Sponsored By:

• Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.
• 1Password Extended Access Management: Secure every sign-in for every app on every device.
• CrowdHealth: Discover a Better Way to Pay for Healthcare with Crowdfunded Memberships. Join CrowdHealth to get started today for $99 for your first three months using UNPLUGGED. Promo Code: UNPLUGGED
• Unraid: A powerful, easy operating system for servers and storage. Maximize your hardware with unmatched flexibility.

Support LINUX Unplugged

Links:

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• LUP's Great Holiday Homelab Form
• Old Fart Form (markdown)
• Jellyswarrm — Bring all your Jellyfin servers together
• LiveTV support · Issue #9 · LLukas22/Jellyswarrm
• pangolin — Identity-Aware Tunneled Reverse Proxy Server with Dashboard UI.
• Pangolin | Secure Access Platform
• NixOS Search - Options - Pangolin
• Youtarr — Self-hosted web app that automates downloading, organizing, and scheduling YouTube channel content with support for Plex, Kodi, Emby and Jellyfin
• Add ability to set subfolder for manual downloads · Issue #287 · DialmasterOrg/Youtarr
• Dawarich — Your favorite self-hostable alternative to Google Timeline (Google Location History)
• dawarich CHANGELOG.md
• CVE-2025-40090 | Ubuntu — Since commit 305853cce3794 ksmbd_session_rpc_method() attempts to lock sess->rpc_lock. This causes hung connections / tasks when a client attempts to open a named pipe.
• SMB3 & KSMBD See Performance Improvements With Linux 6.18 — KSMBD also now adds a max IP connections parameter to optionally limit the maximum number of connections permitted per IP address.
• ksmbd vulnerability research · Doyensec's Blog
• ksmbd - Fuzzing Improvements and Vulnerability Discovery (2/3)
• ksmbd - Exploiting CVE-2025-37947 (3/3)
• doyensec's KSMBD-CVE-2025-37947 PoC
• GrapheneOS bails on OVHcloud over France's privacy stance
• GrapheneOS exits France — what it means for encryption
• France's Encryption War Escalates: GrapheneOS Exodus Signals Dangerous Precedent for Open Source Privacy Tech
• Seems like the GrapheneOS phone collab may be with Motorolla.
• Rust For Linux Kernel Co-Maintainer Formally Steps Down
• Bcachefs Ousted from Mainline Kernel: The Move to DKMS and What It Means
• Red Hat Introduces Project Hummingbird for “Zero-CVE” Strategies
• Richard Hipp - Git: Just Say No - YouTube
• 2011 SouthEast LinuxFest - Richard Hipp - Fossilize Your Code - YouTube
• Pick: Gopher64 — Highly compatible N64 emulator.
• Gopher64 — simple64's official and spiritual successor - Libretro — It’s made by the same developer(s). Unlike simple64 however, it’s not based entirely on Mupen64Plus. And it’s aiming for a more LowSpec hardware overhang.
• Install Gopher64 on Linux | Flathub

Support LINUX Unplugged

Links:

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• Attacking UNIX Systems via CUPS — A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer).
• Marcus Hutchins Scan finds 107,287 servers responding to the UDP port 631 — Instead of relying on Shodan data, I performed my own internet-wide scan using a distributed network of servers. This resulted in discovering drastically more exposed cups-browsed instances, causing my total count to rise from 13,289 to 107,287.
• Shodan on X: 75,000 exposed CUPS daemons on the Internet
• Annual Membership — Put your support on automatic with our annual plan, and get one month of membership for free!
• nodeboard — Your Ultimate Digital Inventory Manager
• Lightning Pay
• activate-linux — The "Activate Windows" watermark ported to Linux
• Install Frog on Linux | Flathub — Extract text from images, websites, videos, and QR codes by taking a picture of the source.
• Clapgrep — Ever had a folder full of PDF files, where you knew, somewhere in there, is what you're looking for. But you did not know in which file. So you had to search each of them at a time...

Sponsored By:

• Core Contributor Membership: Take $1 a month of your membership for a lifetime! Promo Code: summer
• Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
• 1Password Extended Access Management: Secure every sign-in for every app on every device.

Support LINUX Unplugged

Links:

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• Toronto Meetup — Thursday, Aug 29, 2024
• Berlin with Brent — September Meetup @ Nextcloud Conference, Saturday, Sep 14, 2024
• Check out Alex’s “Building a Colo Server” video
• Microsoft’s latest security update has ruined dual-boot Windows and Linux PCs — The cause: an update Microsoft issued as part of its monthly patch release. It was intended to close a 2-year-old vulnerability in GRUB, an open source boot loader used to start up many Linux devices.
• What the f*** is an SBAT and why does everyone suddenly care — This update was not supposed to apply to dual-boot systems, but did anyway.
• SBAT Revocations: Boot Process - Ubuntu Community Hub
• “Something has gone seriously wrong,” dual-boot systems warn after Microsoft update
• Ubuntu Will Be Skipping Non-Critical Linux Kernel Updates For September - Phoronix
• SRU Mailing List Annoucement
• Canonical Moves To Shipping Very Latest Upstream Kernel Code For Ubuntu Releases
• Kernel Version Selection for Ubuntu Releases - Kernel - Ubuntu Community Hub
• Linus Torvalds Begins Expressing Regrets Merging Bcachefs — The bcachefs patches have become these kinds of "lots of development during the release cycles rather than before it", to the point where I'm starting to regret merging bcachefs.
• Re: [GIT PULL] bcachefs fixes for 6.11-rc5 - Linus Torvalds — No one is being jerks here, Linus and I are just sitting in different places with different perspectives. He has a resonsibility as someone managing a huge project to enforce rules as he sees best, while I have a responsibility to support users with working code, and to do that to the best of my abilities.
• LINUX Unplugged 545: 3,062 Days Later — Kent Overstreet, the creator of bcachefs, helps us understand where his new filesystem fits, what it's like to upstream a new filesystem, and how they've solved the RAID write hole.
• Linux is a CNA — As was recently announced, the Linux kernel project has been accepted as a CNA as a CVE Numbering Authority (CNA) for vulnerabilities found in Linux.
• The Linux security team issues 60 CVEs a week, but don't stress. Do this instead
• What is a "good" Linux Kernel bug?
• Keynote: Linux Kernel Security Demystified - Greg Kroah-Hartman - YouTube
• Membership Summer Discount — Take $1 a month of your membership for a lifetime!
• added pihole nix module by Tdback · Pull Request #3 · JupiterBroadcasting/nixconfigs — Recently, I wanted to start 'nixifying' some of my docker-compose setup. I've created a simple module for spinning up a podman container running pihole as a systemd service, so that way I can just stick it on any NixOS machine and easily make it my DNS server.
• NetworkManager cli (nmci) wrapper to easily create a new network connection
• Distrohopper Wheel
• No idea where to distrohop next? Let the ultimate distrohopper decide for you!
• Proxmox Virtual Environment - NixOS Wiki
• Pick: SaunaFS is a distributed file system — A robust distributed POSIX file system meticulously designed to revolutionize your storage solutions by offering unmatched efficiency, security, and redundancy. At its core, SaunaFS is a distributed file system primarily written in C++, inspired by the pioneering concepts introduced by Google File System.
• Google File System - Wikipedia
• saunafs/INSTALL.md

Sponsored By:

• Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
• 1Password Extended Access Management: Secure every sign-in for every app on every device.
• Core Contributor Membership: Take $1 a month of your membership for a lifetime! Promo Code: summer

Support LINUX Unplugged

Links:

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• Spokane Meetup - No-Li Brewhouse · JB Events (test deployment)
• Plasma/Krunner Docs — Brent's tip: 'https://search.nixos.org/options?query=\{@}' (the '\{@}' is the magic sauce)
• autossh — Automatically restart SSH sessions and tunnels
• autossh on GitHub
• Spokane Meetup — No-Li Brewhouse, Sat, Jul 13, 2024, 4:00 PM
• RegreSSHion — Remote Code Execution Vulnerability In OpenSSH Server
• regreSSHion — Remote Unauthenticated Code Execution Vulnerability in OpenSSH server.
• NixOS Security advisory: OpenSSH CVE-2024-6387 “regreSSHion” – update your servers ASAP
• Nasty regreSSHion bug affects around 700K Linux systems
• Qualys CVE-2024-6387 Write-up
• Letmein: Authenticating port knocker - Written in Rust — Letmein is a simple port knocker with a simple and secure authentication mechanism. It can be used to harden against pre-authentication attacks on services like SSH, VPN, IMAP and many more.
• fwknop: Single Packet Authorization > Port Knocking — fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme called Single Packet Authorization (SPA). This method of authorization is based around a default-drop packet filter
• Membership Summer Discount — Take $1 a month of your membership for a lifetime!
• Jeff links: How to run non-nix executables?
• pick: stu — TUI (Terminal/Text UI) application for AWS S3

Plus the big flops we're still sore about.

Special Guest: Kenji Berthold.

Sponsored By:

• Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
• Linode Cloud Hosting: A special offer for all Linux Unplugged Podcast listeners and new Linode customers, visit linode.com/unplugged, and receive $100 towards your new account.
• 1Password Extended Access Management: Secure every sign-in for every app on every device.

Support LINUX Unplugged

Links:

• 🎉 Alby — Boost into the show, first grab Alby, top it off, and then head over to the Podcast Index.
• ⚡️ LINUX Unplugged on the Podcastindex.org — You can boost from the web. Once Alby is topped off, visit our page on the Podcast Index.
• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• 32-Bit Challenge Details — Can you live and work for a week on a 32-bit system? That's the challenge. It might seem simple, but we think you'll be surprised. Let's find out if the world has moved on too far for 32-bit systems, or if they can still be saved from the landfill.
• First NixCon North America!
• Southern California Linux Expo 19
• Ubuntu’s New Installer Milestone
• Ubuntu 23.10 Restores ZFS File-System Support In Its Installer
• Ubuntu 23.04 Desktop’s New Installer Set To Ship Without OpenZFS Install Support
• HDR Beginning To Work For Linux Gaming
• The State Of HDR On The Steam Deck With Valve’s Gamescope Compositor
• KDE KWin Preparing Preliminary Support For Running HDR Games
• End of the 4.9 Kernel Series
• CVE-2023-0179: Linux kernel stack buffer overflow in nftables
• Wine 8.0 is out now with major compatibility improvements
• Wine 9.0-rc2 Released With 33 More Fixes - Including Wine Wayland Fixes
• Stadia Shuts Down Jan 28th
• Google Stadia: Leaked Documents Explain its Failure
• elementary OS 7 Available Now
• Xfce Going Wayland
• FOSDEM 2023: Fedora Asahi
• Fedora Asahi Aims To Provide The Fedora Workstation Experience For Apple Silicon Systems
• SIGs/Asahi - Fedora Project Wiki
• Ubuntu Gets Real
• Canonical Promotes Ubuntu’s Real-Time “RT” Kernel To General Availability
• Plasma 5.27
• KDE Plasma 5.27 Released
• Final Version of KDE Plasma 5 Released – This is What’s New
• FFmpeg 6.0 Released
• FFmpeg on X: “FFmpeg CLI multithreading is now merged!” / X
• Flathub in 2023
• Flathub in 2023 - Flathub Discourse
• Docker is deleting Open Source organisations - what you need to know
• Docker: We’re no longer sunsetting the Free Team plan
• GNOME 44 Released
• GNOME 44 Released With Many Desktop Enhancements
• GNOME 44 Getting New Background Apps UI
• Ubuntu Cinnamon Flavor Status Announcement
• Plasma 6 Early Builds
• Linux 6.4 Bringing Apple M2 Additions
• Btrfs Improvments in 6.4
• Announcing Fedora Linux 38
• What’s new in Fedora Workstation 38
• Red Hat Cutting “Hundreds Of Jobs”
• Message to Red Hat associates today
• Linux Kernel 6.3 Officially Released
• The new Flathub Website
• Flathub Website Gets a Brand New Look
• Ubuntu 23.04 Released
• Ubuntu 23.04 (Lunar Lobster)
• Ubuntu 23.04 with GNOME 44 and a stable Steam Snap
• HDR hackfest wrap-up
• CVE-2023-28410: i915 graphics driver improperly restricts operations within the bounds of a memory buffer
• New NetFilter flaw gives attackers root privileges
• bcachefs out for review
• Fedora Program Manager Laid Off
• Fedora Program Manager Laid Off As Part Of Red Hat Cuts
• Podman Desktop 1.0 Annouced
• Introducing Azure Linux
• CodeWeavers An Employee Ownership Trust
• CodeWeavers Now Controlled By An Employee Ownership Trust
• XFS Metadata Corruption On Linux 6.3 Tracked Down To One Missing One-Line Patch
• Linux 6.3.5 Released With XFS Metadata Corruption Fix
• Plasma 6 is Wayland only - No X11 for Plasma 6
• Xorg server is deprecated since RHEL 9.0
• Ubuntu Core as an immutable Linux Desktop base
• Red Hat To Stop Shipping LibreOffice In Future RHEL, Limiting Fedora LO Involvement
• LibreOffice to be cut out of RHEL installs
• Debian 12 “bookworm” released
• Linux 6.4 Released
• Linux 6.4 Released, focus on 6.5
• Btrfs In Linux 6.5 May Bring A Cumulative Performance Improvement
• Linux Kernel 6.4 Released with Interesting Mix of Changes
• Bcachefs File-System Pull Request Submitted For Linux 6.5
• Red Hat’s commitment to open source: A response to the git.centos.org changes
• Furthering the evolution of CentOS Stream
• A Comprehensive Analysis of the GPL Issues With the Red Hat Enterprise Linux (RHEL) Business Model
• Rocky Linux Shares How They May Continue To Obtain The RHEL Source Code
• The future of AlmaLinux | Hacker News
• Rocky Linux: Keeping Open Source Open
• LXD Moves to Canonical
• LXD has been re-licensed and is now under a CLA
• Fedora Asahi Remix
• Fedora Asahi Remix Coming For Fedora Linux On Apple Silicon Hardware
• Fedora Asahi Remix: bringing Fedora to Apple Silicon Macs (Flock To Fedora 2023)
• Our new flagship distro: Fedora Asahi Remix
• The first conformant M1 GPU driver
• Asahi Linux’s Apple M1/M2 Gallium3D Driver Now OpenGL ES 3.1 Conformant
• Linux 6.6 To Better Protect Against The Illicit Behavior Of NVIDIA’s Proprietary Driver
• Ubuntu Desktop: Charting a course for the future
• Ubuntu Desktop “Charting A Course For The Future” With Ubuntu 24.04 LTS Next Year
• Leap Replacement Discussion
• Linux’s Marketshare on Steam Still Higher Than Apple macOS
• Hub 6: Healthy meeting culture and the first local AI Assistant [YouTube]
• “Nextcloud Hub 6” launched🚀
• Introducing: Raspberry Pi 5!
• Raspberry Pi 5 Benchmarks
• Raspberry Pi 5 Graphics Continue With Open-Source Driver & Crazy Fast Compared To RPi 4
• Raspberry Pi 5 Review: A New Standard for Makers
• Raspberry Pi Approved Reseller – Raspberry Pi
• CPU decoding acording to Eben Upton in an interview
• Intel is killing off its NUC mini PCs
• Ubuntu 23.10 Released
• Ubuntu Desktop 23.10 ISOs Recalled Due To Malicious User Translations
• Linux Mint Starts working on Wayland Support
• Linux 6.6 Features Include The EEVDF Scheduler, Shadow Stack, Intel IVSC, AMD DBC & More
• Btrfs For Linux 6.6 Brings Fixes, Partially Recovers From Scrub Performance Regression
• XFS File-System Maintainer Stepping Down
• XFS Begins Landing Online Repair, New Release Manager Takes Over
• Element Going AGPL
• Synapse goes AGPL Discussion on Hacker News
• Fedora Linux 39 Released As A Wonderful Upgrade For Leading Workstations & Servers
• Fedora Change: Retire Modularity
• Fedora Web Installer Delayed
• What’s new in Fedora Workstation 39
• GNOME 45 Release Notes
• Amazon Making its Own Linux-Based OS to Replace Android
• 🎉 PipeWire 1.0 🎉
• PipeWire 1.0.0 (El Presidente)
• Quick OwnTracks-Recorder-in-Docker dummies guide
• Pick: trippy — Trippy combines the functionality of traceroute and ping and is designed to assist with the analysis of networking issues.

Special Guest: Brent Gervais.

Sponsored By:

• A Cloud Guru: By the end of this course, you will feel comfortable working with a large variety of networking tools and configurations to manage complex Linux networking implementations.
• Linode Cloud Hosting: A special offer for all Linux Unplugged Podcast listeners and new Linode customers, visit linode.com/unplugged, and receive $100 towards your new account.
• New JB Stickers: Own a bit of Jupiter Broadcasting history, while making way for the new!

Support LINUX Unplugged

Links:

• Brent Gervais on Twitter
• Stickers | Jupiter Broadcasting Garage Sale
• JB Telegram
• Razer bug lets you become a Windows 10 admin by plugging in a mouse
• jonhat on Twitter — Need local admin and have physical access? Plug a Razer mouse (or the dongle), windows Update will download and execute RazerInstaller as SYSTEM, then abuse elevated Explorer to open Powershell with Shift+Right click.
• Join us for dinner 4:30 local time at TheViewHouse in Colorado Springs
• Btrfs Set To Land Support For IDMAPPED Mounts In Linux 5.15 — Back when IDMAPPED mounts functionality was added to the Linux kernel, the initial implementation came for FAT and EXT4. XFS support has also been in the works while now for Linux 5.15 the Btrfs support appears ready.
• IDMAPPED Mounts Aim For Linux 5.12 - Many New Use-Cases From Containers To Systemd-Homed — Idmapped mounts make it possible to easily share files between multiple users or multiple machines especially in complex scenarios. For example, idmapped mounts will be used in the implementation of portable home directories in systemd-homed.service(8) where they allow users to move their home directory to an external storage device and use it on multiple computers where they are assigned different uids and gids.
• FOSDEM 2021 - Idmapped Mounts
• brauner/mount-idmapped — Helper utility to use IDMAPPED mounts until upstream support exists.
• Ubuntu 21.10 Systemd To Finally Ship With Cgroup v2 By Default — Ubuntu has been sticking to the legacy cgroup v1 hierarchy because their prized Snap support hasn't supported Cgroup v2. Upstream Snap still doesn't have the support yet but there are patches pending that are still expected to be merged this cycle.
• Fedora 35 To Support Restarting User Services On Package Upgrades — What this ultimately means is that user services like PipeWire can seamlessly restart when upgrading them via Fedora RPM updates rather than needing to manually do so or restarting the system for the upgrade to take effect.

Plus our reaction to RMS's return to the FSF, some big project updates, picks, and more!

Special Guests: Dalton Durst and Danielle Foré.

Sponsored By:

• A Cloud Guru: Hundreds of courses, thousands of hands-on labs.
• Linode Cloud Hosting: A special offer for all Linux Unplugged Podcast listeners and new Linode customers, visit linode.com/unplugged, and receive $100 towards your new account.

Support LINUX Unplugged

Links:

• Microsoft Said to Discuss Discord Bid for Over $10 Billion — “Microsoft possibly acquiring Discord makes a lot of sense as it continues to reshape its gaming business more toward software and services”.
• [Video] Richard Stallman is Back
• edw · elementary Developer Weekend — This conference is our way of reaching out to app developers, sharing the knowledge we’ve all collected over the years, and providing a space to ask questions and provide feedback.
• Ubuntu Touch OTA-16 Release — Today we are happy to announce the release of Ubuntu Touch OTA-16, our sixteenth stable update to the system!
• Linux Action News 181
• Forthcoming OpenSSL release — OpenSSL 1.1.1k is a security-fix release. The highest severity issue fixed in this release is HIGH.
• Initial Support For The Rust Language Lands In Linux-Next — While no fully-baked Rust kernel driver is ready yet, the initial merge to Linux-Next does include an example kernel module written in Rust.
• Linus Torvalds on where Rust will fit into Linux — Torvalds thinks "Rust's primary first target seems to be drivers, simply because that's where you find just a lot of different possible targets, and you have these individual parts of the kernel that are fairly small and independent. That may not be a very interesting target to some people, but it's the obvious one."
• Supporting Linux kernel development in Rust [LWN.net]
• Diversity, Flexibility, and Linux: Prioritizing Generous Transfer | Linode
• JB Telegram
• All Jupiter Broadcasting Shows
• Hoppy — Hoppy provides a unique public IPv4 and IPv6 address to each of your devices, allowing connectivity without limitations. If you are behind a restrictive ISP, constantly on the move, or self-hosting services, Hoppy is for you. All major platforms are supported.
• ngrok — Secure introspectable tunnels to localhost.
• Gist: Assign public ipv6 to wireguard clients
• WireGuard Routing and Port Forwarding
• Gist: Forward all traffic to server over WireGuard VPN
• Expose server behind NAT with WireGuard and a VPS
• How To Forward Ports through a Linux Gateway with Iptables
• FORWARD and NAT Rules
• Pick: dsnet — Simple command to manage a centralised wireguard VPN. Think wg-quick but quicker: key generation + address allocation.
• How to set up a wireguard VPN in minutes with dsnet
• Feedback: Raspberry Pi POCKIT
• Project POCKIT — PocKit is a computer made for the real, physical world. On top of its powerful, versatile Core, you can attach BLOCKS - any number of any kind - to suit your application.
• Video: A small, plug-and-play Linux computer — Project POCKIT
• GNOME 40’s Best New Features
• FreeBSD kernel-mode WireGuard moves forward out-of-tree

Plus how Archive.org uses Linux, and more.

Special Guests: Brent Gervais, Carl George, and Neal Gompa.

Sponsored By:

• Linode Cloud Hosting: A special offer for all Linux Unplugged Podcast listeners and new Linode customers, visit linode.com/unplugged, and receive $100 towards your new account.

Support LINUX Unplugged

Links:

• tsukae — Show off your most used shell commands
• GNOME Shell X11Gestures Wxtension — Enable GNOME Shell multi-touch gestures on X11 with this extension.
• TouchEgg — Touchégg is an app that runs in the background and transform the gestures you make on your touchpad or touchscreen into visible actions in your desktop.
• Apple Touch Bar Linux Driver Hopes For Upstream In 2021 — Sent out on Saturday by independent developer Ronald Tschalär was the latest reverse-engineered, open-source driver code that gets the Touch Bar and ALS support working for MacBook Pro 13,* / 14,* / 15,* models.
• Internet Archive Infrastructure — Jonah Edwards breaks down how the Internet Archive works, behind the scenes.
• jupiterbroadcasting.com/telegram
• All Jupiter Broadcasting Shows
• liamg/traitor — Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins.
• Don't expose the Docker socket (not even to a container) — Docker primarily works as a client that communicates with a daemon process (dockerd). Typically that socket is a UNIX domain socket called /var/run/docker.sock. That daemon is highly privileged; effectively having root access. Any process that can write to the dockerd socket also effectively has root access.
• Feedback: Minecraft Bedrock Bridge
• GeyserMC — Enable clients from Minecraft Bedrock Edition to join your Minecraft Java server.
• Feedback: Audio Hardware
• Feedback: Episode 394
• Feedback: Arch Discussion