Sponsored By:

• Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
• 1Password Extended Access Management: Secure every sign-in for every app on every device.

Support LINUX Unplugged

Links:

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• oss-security mailing list — Backdoor in upstream xz/liblzma leading to ssh server compromise.
• Fedora Announcement
• Debian Announcement
• Ubuntu Announcement
• Kali Linux Announcement
• Arch Linux Announcement
• Gentoo Announcement
• openSUSE Tumbleweeed Announcement
• NixOS Unstable Discussion
• Why does it take two weeks for NixOS to replace xz?
• Andres Freund on Mastodon — I was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc....
• rwmj on Hacker News — Very annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of its "great new features"
• A Microcosm of the interactions in Open Source projects — Make no mistake. This is the way it works. It needs to change.
• Devuan GNU/Linux on X — Devuan is not affected by the latest vulnerability caused by systemd.
• systemd PR: Dynamically load compression libraries
• Matteo Croce on X — I'm the author of such PR. While I absolutely didn't know that libxz had a backdoor, I really think that libraries should be loaded on-demand when rarely used, hence my change :)
• Ryan C. Gordon on X — This is probably how the xz thing happened, right?
• Jan Wildeboer on the Fediverse — Again the FOSS world has proven to be vigilant and proactive in finding bugs and backdoors, IMHO.
• Unplugged Core Membership
• TXLF is coming up! — April 12 - 13 in Austin, Texas.
• LFNW coming up! — April 26 - 28
• Mobile Game Ads Are Boosting Podcast Follower Counts — Wondery, iHeart and Lemonada Media are all using a non-public product from MowPod - which gives extra lives and game credits to gamers if they follow shows on Apple Podcasts from game apps.
• MowPod's podcast promotion tools: tales from the bar
• fortydeux's NixOS Configs
• Prism Launcher — An Open Source Minecraft launcher with the ability to manage multiple instances, accounts and mods.
• World Backup Day — March 31st — One small accident or failure could destroy all the important stuff you care about.
• Updating Our Fiddly Bits | LINUX Unplugged 494

Sponsored By:

• Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
• Linode Cloud Hosting: A special offer for all Linux Unplugged Podcast listeners and new Linode customers, visit linode.com/unplugged, and receive $100 towards your new account.
• 1Password Extended Access Management: Secure every sign-in for every app on every device.

Support LINUX Unplugged

Links:

• 🎉 Alby — Boost into the show, first grab Alby, top it off, and then head over to the Podcast Index.
• ⚡️ LINUX Unplugged on the Podcastindex.org — You can boost from the web. Once Alby is topped off, visit our page on the Podcast Index.
• Is Arch Linux suitable for server environment? — Probably the biggest issue with Arch as a server operating system is that it's not clear where and when applications may break after an upgrade. More often than not, you have to keep up with what's going on in the wiki and on the forums before doing any sort of upgrade
• Unplugged Tuxies - 2023
• ⚠️ DID WE MISS SOMETHING?
• Get your Tuxies "I Voted" sticker from TheGoldenDragon — $2 Digital Sticker
• Texas Linux Festival 2024 — Texas Linux Fest is the first state-wide annual community-run conference for Linux and open-source software users and enthusiasts from around the Lone Star State. Much like SCALE in Los Angeles, Ohio Linux Fest in Columbus, and Linux Fest Northwest – and an ever-growing list of successful regional shows.
• Switch to the base-devel meta package requires manual intervention — On February 2nd, the base-devel package group has been replaced by a meta package of the same name.
• Git migration announcement
• Git migration completed — We are proud to announce that the migration to Git packaging succeeded! 🥳
• [Arch News] Changes to default password hashing algorithm and umask settings
• Linus’s law — In software development, Linus's law is the assertion that "given enough eyeballs, all bugs are shallow".
• The Linux Scheduler: a Decade of Wasted Cores — In our experiments, these performance bugs caused many-fold performance degradation for synchronization-heavy scientific applications, 13% higher latency for kernel make, and a 14-23% decrease in TPC-H throughput for a widely used commercial database.
• The Linux kernel scheduler has been accidentally hardcoded to a maximum of 8 cores for the past 15 years and nobody noticed – The HFT Guy
• The Linux kernel has been accidentally hardcoded to a maximum of 8 cores | Hacker News
• sched: Update normalized values on user updates via proc · torvalds/linux@acb4a84 · GitHub — This patch updates the internally used scheduler tuning values that are normalized to one cpu in case a user sets new values via sysfs.
• BackTrack Linux
• Flatseal
• Why you probably shouldn’t add a CLA to your open source project — Contributor license agreements (or CLAs for short) have gained a lot of visibility in recent years as some prominent open-source projects have opted to adopt them. If all the cool kids are doing it, should your open source project? Probably not. Here’s why
• Strike Global Now

Plus an update to the most important text editor in the world, the new distro causing controversy, and what is a tainted kernel.

Special Guests: Brent Gervais, Ell Marquez, and Neal Gompa.

Support LINUX Unplugged

Links:

• Could ‘alcosynth’ provide all the joy of booze – without the dangers? — David Nutt has long been developing a holy grail of molecules – also referred to as “alcarelle” – that will provide the relaxing and socially lubricating qualities of alcohol, but without the hangovers, health issues and the risk of getting paralytic.
• Happy 21st, curl — We estimate that there are now roughly 6 billion curl installations world-wide. In phones, computers, TVs, cars, video games etc. With 4 billion internet users, that’s like 1.5 curl installation per Internet connected human on earth.
• nano 4.0 has been released — An overlong line is no longer automatically hard-wrapped, smooth scrolling (one line at a time) has become the default, and more!
• Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers - Motherboard — The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems.
• Malicious updates for ASUS laptops — The trojanized utility was signed with a legitimate certificate and was hosted on the official ASUS server dedicated to updates, and that allowed it to stay undetected for a long time. The criminals even made sure the file size of the malicious utility stayed the same as that of the original one.
• Shadow Hammer APT MAC Check — Check if your device has been targeted by the ShadowHammer cyberattack
• SigintOS: A Linux Distro for Signal Intelligence — SigintOS is an Ubuntu based distribution with a number of built in signal intelligence applications for software defined radios such as RTL-SDRs and other TX capable SDRs like the HackRF, bladeRF and USRP radios.
• SigintOS — SigintOS; as the name suggests, SIGINT is an improved Linux distribution for Signal Intelligence. This distribution is based on Ubuntu Linux. It has its own software called SigintOS. With this software, many SIGINT operations can be performed via a single graphical interface.
• Careers – Linux Academy — Ruby on Rails Dev? Maybe some angular love or willing to learn? Linux Academy is hiring RIGHT NOW
• LFNW: T-shirt preorder closes on 3/31 — While we will have some for sale on site during LFNW2019, the only way to guarantee that you get a shirt is to register for the event, and buy an Individual Sponsorship.
• Virtual Linux Ansible Fundamentals Study Group | Meetup — Join us before Linux Unplugged for an introduction to Ansible.
• Call for Proposals - DebConf19 — The DebConf Content team would like to call for proposals in the DebConf 19 conference, which will take place in Curitiba, Brazil, between July 21th and 28th.
• Fedora 29 Wifi Warning Bug
• Tainted kernels — The Linux Kernel documentation — The primary reason for the ‘Tainted: ‘ string is to tell kernel debuggers if this is a clean kernel or if anything unusual has occurred.
• What is a tainted kernel in Linux? — The feature is intended to identify conditions which may make it difficult to properly troubleshoot a kernel problem. For example, the loading of a proprietary module can make kernel debug output unreliable because kernel developers don't have access to the module's source code and therefore cannot determine what the module may have done to the kernel. Likewise, if the kernel had previously experienced an error condition or if a serious hardware error had occurred, the debug information generated by the kernel may not be reliable.
• Install Fests - Free Software Foundation — My new idea is that the install fest could allow the devil to hang around, off in a corner of the hall, or the next room. (Actually, a human being wearing sign saying “The Devil,” and maybe a toy mask or horns.) The devil would offer to install nonfree drivers in the user's machine to make more parts of the computer function, explaining to the user that the cost of this is using a nonfree (unjust) program.
• NexDock 2 by Nex Computer — Kickstarter — Turn your Smartphone or Pi into a laptop.