Hello and welcome to episode 222 of late night Linux. We're putting on the 27th of March,
2023. I'm Charon and with me I'm Fannie. Copper wire on the internet. Great. Hello. And
Will. Hello. Yeah Fannie, I'm your internet's playing up so you haven't to tell your
phone. Yes, it's going to be so reliable and I look forward to the piecing it all back
together afterwards. I'm sure it'll be fine. Let's do some news then and we have to start
with bad news and that is that Gordon Moore has died, aged 94. He of course is famous
for Moore's Law and being one of the founders of Intel. I mean it's good opportunity to
look through his life and it's incredible how many things he'd been involved with. It's
incredible life really. I mean it's sad that he's gone but 94 years and incredibly productive
years. Amazing. Yeah not just the Intel staff later on he did philanthropy and did a lot
of good and managed to give a lot of money or raise a lot of money for worthy causes so
yes he will be missed. There was one comment I don't know if this is true but somebody
asked him if there was like an equivalent of Moore's Law for software and he said yeah
the more software written the bugs double. Alright Docker made a huge stink of the last
couple of weeks. They announced the end of Docker free teams. Everyone was fucking up
in arms about it. It was a huge backlash. They half apologized that made it worse and
then eventually they just did a U-turn on it and said yeah sorry but I think the damage
is done. I think that Docker's reputation was already a bit shaky but now open source
projects are just kind of going to have to start migrating away from one centralized
service to GitHub centralized service so that'll be fine. I think you're right. You know the
death early death of Docker was reported years ago and it didn't really happen. There's
a lot of momentum behind people using their image repositories whether it'll have an effect
of touch Docker that much I'm not sure. But hasn't it always been a case that Docker
the technology has always been amazing and no one's ever had any big issues with that
it's been huge it's blown up but monetizing it has always been the problem. Yeah I think
it's the same old problem we find ourselves talking about a lot. You know how do you monetize
a successful open source project especially one with huge demands on infrastructure which
Docker must have. I've seen some people saying oh this is only 2% of their users and it was
just them just doing a bit of tidying up and the messaging was wrong but it seems like
an awfully big stink to have kicked up over 2% of their users. It seems to me this way
whenever somebody does something which is in the against the interests of an open source
project see things like free node where one minute everybody's in love with them the next
minute they make some hamfisted attempt to shut down a massive source of leaking revenue
and then everyone says no we never like them anyway we're going to go and do something
else. This story as Graham said has played out so many times in the last few years nobody
seems to be learning from it. There is obviously a bit of a crunch on for cash now and so people
are looking to tie up all of this seemingly lost revenue just spewing out of them and
they seem to think that open source projects are a soft touch and people will just accept
it or pay up and they weren't asking for a vast amount of money it was something like
four or five hundred dollars a year per project which depending on which project it is that
you are pushing out images for seems like a reasonable cost for hosting but it's just
against the will of the people of open source. I think open source people are relatively
realistic not all of them I will caveat that but most are realistic most of them work in
a business most of run a business and I reckon if Docker was to be honest about what it had
to do and why it had to do it and then said you know maybe we'll reduce things down but
they had stuff like stipulating that oh if you actually made money by doing consulting
on your project then that you didn't count as open source anymore I was like well that's
literally every open source project makes money that way it seemed like it was vindictively
trying to target as many projects as possible and yes you're right they probably have mountains
of data they have to ship in and out but I think you can come to certain terms if we're
all act grown up and talk to each other about why things have to be done a certain way but
now and again that just doesn't seem to happen they just seem to dictate from high what has
to go now and yeah it burns them and I don't know if for one would not be touching anything
that Docker do it doesn't mean I'm going to use Docker hub but yeah it's I think it's
like roll your own infrastructure again wins.
I think another problem is taking me well to find it was the wording of the original message
I don't know who writes these things or what filters they go through but they so often
ended up terribly I mean this one's like the free team organizations are legacy subscriptions
that's a legacy subscription tier to people who are using it and if you own a legacy free
subscription it will be suspended and if you don't upgrade then your Docker will retain
your organization data for 30 days after which you'll be subject to deletion and you
know for people using it as part of their CI systems probably for years and loads of
other considerations being given potentially 30 days to change everything update everything
looking to how everything works was just unreasonable especially completely out of the blue and
especially when Docker rely on and have benefited from many of those open source projects themselves.
Yeah yeah I think the main problem was the communication here it wasn't even necessarily
the decisions that they were making if they had communicated it better they wouldn't have
been such a backlash people didn't know for example where they're going to lose their
namespaces well then I think the CTO came out and Twitter to say no you won't lose the
namespace but then people wouldn't be able to update their containers and so people would
be pulling down out of date ones that had vulnerabilities in them it was just communicated
poorly there wasn't even an official announcement it was just an email that went out to a bunch
of people and then people started posting about it on their blogs and social media and stuff.
So the tweet is a legally binding document as Elon can attest to.
Although not if you call someone P-DOG guy it seems.
He managed to wheeze that that one didn't he?
The internet archive has lost its first fight to scan and lend ebooks like a library says
the Verge and the internet archive has opposed the fight continues so the internet archive
scanned a load of books and was lending them out like a library and they'd only lend them
out one copy at a time corresponding to the actual physical books that they had and for
a while that was all fine and then covid hit and they just relaxed that rule and just
lent out multiple copies.
The publishers got really fucking pissed off with them sued them it's taken a while but
here we are basically three years later and there's a summary judgment saying that yeah
you can't get away with this any longer they're going to fight against it it's a long legal
process as usual but it's not looking good for the internet archive and I don't know
how I feel about this.
On the one hand it's bad but on the other hand what the fuck did they expect?
Yeah the funding was so did I not see that the publishers are all making record profits
at the exact same time.
So it's really hard from the proof that there's any material damage done so I don't know
how that one tallies but I do kind of see your point in fact that yes this does seem
like this wouldn't have ever worked.
I don't think they're arguing solely on loss of revenue I think that they're arguing on
copyright grounds as much as anything that you know you're not allowed to do that and
they're kind of right on that.
I don't really understand how they thought that they was going to be okay.
They did try and use some fair use arguments about being transformative and stuff but that
was never going to work was it that was just ludicrous really.
And it's a bit annoying because I really really like the internet archive the way back machine
is just amazing and it's not just the way back machine it's also all the other stuff
that they archive but this just seemed like a misstep from them to me.
I get what they wanted to do and it is noble and all the rest of it but it just set them
up for failure as far as I can see.
Yeah.
Yeah I mean it's a shame because you don't waste the goodwill that exists for the internet
archive on things that realistically don't seem winnable.
Like I think it's fine to be a library and to rent a book out somebody and have only
the one copy and that's the way libraries work here in Ireland I'm sure it's the same
UK probably most of the US exactly the same way too.
And I think you can only play within the rules you can't sort of make them up yourself
and it just seems a shame it's a wasted opportunity.
Keep this for a big important fight like archives of people's Twitter posts that they
try to delete and get rid of and then don't want to show you.
I mean that would be where you should fight.
Oh no fuck that I've tweeted some dumb shit and deleted in my time man.
Let it go let it just disappear.
Anything for politics one day?
I mean I think failure just kind of hinted at this.
It's such a precarious situation considering all the other stuff that you can find on the
internet archive and I think it's really valuable that they were building bridges to publishers
and building trust and relationships even if it is under weird terms.
I mean we'd all rather they'd be like data anarchy and we could all have access to everything.
I think it was a valuable step they were doing and this is probably a step too far.
You're worried about the Amiga Rums getting deleted.
Yeah I am yeah that's it.
That and Synth samples.
Oh that and that no I shouldn't mention it the entire Scumbium archive advice.
Oh shhh shut up Jesus.
Sierra might rise from the dead again.
Okay this episode is sponsored by Linode.
Go to Linode.com slash late night Linux support the show and get $100 free credit.
And their award-winning support offered 24 7 365 to every level of user to ease of use
and setup.
It's clear why developers have been trusting Linode for projects both big and small since
2003.
Deploy your entire application stack with Linode's one click app marketplace or build
it all from scratch and manage everything yourself with supported centralised tools like
Terraform.
And check out their managed MySQL, Postgres and MongoDB databases that allow you to quickly
deploy new database and defer management tasks like configuration, managing high availability,
disaster recovery, backups and data replication.
Simple and fast to deploy with secure access their flexible plans include daily backups.
So go to linode.com slash late night Linux create a free account and you'll get $100
in credit and support the show.
That's linode.com slash late night Linux.
Right it's time for another Linux outlaw style micro watch.
So let's shut on Microsoft.
First of all, GitHub managed to publish their private SSH key and then there to revoke it
and then everyone got scary warnings.
I mean people make mistakes.
Let's not shit on the person who fucked it up.
I think we actually should shit on the person that fucked it up because that person should
never have had access to that key.
No human being should even know what that key is.
The secret machine should know about it.
Nothing else.
I understand how it's possible for a human being to have a copy of that entire key just
like on their laptop.
It's bizarre.
Not everybody has a copy of that key on their laptop.
To go around with a USB stick on your start up and they plug it in and go there you go.
You've got it now.
Also I want to shit on their communication again which is going to be my theme for this
episode.
Their messaging was out of an abundance of caution.
No mention of this.
And also however many millions of people are now going to have to get rid of their old
keys and update their new keys and however many man in the middle text that could potentially
cause.
No an abundance of caution with just replacing our RSA keys.
It's absolute bollocks that messaging.
Just be honest with us and we'll all understand.
It's funny you say that because I saw that story headline early in the week and I just
ignored it.
Oh yeah.
Okay somebody else has just made a mess or something.
I didn't realize how serious it actually was.
And now I think we're all primed when we read out of an when a politician says out of an
abundance of caution we're going to filter the internet and require age verification.
I was in a public stall and I was trying to SSH into a server.
Matthew Garrett wrote a piece we need better support for SSH host certificates.
And he talks about how we've got SSL search for browsers and how that is technically possible
with SSH but it hasn't been adopted and it should be because you could set up a system
where this wouldn't matter you could just change that key out and people wouldn't have
this big scary warning and wouldn't have to run the SSH keygen dash capital R github.com
command.
It could just happen all seamlessly in the background.
So it's definitely not the person who fucked it up fault.
It's arguably github as an organizations fault for allowing someone to be able to fuck it
up.
But Garrett is arguing that it's more like the whole ecosystem's fault for not adopting
a better sort of standard way to do this.
Yeah I think that's a good point.
I mean all of us now rely on SSH all kinds of things all the time and I'm often seeing
weaknesses in it.
I think the same key for lots of different hosts that kind of thing stuff that I've just
been doing for years which I shouldn't admit on a public podcast.
Well like you're out of date sent us out.
It's the exact same thing.
Rock roll.
I'm going to find that one day and I'm going to power it crew.
I'm surprised you can still SSH into that from a modern system because I tried to do
a red hat five system and it's keys were so old I had to SSH into a six one first socket
to SSH into that.
So what does that mean you're running as your SSH on your main machine?
Maybe it's got a 1404 VM.
Maybe.
Well also github related tracking the fake github star black market with various tools.
This is a post on DAGSTER.io and it's quite in depth about how they did it but the bottom
line is can you fucking believe this?
People buy stars for their github repose.
It's like buying likes or retweets or views for YouTube videos or whatever.
Instagram likes.
Why would people do this?
Cloud.
I suppose.
It's a word I've heard about recently.
I'm not sure a day what it means but yes that.
But that in of itself was interesting to me just the whole concept of people buying them
but how these people found out about it and sort of formed a list of spammy accounts
that were doing this was a very interesting read that I put in the show notes.
We won't go too much into that but I just could not believe that people were buying
these stars man that just blew my mind.
If there's money to be made selling it then people will invest time and energy in making
a system to exploit it.
I think it's a lazy community management measurement metric.
How many stars have we got on our project on github?
Oh if that number is going up every week then we're winning.
And then for a few bucks you could buy an extra couple of hundred stars.
Oh that's my job done.
I'm a great social network manager because I've increased our likes.
That's what I do.
Well yeah, weeks of those YouTube channels that have got hundreds and hundreds or thousands
of subscribers and no views because they've just either bought them or just spammed them
and done competitions or whatever, subscribed for this, whatever, win this prize and then
they don't get any views because they video is a shit and don't write the algorithm.
I just thought that open source and github was above that but...
Microsoft got involved.
Yeah it's definitely Microsoft's fault.
It is, right.
Not just people being whatever.
Cherabaster is the thing we were looking for.
Yeah.
So we're going to have a show of bastards, let's conclude Microwatch with Microsoft is
building a cryptocurrency wallet into its edge browser.
Hey hip kids, why are you into these days?
Yeah, it feels like this was kind of decided in a meeting 18 months ago and it's still
not quite ready and now it's just about starting to leak.
And what are they doing?
Like read the fucking room Microsoft.
So wallets in browsers.
I mean we got brave if you want that sort of bollocks.
So yeah, this is, that's it.
I've decided I hate Microsoft now.
Yeah.
I didn't have to do any work until I love it.
Well, they've been absolutely perfect up until now.
They've done everything right and never made any mistakes and never pissed anyone off.
And then now with their browser they put a crypto wallet in and just no, that's it.
I'm not having it.
Good.
I'm not using any of their stuff ever again.
Because I just think that if you're into crypto and you store all of your crypto in an
in browser wallet, then you deserve what's coming.
Yeah, where do you store yours, Chrome?
I'm not going to say.
It's on the red hat five machine.
It's so it's so it's so obsolete.
It's now not a clearing patches anymore.
It's perfect.
Okay, this episode is sponsored by collide and collide has some big news.
If you're an octa user, they can get you entirely to 100% compliance.
If advice isn't compliant, the user can't log into your cloud apps until they fix the
problem.
It's that simple.
Collide patches one of the major holes in zero trust architecture, device compliance.
Without collide, IT struggles to solve basic problems like keeping everyone's OS and browser
up to date.
And devices might be logging into your company's apps because there's nothing to stop them.
Collide is a simple device trust solution that enforces compliance as part of authentication
and it's built to work seamlessly with octa.
The moment collides agent detects a problem, it alerts the user and gives them instructions
to fix it.
If they don't fix the problem within a set time, they're blocked.
Collides method means fewer support tickets, less frustration, and most importantly, 100%
fleet compliance.
Or visit collide.com slash late night Linux to learn more or book a demo.
That's k-o-l-i-d-e dot com slash late night Linux.
All right.
It's been a while.
It's been too long since we had a go at Mozilla introducing Mozilla dot AI investing in trustworthy
AI.
And this comes off the back of them launching the responsible AI challenge failing.
I bet you're really, really pleased that they're concentrating their resources on
AI stuff.
Yeah, you call it really pleased that I bet they tried to take my internet out today with
their responsible AI fuckers.
Yeah, this is a yet again, another farce.
So like, why don't they get in on the crypto farce while they're at it and, you know,
more NFTs.
I mean, they might as well do a lot of them at this point.
And they're committing $30 million to this product.
Where have they got a 30 million spare to spend like this?
I don't understand.
They just cut out on the 11 o'clock tea break for the everybody in the office.
And that covered it.
Maybe Mitchell doesn't get a pay rise this year.
It feels like not very long ago, we were talking about how Mozilla were going to raise
money because they were really concerned about running out.
And now this, maybe the AI will come up with schemes for them.
Maybe they asked Bard or the Microsoft shit show.
It was too busy, you know, due to white supremacy thing at some point.
Well, right.
I think I'm enough to devil's advocate this thing.
No, you're not.
Go on.
You'll go on fire.
Right.
OK, so this is happening.
Well, it's not happening yet because it hasn't happened yet.
It does no AI.
All right.
What they call AI machine learning language model bullshit, whatever is happening, right?
And so do we not want some sort of responsible player who cares about open standards and
open source and rights and stuff?
Do we not want someone to have a go at least?
Sure.
And what they should do is if you try to go on there and start talking about this, it
formats your computer.
That would be the actual responsible and trustworthy thing to do.
Oh, come on.
No, it's all it's a scam.
The lot of it is a scam.
And that is the only way it there is.
It's like saying, oh, let's have some ethical NFTs.
No, you can't because it's all bullshit.
That's why.
No, I'm not having that.
Bullshit right now.
It is though.
I'm not having it.
Right.
It's statistics.
It's T9 on your feckin Nokia phone.
That's all it is.
It just happens to spew what seemingly until it doesn't, you know, seems correct.
Delagitte.
Right.
Let's not conflate it all together as one thing, right?
You've got your bullshit chatbots and then you've got your art.
Inspiration stuff, shall we say, the generative art stuff.
Right.
That's one aspect of this machine learning AI thing.
But another aspect of it is, for example, the medical stuff where they are finding new drugs.
Are they though?
Well, at least in theory, that's the whole scam, isn't it?
In theory, they're gonna.
Yeah, sure.
Just give us another check for, you know, many, many zeros because let's face it.
Nobody, unless they have a colossal bank account is going to be able to fund the training of a model.
It just isn't going to happen.
And even the likes of the chat API or closing in their APIs to stuff and researchers are sounding alarm bells of, you know, if we wanted to learn about stuff, this is exactly the opposite way we should go about doing all this.
So I don't for one second believe there's nothing but scam going on here.
We've been over this.
I know.
We want to get over the same.
I'm not going to tell you, but honestly, failing, I understand your skepticism and it's good to be skeptical.
I think it has become like the new NFT and unavoidable online.
I agree.
It's too overhyped.
But if you do look at it, it is producing real usable results and it'll be applicable to lots of different fields.
And it's only the very beginning.
Whether it's AI or not, I don't care.
The output is genuine and it can produce things that we couldn't produce before.
Whereas with Mozilla, I would much rather Mozilla did this in the background, innovated, got involved with some people without these huge announcements, which do feel just like another grift.
Like when they are the verge of getting into the NFT thing, and this feels just like another bandwagon hopping exercise when they can't even prove to us that they can make a success of their core product.
So I'm skeptical about how successful they'll be with something like this.
Well, when they got into the phones, that was a rip roaring success.
Yeah, two of them.
They're brilliant.
My concern is aligned with Graham's here, I think, which is the Mozilla, a right to make sure that the imminent uprising at least has somebody on the good side.
My concern is that Mozilla are not big enough influential enough, have enough resources to really make a go of it.
And we'll end up with a sort of half formed, poorly executed product, which is just forgotten about.
They're not relevant enough, I think, is the word you're looking for there.
They used to be this really relevant company that used to be with it, but then they changed what it was when Chrome came along.
And now they're not it and it's scary to them.
And they're trying to find the new thing to be relevant.
And so they just keep throwing shit at the wall and seemingly have forgotten about their core product.
And maybe Firefox isn't their core product anymore.
Maybe it should be, or it definitely should be, but maybe it isn't.
Is it overpaying CEOs who do nothing?
Well, seemingly so.
Yeah.
Until a bit of admin then, first of all, thank you, everyone who sports us with PayPal and Patreon.
We really do appreciate that.
If you want to join those people, you can go to latenightlinx.com slash support and remember for $10 or more per month on Patreon, you can get an advert free RSS feed that includes this show, Linux downtime and Linux after dark.
And you sometimes get episodes early.
And if you want to get in contact with us, you can email show at latenightlinx.com.
And if you want to talk to other listeners, you can find the various communities at latenightlinx.com slash community.
OK, this episode is sponsored by Tailscale.
Go to tailscale.com.
Tailscale is a VPN service that makes the devices and applications you are accessible anywhere in the world securely and effortlessly.
It enables encrypted point to point connections using WireGuard, which means only devices on your private network can communicate with each other.
Unlike traditional VPNs, which tunnel all network traffic through a central gateway server, Tailscale creates a peer to peer mesh network.
It handles complex network configuration on your behalf, so you don't have to.
Network connections between devices pierced through firewalls and routers as if they weren't there.
So there's no need to manually configure port forwarding.
Tailscale is available for Linux, Mac, Windows, Raspberry Pi and ARM, Android, iOS, Synology, and for devices that don't allow additional software to be installed, such as printers and other embedded devices, where you can set up a subnet router to act as a gateway, relaying traffic from your tail scale network onto your physical subnet.
So go to tailscale.com and try it for free on up to 20 devices.
That's tailscale.com.
I guess now it's time for us all to listen to failing. Bang on about bloody KDE for five minutes in everyone's favorite segment, KDE Corner.
Wow.
What? Where's it that from?
It's AI generated.
I'm afraid it's AI generated.
Failing. You said AI couldn't do anything good. Well, it can make Stephen Fry take the piss out of you.
So fuck you. Oh, that was Stephen Fry.
Oh my God. OK. No, that was terrible.
Didn't sound quite as smoke as Stephen Fry. I think that was the giveaway.
Anyway, testing Qt 6 begins.
Yeah. Just there's a few pointers in this one.
Obviously, if you are prepared to build from source, then you are definitely not a standard user, but there's a few questions and answers at the end of it to try and help out and try and guide you in the right way.
And what you should do if you encounter bugs and stuff. So it's a kind of a let's see how it goes for the moment.
They're not quite sure how reliable our stable it'll be, but it's beginning. So it's good.
All right. X-wail and screencasting.
So this is really cool. It was a bit understated, but it's fantastic because one of the things that Wayland does is have security.
One of the things that X did not have was security and things like screencasting.
So think of Teams, Slack, Zoom and maybe even Rust desk.
That's still a bit of a question mark whether that'll work or not.
This gives them the ability to screen share.
It creates a sort of an invisible box window that they can then apply to a window that can be shared across.
And yes, X apps could eavesdrop on that, but you get to control who can see what apps and stuff.
So I think this is a really cool thing.
They're still not thinking whether it's actually a big major deal or a feature that's going to be in six permanently or not.
I really hope it is because I think this is massively important,
especially if you're doing remote admin or remote support for anybody at any time.
And yeah, this is really cool and very understated like usual.
All right. And something about Xecom pre.
Yeah. So there's about 180 plus activities in Xecom pre and it's a cool educational piece of software.
And for anybody who might even be in a school that are looking to use free
software where they might not be able to pay for or maybe even the flash stuff that they've been using,
have been sunset or whatever.
Take a look at it. It's quite a cool video and it walks through all that stuff.
So it's quite cool for people to see.
All right. Labplot 2.10.
Yeah. So lots of stuff into that.
And new visualizations, spreadsheet, ability.
You can now import and export to Excel.
There's a whole lot of analytics tools doing things that I don't know what they mean,
like for your filtering and max likelihood, etc.
Better memory usage.
And we had this in the KDA for scientists page that came up and it's a really excellent piece of software
for people who are maybe looking for a better version of MATLAB.
That is free. There you go. It's excellent.
All right. And a couple of this week in KDA's from Nate.
Yeah. So Nate, as usual, loads of bug fixes.
He has a bit of a rolling joke now where he says for Onyx and himself,
where there are lots of Wayland fixes in this.
So yeah, they continue to gather pace.
The dot three was out of 527.
That fixed a few things for me, my virtual machines that would then not wake up from sleep.
Do now. There's still a few more, but they're working down to those issues.
And it's good that they're still working on that,
whether also doing the QT6, but obviously there's a bit of focus there.
But a few new things that have come in with the Sambo Wizard for fileshares.
If it bugs out, there's a decent error message now trying to point you in the right direction
and the same for when your important VPN configs.
And it's nice to see that because obviously with a lot of people now, maybe work in remote.
You know, if you've got an issue with that VPN, it's nice to be able to part way or at least give a clue as to where it is.
And one thing that made me amazed was that some keyboards have an emoji key.
What? What is this?
But apparently if you press that, now the emoji picker pops up automatically.
So I'm really happy that we're helping out those people.
That's presumably for mobile.
I don't know. I mean, maybe keyboards do come with an emoji key.
I have no idea. Swift key does.
Oh, cool. Good for it.
That's Microsoft.
Oh, no, I have to stop using Microsoft.
But they've been working on making multi-screen, even more robust and fully for Fedora.
You can now upgrade between Fedora versions through Discover, which is quite cool.
So it now supports the DNF upgrade ability, which is quite cool if you're into that sort of thing.
All right. A couple of season of KDE things.
Yeah. So this is just because it'll be coming up soon enough.
And, you know, for people that might be doing even the Google summer code,
it's just a couple of perspectives from two different people on how they got involved
and how they helped out and stuff.
And, you know, their first introduction to coding with it.
And if you're maybe even uni or whatever,
and you're looking for a bit of a decent active stuff over the summer,
this might be a good idea if you if you can follow along and like the sound of it,
that you may be going to play.
Right. Well, links to all that in the show notes as usual.
We'd better get out of here then.
We'll be back next week with some discoveries and feedback, probably.
But until then, I've been John.
I've been Salem. I've been Graham.
And I've been Will. See you later.
Bye.
♪♪
♪♪
♪♪
.