Hello and welcome to episode 2, 20 of late-night Linux recorded on 10th of March 2023.
I'm Joe and with me I've failed him.
Top of the morning dear.
Great.
Mounsala.
And will.
Aloha.
Yeah, this is Top of the morning for me.
We were recording early in the day and a few days early.
I don't know what's going on.
So if things happen over the weekend and we haven't talked about them, you know why.
So anyway, let's do some news.
The first one, FlatHub in 2023.
This is a post by Robert McQueen and he sets out quite a big vision for FlatHub's future
success working together with growing people, KDE people, community people, raising $250,000
worth of sponsorships is the goal, proper governance, getting verified apps and proper payment
support for subscription payments and stuff.
Very much grand plans.
I know you lot don't really care about flatpacks but like I was telling you a couple of weeks
ago, FlatPack has won and this proves it.
I've got flatpacks.
I've got snaps too.
I've got flatpacks.
I have neither flatpacks nor snaps.
Live in the future will come on Jesus.
I shan't.
FlatPack and to an extension, I suppose, snap.
Go towards solving in his words the largest technical issue which has held back the mainstream
growth and acceptance of Linux on the desktop for the past 25 years, namely the difficulty
for app developers to publish their work in a way that makes it easy for people to discover.
Windows has only had an app store built into it for like the last five or six years and
that managed just fine and you know Debian has managed just fine for quite a long time.
So I don't know.
I don't think that that is necessarily the main reason that Linux has not been massive
success on the desktop for the last 25 years.
I mean in their defense when I first installed Linux whenever it was in the late 90s, I did
expect to be able to download.exe or just run it and I was pretty shocked and culturally
shocked that I couldn't and I suppose that's what they're referencing there.
Of course it's become more formalised into app stores and everything else but Linux has
struggled, not struggled.
It's always done it differently and it's not as immediate if you come from Windows.
You just have to get your head around it.
It is good that they get in KDE people as well as GNOME people involved because FlatPack
and FlatHub is sort of seen as a bit of a GNOME thing to a lot of people I think.
Because of everybody involved and it was a number set to start.
But the idea of it was always to be independent though.
Yeah but it's like a lot of these things that start off in GNOME Land, they start off
as a great idea and then be very gnomish and oh yeah why doesn't nobody want to join this
thing?
It's like I don't know.
I'm just obviously going to be counter gnome anyway but I'm happy to see that KDE is involved
in this and other people too because I was very skeptical about it.
But the only reason the unfairness that I have FlatPack and Solid is for some game stuff.
One of the maps we think are grape juice which has pulled down four message packages
that are the same, two free desktop platforms that are the same.
I mean I'm sure there's version differences between them but I just hate this whole way
they didn't suffer.
It just looks ugly as anything.
Maybe I can work on this too because I just don't care about it enough but I do like what
my distro does so I do worry that by putting everything into a big bucket for every application
we're going to end up at a right mess.
I don't want to criticize FlatHub but you've raised an interesting point and that post
mentions that there's already 88.3 terabytes served via the CDN each day and how much must
that cost and how much is it going to cost if they quadruple its popularity?
How can we maintain it as a community?
That's a big challenge as well.
Well through sponsorships I think is how the bandwidth bill is going to be paid.
Is it going to be paid with that Silicon Valley bank gun bust?
I started out quite negatively on this story but I will say that anything which makes it
easier to get applications to users in an easy to consume manner can only be good news
for Linux overall.
So however it is that they work out to pay for it via sponsorship or via people paying
for applications or whatever I think it's got to be good overall.
So good luck.
That sounds a bit like the Godfather where he says like I'm pissed his interests on
in conflict so good luck to you sort of thing because you're not going to be using fat.
I mean I don't really use fat packs either or snaps if I can avoid it.
It feels to me like a sort of last resort really like if I can't get something from
the repo that's when I start looking for a flat pack or a snap.
Same.
Or if the tool happens to be sandbox away from stuff like say Telegram for instance not
entirely keen on running that I used to run it straight from the binary that you could
download but it never felt right and I'd like to see more concentration on making things
secure that way like locking things so they just can't do anything because I don't really
trust any of them fully to do that just at the moment.
Maybe they do and maybe they've improved but I still am a bit unsure of it.
I'm not that it makes a package any better.
I mean a package is going to be worse probably but there's nothing worse than sort of false
security as well.
Where do you stand on downloading a statically compiled binary from where random GitHub page?
Oh I really don't like that at all.
The problem is if you're going to take some source code are you going to read the source
code and then are you going to compile it but equally I wouldn't anybody who has a web
page that has a curl into bash.
That's the immediate symbol for don't touch up the badge pole.
And I know people would constantly tell us that oh all the apps don't get checked in
a repo.
Fine but at least there's a bit of a hierarchy of what went in it's in a change config and
then what state it was in there whereas if you're starting to manage a lot yourself
from whatever applications you've installed when I just find that it's far more you know
Windows world where oh well that's it I've trojaned my machine again shit.
See I'm okay with it.
I think I do a little bit of I say due diligence it's not very diligent I mean like read the
web page oh it's got to read me okay but I'm kind of okay with it.
I think check the developer out is probably the more pertinent thing where it's like have
this as this person been accused of being a lunatic at some point and wiping stuff out
if not probably okay.
If I see like a Debian repo download that you can add a repo to your machine I somehow
inherently trust that more and that's probably a greater risk because you know you're giving
this this thing capability of downloading pretty much anything so I don't know it's
such a minefield of potential foot guns that I'm just arguing myself into saying that
snatch of flatpacks really are a better solution.
Well the big argument that I've always heard is that you're not giving them root whereas
if you install something the traditional way you are briefly giving it root on your machine
when it installs.
I don't think there's a single one that I've installed that it hasn't had to be unconfined
or classical or something in some sort of shape or manner or absolutely broken because
you can't access any files that you need to access without giving it some sort of extra
network resources.
Yeah but you're conflating giving it access to your files with giving it root there.
But I mean at what point does root matter if all your files of your own person suffer
wiped or stolen or encrypted.
I mean let's face it if you lose all your files in your home folder I mean what else
is on that machine that you give a shit about nothing that is the most important thing is
your data otherwise it's just an ISO build away of a new install that's why I don't fully
know what they're trying to solve but some of the stuff they're doing when it can access
your home folder because frankly there's no other data on my machine really bar out on
the ZFS storage for other stuff that is important to me because the home followers got all my
stuff all my emails all my SSH keys.
Yeah yeah that's what I was thinking can it read.ssh.
Snap can't.
Gondel down to you flat hub.
You know I think it's great that we have competition and I don't want to speak on behalf
of Snap but I do publish a few snaps for my own reasons because I find them useful and
one of them is whitey dlp the youtube kind of downloader and I really like having that
in a container I really like having tools like that in a way that can't interfere with the
rest of the system in a controlled environment in a way I don't have to think about and I think
that's where I've found I've kept those things around same fifth black pack two where I don't
otherwise with other things which I know we're just going to touch everything anyway.
The permissions thing I don't think we've solved it at a desktop level you know it's a user interface
level that's what makes it so difficult for everyone that's trying to solve this problem.
Like I heard George talking about immutable OS's on Linux after dark the last episode and again
I don't know what it's trying to solve because I don't want my desktop to be like my phone and
I definitely don't want to be doing a restart every time I install a package and it'd be great if
everything's getting installed from flat packs or whatever but again my data is the important bit
and that's not going to be protected potentially by that like maybe it will be made a lockdown far
more but still what is it for really like a yes flat hub in its own sense might be useful but I
would think of it more for third party stuff I really don't want all of my KV apps come down
through flat hub. Yeah I mean for me snap and flat pack is useful for proprietary software that I
don't really trust like if I'm going to install zoom I'll get the snap of it or something so bleeding
edge that requires you know half of your OS to have been upgraded to the latest bleeding edge release
to get it going and then yeah okay I can try it in flat pack or snap until it's in the repo because
then I know it's blessed that's and again yes probably inaccurate it isn't really blessed it's
but it's more blessed than sitting in a flat pack is anyway because they're not even getting involved
in the whole maintenance that the work that a distro does to maintain the whole life cycle of the
OS is huge and I don't think that's going to make it any better flat hub exists it probably might
make it worse because people will treat the OS as less important because oh I got my software from
here this really has just turned into old men yeah old correct men yelling at cloud yes
no but I mean I can see the advantages in it because it's my day job but I really don't want
to say I don't want to sound like a shill for it but in theory not talking about snaps specifically
there are like you guys are really keen on ZFS and in a way containerized apps have the same thing
you can install multiple versions at the same time you can have all your config files in one
environment if you remove something you can be sure you've removed absolutely everything
gets touched you can roll back you can roll forward you can take snapshot of a state
and you can do that within the framework I'm talking generically rather than depending on the app
people to build this in through an API or something you get that so I guess thinking about package
management as a file system I do think it's the way to go I don't think that's an old man thing
maybe but it also means that lazy developers could get away with not updating a whole lot of
security books by going off it's all in a container it's safe for there and also the app
developer can be lazy because in the dev world the underlying library that's got the security
issue in it gets fixed by somebody who knows what they're doing in the snap world you just
lols I didn't update it but at least it's contained right so maybe that doesn't matter fingers crossed
okay this episode is sponsored by Linode go to linode.com slash late night linux support the show
and get a hundred dollars free credit from their award-winning support offer 24 7 365 to every
level of user to ease of use and setup it's clear why developers have been trusting linode for
projects both big and small since 2003 deploy your entire application stack with linodes one
click app marketplace I'll build it all from scratch and manage everything yourself with
supported centralized tools like terraform and check out they manage MySQL Postgres and MongoDB
databases that allow you to quickly deploy a new database and defer management tasks like
configuration managing high availability disaster recovery backups and data replication
simple and fast to deploy with secure access their flexible plans include daily backups
so go to linode.com slash late night linux create a free account and you'll get a hundred
dollars in credit and support the show that's linode.com slash late night linux
there's a bit of a confusing one here f-troid has got a new repository format for faster and
smaller updates and this is posed by torsden of f-troid where he says we just released version
1.16 and i haven't got 1.16 i've still got 1.15 let me give you a tip there's a sneaky bit with
the andrelab i think there's an extra blessing step that they give that but what you do is you go
into the application and then go to the more button and then there's a versions link at the bottom
and if you're like me i'm on 1.16.1 and you can pick extra stuff you can see all the alpha releases
and stuff like that but i still see suggested is 1.15.6 but i just like to live in the future so i
clearly picked the other one i never go down alpha but i i sometimes jump to the releases
earlier like i think it was the 12th of february when 1.16 was out and the first of march it came
out with a dot one release but they haven't been sort of flicked to be the one that they think
normal people should use i don't know what they base that on to be quite honest but i guess maybe
this data change was probably something that they just wanted smaller numbers to have all right fair
enough but anyway the point of this is that instead of downloading a massive file every time to see
what's changed for your updates they're going to be a lot cleverer about it and make it much
smaller and faster yeah i think that's great because it can really take quite a while like on my
final thing it's at least a couple of minutes to go in that process through everything and as it says
like every application has to churn through this huge amount of data each time to check versions and
changes and it would be really nice to see that change because it's gone for it's like what 33
megabytes uncompressed for the repo so i mean that's a huge amount of stuff in there yeah and that's
just the index of what's in the repo yeah so good to see especially for the likes of phalim who
rely on it because you have no other choice i don't want to have any other choice this is my choice
i have made okay it's a good choice well i like more choice i have the place to and f-troid sucker
it's been 20 years since the scour versus ibm lawsuit do you feel old or what yes in many ways
even getting out of bed i feel old my knee injuries since august like one go away
we connect to a piece on the lwn that you found phalim that talks about the history of this and
i must admit i'd forgotten quite a lot of the details i had moved from Dublin off to Glasgow
at the end of 2002 and i was well into my i guess start of my career at that point and
trying to get very windows centric places to start using linux it was a real struggle back then and
this came along and it was a oh looks is up to no good blah blah blah it's like sharp it's a lot
of shit and like oh i don't know this big company seems to think not and you're like fuck's sake and
then for years you could either sit there at all the things they'd unpicking every time like the
bloody alien would come back out the hatch somewhere and you'd be like oh fucking hell though what
else they found now it's something else and it all came down to absolute butter and complete bullshit
like it was almost a perfect advertising campaign you kind of wonder if it didn't exist would we
actually be as popular as it turned out to be like did this actually get people's more attention
and go well why if they're having a big lawsuit about it it must be important and then you know
anybody with any sense looking at any of the stuff that groclar used to do was just amazing
you just go that's complete showcase but there's always that scary point where you think yeah
in our heads it seems like it's a complete no-brainer but you never know of the legal system
well Jonathan Corbett in this article makes the point that we wouldn't be in such a good position
now in terms of the legal stuff without this it sort of brought everyone together and shored up
the legal position so although it was a shit thing that happened this company Skaru trying to claim
that they had the copyright for Unix and Linux had infringed upon it which as you say turned out
to be bullshit it ultimately was good for the whole Linux and free software open source ecosystem
and let's not forget we already got the money to keep that case going from indeed that was my
my main memory of that whole situation I was via the register because that was huge by the
way still big now but it was huge back in in those days and the register from what I remember
had a very interesting take on Microsoft buying Linux licenses from SCO and just you know nudge
and nudge wink wink kind of thing oh really really dodgy and that is a big part of why you still
don't trust Microsoft isn't it? Well yeah in a way because I mean this is pretty much burned into
me a very start of doing stuff where literally all the time it would come up even in jokes oh
look at you're up to now who's who ever is code have you stolen and they almost have to have as
many years been evil as they do being good before they can balance that out as far as I'm concerned
it's funny though that the fellow who was responsible for all this darn McBride filed for bankruptcy
in 2020 real shame real shame hope he didn't have all his money silicon valley bank
that's probably going to be old news by the time this comes out of monday night
or maybe it'll be even worse maybe the whole industry would have just totally collapsed and
we're talking about all this shit that's totally irrelevant yeah I think there's a greater than zero
chance of that happening maybe this will even reach people or be an internet to put it on
I'm sure we can send tapes to people if they send them a stamp address envelope yeah w12 7 rj
is that blue peat or something yes it was poofy too you're also middle class
as long as it's not Jim will fix it
the quest for Netflix on a sahilin x this is a post by david bicannon who goes into the details
of how he got wide vine drm working on a sahilin x asahi of course is the distro that he can run
on apple silicon max and jesus christ this is such a painful post to read all of the
shit that he had to jump through to get it to work and it really wasn't even for netflix because
he basically says that he torrid stuff instead it was more for spotify which needs the same drm
bullshit and it's just amazing that although you can get it to work on x86 linux relatively easily
and on some arm linux because of the raspry pie and stuff it's just almost impossible on
the m1 max but he just would not take no for an answer and talk about scratching an itch i don't
know how he had the patience to do this it's a fascinating read all of the the steps you think
ah that's it we've cracked it this time we found it oh no wait there's another one and that goes on
our step after step after step it's quite funny to read through the the whole story and all of the
pitfalls and problems and hacky workarounds and quite an extraordinary outcome
i am read some of the comments on hack and use which was interesting because i hadn't realized
i should have realized that wide vine had been cracked because a lot of the kind of things that
are available with this kind of drm are actually available what seems to be an incredible quality
as soon as they become available to stream and have thought about that but the way that it's been
cracked has been kind of kept relatively secret so that it's not patched so that these people can
keep on doing that which is another interesting thing but of course the common thread brought
up links to all of the code to do it so i don't know how long that lasts for but that would have
been the easier way to go i suppose but he specifically didn't want to break dmca rules he wanted to do
it as legally as possible yeah i totally understand it i mean i pay for spotify i have done for a
long time but i use all kinds of ways to get around not using that app which is awful on the next
and i hate being recommended podcasts so i do other things hate being recommended podcasts
so yeah spotify recommended podcasts specifically fucking geo-rogan
i've heard from people who've discovered our show through that so let's not talk too much on it
i have never listened to a podcast on spotify not once so there is absolutely no reason for them
to ever recommend one to me fair enough well towards the bottom of the post david put in a meme that
you wouldn't download a car meme and it's uh you wouldn't pay for 4k Netflix and then download a
chromebook recovery image in order to extract the ar64 wide-line CDM blobs and then patch in support
for 16k pages and apply miscellaneous glibc complex workarounds and then spruf your user agent
and install a browser extension to unlock hg resolutions to legally watch your media in only
1080p genius that is regal but really hats off to him this is just an exercise in extreme patience
and problem-solving and what linux and open source is all about as far as i'm concerned okay
this episode is sponsored by collide and collide has some big news if you're an octa user they can
get you entirely to a hundred percent compliance if advice isn't compliant the user can't log into
your cloud apps until they fix the problem it's that simple collide patches one of the major holes
in zero trust architecture device compliance without collide it struggles to solve basic problems
like keeping everyone's os and browser up to date unsecured devices might be logging into your
company's apps because there's nothing to stop them collide is a simple device trust solution
that enforces compliance as part of authentication and it's built to work seamlessly with octa
the moment collides agent detects a problem it alerts the user and gives them instructions to fix it
if they don't fix the problem within a set time they're blocked collides method means
fewer support tickets less frustration and most importantly a hundred percent fleet compliance
so visit collide.com slash late night linux to learn more or book a demo that's k-o-l-id.com
slash late night linux onto a bit of admin then first of all thanks to everyone who
supports us with paper and patreon we really do appreciate that if you want to join those people
you can go to late night linux.com slash support and remember for ten dollars or more per month on
patreon you can get an advert free RSS feed that includes this show linux self-to-doc and linux
downtime and if you want to get in contact with us you can email show at late night linux.com
and if you want to join one of the communities you can go to late night linux.com slash community
okay this episode is sponsored by tailscale go to tailscale.com. Tailscale is a VPN service that
makes the devices and applications you are not accessible anywhere in the world securely and
effortlessly it enables encrypted point-to-point connections using wire guard which means only
devices on your private network can communicate with each other unlike traditional VPNs which tunnel
all network traffic through a central gateway server tailscale creates a peer-to-peer mesh network
it handles complex network configuration on your behalf so you don't have to. Network connections
between devices pierce through firewalls and routers as if they weren't there so there's no need to
manually configure port forwarding. Tailscale is available for linux, mac, windows, raspy pionarm,
android, iOS, synology and for devices that don't allow additional software to be installed such
as printers and other embedded devices where you can set up a subnet router to act as a gateway
relaying traffic from your tailscale network onto your physical subnet so go to tailscale.com
and try it for free on up to 20 devices that's tailscale.com. Let's do a quick KDA corner then
the first one plasma 6 kickoff and outline fixes yeah and this night goes in he says that you know
this is years of prior work that has gone into making well hopefully by the end of this year
plasma 6 a reality and there's a lot of people that have done that and it's great to see this is
kind of sort of their moment now where it's actually going to come to fruition and
fingers crossed it goes well. Another thing is some of the work that's still going on on 527
if you're unlucky like me I have a nasty bug which means I have to restart every day
where I start getting these horrible black windows but I was very appreciative of the help I got from
people who hopped in to get me lagging bugs for it and stuff and it's been worked on and supposedly
by Monday maybe for 27.3 it might be fixed so we'll have to see but they've been doing loads of work
anyway and that option that we talked about last time where the dark theme mode where they had a
white edge that people complained about well it's KDA and of course there's loads of options now so
you have to pick whether you want to offer on or the size of it or how intense it is and
I think that's only good I let people choose what they want to do but there's a whole lot of stuff
going in for more robust multi-screen stuff as well and it's great to see that they are fixing that
because it has been a bit of a bane for the past while getting desktops to pop up applications
where you want them to be and things like that so fingers crossed. All right and zooming in and out
with Wayland. Yeah I thought that's quite cool it's a feature that's not fully available just yet
but it can be enabled really easily in the shortcuts and it's essentially
meta control or windows key control and the scroll button on your mouse to zoom in and out
and it's a really cool feature probably especially for people who might have difficulty with vision
and it's probably a great way to get in or any other people look to zoom in on pathetic high
DPI screens. All right absent the Microsoft Store tutorial. Yeah Nate in his automation section has
a couple of links there one of them is a tutorial for uploading applications to a Microsoft Store
and I would say if you're an open source application you can make money out of those suckers go for
it I think that's a great idea. Definitely agree on that one and he also has one then for a code map
which has been produced of all the various parts of plasma and where you can get to them and I
think that's really cool because it is a quite complicated system and it's nice to see that so
there's extra stuff there as well so enjoy. You're really stretching this one the kabuntu manual
let's add an update. Well I think this is quite good it's got quite useful information and it's
nice to see and it's a great way for helping people out who are not used to starting off with KDA
and it might give them just a bit some pieces that they need to get going. It's pretty good and it's
nice to see the kabuntu project get a bit of a mention as well so yeah no I think that's okay
fair enough and KDA for scientists. Yeah I really like this page so they've been doing this this
year where they've had the various other things you know for kids and things like that and this
is a whole load of applications that are available lab plot, canter, they've given examples of the
synchotron and Barcelona that uses KDA, NASA insight land are used, KDA forfundlina which is
quite weird probably typical NASA standardized at five years ago or something. There's awkward
which is a thing for the statistical language are there's K stars and then there's K bibitex
which is a reference management engine that I've heard people talk about how that can be quite
a expensive and annoying sort of area for searching for references to like medical journals and things
like that so that's quite cool and it's presented in a really nice way and I think it really sells
desktop as a really good scientific development tool. That said there is a photo of that synchotron
in Barcelona and that looks suspiciously like debuting in XFCE to me. I think they wouldn't make
that kind of mistake on the KDA org Joe you're just clutching at straws. It's a photo from the 70s.
Okay there's a picture of frame. All right, PIM update. Yeah like to always talk about this one
but these guys have a bit of a celebration in hand the fact that they're gonna have their first
in-person sprint in to lose on the first of second April. Covid absolutely wiped out that for
the last few years so it's great that they're able to get back together and QT6 is going to be a big
part of that. The stuff that they were hoping to work on this year about the automation so
the K-text add-on which is like things like grammar check and machine learning translations
all that type of stuff that is going to become a plugin and part of frameworks that's going to be
available for every other application that use it and that's really cool so the work gets done once
it's in the framework everybody gets to benefit. There's also a huge update for getting the Google
contacts and calendar fix because that was broken for a long time because of Google messing around
with stuff no doubt and that has been fixed so great work being done there and there's some
proposals for Google Summer code so if you are of that ability to join in there's been great
up taking that and maybe there's some cool projects that our people could get on board with there
and the us talks about K-a-tinnery where there's a cool new feature of on-train data in Germany
all these magical public transport systems are you can get data about the train and then data on
the train about where it is like we're having an argument over here about extending a rail track
slightly outside Dublin and it's just carnage data on trains just stop. All right and you finally
learned to draw dynamic figures with Krita thanks to this great tutorial video. The video is absolutely
amazing he also manages to give brushes and sample stuff and 3d images you can pull around to do
forms not a chance in hell could I even do his quick warm up two minute sketches but if you're into
art it's just worth watching for the amazing skill involved and if you can do art I think you'll
agree that Krita could be a really good tool to use for it so pretty sweet. All right and a quick
reminder to submit your talks for Academy 2023. Yeah so deadline is call for papers at the end
of March, three and yeah if you can and do go for it. Right well as usual links to everything in the
show notes we better get out of here then we'll be back next week when we'll have some discoveries
of some feedback probably but until then I've been John I've been Salem I've been Graham and I've been
Will see you later
bye!
you
♪
♪♪♪♪
.