Sponsored By:

• Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.
• Jupiter Signal Network Membership: Put your support on automatic with our annual plan, and get one month of membership for free!
• Jupiter Signal Network Membership: Put your support on automatic with our annual plan, and get one month of membership for free!

Support LINUX Unplugged

Links:

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• LinuxFest Northwest 2026 - Back to Root — April 24-26, 2026 - Bellingham, Washington
• Texas Linux Festival 2026 - November 6-7, 2026 Austin, TX
• Texas Linux Fest 2026 - Call for Papers deadline July 1, 2026
• Dirty Frag, a new Copy.Fail like vulnerability — The Dirty Frag vulnerability class, first discovered and reported by Hyunwoo Kim, can obtain root privileges on major Linux distributions by chaining the xfrm-ESP Page-Cache Write (CVE-2026-43284) and the RxRPC Page-Cache Write (CVE-2026-43500) vulnerabilities.
• How to mitigate the "Dirty Frag" CVE-2026-43284 in OpenShift 4 - Red Hat Customer Portal
• Dirty Frag Linux kernel local privilege escalation vulnerability mitigations - Ubuntu
• Dirty Frag Explained: Linux Root Exploit, Mitigation & Patching Guide
• LINUX Unplugged 666 - The BSD Challenge Rules
• Magnolia Mayhem's BSD Challenge Report — It’s still got that old cowboy feel to it.
• Magnolia's Sinchflat - GitLab — Anyway, Pinchflat now has a FreeBSD-first competitor.
• FreeBSD Foundation's Laptop Support and Usability Improvements Project — The FreeBSD Foundation's Laptop Support and Usability Improvements project aims to deliver a package of improved or new FreeBSD functionality that, together, will ensure that it runs well “out of the box” on a broad range of personal computing devices.
• nixbsd: An unofficial NixOS fork with a FreeBSD kernel
• Brent's nixbsd config
• NomadBSD — Persistent live USB flash drives, based on FreeBSD. Together with automatic hardware detection and setup, it is configured to be used as a desktop system that works out of the box, but can also be used for data recovery, for educational purposes, or to test FreeBSD's hardware compatibility.
• GhostBSD — A simple, elegant desktop BSD Operating System
• gershwin-desktop — Desktop Environment based on GNUstep welcoming to switchers
• gershwin-on-freebsd live iso
• gershwin-on-debian live iso
• gershwin-on-arch live iso
• Maintaining the World’s Fastest Content Delivery Network at Netflix on FreeBSD - FreeBSD Foundation
• Pick: kiji-proxy — An intelligent privacy layer for AI APIs. Kiji automatically detects and masks personally identifiable information (PII) in requests to AI services, ensuring your sensitive data never leaves your control.
• Pick: Portbook — Local Rust web dashboard that auto-discovers and labels HTTP dev services running on localhost ports — with live SSE updates, project-root detection, and live/error/dead classification.
• Pick: Sylve — Sylve is a lightweight, open-source management platform for FreeBSD. It combines Bhyve virtual machines, FreeBSD Jails, and ZFS storage into a modern web interface designed to deliver a streamlined, Proxmox-like experience tailored for FreeBSD environments.
• AlchemillaHQ/Sylve — Lightweight GUI for managing Bhyve, Jails, ZFS, networking, and more on FreeBSD
• FreshPorts: sysutils/sylve

Special Guests: Drew DeVore and Jill Bryant Ryniker.

Support LINUX Unplugged

Links:

• BunsenLabs Linux
• Puppy Linux Home
• The FreeBSD Project
• SparkyLinux
• KolibriOS official site
• antiX Linux

Plus community news, a concerning issue for makers, an Arch server follow up, and more.

Special Guests: Alex Kretzschmar, Brent Gervais, Jeremy Stott, Martin Wimpress, and Neal Gompa.

Support LINUX Unplugged

Links:

• The makers of Jif peanut butter team up with Giphy to try to settle the GIF/Jif debate once and for all
• Manjaro Linux on Twitter: After several months of development we are happy to announce Manjaro Linux 19.0 release, named Kyria!
• Get in the C: Raspberry Pi 4 can handle a wider range of USB adapters thanks to revised design’s silent arrival
• Brunch with Brent: Heather Ellsworth
• Keep the conversation going join us on Telegram
• Alex’s Blog: FAA Remote ID Proposal
• FPVFC FAQ on FAA Remote ID NPRM - December 2019
• Proposed Rule: Remote Identification of Unmanned Aircraft Systems
• Introducing the Uber SSH Certificate Authority - Uber Security + Privacy - Medium
• bless: Repository for BLESS, an SSH Certificate Authority that runs as a AWS Lambda function
• How Uber, Facebook, and Netflix Do SSH
• stoggi/sshrimp: 🦐SSH Certificate Authority in a Lambda (on the barbie)
• “Zero Trust SSH” - Jeremy Stott (LCA 2020) - YouTube
• linux.conf.au 2020 | Presentation: Zero Trust SSH
• Keybase SSH
• hallow: A SSH Certificate Authority designed for use with AWS native environments
• BeyondCorp: A New Approach to Enterprise Security – Google Research
• collascii - A collaborative ascii canvas
• Ly - a TUI display manager
• ChrisLAS Cast
• Ubuntu Podcast

Plus a REALLY weird PC, and our command line picks.

Special Guests: Alan Pope, Brent Gervais, Martin Wimpress, and Neal Gompa.

Support LINUX Unplugged

Links:

• Netflix Uncovers TCP Bugs Within The Linux & FreeBSD Kernels - Phoronix — As Netflix's first security bulletin for 2019, they warned of TCP-based remote denial of service vulnerabilities affecting both Linux and FreeBSD. These vulnerabilities are rated "critical" but already being corrected within the latest Git code.
• Initial Benchmarks Of Microsoft's WSL2 - Phoronix — Since the release of WSL2 as a Windows 10 Insider Preview update this week, we've been putting the new Windows Subsystem for Linux 2 under some benchmarks compared to WSL1 and bare metal Linux. While WSL2 has improved the I/O performance thanks to the new Hyper-V-based virtualization approach employed by WSL2, the performance has regressed in other areas for running Linux binaries on Windows 10.
• The Future of Docker Desktop for Windows - Docker Engineering Blog — ith WSL 2 integration, you will still experience the same seamless integration with Windows, but Linux programs running inside WSL will also be able to do the same. This has a huge impact for developers working on projects targeting a Linux environment, or with a build process tailored for Linux. No need for maintaining both Linux and Windows build scripts anymore! As an example, a developer at Docker can now work on the Linux Docker daemon on Windows, using the same set of tools and scripts as a developer on a Linux machine
• Check Out the Snap Store's New Distro Install Pages - OMG! Ubuntu! — In an effort to improve the experience for users wishing to install Snap apps on non-Ubuntu distributions, the Snapcraft team have launched distro-specific store pages for Snap apps.
• Call for testing: chromium-browser deb to snap transition - Desktop - Ubuntu Community Hub — The chromium browser has been available as a deb package for all supported Ubuntu releases and as a snap since version 60, and the time has come to start transitioning away from the debs.
• Atari VCS goes on $250 pre-order with Linux running on Ryzen R1000 — Atari has opened $250 pre-orders for its Atari VCS retro game console, which will run Linux on the new AMD Ryzen R1000 SoC. Indiegogo backers are set for a December release while new orders will be fulfilled in Mar. 2020.
• A EALLY Weird PC… - System76 Thelio Review — There’s more than one company that makes its own operating system and hardware, and today, we’re taking a look at System76’s Thelio, an open source design you can build yourself.
• Fedora · zfsonlinux/zfs Wiki — Only DKMS style packages can be provided for Fedora from the official zfsonlinux.org repository. This is because Fedora is a fast moving distribution which does not provide a stable kABI. These packages track the official ZFS on Linux tags and are updated as new versions are released.
• Replacing a failed drive in ZFS on FreeBSD – Dan Langille's Other Diary — One of my new hard 3TB drives was acting up. I removed it and sent it off to be replaced. In the meantime, I received some 5TB drives and I added one of them into the existing vdev of the zpool.
• Sharing ZFS Datasets Via NFS | Programster's Blog — The great thing about ZFS is that it is very easy to split your "pool" into as many datasets as you like. Each dataset is treated like its own filesystem, with its own rules and settings, which means with regards to sharing over NFS, that you can share more securely as client's will not be able to reach out of the bounds of that dataset/filesystem that you decided to share.
• How to easily configure WireGuard - Stavros' Stuff — At its core, all WireGuard does is create an interface from one computer to another. It doesn’t really let you access other computers on either end of the network, or forward all your traffic through the VPN server, or anything like that. It just connects two computers, directly, quickly and securely.
• Use Public Key Authentication with SSH — Password authentication is the default method most SSH (Secure Shell) clients use to authenticate with remote servers, but it suffers from potential security vulnerabilities, like brute-force login attempts. An alternative to password authentication is public key authentication, in which you generate and store on your computer a pair of cryptographic keys and then configure your server to recognize and accept your keys
• rga: ripgrep, but also search in PDFs, E-Books, Office documents, zip, tar.gz, etc. - phiresky's blog — rga is a line-oriented search tool that allows you to look for a regex in a multitude of file types. rga wraps the awesome ripgrep and enables it to search in pdf, docx, sqlite, jpg, zip, tar.*, movie subtitles (mkv, mp4), etc.
• pindexis/marker: The terminal command palette — Marker is a command palette for the terminal. It lets you bookmark commands (or commands templates) and easily retreive them with the help of a real-time fuzzy matcher.

Plus some good Debian news, our tips for better battery life, and we play a little Hot SUSE Potato.

Special Guests: Brent Gervais and Ell Marquez.

Support LINUX Unplugged

Links:

• Google Stadia announced, a game streaming service for Chrome, Android, and TVs — Powered by Linux, it supports the Vulkan graphics API and Google partnered with Unreal to fully support the Stadia platform.
• Chris on Instagram — We found a great spot to work for the day, great signal. Just one problem. We sorta got taken hostage for a few hours.
• Debian Project Leader Elections 2019: Candidates — We're now into the campaigning period. We have 5 candidates.
• Linux Laptop Battery Optimization Tool TLP 1.2 Released — TLP 1.2 was released today after being in development for more than a year, and it brings support for NVMe, and removable drives like USB and IEEE1394 devices, support for multi queue I/O schedulers (blk-mq), and other significant enhancements.
• TLP – Configuration
• Suse is once again an independent company — Few companies have changed hands as often as Suse and yet remained strong players in their business. Suse was first acquired by Novell in 2004. Novell was then acquired by Attachmate in 2010, which Micro Focus acquired in 2014. The company then turned Suse into an independent division, only to then announce its sale to EQT in the middle of 2018.
• SUSE is now an independent company after being acquired by EQT for $2.5 billion | Packt Hub — As the company has been owned by EQT, so according to few users it’s still not independent. One of the users commented on HackerNews, “Being owned by a Private Equity fund can really not be described as being “independent”.
• MATE 1.22 released — Wanda the Fish now works properly on HiDPI displays
• Albert Vaca Cintora on Twitter — KDE Connect has been removed from @GooglePlay for violating their new policy on apps that access SMS. The policy has an explicit exception for companion apps (like KDE Connect), but it was removed anyway and there's no way to talk to Google
• Use of SMS or Call Log permission groups - Play Console Help
• Full-system dynamic tracing on Linux using eBPF and bpftrace — What if you want to trace what happens inside a system call or library call? What if you want to do more than just logging calls, e.g. you want to compile statistics on certain behavior? What if you want to trace multiple processes and correlate data from multiple sources? In 2019, there's finally a decent answer to that on Linux: bpftrace, based on eBPF technology.
• Learn eBPF Tracing: Tutorial and Examples — eBPF can be used for many things: network performance, firewalls, security, tracing, device drivers, and more!
• IO Visor Project — The IO Visor Project is an open source project and a community of developers to accelerate the innovation, development, and sharing of virtualized in-kernel IO services for tracing, analytics, monitoring, security and networking functions. It builds on the Linux community to bring open, flexible, distributed, secure and easy to operate technologies that enable any stack to run efficiently on any physical infrastructure.
• IO Visor Project on GitHub — Organization that hosts the repos for bpftrace, bcc, and other tools.
• BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more — BCC is a toolkit for creating efficient kernel tracing and manipulation programs, and includes several useful tools and examples.
• bpftrace: High-level tracing language for Linux eBPF
• Install bpftrace for Linux using the Snap Store
• BCC Tool Diagram — Diagram that breaks down useful tools in BCC
• eBPF Perf Tools 2019: Slides
• eBPF Perf Tools 2019: Video (resynced by Squigly)
• eBPF Perf Tools 2019: Video (original)