Special Guest: Tomasz Frątczak.

Sponsored By:

• Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
• 1Password Extended Access Management: Secure every sign-in for every app on every device.
• Core Contributor Membership: Take $1 a month of your membership for a lifetime! Promo Code: summer

Support LINUX Unplugged

Links:

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• clevis — Clevis is a pluggable framework for automated decryption. It can be used to provide automated decryption of data or even automated unlocking of LUKS volumes.
• bcachefs Encryption
• What measured boot and trusted boot means for Linux
• Automatically decrypt your disk using TPM2 — Entering the passphrase to decrypt the disk at boot can become quite tedious. On modern systems a secure hardware chip called “TPM” (Trusted Platform Module) can store a secret and automatically decrypt your disk. This is an alternative factor, not a second factor. Keep that in mind.
• Use systemd-cryptenroll with FIDO U2F or TPM2 to decrypt your disk
• Automatic LUKS 2 disk decryption with TPM 2 on Fedora
• Safe automatic decryption of LUKS partition using TPM2 | 221b
• FOSDEM 2024: Clevis/Tang - unattended boot of an encrypted NixOS system
• Clevis & Tang on NixOS Slides
• Decrypt LUKS volumes with a TPM on Fedora Linux
• Self-Hosted 127: Can't Fix What You Don't Track
• Garmin Forerunner 265 — Forerunner 265 is a running smartwatch with a touchscreen AMOLED display, training metrics, phone-free music, & up to 13 days of battery life in smartwatch
• HRV Status
• Garmin Sleep Tracking
• Nap Detection
• Garmin Pay
• Tribit Stormbox Micro 2 Wireless Portable Speaker: 10W
• USB-C Charging Converter for Garmin Watch Without Charger Cable
• Obtainium — Obtainium allows you to install and update apps directly from their releases pages, and receive notifications when new releases are made available.
• Managing your personal access tokens
• Membership Summer Discount — Take $1 a month of your membership for a lifetime!
• Iotas — Iotas aims to provide distraction-free note taking with optional speedy sync with Nextcloud Notes.
• LINUX Unplugged 567: So Long sudo
• Celeste — GUI file synchronization client that can sync with any cloud provider
• vt52's Blog: Migrating from NixOS channels to Flakes
• FUTO Keyboard
• autossh
• LINUX Unplugged 570: RegreSSHion Strikes
• Aeon — The Linux Desktop for people who want to "get stuff done"
• Aeon: openSUSE for lazy developers
• Grayjay — Follow Creators Not Platforms
• Grayjay on GitLab
• CrowdSec
• Bustle — Bustle draws sequence diagrams of D-Bus activity. It shows signal emissions, method calls and their corresponding returns, with time stamps for each individual event and the duration of each method call. This can help you check for unwanted D-Bus traffic, and pinpoint why your D-Bus-based application is not performing as well as you like. It also provides statistics like signal frequencies and average method call times.
• open-and-shut — Type in Morse code by repeatedly slamming your laptop shut
• Zuck Comapres AI to Linux - Open Source AI Is the Path Forward — Today, Linux is the industry standard foundation for both cloud computing and the operating systems that run most mobile devices – and we all benefit from superior products because of it. I believe that AI will develop in a similar way.

Sponsored By:

• Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
• 1Password Extended Access Management: Secure every sign-in for every app on every device.
• Core Contributor Membership: Take $1 a month of your membership for a lifetime! Promo Code: summer

Support LINUX Unplugged

Links:

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• Spokane Meetup - No-Li Brewhouse · JB Events (test deployment)
• Plasma/Krunner Docs — Brent's tip: 'https://search.nixos.org/options?query=\{@}' (the '\{@}' is the magic sauce)
• autossh — Automatically restart SSH sessions and tunnels
• autossh on GitHub
• Spokane Meetup — No-Li Brewhouse, Sat, Jul 13, 2024, 4:00 PM
• RegreSSHion — Remote Code Execution Vulnerability In OpenSSH Server
• regreSSHion — Remote Unauthenticated Code Execution Vulnerability in OpenSSH server.
• NixOS Security advisory: OpenSSH CVE-2024-6387 “regreSSHion” – update your servers ASAP
• Nasty regreSSHion bug affects around 700K Linux systems
• Qualys CVE-2024-6387 Write-up
• Letmein: Authenticating port knocker - Written in Rust — Letmein is a simple port knocker with a simple and secure authentication mechanism. It can be used to harden against pre-authentication attacks on services like SSH, VPN, IMAP and many more.
• fwknop: Single Packet Authorization > Port Knocking — fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme called Single Packet Authorization (SPA). This method of authorization is based around a default-drop packet filter
• Membership Summer Discount — Take $1 a month of your membership for a lifetime!
• Jeff links: How to run non-nix executables?
• pick: stu — TUI (Terminal/Text UI) application for AWS S3