's like little message like, dude, is that string of noise your password? You might want to delete that.

Rob Campbell

I've seen that in our. In our work team chat all the time, like, various things. And I always, like, say, now, I'll

Ken

admit, but when I'm creating an account and setting up the information for the username and the password and whatever other information they may ask for, I'll open Capa Kate up and use it as a scratch pad, and then I'll copy that into the record that I create for that password and then close Kate and just say, discard. I don't reboot. I probably should reboot after doing that, you know, And.

Jeff

And I file this under, you know. Okay. If you know someone's password length, it is less secure, but it's one of those statistically significant. Realistically not. I mean, because if you really have, like, oh, I don't want anybody to know my path. I got to keep this secure. Well, you better be banging a lot of keys, because if it's like eight characters, then you. You fail.

Rob Campbell

But like you said, I mean, you said if.

Jonathan Bennett

If you.

Rob Campbell

Honestly, if you know the exact length of the password, you do not need a very powerful computer to crack that.

Jonathan Bennett

Well, depending upon how long it is. But, yeah, it helps a lot.

Jeff

Yeah.

Jonathan Bennett

So you guys have seen the movie Sneakers, right? Yes, the wonderful Robin. Yeah, it's one of the best Robert Redford movie. All right. Partway through that movie, they set up an op on a scientist, and they set up on the roof of the building next door, and they are recording through his window, and they watch him type his password in on his keyboard. And they're able to figure out. I don't think they actually Figure out his password, they're arguing back and forth over the password and then the blind guy figures out that we don't need his password, the thing we want is right there on his desk. But anyway, I'm thinking about that because I'm thinking about this if you're really concerned. So like the scenarios where the number of asterisks showing up is really a danger is sort of that kind of scenario where someone is recording over your shoulder. Because like I think it was Jeff that said if somebody wants to shoulder surf, they're going to be watching your keyboard, not your screen. So really the scenario that you're worried about is somebody recording you over your shoulder where they're trying to get both. And like if you're in a position to. Where you actually have to think about that sort of a threat, like if that's in your real threat matrix, then you need to be on top of making changes to do things like turning this off because it's trivial enough to do it. All that to say I don't think this matters for anyone, that. No for users, for regular users, for anybody that it would matter for. They already have like a security policy in place, place to check these things. So I think it's a non issue. I think it's a. Who cares? It's a nothing. Yeah.

Ken

And everybody uses 20 plus character passwords on the terminal anyways, right?

Jonathan Bennett

Yeah, of course, all of us do. All right.

Rob Campbell

I read an interesting recommendation online when I was reading about this. Somebody said instead of having it show up, just have it change a character on the screen every time. So like a star and then a slash, but only one. So then you can't like see the full length, but you could see that it's taking something in an input.

Jonathan Bennett

Yeah, that could work.

Ken

So with sudo rs, you're not worried. Where are you worried about using that password? Getting it broken or compromised?

Jonathan Bennett

Obviously in my access to gaming.

Ken

So. To your Steam client.

Jonathan Bennett

Exactly. So we're gonna take a quick break and then we're gonna let Ken come back and distract us with some gaming news. We'll be right back after this.

Jeff

Your little one grew three inches overnight. Adorable.

Jonathan Bennett

Also expensive. Sell their pint sized pieces on Depop and list them in minutes with no selling fees because somewhere a dad has

Jeff

refuses to pay full price for the

Jonathan Bennett

clothes his kids will outgrow tomorrow. And he's ready to buy your son's entire wardrobe right now. Consider your future growth Bird. Budget secured. Start selling on Depop where taste recognizes taste.

Jeff

Payment processing fees and boosting fees still apply.

Jonathan Bennett

See website for details.

Ken

Well Jonathan, as you said, I am going to distract you with some gaming news about all that discussion about passwords, especially since this week Bobby Borisoff wrote about Wildfire Games releasing 0 AD 28. I'm going to spell this out because I've never figured out how to pronounce it. B O I O R I X something Ricks and this is a new version of the free open source real time strategy game of Agent Warfare. What is so important about this release is that Wildfire Games drop the alpha label entirely. This release also adds a new playable faction, the Germans. This semi nomadic group includes the Cimbri and the Teutones and features a flexible economy with supply wagons and fortified wagon camps. Now 0ad28 also introduces several technical and gameplay improvements including direct font rendering, new game setup options, and engine and platform updates. Now Bobby's article expands on these and others improvements, so I'm going to recommend reading that and let that put you to sleep instead of my voice.

Jonathan Bennett

Apparently It's BoyerX. The AI says it's Boyrex.

Ken

Al says Borix no, I'm sorry, I'm going to start saying Al anytime I see those two.

Jonathan Bennett

See we've got a writer on Ed Hackaday whose name is Al and it is indistinguishable in the font that we use Al and AI and he has fun with it and we catch grief for it. This article written by Al no, we promise it's not AI it's alright.

Rob Campbell

And you can call me Betty. Sure.

Ken

Bring us to the Paul Simon song.

Jonathan Bennett

Indeed. I know that song.

Rob Campbell

Bran Home Yep.

Jonathan Bennett

All right. Yeah, the fun I I've played a little bit of 0 AD. Need to get back to that again. So many, so many games. Not enough time.

Jeff

Too many games in my Steam library and go man. That's why I can wait for the Game of the Year Cheap Edition because I got such a backlog that I've

Rob Campbell

been gaming too much. I took February off gaming. My back was starting to hurt from sitting in the chair too much.

Jonathan Bennett

I sit in the chair a lot, but it's not very often. It's gaming. All right. So there was something interesting that I saw happening this week, really fascinated me and that is Gnome. Well, Gnome is having to cut some costs and they've come up with a very unique and clever hack for cutting their hosting costs. Gnome uses a I believe it's a locally hosted, privately hosted GitLab server to host all of the GNOME repositories. They have mirrored their git repositories on GitHub, Microsoft's Git service. And now for several of these public repositories. When you go to clone them, you actually get redirected over to the GitHub repository to clone the GNOME code, which is, again, as I said, clever, and it's hilarious to me. One of the other fun things is that I don't know for sure that GNOME has been one of these, but a lot of projects have said we're not going to be on GitHub because we don't want our project to feed the AI machine. It's like, well, but you're hosting your code there, so it's getting snarled up into the AI machine. I can't help but think that this is, if not explicitly against the terms of service, this is obviously not the sort of thing that GitHub wants these projects to do. Only use GitHub as a mirror. If too many projects start doing this, I imagine GitHub would have to crack down on it and put a stop to it. It's just. It's just funny to me. It's clever. Like, it's a really clever hack, but it's.

Rob Campbell

Why not just move to GitHub? I mean, if you're going to use it for a mirror anyway, why.

Ken

Basically, you're using it as your front door.

Jonathan Bennett

Not really even your front door, more like the sidewalk. It's. It's more like. So to torture the metaphor, it's like there's an empty lot beside your house and you store your extra stuff there.

Rob Campbell

But again, why. Why not just. If you're going to use it, just use it. Are they trying to hide it because they're embarrassed that they're using a GitHub or what?

Jonathan Bennett

I mean, I.

Ken

Because they've already paid for GitLab.

Jonathan Bennett

I will. I don't know if they're paying for it or not. Well, obviously they're paying something for it because they talk about their hosting costs. But I don't know exactly what that relationship looks like. It is not a trivial thing to migrate from one project service to another, to go from GitHub to GitLab, or in this case to go from GitLab back to GitHub. And this is something that you can do pretty easily to just put some mirrors up and redirect your git traffic to that. So, I mean, it may be that they're going to consider going to GitHub. I would guess that there are enough people that are ideologically opposed to Microsoft and GitHub that they don't want to do that, but, you know, make the. Let's see, how would that go? There's a joke in there. Something about making the devil pay for it. I'll come up with it later.

Ken

Given the devil his due.

Jonathan Bennett

No, no, it's sort of the opposite of that.

Ken

Yeah.

Jeff

I'm kind of surprised, though. There's really that many downloads or, you know, mirroring the repository. I figured most of the time, 99 of the people are pulling it off of just regular repositories and running it. You know, they're not.

Ken

I'm wondering. This is. They're seeing the AI scrapers.

Jonathan Bennett

I'm sure that's part of it. That's part of a traffic spike all around. The Internet is where scrapers are doing this for AI training.

Jeff

Well, that's why a lot of times when you go places, too, you'll see this. Are you human? And things spin for a bit. And then it says, oh, you are. Well, they have a computational challenge that. Okay, takes a second on your machine, but if you got a scraper out there doing millions at a time, it turns into just an obnoxious load for them. And they try to avoid those sites. Yeah.

Jonathan Bennett

I am dubious that that actually works, though. The anime Catgirls protecting the Colonel. I forget his name. The Google security engineer ran the math on that and deduced that it was such a small amount of compute that was required that it wouldn't stop anybody.

Jeff

That's the theory. I don't know. Yeah, but that's why you'll see some of that stuff.

Jonathan Bennett

I can see his picture in my mind, and I can't recall his name. Tavis Ormandy. That's who it is. Took me a second, but, yeah, Tavis Ormandy, on his blog rant, actually ran the math on that. It's such a small amount of compute. The people running the LLMs, they. They, they. They. They drop that. You know, it's like they drop that amount of compute on the floor. That. The amount of money that. That you pay for with that. Like, they pay that every day buying Mountain Dew for their programmers. Like, it's such.

Jeff

We call that a rounding error.

Jonathan Bennett

Yes. Yes, it is. Absolutely a rounding error.

Jeff

So then every time you go to the site, you need a little more computational challenge. You got to, like, render the full Big Buck Bunny or something not on Blender before you're allowed to.

Jonathan Bennett

And the problem is. So that's. That's. That's a valid point. The problem is that you eventually get to the point to where regular people, particularly on older hardware, can no longer access it because you've got to turn the difficulty up so high to actually keep the people out that you don't want to get. Just. It just doesn't work. The math of it doesn't ever work.

Jeff

Well, I wasn't being serious.

Jonathan Bennett

I know, but it's still like you, you weren't. But that's, that's the, that's the real, that is the real trade off. Like if you were to try to make it difficult enough to keep OpenAI or whoever out, you would keep the people that you want access out as well. All right, Rob, what is up with Fedora Pocket Blue? This is your Linux cell phone thing again.

Rob Campbell

Yes, it is. So in response to my last story, this is something that may help move our open source loving phone ecosystem forward just a little bit, at least once it gets mature. So Pocket Blue is a new community project in the mobile Linux space and is focused on bringing Fedora Atomic to mobile devices. The project is called Fedora Pocket Blue Remix and the idea is to provide Fedora Atomic style systems that can be installed on supportive phones and tablets. Develop the developers described it as a work in progress and they recommend testing it only on spare hardware at this time, not a daily driver. If you haven't followed Fedora Atomic before, the key concept is that the base operating system is immutable, meaning it's read only, and instead of updating by changing individual packages across the system, updates are delivered as a complete image swap and that makes rollbacks possible if an update fails or causes problems. So really quite similar about to how most phones do their updates today. Pocket Blue builds and distributes these images using tools and technologies like OCI Containers, ostree and Bootsee and it's based on upstream Fedora Atomic variants like Silver Blue and Kenna White rather than being from scratch, rather than based on those, rather than being a from scratch distribution on the user interface. IPocket blue images are offered in multiple variants depending on device. Most of supported hardware gets five options GNOME Desktop, GNOME Mobile, Plasma Desktop, Plasma Mobile and Phosh, which is the phone desktop or phone Interface. The orange PI 3 LTS also has an additional TTY image for headless no desktop setup, which I'm not sure what that has to do with being mobile or whatever, but whatever. As of the announcement, supported devices include Xiaomi Pad 5, Xiaomi Pad 6, OnePlus 6 and T6, Xiaomi Poco F1 and Orange PI 3 LTS. The OnePlus 6 6T and Poco F1 share the Qualcomm SDM 8, 4, 5 platforms, which has seen strong community support for machine Linux over the year or mainline Linux over the year. You know, look at the list. Lots of Xiaomi devices, which is unfortunate because I, I think those are still banned in the us they were last I knew. So we just got the one pluses and mostly in that list. But anyway, still early. But one more effort to make Linux maybe a serious OS for smartphones in my opinion. It's getting ridiculous out there, the whole smartphone debacle we have going on. If someone could make a full functioning Linux smartphone, I think it's getting to the point where I would pay maybe some serious money for it. I'd be willing to pay the premium dollars. Just, just make it work. Get a phone on there.

Ken

Not too hard.

Rob Campbell

But I mean is it, is it really that hard of a problem that no one is able to invest and just get it to work? I mean, I don't know.

Jonathan Bennett

So here's the thing. If you want this, you can get it right now. Go buy a OnePlus 6 or OnePlus 6T.

Rob Campbell

Yes.

Ken

So is it pre installed or.

Jonathan Bennett

No? No, it's not going to be pre installed. But you can put that those are a couple of the phones that are really well supported for doing these Linux phone OSs on them.

Rob Campbell

Yeah, and that's pretty much the only ones on the list that works in the US at least that I.

Jonathan Bennett

Right. But okay, so think about this. There's been a lot of work done by the community to make those two work. They are at this point relatively old phones. And that's the downside. Right, that's the problem you've got to settle with several generations back of mobile cpu which it's still going to be usable. We just had the conversation earlier in this episode about anything that's two or more cores and 64 bit. Obviously that's not quite true anymore, but you might say now 4 cores and 64 bit and at least 4 gigs of RAM you can make some use out of. Right, but you talk about the OnePlus 6 that's getting to be an old phone. And so then you might ask well why. Why only that old of a phone? And what's the. What's to stop us from putting Linux on newer phones? And it just comes down to when somebody makes. And some of this I'm sure is like Qualcomm and Snapdragon. Qualcomm is not really great about pushing patches into the Upstream kernel and then the other pushing patches into the upstream kernel.

Ken

I don't think they've even heard of that.

Jonathan Bennett

Yeah, they do some, but not as well as we would like them to. And then who's one of the other manufacturers, major manufacturers of phone CPUs? Well, Google and their Pixel series actually puts the Google TENSOL cpu. And as we already talked about, Google is not exactly excited about enabling people to run something other than Android on these devices. So they're not going to work very hard to push support for these phones upstream. So, you know, that's why you don't have this Fedora project working on the latest Google Pixels or any of the Google Pixels for that matter. And so what you would have to have for this to really become a thing, I think, is you would need somebody that makes these mobile processors and then also that does the integration work to put it onto a mobile motherboard. They would have to start pushing code upstream into the kernel, try to get close to release parity and at that point you could then start seeing some of this hardware that would be well supported. But until some big player steps up and starts doing that, it's always going to lag so far behind that it's going to be an uphill battle to try to get something modern.

Ken

Yeah, I mean, go ahead, Rob.

Rob Campbell

I was going to say there are, I mean there's a lot of options. You can, you know, get the, the OnePlus and put many of the various distributions on there. There is the, the Pine phone. The what Libre phone, I think. I don't know, I've brought many of them on here that are options that come with it pre installed even.

Jonathan Bennett

So here's the thing though. Some of those, it is an ancient kernel and you can't put this Fedora distro on it because there's no upstream support for it. It's the same thing we see with the little embedded development boards. Somebody will ship a Linux 4.5 kernel in 2025 because that's the BMP, whatever they call that. That's the development image that they got from Rockchip or whoever and it's this ancient, ancient kernel and none of the patches have ever been upstreamed and the code quality is terrible. It's like there's a reason that all this stuff happens because nobody has come along and actually done the work to make it work upstream.

Rob Campbell

But I think even for all these that are available, probably this one, I could be wrong, I've never tried it, but I believe like the actual, like the Phone functioning pieces aren't really there on any of them, like the calling, the sms. I think they're more like little Linux computers. I believe is my understanding

Jonathan Bennett

that. I don't know, I've never, I've never actually run one of these distros on one of these phones. Oh boy, that makes me feel old. The OnePlus 6 was released in May 2nd of 2018 and Wikipedia helpfully points out seven years ago you can find

Rob Campbell

on eBay for around $90 is what I found.

Jonathan Bennett

Oh yeah, no, you can, you could get one, you can get one reasonably inexpensive if you want to play around with it. But you still have a seven year old phone.

Rob Campbell

I might just have to do that and see what the situation is.

Ken

You know who's currently getting those seven year old phones?

Jonathan Bennett

A lot of them get shipped to third world countries.

Ken

Third world countries or low income.

Jonathan Bennett

Yeah, absolutely, that absolutely happens.

Jeff

I keep mine that long.

Jonathan Bennett

All right, Jeff has a story here about GNU Octave and I don't know what this is. I'm looking forward to hearing about it. We're going to let Jeff talk about it right after this.

Jeff

We cover a lot of software releases, you know, kde, Blender and so on. But this week I thought I'd cover a little different type of software release. Gnu Octave version 11 is out and I know there's going to be a few out there asking what is this even what is this? Okay, from the wiki. GNU Octave is a high level interpreted language primarily intended for numerical computations. It provides capabilities for the numerical solutions of linear and non linear problems and for performing other numerical experiments. It also provides a lot of graphic capabilities for data visualization and manipulation. The program is named after Octave Levenspiel, a former professor of the principles, author and new. Octave is normally used through its CLI or gui, but it also can be used to write non interactive programs. So it's just like a regular. Can be used like a regular program or script. The project was conceived around 1988 and was first intended to be a companion to a chemical reactor design course. So the new Octave language, and this is. This is important here, this is one of the key parts. The language is largely compatible with Matlab, so that most programs are easily portable. In addition, functions are known from the C standard library, from Unix system calls and functions and stuff from C C Fortran code can be called from Octave or using Matlab compatible Mex files, Mex dash files basically the too long didn't read. If you're into data, data science, you know, just Normal science engineering simulations. This might be something of interest now and just in case somebody doesn't know. Matlab is a big computational professional solutions engine. I used to use it when I was in college for a lot of signal analysis type type stuff, and it's not very cheap. Even the student slash personal is a little pricey. Not only just when I looked it up, it was 165 for the base program. And then there's all sorts of modules that add on. You can get into several hundreds of dollars very quickly. But I digress if you don't want to use that, that's what this is for. Version 11 has made huge changes to be more compatible with Matlab and several commands have been upgraded to return the correct data type functions that have have have had flags added to them. So it and it overall better matches any programs that you move between the it matches the programs. Let me rephrase it. It better matches the programs that you write, so it can convert between Octave and MATLAB. There been 11 new functions added for various data analysis, both computational and functional. Many functions have been rewritten to have speed increases, some by up to 6x times previous performance, and many have also had changes while still being faster. They use less memory, which can be important because some data sets can be rather huge depending on what you're actually crunching. Several functions have increased their accuracy, both normal and some have added switches such as the sum function, where if you use the extra option it will increase the precision even more. The GUI receives some love, like being able to better browse files and manage open files that someone might be editing. It can also use scalable SVG icons now. So basically, if this sounds like something you'd like to take a look at, you know, take a look at the article linked in the show notes. I didn't go into the detail, the article did. And if you really want into the details, follow the links in the articles to the release notes where you can get full details of the changes. I kept it very high level because I didn't think people wanted a huge, huge, you know, the huge chunk of the audience didn't want to hear me read things like the function QP now has new input option, allow semi definite for problem instances where the heian matrix is positive semidefinite instead of positive definite. There's a lot of that in there. So the math scientists, the engineers, you're going to love this. All that being said, there are simpler things it can do as well. So if you want to do basic algebra, plotting you can do that as well. Sometimes it can be fun to play with equations, to see what kinds of 2D and 3D shapes you can make, or it can solve simpler problems. So it's not only for the hardcore analysis types. You can use this for much simpler things, too. So I'm just. Yeah, we talked a lot about the higher end, but the lower end is also there. So if you want to get playing with it and you don't have to have a PhD to understand the program, take a look at the new version and go get your geek on.

Jonathan Bennett

You know, I can't help but think of the old TI83 plus calculator that I had to have for doing high school algebra.

Jeff

HP48G was so much better.

Rob Campbell

I needed that for college.

Jonathan Bennett

Yeah, it's doing some of the same things, right? Like the TD graphing, you know, Y equals MX plus B and all of that, it's just Octave lets you go way beyond that and do more. More interesting and more complicated math.

Jeff

One of the apps I run on my phone, you can kind of see it here in HP48G GX emulator. I. I was. So for those of an older generation, there was a big war between TI calculators versus HP calculators. I was, I was on the HP side.

Rob Campbell

That.

Jeff

That was our college calculator. That's all we used was the HP48s.

Ken

Yeah. I seem to remember my kids having one of the TI programmable calculators that got passed around as they were going through high school. Yeah, college.

Jonathan Bennett

When I, When I was. When I was in high school, taking the SAT and all that, the TI83 plus was the standard. I don't know if people still use that, like, because everybody's got a cell phone now. But the reason, One of the reasons the TI83 was so popular is it was limited. It would let you do the things that you're supposed to be able to do, but it wouldn't do more than that. Anyway. That's a. That's definitely a rabbit hole. We don't need to dive down at the moment.

Jeff

Yeah, the HP48 was not limited. It would do some wicked. The. The manual that comes with it. The user manual is probably an inch thick.

Ken

Yeah.

Jeff

Cool.

Jonathan Bennett

I'm not surprised.

Ken

I just wish I could remember the model number for the old Radio Shack calculator that I bought that you could program to play Moonlander on.

Jonathan Bennett

Well, yeah, I want.

Rob Campbell

I wanted to say also, I don't know, maybe it's a Minnesota thing, but around here we Say numerical.

Jonathan Bennett

Surprised you didn't just say numeric. Anyway, Ken, while you're trying to remember that, you want to tell us about Thunderbird and what is new in their latest release?

Ken

I'm going to actually borrow from Marcus Nestor since he wrote about the latest release of Mozilla's open source email, news, chat, calendar and address book client. Yes, we're talking about the Thunderbird and this time it's version 148. It improves accessibility in various tree views, add favorites as a destination for move to and file buttons, and exposes NTLM as an available authentication method for EWS accounts. Starting with Thunderbird148, Yahoo, AT&T and AOL accounts are switched to be more secure for proof key for code Exchange authentication protocol Excuse me? The protocol also Thunderbird now removes read folders from the unread folders view. Thunderbird148 also fixes an issue where adding a Gmail account prompted for OAuth during auto configuration and an issue with the move message to filter action not being logged. Now since I've only touched on some of the updates and fixes, I do recommend reading Marcus's article for more of those important details.

Jonathan Bennett

Yeah, interesting stuff. Have they made any progress with, with making Thunderbird work with. Oh, what's the name of the Microsoft Exchange? Yeah, I know that was, that was something they were really talking about back about a year ago, maybe six months ago.

Rob Campbell

Six months.

Ken

Let's pull up the release notes and see what it says.

Jonathan Bennett

I don't remember you saying anything about Exchange during that.

Rob Campbell

Yeah, that would be big.

Ken

I didn't think that was that important.

Jonathan Bennett

It's pretty big.

Rob Campbell

It would be pretty big on the, on the news story. So if it didn't, if it wasn't written down in the story, it's probably not on the change log.

Jeff

Well, they, they were working on it at one time so I don't know if it the level it has.

Rob Campbell

They announced it recently. I remember having the story last fall or something. They announced it for their, their 2026 I think roadmap.

Ken

Or did they just started quietly concentrating on trying to get everybody migrated to the service they're now offering.

Jonathan Bennett

Well, so there is actually a bit of news here that relates to that. One of the new things is the NTLM support for an authentication method for ews. EWS here being Exchange Web services.

Rob Campbell

I think EWS is going away though.

Jonathan Bennett

That's very possible.

Rob Campbell

I'm pretty sure I heard that's ending.

Jonathan Bennett

Thunderbird145 got EWS support. But Microsoft says something is ending and it'll be supported for 10 more years.

Rob Campbell

April 1, 2020.

Ken

Unless it's Windows 10 now.

Rob Campbell

April 1, 2027. Microsoft Exchange Web Services is set to be phased out with a complete shutdown for scheduled for April 1, 2027. The phase out for those that don't

Ken

want to pay for it.

Jonathan Bennett

Yeah, I'm sure if you pay them enough money, they'll continue to host it for you.

Rob Campbell

The phase out began in October of last year.

Jonathan Bennett

Fun, fun.

Rob Campbell

All right, time to get that working.

Jonathan Bennett

Yeah. Awkward. All right, so there is one more bit of news. I thought about not covering this, but it is pressing enough that we're going to talk about it. And one of the things that I kind of have a hard and fast rule on the various podcasts that I do is we don't get political if we can all avoid it. And so I'm not going to dive into the political side of this. I will do my best to not make snarky comments. But there is a new law. This one in particular comes out of California, although I will, I will say that California is not the only place and the United States is not the only country that is looking into this sort of thing. So this law says it's about age verification, right? And it's assembly bill number 1043. It becomes active January 1, 2027. And it says among other things, that an operating system provider is required to do multiple things. And one of the things that an operating system provider is required to do is to provide an accessible interface at account setup that requires an account holder to indicate the birth date, age or both of the user of that device for the purpose of providing a signal regarding the user's age bracket to applications available in a covered application store, end quote. So you may see headlines about this that oh no, Linux is required to verify your age. Which yes, it's true and it's not good. It could be worse. So like let's, let's, let's be clear, it could be worse some places where you have to do an age verification you've got, and I've had to do it for setting up accounts. You've got to do the whole hold your ID up and take a selfie holding your ID so that we can tell exactly who you are and we get a copy of your ID for age verification. Okay, you're not going to have to do that to set up a new Linux computer, but I'm sure that in compliance with this there will be distros that will start asking you as part of the setup process, how old are you? Which of these age brackets do you fall into? And then according to what the law says here, there will have to be some, there will have to be some, some way to communicate that to applications. And so I get why they want to do this, but at the same time, I think this is one of those cases where you have people writing laws that have not really thought through the repercussions and the potential implications of the laws that they're writing. And the vast majority of Linux distros are not going to do this, but you probably will have some that have a legal department that will say you really need to do this. So maybe Fedora, probably Red Hat, maybe ubuntu starting in 2027. I could see it coming. Now this is, this is all assuming that this law does not get struck down by the courts, which there are already challenges against it. And again, I don't have a whole lot to comment about that, just something to keep an eye on that this maybe coming to a computer near you

Jeff

lawmakers unencumbered by the thought process.

Ken

Yeah, actually from my point of view, I think Linux is already doing that via the sysadmins, having that information put in when the user account is created.

Rob Campbell

Oh, you're not. You don't have to put it in though.

Jonathan Bennett

I don't think I've ever been prompted for that.

Jeff

I've never been prompt.

Rob Campbell

Yeah, I think I know if you

Ken

do a new install, it asks you to create, look at what options you have for filling out about your user.

Jonathan Bennett

What distro do you have more options? I've never seen that.

Rob Campbell

I just do command line, I do add user but it does ask you a whole bunch like office number and I don't know if age is one of them. Birthday, you don't have to enter, you gotta say. I just say enter enter, enter, enter, enter.

Ken

But then again the assumption is if you're sysadmin ending that you've got somebody that's of the legal age to work

Rob Campbell

for you and that still has to be passed on. So even though that collects, it still has to be able to pass be passed on to other apps, which probably isn't being done.

Ken

Well I can tell you businesses are going to say we don't need that. We're already doing that through our hr.

Jonathan Bennett

Yeah, but this isn't about the way the law is written. It's not put on businesses, it's put on the OS manufacturers. And the other question that you'll quickly get into is. So for example, Ubuntu, do they have a nexus in California? Does California have the rights to try to enforce this law over Ubuntu? And with Ubuntu it might. Unfortunately, California being what it is, a lot of these tech companies will have a presence there of some sort of.

Rob Campbell

Yeah, but somebody who just makes a distro out of Brazil, what enforcement are they going to have for that? Not out of China or any of the others that don't have a back in them.

Jonathan Bennett

Yeah, yeah. If, if there's not a, if there's not a corporate, if there's not a nexus, that's the legal term you'll hear is if there's not a nexus in the state of California, then yeah, there's no, there's not going to be any, any, any change as a result of this. But a lot of the big tech companies, even the ones out of Europe, have a nexus of some sort in California because they want to be able to sell to American businesses. And California is a really popular place to put a tech office. And so there's a lot of them that are going to fall under this.

Ken

Then I'm going to ask, could Pam do this for you?

Jonathan Bennett

They could. You could build this into Pam. I don't know if it is there already or not. Like technically this is an easy thing to do.

Rob Campbell

It's not hard.

Jonathan Bennett

It's a trivial, it's a trivial thing to do. On the technical side, the problem is whether the, whether you think the government should stick its nose into this level of detail about how your computer behaves

Rob Campbell

and how are they going to be able to enforce it for places. And it says for any os. So if I install Open WART on my router, I'm installing an OS and you need age verification for me to do that. If I install something new on my toaster, you're gonna need the age verification for me to do that. It doesn't make sense in places.

Jeff

Look at Linux from scratch.

Rob Campbell

Yeah. And plus, you know, being open source, anybody can just bypass it, correct?

Jonathan Bennett

Well, I've heard stories about people bypassing. Like the Fedora for a while had an end user license agreement. I don't think they still do, but they did for a while. And I read a story where somebody said that irritated me so I opened up the source code and removed it and then recompiled and then installed Fedora.

Rob Campbell

Yeah. Or anybody could. Somebody can make a patch and say, well, here's the patch. How to get that junk out of your System.

Jonathan Bennett

Yep.

Jeff

Yeah, that's the go pound sand response.

Jonathan Bennett

Yes, absolutely. I was trying to come up with a safe for work way to put that. Good job, Jeff.

Rob Campbell

Yeah, but you know, there's so many things there. It's like, should they be doing it? How can you possibly enforce this across the board? They're not thinking about situations like installing a server, installing a. I mean, why. I mean, sure, it can. Installing open warts and then the whole fact that it's going to be bypassable and you can't even make sure that it stays anyway. Anybody who wants to get around it's going to.

Jonathan Bennett

Yeah. I think that misses the problem here though, and the, The repercussions of this. It's, it's not so much about whether or not you can bypass this, but it's, it's more about the lasting change it's going to have on the industry and sort of the, the. I can't come up with the word enforcement. No, no, no. The, the lasting change it's going to have on the way the law works, essentially. Yeah.

Rob Campbell

I'm just saying precedent, it doesn't.

Jonathan Bennett

Precedent, it sets.

Rob Campbell

I'm just saying. Let's just say this is a good president, It's a great idea. They need to do this. You know, and I agree with everything. Let's just say that it doesn't work.

Jeff

Well, that's why it's. You have Jonathan and I said they're unencumbered by the thought process because you have people going. The whole idea is I'm going to write a law and then technology is going to magically make it happen.

Rob Campbell

Now, I don't want them to listen to hear this part here. I think if they really want it to work, it needs to be more at the hardware level. Now I don't know, that's probably harder to do, but probably every hardware vendor has a nexus there.

Ken

Boy, the gaming companies are going to hate you.

Rob Campbell

Yeah, companies, they don't listen to this anyway. But anyway, and then that's at a deeper level than the open source OS that can be. It'd be harder to bypass.

Jeff

So realistically start putting a chip in.

Ken

Everybody at Bird there was.

Jonathan Bennett

I'm trying to remember what it was called.

Rob Campbell

It's like a TPM chip, but it's a.

Jonathan Bennett

There was back in the 90s this push to put basically an age verification chip inside of TVs. Was it the V chip? Is that what I'm thinking?

Jeff

Oh yeah, that's the V chip.

Jonathan Bennett

Yeah. So that's not a new idea, Rob. I will also say the problem is not that it doesn't work that like, that this law doesn't work. The problem is that companies will still be required to attempt to comply with it, regardless of how ridiculous it is. And so you're going to see some ridiculous things happen as a result. Because legal experts in places like Red Hat, the legal counsel for Fedora, legal counsel for Ubuntu, they're all going to be scrambling. You know, if this law stands, they're going to scramble.

Rob Campbell

Doesn't work because they just have. It just forces them to do stupid stuff.

Jonathan Bennett

Yes, but then you have problem that they've been forced to do stupid stuff like that's a problem in and of itself.

Rob Campbell

Exactly. I mean, that's part of a network. I'm not saying. And not. I'm. I'm not saying it's just not able to function. I mean, it's not able to work on multiple, multiple grounds, like as in, it's not going to work as you're making them do stupid stuff like scramble and try to put something stupid in there. And it's not going to work as. Because people can bypass it. And it's not. It doesn't work because they're not considering the things like routers and they're routers.

Jonathan Bennett

Another firmware is an interesting question. I don't know what would, what, what would happen?

Ken

The only way to really, truly do age verification is make having any type of privacy illegal.

Jonathan Bennett

Yeah. So I mean, that's, that's eventually, if you, if you really want strict age verification, you've got to have only verified accounts. And that's what some industries are. What's that?

Jeff

Just maybe what does I say, maybe the parents just take responsibility and just

Rob Campbell

remove the stigma and, and make things like the government, our government wants to

Ken

be our parent now.

Jonathan Bennett

All right, we are now falling into the political stuff that I did not want to talk about. So we are going to move on. I too have thoughts, but that's not what this is about. We are about to move into command line tips. I know we've got some fun ones here. We are going to take a quick break and then we'll talk about the tips. All right, Rob, I'm glad you're ready. You are up first. What do you have for us today?

Rob Campbell

All right, so this week I have a tip. It's very similar to last week. In fact, it's pretty much the same thing, but slightly added, feature set and written in a different language. So this week my tip is PI Net Scan. So Just like last week, it's a network scanner, except for this one's written in Python.

Jonathan Bennett

Who is this weirdo that wrote it?

Rob Campbell

So for those looking at the screen here, it looks just like last week. It shows the IP a name which is actually pulling from various sources. If you notice, the one last week did not necessarily work properly. It has the Mac address like last week. The manufacturer also has the os, Windows or Linux. Unix shows the ports open right there on it. And if I click into one of these, it has some SSDP information. So some extra information, MDNs, if it's there, shows the open ports. And if I want to ping at the top, it says I just hit P and it's going to ping it. If I go back, you know, I can, I can look into any of these. Now, it doesn't scan every port, It scans a listed amount. Now if I go back here, I'm going to exit out of here and show netscan, PI or dash H to show you what you can do. So by default, it will scan your, your subnet that you're on. But if you do a dash N and then cider notation format of a subnet you want to scan that you have access to, you can scan that too. Now, if you want to do other ports, I move this here. If you want to do other ports, it's a Python file, easy to edit and look and see exactly what's being done. You can go in here and you go down to about line 24 and the current one here, which is port checklist, and you can add ports to that, you can delete ports to that, you can whatever other ports you want to be listed and scanned out on that. And it's Python, so it's an easy language to modify and do even more with if you want. So

Jonathan Bennett

how much AI was used in the production of this tool?

Rob Campbell

Lots of AI. All right, so yes, I wrote this with Vibe coding this week, but I'm going to share a story then. So I use multiple things here. I use chat GPT and I got much of it down, but it's like, no, I can't do a port scan because that's basically it could be malicious intent. So then I went over to Gemini, Dirty hacker you. I posted in the code I had already and I said, I want this to also do this, this and this. Okay, I'll do that for you. But it made me, it made me say, but make sure you're not doing this for this. Just say yes. I am not at the bottom, I said, yes, I'm not. And I was like, okay, here you go. So you had to, had to do it. And then, and then. But as I'm doing in Gemini, like Chat GPT kept giving me functioning code almost every time Gemini things kept not working. Like it'll do it for me, but it wasn't working. It was giving me errors and then I ran out of tokens. Oh, you're done for the day. I'm like, oh, so, so then I went back to Chat GPT and I'm like, here's the code I got and I'm getting this error. Oh, well, you just gotta do this. I'm like, oh, it's not showing the port right there. Oh yeah, let me fix that for you. It'll fix it if I already have it in the code. It just won't give me the code originally to do it. So that's hilarious.

Jonathan Bennett

Do you actually understand what the code is doing?

Rob Campbell

Yes, I, I understand, I understand Python, I can write basic, I've done programs in Python, I've looked through it. I just kind of write it that self that fast.

Jonathan Bennett

Yeah, yeah, that's fair. No, that's cool. That's, that's a, that's a neat story

Rob Campbell

and I plan to maybe add some more features to it. Trying to think of what else I could add to it.

Jonathan Bennett

Yeah, there you go. I'll see if I can give it a test run and let you know what's missing.

Rob Campbell

All right.

Jonathan Bennett

All right, Jeff, what is Snapper?

Jeff

Well, if you have a BTRFS file system, you should probably know about the program.

Rob Campbell

Snapper.

Jeff

It's a command line interface for managing your snapshots. Now there is a GUI called BTRFS assistant that I covered in show 224. Rob in episode 66 covered timeshift, which is also a GUI for doing the same thing. But, but in case you don't have or can't run a gui, then Snapper to the rescue. The link into the show notes is to the Arch wiki page for Snapper. But Snapper is also used on non arch distributions. Basically if you use BTRFs, you should have Snapper. Now, depending on your distribution, it might or might not be installed. On mine it is, but if not, the wiki page goes through and a few easy steps of the initial configuration so you can create and define the paths where your configuration files are, your snapshot locations, things like that. So just. And it's only a one time thing, but, but they walk you through it in a real nice manner. Then with Snapper Once you got it going, you can manually take a snapshot. You can have it automatically set up and to take snapshots. And you can. You can set times. You know, you can have it every hour, every day, every other second Tuesday of the month, you know, kind of. Kind of almost like a cron job where whatever you want on Cashios, every time you do an update, it will take a snapshot. And there's also. Which you might think there's a lot of. Might have a lot of snapshots piling up, but there's also switches to. So you can list your snapshots, you can clean them up, you can delete them, both manual and automatic methods for each, you know, and you can control your revisioning. So take a look at the wiki page in the show notes, and you can have total control of your system and keep things working. And maybe when you venture down the wrong path and you can back out of it and take the other fork in the road.

Jonathan Bennett

Very good. You know, I recently learned that in Frost's poem about taking the other fork. It was actually a joke, and it's not as the whole thing is a joke about it really didn't matter.

Jeff

Oh, I didn't know that. I was actually. Whenever I hear a fork in the road, I think of Johnny Carson doing his old skit. You might be too young for that, Jonathan, but I am.

Rob Campbell

I just think about eating.

Jonathan Bennett

I see. All right, Ken, what is media info?

Ken

Well, it's a command that lets you get information about that. That media file that you've got, or media files, whether it's an audio file, graphics file, or even a picture that you've got saved as a JPEG or a tiff. The basic way to use it is you just type media info, and if you're in the directory of the file in question, then the name of the file. Otherwise, you want to have the full path to the file right after it. You can get some basic help by typing dash H after media info, and that'll tell you some of the other options that you have available. Just to give you a hint, look for a way to take that media info and turn it into an HTML document so you could actually display it on a web page.

Jonathan Bennett

Nifty. Nifty. All right, I've got a command line tip for you that unfortunately, I've not gotten a chance to play with yet. But it looks really cool. It's ESP and it is a text expander. I found an article talking about the various text expanders and this was the one at the top. And I looked at it and I found it. I find it very interesting. So what this does is it essentially runs as a service on your local machine and it watches what you type. And if you type in a keyword, it will automatically replace that keyword with something else. So for example, you can type colon date and it will replace that with a date string. And there are other, there's actually, there's a bunch of different ones that you can do. One of the interesting ones is emojis. So like if you want to replace your typed emojis with the actual emojis, some of which are very difficult to type. For example, that shrug emoji, you know, that uses characters that. Non ANSI characters, Non ASCII characters. Excuse me. And so, you know, that was difficult to type. You could just have a colon shrug and let a program like expensive replace it for you. I've. I've not installed it yet. There is an RPM available, but it's not one of the, it's not off of one of the repositories that I've used before. So I'm doing some due diligence before I go and install it. But it looks, it looks really cool and it looks like something that could be super useful to have just on, on various desktops and laptops. So espen. So, and this whole, the whole category of text expanders is pretty interesting and something I'm going to dive more into in the time in, in the days ahead. So.

Ken

So basically lets you create a library of snippets that you can have expand them wherever you need it. Yes, when you're doing bash scripts all

Jonathan Bennett

the way up to including full blown scripts that run when you type out one of these and you know, it would then just replace whatever you've typed with what the script outputs. So all kinds of cool stuff in there.

Rob Campbell

Also, if you're running, if you run a script and your script has a short, short code in there, it will expand it when you run the script.

Jonathan Bennett

No, you can have your script to be the thing that runs when you type in the shortcode.

Rob Campbell

Oh, oh, got it, got it.

Ken

Oh, so it's an alternative to Alias?

Jonathan Bennett

Yeah, well, it's, it's kind of an alternative to Alias. It's kind of an alternative to using like the dollar sign, dollar sign, curly braces inside of a one liner. You'd be able to use this instead. It's, it's that sort of idea though. But anyway, yeah, I'm going to play with it in the week or two to come and see if we can get a bit more information about this and some of the others. All right, well, that is the show. I'm going to let each of the guys get in the last word or quote some poetry or plug whatever they've got to plug. We'll let Jeff go first. I have a feeling I know what he's going to bring.

Jeff

Jeff, I am going to bring the poetry. Printer not ready. Could be a fatal error. Have a pen handy. Have a great week, everybody.

Jonathan Bennett

The old school pen. All right, Ken,

Ken

you always want to have a backup for everything, even for when it comes to printing.

Jonathan Bennett

Yep, absolutely. All right.

Rob Campbell

And Rob, first I have to ask Jeff, are you running out of these yet or somebody keep creating new ones for you? Like you've been doing this a long time.

Jeff

I had a lot of people reach out and have actually been supplying me with a whole bunch. I've got pages of them.

Ken

Huh.

Rob Campbell

So we're gonna have to listen to them for a long time.

Jeff

Pretty much.

Ken

Cool.

Rob Campbell

Anyway, and for those who want to listen to more of me, talk to me, chat with me, say hi, donate a coffee. You can do that by going to my website at robert p.campbell.com no AI was used in the creation of the site. On that site you could find links to my LinkedIn, my Twitter, my Blue Sky, My Mastodon, or this coffee cup where you could donate coffee or actually donate five dollar increment. You're donating five dollars to me? You're donating to me in five dollars increments? I don't know. However, that is because you could owe me $5, $10, 15, 20, whatever. But anyway, it's coffees. Reach out, say hi, come connect.

Jonathan Bennett

All right, very cool. Appreciate you guys being here. It has been a blast as always. I should be here. Yes, I will be here next week and in theory, I'm not going to miss a Saturday. But March 8, I am heading out to Germany for Embedded World. And so the Saturday after that I'm going to be not hungover, but jet lagged. And so two weeks from today may be an interesting show, but if anybody is at Embedded World, I'll be at the Meshtastic booth. And make sure and stop by and say hi if you're there. Other than that, you can also check out Floss Weekly on Hackaday. We've got a guest scheduled for this upcoming Tuesday and that'll be a lot of fun. Just want to say thank you to everybody that's here. Those that watch and listen, those that get us live and on the download and we'll be back next week on the Untitled Lending Show.

Leo Laporte

Hi there, Leo Laporte here. I just wanted to let you know about some of the other shows we do on this network you probably already know about. This Week on Tech Every Sunday I bring together some of the top journalists in the tech field to talk about the tech stories. It's a wonderful chance for you to keep up on what's going on with tech, plus be entertained by some very

Rob Campbell

bright and fun minds.

Leo Laporte

I hope you'll tune in every Sunday for this Week in Tech. Just go to your favorite podcast client and subscribe. This Week in Tech from the Twit Network.

Rob Campbell

Thank you. Close your eyes, exhale, feel your body relax and let go of whatever you're carrying today.

Jonathan Bennett

Well, I'm letting go of the worry that I wouldn't get my new contacts in time for this class. I got them delivered free from 1-800-contacts. Oh my gosh, they're so fast.

Rob Campbell

And breathe. Oh sorry.

Jonathan Bennett

I almost couldn't breathe when I saw the discount they gave me on my first order.

Rob Campbell

Oh.

Jonathan Bennett

Oh sorry. Namaste.

Rob Campbell

Visit 1-800-contacts.com today to save on your first order.

Jeff

1-800-contacts.

Jonathan Bennett

This episode is brought to you by Nespresso introducing Vertuo up, the latest in

Jeff

a long line of innovation from Nespresso. It's innovation you can touch, sense and taste in every single cup.

Jonathan Bennett

With a three second start, easy open

Rob Campbell

lever and dedicated brew over ice button, it's even easier to enjoy your coffee your way.

Jeff

Sip for yourself. Shop Vertuo up exclusively@nespresso.com.