Sponsored By:

• Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.
• Jupiter Signal Network Membership: Put your support on automatic with our annual plan, and get one month of membership for free!
• Jupiter Signal Network Membership: Put your support on automatic with our annual plan, and get one month of membership for free!

Support LINUX Unplugged

Links:

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• LinuxFest Northwest 2026 - Back to Root — April 24-26, 2026 - Bellingham, Washington
• Texas Linux Festival 2026 - November 6-7, 2026 Austin, TX
• Texas Linux Fest 2026 - Call for Papers deadline July 1, 2026
• Dirty Frag, a new Copy.Fail like vulnerability — The Dirty Frag vulnerability class, first discovered and reported by Hyunwoo Kim, can obtain root privileges on major Linux distributions by chaining the xfrm-ESP Page-Cache Write (CVE-2026-43284) and the RxRPC Page-Cache Write (CVE-2026-43500) vulnerabilities.
• How to mitigate the "Dirty Frag" CVE-2026-43284 in OpenShift 4 - Red Hat Customer Portal
• Dirty Frag Linux kernel local privilege escalation vulnerability mitigations - Ubuntu
• Dirty Frag Explained: Linux Root Exploit, Mitigation & Patching Guide
• LINUX Unplugged 666 - The BSD Challenge Rules
• Magnolia Mayhem's BSD Challenge Report — It’s still got that old cowboy feel to it.
• Magnolia's Sinchflat - GitLab — Anyway, Pinchflat now has a FreeBSD-first competitor.
• FreeBSD Foundation's Laptop Support and Usability Improvements Project — The FreeBSD Foundation's Laptop Support and Usability Improvements project aims to deliver a package of improved or new FreeBSD functionality that, together, will ensure that it runs well “out of the box” on a broad range of personal computing devices.
• nixbsd: An unofficial NixOS fork with a FreeBSD kernel
• Brent's nixbsd config
• NomadBSD — Persistent live USB flash drives, based on FreeBSD. Together with automatic hardware detection and setup, it is configured to be used as a desktop system that works out of the box, but can also be used for data recovery, for educational purposes, or to test FreeBSD's hardware compatibility.
• GhostBSD — A simple, elegant desktop BSD Operating System
• gershwin-desktop — Desktop Environment based on GNUstep welcoming to switchers
• gershwin-on-freebsd live iso
• gershwin-on-debian live iso
• gershwin-on-arch live iso
• Maintaining the World’s Fastest Content Delivery Network at Netflix on FreeBSD - FreeBSD Foundation
• Pick: kiji-proxy — An intelligent privacy layer for AI APIs. Kiji automatically detects and masks personally identifiable information (PII) in requests to AI services, ensuring your sensitive data never leaves your control.
• Pick: Portbook — Local Rust web dashboard that auto-discovers and labels HTTP dev services running on localhost ports — with live SSE updates, project-root detection, and live/error/dead classification.
• Pick: Sylve — Sylve is a lightweight, open-source management platform for FreeBSD. It combines Bhyve virtual machines, FreeBSD Jails, and ZFS storage into a modern web interface designed to deliver a streamlined, Proxmox-like experience tailored for FreeBSD environments.
• AlchemillaHQ/Sylve — Lightweight GUI for managing Bhyve, Jails, ZFS, networking, and more on FreeBSD
• FreshPorts: sysutils/sylve

Sponsored By:

• Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
• 1Password Extended Access Management: Secure every sign-in for every app on every device.
• Core Contributor Membership: Take $1 a month of your membership for a lifetime! Promo Code: summer

Support LINUX Unplugged

Links:

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• Spokane Meetup - No-Li Brewhouse · JB Events (test deployment)
• Plasma/Krunner Docs — Brent's tip: 'https://search.nixos.org/options?query=\{@}' (the '\{@}' is the magic sauce)
• autossh — Automatically restart SSH sessions and tunnels
• autossh on GitHub
• Spokane Meetup — No-Li Brewhouse, Sat, Jul 13, 2024, 4:00 PM
• RegreSSHion — Remote Code Execution Vulnerability In OpenSSH Server
• regreSSHion — Remote Unauthenticated Code Execution Vulnerability in OpenSSH server.
• NixOS Security advisory: OpenSSH CVE-2024-6387 “regreSSHion” – update your servers ASAP
• Nasty regreSSHion bug affects around 700K Linux systems
• Qualys CVE-2024-6387 Write-up
• Letmein: Authenticating port knocker - Written in Rust — Letmein is a simple port knocker with a simple and secure authentication mechanism. It can be used to harden against pre-authentication attacks on services like SSH, VPN, IMAP and many more.
• fwknop: Single Packet Authorization > Port Knocking — fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme called Single Packet Authorization (SPA). This method of authorization is based around a default-drop packet filter
• Membership Summer Discount — Take $1 a month of your membership for a lifetime!
• Jeff links: How to run non-nix executables?
• pick: stu — TUI (Terminal/Text UI) application for AWS S3

Special Guest: Brent Gervais.

Sponsored By:

• A Cloud Guru: By the end of this course, you will feel comfortable working with a large variety of networking tools and configurations to manage complex Linux networking implementations.
• Linode Cloud Hosting: A special offer for all Linux Unplugged Podcast listeners and new Linode customers, visit linode.com/unplugged, and receive $100 towards your new account.

Support LINUX Unplugged

Links:

• Email from Purism — As previously announced, we will be increasing prices for all new orders of the Librem 5 in stages (the phone will be priced at $1199 from all orders received on or after Nov 1st, 2021 and we expect this price to go upward to $1299 in March 2022) as component prices change and as we deliver greater quantities of product.
• Linux Phones | Madaidan’s Insecurities — Linux phones lack any significant security model and the points from the Linux article apply to Linux phones fully. There is not yet a single Linux phone with a sane security model.
• Linux kernel needs more phones and tablets, says developer — "Especially for guys even running upstream kernel on RPI CM4 like me, more ARM devices with upstream kernel support will just be more happiness. Not to mention this also means super long time support, way longer than the lifespan of those devices."
• Steam Deck dev-kits are on the move Valve say, as some already have it — "All packaged up and ready for devs! This is one of the limited batches of Steam Deck dev-kits heading out today for partners to test their games."
• POKE 756,224 on Twitter — @ChrisLAS I admire your quest to get Linux running on your Thinkpad with the same battery life and perf you get on Windows. I've gotta admit, I've given up and just run Windows on mine, and the ugly truth is that Windows 11 is, for my needs anyway, really nice!
• Pick: Flatseal — Flatseal is a graphical utility to review and modify permissions from your Flatpak applications.