Sponsored By:

• Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.
• Jupiter Signal Network Membership: Put your support on automatic with our annual plan, and get one month of membership for free!
• Jupiter Signal Network Membership: Put your support on automatic with our annual plan, and get one month of membership for free!

Support LINUX Unplugged

Links:

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• LinuxFest Northwest 2026 - Back to Root — April 24-26, 2026 - Bellingham, Washington
• Texas Linux Festival 2026 - November 6-7, 2026 Austin, TX
• Texas Linux Fest 2026 - Call for Papers deadline July 1, 2026
• Dirty Frag, a new Copy.Fail like vulnerability — The Dirty Frag vulnerability class, first discovered and reported by Hyunwoo Kim, can obtain root privileges on major Linux distributions by chaining the xfrm-ESP Page-Cache Write (CVE-2026-43284) and the RxRPC Page-Cache Write (CVE-2026-43500) vulnerabilities.
• How to mitigate the "Dirty Frag" CVE-2026-43284 in OpenShift 4 - Red Hat Customer Portal
• Dirty Frag Linux kernel local privilege escalation vulnerability mitigations - Ubuntu
• Dirty Frag Explained: Linux Root Exploit, Mitigation & Patching Guide
• LINUX Unplugged 666 - The BSD Challenge Rules
• Magnolia Mayhem's BSD Challenge Report — It’s still got that old cowboy feel to it.
• Magnolia's Sinchflat - GitLab — Anyway, Pinchflat now has a FreeBSD-first competitor.
• FreeBSD Foundation's Laptop Support and Usability Improvements Project — The FreeBSD Foundation's Laptop Support and Usability Improvements project aims to deliver a package of improved or new FreeBSD functionality that, together, will ensure that it runs well “out of the box” on a broad range of personal computing devices.
• nixbsd: An unofficial NixOS fork with a FreeBSD kernel
• Brent's nixbsd config
• NomadBSD — Persistent live USB flash drives, based on FreeBSD. Together with automatic hardware detection and setup, it is configured to be used as a desktop system that works out of the box, but can also be used for data recovery, for educational purposes, or to test FreeBSD's hardware compatibility.
• GhostBSD — A simple, elegant desktop BSD Operating System
• gershwin-desktop — Desktop Environment based on GNUstep welcoming to switchers
• gershwin-on-freebsd live iso
• gershwin-on-debian live iso
• gershwin-on-arch live iso
• Maintaining the World’s Fastest Content Delivery Network at Netflix on FreeBSD - FreeBSD Foundation
• Pick: kiji-proxy — An intelligent privacy layer for AI APIs. Kiji automatically detects and masks personally identifiable information (PII) in requests to AI services, ensuring your sensitive data never leaves your control.
• Pick: Portbook — Local Rust web dashboard that auto-discovers and labels HTTP dev services running on localhost ports — with live SSE updates, project-root detection, and live/error/dead classification.
• Pick: Sylve — Sylve is a lightweight, open-source management platform for FreeBSD. It combines Bhyve virtual machines, FreeBSD Jails, and ZFS storage into a modern web interface designed to deliver a streamlined, Proxmox-like experience tailored for FreeBSD environments.
• AlchemillaHQ/Sylve — Lightweight GUI for managing Bhyve, Jails, ZFS, networking, and more on FreeBSD
• FreshPorts: sysutils/sylve

Special Guest: Jon Seager.

Sponsored By:

• Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.
• Jupiter Signal Network Membership: Put your support on automatic with our annual plan, and get one month of membership for free!

Support LINUX Unplugged

Links:

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• Copy Fail — CVE-2026-31431 — "An unprivileged local user can write four controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root." — Theori
• Copy Fail: 732 Bytes to Root - Xint — "A single 732-byte Python script can edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017." — Xint
• Linux Kernel Bug Explained - Jorijn — "CopyFail is more portable. One script, every distro, no offsets. Dirty Pipe needed kernel ≥ 5.8; Copy Fail covers 2017–2026." — Jorijn"Kubernetes Pod Security Standards (Restricted) and default seccomp do NOT block the syscall used." — Jorijn
• Ars: Most Severe Linux Threat in Years — "The most severe Linux threat to surface in years catches the world flat-footed." — Ars Technica
• Sysdig: CVE-2026-31431 Analysis — "The flaw was introduced in 2017 via commit 72548b093ee3, which switched AEAD operations to in-place processing." — Sysdig
• CERT-EU Advisory
• Ubuntu Security Tracker
• The Register: Crypto Flaw
• Kernel Patch (reverts 2017 optimization) — "This mostly reverts commit 72548b093ee3 except for the copying of the associated data." — Kernel Commit
• Buggy Commit: 72548b093ee3 (2017)
• DeepWiki: AF_ALG Internals
• oss-security Disclosure
• PSA + GRUB Mitigation - Jan Wildeboer
• Ubuntu 26.04 LTS (Resolute Raccoon) Released — "Ubuntu 26.04 LTS sets the example for providing best-in-class resilience while simultaneously embracing innovation and the advancement of open source." — Jon Seager, VP Ubuntu Engineering
• The Future of AI in Ubuntu - Jon Seager — "Throughout 2026 we'll be working on enabling access to frontier AI for Ubuntu users in a way that is deliberate, secure, and aligned with our open source values." — Jon Seager
• Ubuntu 26.04 Release Notes
• Ubuntu AI Features Throughout 2026 - Phoronix — "Canonical's approach to AI is refreshingly thoughtful — Microsoft should take note." — ZDNet
• Canonical DDoS Attack Update — "Canonical's web infrastructure is under a sustained, cross-border attack and we are working to address it." — arcticp, Canonical
• Ubuntu Weekly Newsletter #942
• Canonical AI Approach - ZDNet
• 9to5Linux: Opt-In LLM Tools
• uutils/coreutils: Cross-platform Rust rewrite of the GNU coreutils
• LINUX Unplugged 636: Engineering the Future
• LiveCD fails to start X session on QEMU · Issue #354 · ghostbsd/issues
• Monty's “rescue” drive NixOS config
• Magnolia Mayhem's BSD Challenge Report
• Pick: NASty — NASty is a NAS operating system built on NixOS and bcachefs. It turns commodity hardware into a storage appliance serving NFS, SMB, iSCSI, and NVMe-oF — managed from a single web UI, updated atomically, and rolled back when things go sideways.
• Pick: Defuse — Defuse is a GTK4 application for removing image backgrounds locally.
• Defuse on Flathub

Sponsored By:

• Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.
• Jupiter Signal Network Membership: Put your support on automatic with our annual plan, and get one month of membership for free!

Support LINUX Unplugged

Links:

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• LINUX Unplugged 666 BSD Challenge - Rules and Regrets
• LFNW2026 - Back to Root
• LinuxFest Northwest 2026 Playlist - YouTube
• LinuxFest Northwest - YouTube
• The New Linux Kernel AI Bot Uncovering Bugs Is A Local LLM On Framework Desktop + AMD Ryzen AI Max
• Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain
• Bear454's Fundraiser: Support for James Mason's Family
• Pick: Updo — Updo is a command-line tool for monitoring website uptime and performance. It provides real-time metrics on website status, response time, SSL certificate expiry, and more, with alert notifications.
• Pick: Pake — 🤱🏻 Turn any webpage into a desktop app with one command.

Sponsored By:

• Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
• 1Password Extended Access Management: Secure every sign-in for every app on every device.
• Unraid: A powerful, easy operating system for servers and storage. Maximize your hardware with unmatched flexibility.

Support LINUX Unplugged

Links:

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• Castamatic
• Castamatic 11 - with live shows and Podping — With this release, you can now listen to live podcast episodes directly in the app and get instant notifications as soon as a new episode—live or recorded—is available.
• ESP8266 NodeMCU
• DHT22/AM2302 Digital Temperature and Humidity Sensor Module
• 5V One Channel Relay Module Relay Switch with OPTO Isolation High Low Level Trigger
• Marine Boat 3" in-Line Bilge Air Blower DC 12V 130 CFM
• Wolfwhoop PW-D Control Buck Converter 6-24V to 5V 1.5A Step-Down Regulator Module Power Inverter Volt Stabilizer
• TICONN Waterproof Electrical Junction Box
• BOJACK 3 Values 130 Pcs Solderless Breadboard
• ESPHome Web - web.esphome.io — Allows you to prepare your device for first use, install new versions and check the device logs directly from your browser.
• PlatformIO - Your Gateway to Embedded Software Development Excellence
• buildFHSEnv - nixpkgs — Provides a way to build and run FHS-compatible lightweight sandboxes.
• ESPHome NixOS module: Failure to compile firmware because of DynamicUsers
• Pick: High Tide — Third party unofficial TIDAL music client. Listen to your favorite music from your desktop or mobile Linux device at the highest quality.
• Pick: Junction — Junction pops up automatically when you open a file or link in another app.
• Junction on Flathub