¶ Intro
Hello, friends, and welcome back to your weekly Linux talk show. My name is Chris.
My name is Wes.
And my name is Brent.
Well, hello there, gentlemen. Here we are getting ready to head out. But before we go, we're going to tell you how KDE Linux surprised us after we gave it a little recent run. And then a friend's going to stop by the show and tell us about his really handy new open source tool. And we'll round out the show with some great boosts, some picks, and a heck of a lot more. It's a big show. So before we get there, let's say time-appropriate greetings to our virtual lug. Hello, Mumble Room.
Hello, folks. Hello, folks. A real great way in North Alaska.
Hello, everybody. Hello. We don't know for sure if we'll have a mumble room next week because we will be in our Airbnb or on the floor of scale or something like that, so you just never really know because we don't know.
Can we do it in the car?
Maybe. Maybe. I'm thinking about bringing some mobile connected internet with us. I was thinking about it. It's just big. But that could be handy for going down the road.
Yes.
And you know what we would do? Hook up our Nebula network. We'll talk more about that later. But go check out Nebula, define.net slash unplugged. Go meet managed Nebula from Define Networking. It's a decentralized VPN built on the open source, bulletproof Nebula platform that we love. Optimized for speed. And this is a quick way of saying it's going to use less battery and less network resources than the other mesh network tools you use. It's really simple.
I love how simple it can be when you just want a couple of nodes. But it's engineered for serious security and a global mesh network. originally built for Slack's infrastructure and had to scale to their worldwide data center immediately, just systems all over the place, you can imagine, and how important Slack's data is. They got all of the company's data in the world, basically, and there has to be bulletproof.
¶ Housekeeping
But unlike traditional VPNs, Nebula has a decentralized design, so there's no fragile control plane or a hub-and-spoke choke point. And your network always stays resilient. You can be in complete control of that, or you can use Manage Nebula and let them manage it for you. It's a kind of control and flexibility that I think our audience expects from their infrastructure. Originally built for something that's massive but can scale down to just a couple
of nodes, it's really great. And you can get started for free and support the show. You just go to define.net slash unplugged. Sign up. 100 machines. Absolutely free. No credit card required. And gentlemen, they just added always on VPN mode for Nebula on Android and iOS.
Oh, nice.
Boom.
Defined.net slash unplugged. Big thank you to Defined for being our sponsor of the unplugged program. Well, we're just one day away from hitting the road to go to scale 23x. It's happening. The largest Linux and open source event in Northern America, I'd say. Maybe not in the world, but definitely in our neck of the woods.
For sure. And long running.
Yeah.
Great mix of communities.
Yeah. And you can get 40% off registration when you use the promo code UNPLG. Unpludged. We'll be at Planet Nix, too, which is bringing all kinds of engineers and builders from around the world. Microsoft, Anthropic, Shopify. I mean, the list is crazy.
Way more companies than you think using Nix, it turns out.
Yeah.
Planet Nix is a great way to find that out.
Yeah. Phlox is making it possible. They're making reproducible dev environments actually usable. So they're just in the right place at the right moment. And they're helping us get down there. And to that end, and this is the last housekeeping update you guys have to listen on any of this, we are making a meetup super combo deal. We have decided since our meetup was on the same day and the same time as the Planet Nix after party, it was silly to split the crowd.
Instead, we're going to do one giant Planet Nix after party meetup. So Phlox and JB are hosting happy hour for the community. I'll have the details now. It's all updated at meetup.com slash Jupiter Broadcasting. It's going to be Friday, March 6, 6 p.m. to 8 p.m. Instead of two events at separate times, we're going to do one awesome event on Friday night. combining our powers into one giant meetup. So come hang out.
We also in this got roped into appetizers. So if you're listening and you would like to help your other listeners have a good time, we would love some some boost support for appetizers. We're going to be probably feeding over 100 mouths and it's in California. So you can imagine that's going to be expensive. But I think it's the right thing to do. People are going to come out. It's our way to contribute to the Knicks after party.
And we'd love some support. We'll be on the road, but you could send a boost our way and we'll add it to the boost to bite pipeline, if you will. Thank you, everybody, who's going to meetup.com slash Jupiter Broadcasting 2 and signaling their intention. We really appreciate that. It helps us plan. And we're really looking forward to the Planet Nix after party and seeing everybody down there. It's getting close.
¶ Going Bananas
Well, this year, KD is having quite a moment. Plasma 6.6 just dropped with HDR support, better Wayland performance, and is finally stable enough to daily drive. The desktop Linux market, as you know, last year hit 5% desktop chair and, well, KD has been right at the center of that. KDE Linux, as you remember, is not Plasma, but its own thing. Not Neon either.
Right.
It's definitely not Neon. It's a new project by the KDE crew that we've been super excited about because, well, it's brand new. It's throwing in some super modern technology and is very actively under development right now. It aims to be one of the best ways to get the front row seat to KDE and Plasma. and well it's just it's code name project banana so what is there not to like.
I see this is very much a brent pick.
Right plasma bananas i mean did he force us to do this maybe.
You know also it's it's a great time to check out because plasma is in such a great space yeah it's oh man you know being on hyperland for a little while now and then coming back to absolutely modern plasma it is looking so so good uh and it is a bit of an adjustment we've talked about this before and we're going to get more into this some of the weeds here with this episode there's no package manager traditionally here right you got flat pack you got app images,
this is an image-based immutable whole os idea they have built it on arch but pac-man is not on this thing it is a self-contained single 4.8 gigabyte uh is it erofs image yeah.
Erofs erofs yeah um i'll let you come up with your own pronunciation but.
I'm just going to say E-R-O-F-S.
E-R-O-F-S.
Yeah. So that's the image layer. And that's like these are the image. And that's like almost five gigs on its own. And then you layer on the flat packs you want up to that. It's really meant for user space. And KDE's goal here is to create what they say is, quote, a bulletproof OS that showcases the best of KDE. And we've also talked about Gnome's creating Gnome OS. And what you get to see is something, if you're a Plasma fan, that is really, really nice. It's very lean, mean, and focused.
The beta is coming along, right? This is still very early. They're about 65% complete right now. They're in some refinement areas. I know they've been working on Whalen stuff. I couldn't say exactly where they're at with that, but it looks like multi-monitor stability was a priority and high refresh rate, which I love to see.
But the technical details, Wes, are... I mean, that's what I think is maybe most appealing to KDE Linux to us, is some of the practical decisions they've made, because they could have gone off in the weeds and done some really crazy stuff, But I think part of what's making this distribution so solid this early is they made some really sound, practical, technical decisions.
Yeah. You know, it sounds a lot kind of similar to maybe like the uBlue type immutable service. We've talked a lot of different shades of immutable Linux versions. But this one is very lean and it feels conceptually simple because it really is relying a lot on a bunch of stuff that has been developed in a lot, mostly the systemd, but a slightly wider community than that.
especially after if you remember um leonard had a blog post in 2021 uh putting things together i think it was called yeah it was kind of like a lot of modern ideas that's where we got maybe like the ideas behind systemd home d and like a lot of stuff we've seen develop over the years including um unified kernel kernel images you can't ukis which kd linux does use and so as part of that you get um what's called mkosi or mcosi i don't know what do you like there i.
Like mcosi So M-K-O-S-I.
Yeah. So this is a tool to make operating system images.
Ah.
And the core philosophy is building an OS image should be reproducible, declarative, and unprivileged, right? Because often when you think about this, you think about like, oh, loop devices and like F disk and formatting and like making new file systems, all of which sounds like root permission.
All needs root. Yeah.
Yeah. So what's great here is instead you run this, you give it a single config file.
Okay.
And it uses systemd repart under the hood and it's got some clever stuff. There's also, of course, because of systemd, cgroups and namespaces and unshare and basically it's able to look like it has root inside of a specially crafted namespace that has the permissions it needs to do.
a whole bunch of clever, modern Linux plumbing engineering under the hood so that at the end of the day, you can create stuff like raw GPT disk images, EROFS images, squash FS, container directories, UKIs, tarballs, all from just something that can run without crazy permissions, run in CI, or run right in your terminal. And then, of course, there's a bunch of other stuff that layers in there. So you do get EROFS, which we'll go more into, but...
Okay, you use MKOSI to make yourself like a disk image, maybe an EROFS, but what do you do with that? Well, there's more tools. There's systemd sysupdate.
Okay.
And this is the thing that actually handles the cool rollback and like slot sort of A-B functionality that's going on. So when you want to do an update, you're not pulling down app packages. You're not, you know, there's no DNF. There's no Pac-Man involved. You download a whole big new disk image.
Right.
We'll get to the Delta update story later. But you download a new image. Systemd puts that in the right spot and hooks up all the bootloader stuff for you so that automatically you can boot into the new version. If it doesn't go well, it can boot back to the old one. And it understands that all at the Systemd layer.
Well, and to the point earlier, they didn't invent that tool.
Nope. They didn't have to roll that. They didn't have to iron out all the logic to make sure it was robust and reliable.
That's an example of a practical technology choice where, yeah, they could have invented their own system and maybe even have like a nice little plasma integration and all of that. But instead they chose to go with something that's already been built and in production. So it's already stable, that aspect of it.
And then, you know, you get to layer on stuff too. So then there's systemd system extensions because in this model you have slash user that is hermetically sealed, that is this EROFS that you can't touch, that has a bunch of nice cryptographic properties.
So maybe that's your base system. And then on top of that, like in the testing edition we've been playing with, you can layer in all the plasma stuff as its own systemd system extension that you can update, that you can swap in and out, and you don't have to mess with all of the Arch packages underneath necessarily.
Do you want to talk about system extensions more later, or could we expand on that right now? Because systemd sysextent seemed like at the announcement of the project, well, this is the way I'm going to layer in my mesh networking, or this is the way I'm going to modify this otherwise immutable distro to have this particular customization I want.
And it does work for that, but it's a little heavyweight. It's still getting kind of ironed out sometimes, especially like services that are served in there can be a little bit flaky, which is... a little unexpected considering the origins of all this stuff um but what it works really well for is something like plasma or libraries frameworks where you don't just have a single file like if you're just trying to install something like a you know that's like a single binary
download from some rust or go project or whatever you can do it but it's more work than you need right there's already places to just stick that like opt or user local or whatever or what about like the.
Case of nebular tail scale.
Yeah so those are too easy to distribute basically but if you're trying to add something that needs libraries it needs png assets it has all this stuff that is expected to be under those normal slash usr like stuff that a linux operating system expects that's where system extensions really shine so it's really for the core system extension and not as much of the story necessarily you can do it right but for like user apps but.
If yeah if you could get a user app that's a go binary you just go that route.
Yeah i.
Got you so let's talk more about this er ofs which stands for enhanced read-only file system it came out of huawei for Android. We've had it in Linux since Linux 5.4. So again, it's been around since 2019. It's a technology that is stable. It's in use in Chrome OS.
It's actually required for Android now. All the system partitions are using it.
And they're using it in KDE Linux. So I think the obvious question, because if you're going to ask a Linux user, how would you do this? They'd say, well, I would use SquashFS. It's been around forever. SquashFS has been in Linux since kernel 2.6.29.
Wow.
Yeah. Yeah. But there's a difference and it matters here. So SquashFS takes a fixed chunk of uncompressed data, like, say, 128 kilobytes of data, and it compresses it to a variable-size output. And the blocks land arbitrarily and offsets, and reading one random byte means loading and decompressing that entire 120-kilobyte.
So the whole point for SquashFS is maximizing the compression, which is great, right? Especially when it was made and the internet was super slow.
Back in the two six days when you're squashing.
Yeah, right. But it kind of means that the output is variable, which means you can't easily, like, you have to unpack kind of everything or at least big chunks. If you want just one file, you can't get that.
Right. So this is where the enhanced rate only file system flips it. It has fixed output for compression. Like, you know what you're going to get. the compressor is told give me exactly four kilobytes every block is page size block aligned and indexed and then so i guess to your point much easier to extract the exact piece that you need memory overhead per block drops in this example from say 128 kilobytes with the squash fs to just four kilobytes with the enhanced read-only file system.
And it kind of just directly maps to memory because it's meant to match the page size and so instead of having to like unpack stuff and copy stuff you can kind of just go mount it into memory and.
Get reading and you can imagine that matters a lot like at boot time you've got a train you've got a chain of trust you're trying to get everything from secure boot signing to the UKI embeds all this crap that I barely even understand to actual like kernel loading and you want it all done as fast as absolutely possible and you're using these images this is the exact kind of scenario where you need a solution where you know the predictable size of the compression and where it's going to be at.
And it's just a really neat technical idea that's worked really well. It's also kind of neat because SquashFS has been hard to work with cryptographically and work with DM Verity and kind of all the nice stuff that people want when you are taking the time to use Secure Boot and to use signed UKIs and all that kind of stuff that you might want for enterprise trust at scale, right?
and EROFS works really well with that which means you can have nice cryptographic checksums and actual DMV protection so that if someone does try to mess with your root file system, the kernel can detect it immediately.
That's great.
It's not all roses though.
No?
Well, I bet you're feeling this one right? One of the bigger friction points is it's not a scientific limitation, it's more like an engineering problem that is being worked on.
It is a problem though.
But there are no delta updates.
It sucks man.
So you go change a couple little bits. That's a whole new five gigabyte download.
They'll get there, though, right? I mean, that's on the roadmap.
And, right, you do have this layered ability. And especially, right, where with, like, EROFS and other things, you can keep all the nice cryptographic signing for the bottom, even if you add some system extension that isn't itself signed. So you don't have to go, like, break the whole trust of the system just to add on some stuff at the top.
That's elegant. I like that.
Composable things. So there's some hope that, like, maybe you don't have to update the core tiny layers, like, all the time for that rebuild. and there there are things in progress upstream i think even there's been some work from like various parts of the community i think leonard had one at one point so i expect this will get solved it's just it's just early days.
So we all had a little chance to kick the tires and um i thought let's start with brent's observations because i'm brett you're probably the most act well actually wes you're on plasma all the time too but when we think of our biggest plasma fan i think of brent so i'm curious what your observations of kde linux were.
Well i was fully expecting like the reference kd implementation i've used many spins and such over the years and it always feels like there's of course opinions thrown into spins which is the whole purpose but it never quite felt like unless you were running neon that you had the reference that the kd software developers were building plasma to work perfectly with and to see you know the future of plasma.
So as soon as I installed and booted KD Linux, that's the feeling I got was like, Oh wait, I'm learning like even the tour for the first boot up tour that you get, which I, you know, over the years have seen them and don't really click on them now. I was like, wait, this is teaching me new ways that the developers intended for me to use plasma that I haven't been doing. And it made me realize like, Even though I'm a huge Plasma fan, I don't know that I understand how they want me to use it.
And I'm learning new ways to use it just through booting for the first time KDE Linux, which was a nice feeling to have. Because I felt like, well, I'm a big fan, but I could become even more of a fan if I understand all of the different paradigms that they're building into Plasma that I don't even know about. Did you get that feeling too, Chris? Because I think I saw you mention something about that.
I think my takeaway was more like, it's just so well done. It felt smooth, clean, professional, polished. I don't know how you strike that tone with an introductory wizard, but it got there. Like, I was like... I made a note in my... Like, this is a great introductory wizard. I've seen versions of this with other distros, but this one felt particularly polished. Wes, what did you think? We all went through it.
Well, and... It was just so light and clean and solid and fast. I mean, the install was super fast. I did only try it in a VM this time, but it was a great virtualization.
Oh, super great.
Like, less than five minutes, had it installed, rebooted.
Snappy the entire time.
It had all the virtio drivers and, like, graphics support. So it almost just felt like using my native Plasma.
And it was visually consistent in a way that feels like some of the stuff in Plasma maybe hasn't been visually consistent, too. I think maybe that was...
This was the first time I didn't turn off the light theme. I'm a big dark theme guy. Part of it was like, I'm running plasma and plasma here, so it's a little less confusing if one of them's a different theme. But it was also like, the light theme just looked really good. I instinctively went to Switch. I was like, wait, this looks great. I don't need to.
I know. I feel like with the latest plasma and the stuff they're doing with Breeze, I'm a light theme guy again. It just looks, the light theme looks better than the dark theme.
It does.
As you guys are mentioning this, I'm realizing I didn't even realize I was in a light theme and I never changed it. And that is like the first time that ever happens.
It looks good. It really does.
I'm redefining my identity all of a sudden.
Brent finds himself in KD Linux.
You think by now I would have figured that out?
I think that was a very good first impression, right? When that comes up, it's good. It was good. Clearly made an impression on all of us.
I found the installer too was just simple and straightforward. I, of course, did my usual test of trying out the encryption, which worked perfectly fine, except for on first boot, I forgot the password that I put in.
No.
More because I've adopted our JB Studio temporary password in my own home lab now.
We don't have one of those.
No, no, we never do that.
We're OWASP certified.
We always generate unique passwords for every temporary thing.
I usually put Cosmo as a password, to be honest. But anyway, so I like briefly, you know, I was having breakfast and it was early. So I put the wrong password in at the encryption screen when you first boot just to unlock the disk. And I was like, oh, no, OK. All right, right. I put the wrong one in. So I'm going to get to try again. Right. And it just dropped to a rescue shell, which I hadn't. That's not the usual flow. Usually it lets you at least try three times.
So that was interesting. But once I, you know, put in the right password, everything worked just fine. And so that was nice. But what surprised me the most was, I think, what we talked about earlier. And what I would like to bring even more attention to is the underlying technologies that are making this image-based distribution work for the KDE team.
And I discovered some software under the hood in their docs, actually, which are pretty light, but answer all of the most important questions when you're first booting into KD Linux. One of them was like, well, how do I get other software on here? Of course, Flatpak was built in to discover, which was nice. But they list a bunch of other options for geeks and nerds like us because, well, that's who they're building it for.
So I discovered, of course, Nix is a first-class citizen for how to get additional software on your KD Linux.
Now, hold on. Let's pause here for a second. Because I know some of the audience is going to roll their eyes.
Sure.
But I actually think this is a very notable differentiation between the Bluefin crowd and maybe KDE Linux here. What KDE Linux has done is just made sensible steps to make it possible to sideload Nix. What that does is that gives you the world's largest package repository on an immutable distribution that doesn't have a package manager.
In Ubulu's defense, they do have some more difficulties because they're doing a composeFS thing that sort of makes an EROFS, and that's for the whole root.
The root of the file system.
Right. Whereas here, it's just slash user right now, mostly, that's like...
So you can create a new root directory, which in this case is slash Nix.
But it did stand out because, like, right away, there is a fair amount of stuff. Actually, I was kind of looking at it, and you get, by default, like, a bunch of development utilities and a fair amount of common file system stuff. So it's not totally Spartan, but it doesn't have everything. And if Flatpaks are your primary way to get, like, user apps, that doesn't really get me Netcat very well, which I need on every system I have, apparently.
And Nix kind of, especially if you have this whole, like, I want an immutable rock solid, the way Nix works, then you can just sort of ephemerally summon a tool, and then you don't have to worry about it and it didn't pollute your system, and it's not going to get in the way of future updates. It really makes a lot of sense.
And they list a few different options. I know we were looking for Nix as one of the options, so certainly it's nice to see it there in the official docs. But they do list other options for software that might not be packaged in a flatback. So DistroBox, of course, is an option, which I think we would expect to see. But I did discover a project called Capsule, which KD is working on as well. And its description here is Incus-based container management with native KD and Plasma integration.
So it's a DistroBox-like tool using Incus as the container or VM backend, and it's designed specifically for KD Linux.
I love the name Capsule, of course, with a K.
It's cute, yeah.
But it perfectly describes what it does. It's one of those good names where it's got branding and it describes what it does. Capsule with a K.
Yeah, the use of Incas is interesting. I'm curious. That one especially seems very early, but I'm curious to see where they take it.
This is exciting. I mean, I think the takeaway I'm having... When I tried it, and it sounds like when you guys tried it, is there's more here, there's more meat on this bone than we thought. And there's a real contender in this distribution. Because they've managed to strike customizability and flexibility with that image-based immutability for some of the sections of the system that matter. And if you're a Plasma user, you're getting super fresh Plasma.
¶ Nebulous Networking
we decided to try to set up nebula between our kde linux instances just because how easy it is to just set up a mesh vpn and some of these basic services on an immutable distro is actually a decent baseline test because it turns out that's often one of the first couple of things end users want to do i.
Need to get it connected to the rest of my stuff.
And so like the ublue folks have done have made this really easy to get tail scale going but what if you wanted to get nebula going And could you get Nebula going on KDE Linux? And I think you and I both took a different approach to solving this.
Yeah, true.
Because I was going to experiment with Nix anyways... I installed Nix just using the, you know, like the curl command from the NixOS website, then proceeded to use Nix to set up Nebula, which I found to be very straightforward and worked flawlessly. You went more like blasting binaries and setting up configs and stuff like that. But I liked it. It was like you could do either approach.
Yeah. You know, Nebula provides just regular releases. You can go download and you basically just need the two binaries that they ship.
One's Nebula that actually runs like the VPN service and the other is Nebula cert, which handles dealing with all the certificates and handling your ca if you need to do that so you might not even need that one necessarily but they come in the same little uh tarball so yeah i just had um an lm buddy whip up a little install script to go download the latest release and go drop it i think i did var it looked like the like var lib area was um writable and opt was writable and etsy's right etsy.
As well which i didn't know at first i wasn't sure when i was yeah.
So i was able to have it like just stick the binaries in a reasonable location yeah i think it went with var lib nebula bin in this case and then set stuff up with like a default config under etsy nebula and then also add in a systemd service to start it and then after that it worked pretty well and.
This is what i'm saying like it's the balance of it's immutable but wes can write systemd units and to etsy and when he updates and reboots it persists, So you can do that kind of customization you need to actually make it a functional workstation. And I like that. I think that's very approachable for most Linux users today. They got something real nice here. What was your experience overall?
I found it surprisingly workable and refreshing in the simplicity. Like, I really like what Ublue is doing, and they're cooking on some good stuff over there.
Yeah, yeah. I mean, I'm running it right here in front of me.
But it was cool to see sort of like, Like, you know, Yubo's come out a lot of the Bootsy and Upstream Red Hat and Fedora work, which is excellent, but has its own heritage. And this being sort of a fresh attempt, which uses Arch, but like not at all at runtime, entirely just as like a base for the software to put together like the core part of a distribution. And then is otherwise sort of embracing a lot of the Lenart and SystemD ideas.
It's just, it's neat from a technical standpoint, and it's cool to see it working pretty darn well.
We should try to dig up that original blog post because it really did inspire a lot of this from Lenart. And it's a lot of great ideas there combined with a lot of technologies that already exist and work today. And so while they are very much still in the testing and building phase, this isn't a daily driver yet. This isn't production ready yet. The fundamentals are pretty solid. And I think early adopters, it's probably getting there. I think it's probably getting there for early adopters.
It is kind of funny they mention, right? Like it is a terrible place right now, mostly. You kind of use DistroBox or containers if you want to actually develop on Plasma. But if you just want to use it, it's great.
Well, we have no sponsor for this slot, but we would very much appreciate if you wanted to become a member or send us a boost to help support the appetite budget, the appetizer budget. I am hungry, though. We would very much appreciate it. We've been running lean these days, and so every little bit of support absolutely matters.
¶ Interview with BeardedTek
And Fountain FM makes it really easy to boost. And, of course, we have the meetup that is coming up in just a couple of days. So if you can support us, that'd be great. And a membership is also very much appreciated. LinuxUnplugged.com slash membership for just this show. You get the bootleg or you can get the totally ad-free version that still has all of Drew's edits, which is always a great option. And jupyter.party if you want to support the entire network and get the launch
bootleg and all of that. Thank you, everybody who supports us. Appreciate it very much. Well, Mr. Bearded Tech joins us from the sunny state of Alaska to talk about his project that he's been working on called Nebula Commander. Mr. Tech, welcome to the show, sir.
Well, thank you, Chris. Glad to be here.
So tell us a little bit about Nebula Commander. I know it's self-hosted control panel to get Nebula going, but that's kind of where my knowledge ends. and I'm just kind of looking for an overview of what the project is and what it can do and kind of like, you know, an elevator pitch for it, if you will.
Well, a little background to start off. This all goes back to when you made call-outs for NixOS configs to be made fun of on air.
Yeah, the config confessions, of course, yeah.
So uh i i started that nix os router project because of that prior to the complete confessions uh and you guys roasted the fact that there was no way to configure nebula or tail scale so i uh i created nebula commander.
Oh my goodness that's a bit of a response man that's a bit of a response wow that's incredible yeah because this is uh this is really turned into i mean possibly it It could be something people want to go grab and deploy right now because it's a way to manage a fleet of a nebula overlay. Explain what it's doing. It's more than just like what Wes and I are playing around with, which is like kicking keys around.
So not to uh go against your sponsor or anything like that but to find.net, i love it i think it's a great way to uh to to start building out your nebula network but there's a bunch of features that were important to me that weren't quite available yet so i started, seeing if i can make something work and instead of it only being able to use the, client that's provided, you can actually use this just to manage your Nebula setup by itself.
You go and create a network. You can create groups which are similar to their roles and create firewall rules for inbound and outbound traffic between different groups you have. And each node, you can actually download the config directly and just run it on nebula raw and i'm actually still working on the client uh it's extremely experimental there's a lot of things i.
Want to keep going i.
Like your phrasing reliable.
Okay so the stack that i understand it right is what it's doing essentially is it creates networks it's managing mesh nodes and ip allocation right and certifications and it has a web ui which is like a react dashboard front-end. And you are also integrating with authentication. Can you talk about the authentication piece for a second?
Yeah, I'm using KeyCloak in the back-end for authentication, which is nice. You can do everything from enabling email verification and registering your users, and that's how it's set up, When you first go on to Nebula Commander, there are no users set up. You go in, register your first user, and that user eventually will become the admin. Right now, I ran through a little roadblock and tried to work through that.
And each user independently can have their own networks, their own nodes, their own group rules, and it is completely separate from any other user. So you could potentially go in and have five users for yourself for five different network setups, and they don't step on each other.
Oh, that is really, that's a clever idea. Okay, so if I want to run this, I'm looking at like probably deploying a Docker container, I assume?
Yeah, that's the preferred method right now is with Docker. And if you go on to the nebula-cdr.com, I have full documentation on how to get it up using Docker. There's also a Nix OS flake and modules up there as well to integrate as you guys like.
Yeah you've really clearly spent some time on the on the docs there's there's a lot here at the website nicely done.
You know cursor is a wonderful thing you know people you know in the pre-show you guys were talking about ai and ai agentic things and i've used cursor extensively in this project and it's been a godsend trying to get everything online and going working the right way as long as you use it the way it should be used.
Yeah i've noticed i was reviewing your commits and i saw that you're like actively finding some security things and patching those and finding little issues like that too. So you're taking some kind of audits and security passes at this project as well, it looked like.
Yeah, I've used a couple different tools along with the code QL up on GitHub. I've also used Semgrep and I can't remember the name of the other one for Python that I was using. But yeah, I've done as many security scans as I can to make sure that I have no critical bugs in this thing. Because I mean, that's the biggest problem with a lot of these Vibe-coded projects is that they, have so many security holes, everything's just slapped together and there's no project management involved.
Yeah.
Are you using this to manage your own networks yet or not quite at that stage?
At this point, yeah. I've got my own personal Nebula network and I'm hoping within the next month or so, I'm going to roll all my clients onto it as well. I run a small IT consulting business up here.
That's what I was thinking. This would be perfect for an IT consulting firm. That's where my head went.
I could see a little network management for your clients. You're using this to back up their data it's completely private no big tech involved at all and you know just to circle back to your vibe coded comment bearded tech because i think too this is an example where i think there's nuance because your application is sitting on top of nebula and you know python a bunch of stuff that are primitives that are good and sound that are working and secure right you didn't invent the encryption
here you know you didn't invent the nebula aspect of this you're You're orchestrating the Nebula mesh network, but the actual security is, you know, is solid. It's Nebula. So that's where I think there's a nuance and vibe coded stuff.
I think actually running it too, right? Like having something, doing testing on the other side to make sure it does fit together. And like there aren't weird holes in the project, that kind of stuff adds a lot too.
The scope of this is pretty ambitious. Like I don't think we're really communicating to the audience the scope of this thing. Like that's what impresses me, Bearded Tech, is how you managed with kids running around and two hours of daylight in the winter there, how you managed to create something this already comprehensive.
Well, you know, it's just I ended up spending way too much time on it than I should. Dishes pile up when they probably shouldn't and, you know.
I understand that, but I did see somewhere on your page some ideas for things that you have in the future, like some DNS stuff and exit node stuff. Can you tell me a little bit about that?
Yeah, and that was kind of the one big feature that Define.net didn't really do for me, was being able to put in my own DNS server. Right now, with my clients, I'm using Tailscale, and I have split DNS set up to be able to reach all the machines inside my Tailscale network. And I'm trying to integrate that into this so you can actually run your own DNS node, essentially.
That'd be great.
Do like a magic DNS type setup for Nebula.
That you control. Oh, that's so cool. It's under your own control. So we should also mention the front end is licensed in MIT. The back end also licensed in MIT. And the client is GPL version 3. So the entire stack is free software. if somebody else out there would like to take a look or help.
And then I think you've started a Matrix community if people are interested maybe in checking it out or discussing too, right?
I did. I'll leave the link in the chat here. And also I've got a documentation site up at nebulacdr.com. And I've got a node live right now that people can go and bang on and try out and test out the actual software itself at nebulacdr.net. And I'll leave that in the chat as well.
Oh, fun.
It's up right now. You're not going to leave it up for too long. So it depends where you're listening to this. But nebulascdr.net if you want to see a live demo of it. Isn't that great? Isn't that?
This is so cool.
Weirded Tech, thank you for taking some time on your Sunday with the family running around and all of that to tell us about this. We just think this is such a cool project. Well done, sir.
Thank you very much. I appreciate it, Chris. You guys have a great day.
Yeah, thank you. Thank you very much. And we'll put a link to all that in the show notes. And if you're working on a project like this, drop us a note. Tell us about it. Or come in the Matrix room. You know, that's West Spotted Bearded Tech was talking about this in our Matrix chat room. And then we decided to pull it forward because we just love seeing the community build tools like this.
Y'all are so smart and you build awesome stuff.
¶ Recombobulation
Well, we got a little bit of feedback this week about an ad that was playing at the start of the show.
Did you do that? Was that you?
That was not me.
It was me.
Well, I might have been involved in some of the pieces, but not that part.
Yeah, our bad. So that was intentional, but not yet, I guess is the way to put that. I was going to let you know about I have made a decision behind the scenes to change the approach to ads. I guess in full disclosure, like this, the situation is, is that I fought this as long as I possibly could. I have not been paid for last month. I'm not going to get paid this month and I might not get paid next month. So I may be going three months of the year so far without getting paid, which is okay.
It's like, I didn't do this to get rich and the members are keeping the infrastructure paid for and the boosters are, you know, sometimes I get a sandwich. So it's good and it's okay, but I have to make some changes. And so what I've decided to do is work with a group that is fairly aligned with the way I look at ads. It has to be an ad that – for a product that I like, I get right of first refusal.
And they really work hard to make sure that if it's a company that I'm going to do sponsorship with, that I get a chance to try the product first before it goes on air and all of that. So I like where we're going. And part of that, because we are in a very bad situation, the reality is, is I've just fought the change in the ad market for as long as I possibly can.
And since COVID really, it's not really anything to do with COVID, but the way the market dynamics changed with the increase in rates is that it became more expensive to do direct marketing. It just, it was, it was an area that companies needed efficiency. And I went on about this for years when it happened, so I don't need to recap all of that.
But the structural changes in the market are such that companies no longer have time to engage in a three-month conversation with a single podcaster to do a bespoke ad agreement for one quarter.
They're used to the YouTube model, right, where they can just do ad buys that are targeted or Facebook or –.
They want to buy –, large markets at a time and so there are now companies that sit between the ad buyers and the podcasters and i i've been working to try to find a good one and i have at great personal expense walked this line for as long as i possibly could to make sure it's gone right and because we have no uh ads beyond defined networking right now who is the only sponsor we have at the moment because they were you know by my model the
only ones i was willing to have on and i know that you have an expectation and one of the reasons we've gone value for value is so i could say no. And I have been saying no for a very long time. And so I think we have found a middle ground here, but essentially I'm going to, I'm going to let them cook. And one of the things that we're going to do, why we have no other sponsors on board to try to get some survival money is we will play an ad at the beginning for some locations at some times.
I expected to roll that out over the next couple of weeks, but we need to move quick because we're going to scale. And they communicated the expectation to me. I just, I missed it. It was my bad.
So I will own that because i wanted to communicate it to you beforehand but we're busy and uh that slipped, so uh the plan is is to have them find some good sponsors that can bring on you know some good reoccurring revenue to make the show sustainable so i can get paid again so we can keep going and invest in more production and uh hopefully over time they will do that but it will take a little while even with uh working with a group that specializes
in this it still takes time to find the right sponsor if you have standards it just takes time and so the dynamic ad's running and And that's now that that seal is broken, I'm likely to leave it for a while just because we have such a gap and it's not, I don't really have any of the details on that in terms of. What I should expect or how it's going to perform or anything like that because I've never done anything like this before.
But that's where we're at now. And I'm hopeful that if people seem to have an allergic reaction to it, they'll consider becoming a member at linuxunplugged.com slash membership. We'd often do discounts and we have a fantastic ad-free version of the show, that editor Drew puts together, uh, or you get access to the bootleg.
And if you don't mind the ads, well, then you can help monetize just by listening to it and, um, support the show that way and i think a lot of you don't mind because um ironically when we were purchased by linux academy and we dropped all ads from all shows we never got a single comment about it nobody said anything the wildest thing like it was the biggest issue for us we thought it was this massive unlock, we thought it was this huge thing we were going ad free and.
Behind the scenes i mean it helped a lot with some of.
Our production stuff yeah oh yeah massive time saver, nobody cared really so that was a big lesson um and uh i think also we'll we'll still we'll still do a better job than uh than the average bear out there it's a wild world and video and all that is also eating at it so that uh i'm sorry that wasn't communicated ahead of time that was my intention and um we definitely still need the support more than ever because all these things take time and uh it
was really your support that made it possible to survive this long without having to compromise two years ago really because this is this has been something developing since 2019 since 2020 something we talk about frequently behind the scenes something i've you know i've talked a lot about on the launch i've talked about it on office hours we've talked about it and um so this is where we're at but we will continue on we've got another you know we've got another 12 20 years in us or
so but we just got to make sure we adapt and this is the state of the internet as it were. But I do hope that those of you who like I say have a problem with it will consider a membership because the show quality remains high. In fact, hopefully this continues. Helps us keep going. But I'm sorry we didn't communicate it differently. That's my regret.
It was not supposed to be a surprise.
Yeah, it wasn't meant to surprise you. It was, I was also surprised. But that was on me. It was communicated to me correctly. I just am a busy guy. And emails are easy to miss sometimes. I gotta get something on that that's watching that inbox. But I'm not ready to do it just yet. Just, not just yet but one of these days,
¶ Shout-Outs
but gentlemen we do have some great support this week and this, this is the wild thing about the value for value system is it's such a swinger well we went from like oh boy this is kind of going to be a rough one to like one of the best weeks in the shows it's in the year so far for the show so let's kick it off with our baller booster, Because that is the one, the only hybrid sarcasm, and he comes in with one million Satoshis! Yeah, I said one million Satoshis!
Are you sure that's not a typo?
Hey, my script doesn't make typos.
That's got to be almost the entire appetizer budget right there, I think. thank you hybrid sarcasm I don't think.
Baller quite covers it.
Yeah he says enjoy California boys well we will boy I tell you what like, this boost came in this morning while we were in our group chat and I was having a mild panic attack, about expenses and this landed it changed your mood completely it totally did it totally did it really was something thank you hybrid sarcasm thank you very very much appreciate you. You are a good guy.
Not the one comes in with 68,000 says.
Alright! Also, not bad. Not bad at all.
Keep up the good work. A little something to help with the trip.
He gets it. Thank you very much. Right? We're going to turn that right around and spend it on your fellow listeners. So thank you very much for this one. It's great.
Well, the dude is abiding with 22,222 sets. I've never used an agent locally. The first I want to try is the Home Assistant MCP. I've always used the web-based versions of ChatGepity, Claude, or Gemini, and I'm feeling kind of left behind. So here's a little something for that trip.
Thank you, sir. Appreciate that very much. You know, this is a great question because you can tell he's locked in to the change. The change is like they've gone from novelty chat bot that does theatric typing to like actual useful open source agent that's using the LLM to leverage intelligence.
I just set this MCP up over the weekend.
It's so good.
It's so good.
It's so good.
It doesn't quite do everything, so I think I also had it do some direct API access, but it has a lot of stuff.
It's great for working with automations. The MCP is the way you want to go if you're working and troubleshooting your automations. Two quick examples. So I used the API with an agent because there was electrical work being done down the street from me, and I expected the power to be cut, but I needed to go to the studio. So I had my agent check in every two minutes. And if the power went out, I had the agent cut all the electric heat off and then send me a telegram message.
And then if the then I had if the power remained off for an hour, turn off the remaining systems. Right. Like I had like this cascade system. I could have built an automation for that in Home Assistant, but I did it in 30 seconds with one prompt as I was going out the door realizing this is going to be an issue. So that's one way you can use it. I also, just using the MCP, so that was using the API.
Using the MCP is really great because I have automations that have probably been sitting around for three, four, five years at this point. I built them a long, long time ago and things have changed. So I had my agent go in and audit the top five most frequently fired automations and review them for logic or improvements. And with each one, it found something small to major that I could do to improve them.
And it's just because I haven't looked at them in so long. and that was done via the mcp and it's really nice i didn't you know i didn't didn't and then then you know i just wrote okay do this do this all right go fix that and boop boop goes off and fixes it all up it's really it really is a great unlock for home assistant because home assistant is essentially an api for your entire home.
I will also say uh the fomo feeling can be very real, don't don't feel too bad about that but also don't let it you know it's good to try and be curious but don't you don't have to go too crazy because things are moving fast and like you can over invest in it and waste a lot of time on stuff that's just going to change out from under YouTube.
I mean, Home Assistant API and MCP is pretty solid.
Yeah, that's one of the more solid parts of the whole thing, really.
But that is good advice. That is good advice. Tomato comes in with another row of McDucks, 22,222 sats. Looking forward to scale in Planet Nix coverage. Here's some sats to help with the Travel Boys. If you see any of the Nix or BSD people down there, I'd love to hear about it. I find that particular combination to be rather intriguing.
Yeah, the idea of using Nix on top of a BSD, okay, yeah.
Might sound insane, but then again, but I have done that exact thing in the past with a Perl script. Oh.
Yeah, right, I mean, FreeBSD, I mean, all these Bs, they're nice, tight systems, right, clean, so if you get a declarative interface on top, it could be very nice.
Yeah. Oh. I mean, I would definitely play with that. I mean, it makes immutable distros, got all these packages available for you. It'd really probably be now down to what could you actually install.
Well, Distro Stew comes in with 13,149 SADs. See you at scale. Here's some juice to get you there.
Oh, thank you.
I'm bummed to miss the meetup for the third year in a row. Since I'll be giving an upscale talk on pen testing. Nick's the world. Well, that's a great excuse.
That is a good reason, though.
I'm sure we'll bump into each other some other time, though.
I hope so. Yeah, I hope so.
Because it was great seeing you before.
I want to see you again. And I always love it when people, like, they remember, like, oh, I should introduce with my handle. Right? Oh, no, I'm Distro Stew. Like, oh, Distro Stew! All right, looking forward to that.
I believe we have a new booster here, the facial hair with 4,000 sets.
That's good. I like that.
Apologies for the delay in response. These sats are freshly mined, hence the delay. I wanted to follow up on the D&D and open source question. It works because open source removes barriers to entry, whether it's physical, financial, or otherwise. It allows anyone to join us at the table. This is also my bump for JB D&D special sometime.
That does sound like a lot of fun.
I kind of like that idea. I could see doing a member special. Maybe or something, because I don't know if anybody would actually want to listen to that.
Find an audience member who's an experienced DM, perhaps a volunteer here.
It'd be great on a trip. It'd be great on a trip to do like a little D&D meetup where somebody teaches me how to play, because I've never played before. Maybe I could play like a game, a video game version to learn up. I don't know. But that's a great idea. Thanks, Facial Hair. Thanks if that's your first boost, too. Really do appreciate you so much time. And mine and them sats directly.
Fresh.
Well done. Well, TR Belly comes in. That's not how you say it at all, but I like it. 15,000 sats. I'm going to say it's TRSLB. No? What do you think?
TRSLB.
There you go. 15,000 sats. Point your car south to the sun, away from the atmospheric river and the polar vortex. Yeah, looking forward to that.
No lobes down there.
It's going to be like 75 degrees and sunny in Pasadena.
That sounds impossible.
That sounds so wonderful.
Well, WH-20250 comes in with 2,000 sats. Oh, this one is for Brent. Hey, Brent, I'm curious as to why you didn't try Unraid since you tried TrueNAS Scale.
I was wondering that, too.
I haven't tried it yet, but Unraid does have an OpenClaw container template in the community apps ready to go. One install, and you can have your agent do the rest of the server setup for you. You know, we didn't solicit this boost.
This is a very good question.
Very, very good question.
The main reason is that for years now, I've had some close friends tell me, you have to do TrueNAS. you have to do hey can i back up my stuff to yours across the ocean using trunas etc so that's partly why i leaned that direction and also i mean i probably should but i have didn't haven't had time to try every single offering but unraid is certainly at the top of the list for the round two since everybody has been asked in this question.
I think out of the two and they were a former sponsor no longer sponsor i would i would strongly consider unraid because they've done a lot of improvements in the last version with the UI. They have a really nice API now, which has all kinds of advantages, more than ever, I realize now. And they have a massive up-to-date application library that makes it super easy to deploy stuff. And I like all those things. And it's Linux-based, which I also like.
So I say plus one here to WH is boost. I think Unraid is worth a consideration too. I don't want to speak up because everybody thought I'd be shilling, but that's my honest opinion. I just gave away the milk for free.
Well, Spooky Satcom came in with 2,000 sats. There's no message on this one, just a little bit of value. So thank you very much.
That's always appreciated very much. Thank you much, Buki. Good to hear from you. Hey, there's Gene Bean coming in with 2,666 sats. It sure will. He says, I'm sad that advertising is so lean right now that you've had to start using pre- and post-roll ads. But I'm also glad that you've got the option to get you through. Here's to doing what you need to get things running. My seven-year-old son wanted to tell you that he really likes the sound effects, especially the Tetris one. All right.
Thanks for sharing.
Do you all have any suggestions for local models that work well with open code that I can run, that can run tools? That's a great question, Gene.
That is, yeah.
That's the key question you need to be asking, buddy. Can they run tools? I have a Mac with an M3 Pro and 18 gigs of RAM and a several-year-old Lenovo P52 with an M3.
Ooh, fun. One of the P series.
I wonder how far he could get with MiniMac's 2.5. Probably needs to look more at Quell, right? Quen or whatever it is.
Yeah, that might be.
I think Quen's probably, because they have a couple of versions of Quen that are.
Yeah, it's less, can you fit it in whatever.
18 gigs of RAM is very tight, but it might be possible with Quen. So Gene, I think right now, you might be a little tight for really good reasoning, but you have a lot of room for like vector memory embedding and things like that. So if you wanted to have LLMs take care of local transcription, like with Whisper, and you wanted to have all of your memory managed with an LM that does embedded memory with vectorizing, you could do all of that with that hardware very successfully.
And then you could punt some of the more challenging stuff to a larger frontier model through something like Open Router or a direct API subscription.
Yeah, because there's oftentimes stuff where you might be able to run a model, say, that can do work on individual coding tests pretty well, but isn't quite up to complicated tool call and orchestrating other agents. So sometimes it's a mixture of models that fill the whole thing out.
And so another way to put that, right, is you could have the frontier model running the orchestration agent who is watching the quality of the output, monitoring the sub-agent. And the sub-agent could be using like a Quinn-optimized coding smaller model.
Or a DeepSeq or something.
Yeah, or a DeepSeq. Maybe DeepSeq 4. It could come out any day now. And that maybe isn't quite as comprehensive with tool calls and all of that, but could do that specific job. And then your higher-end model is actually watching the output and managing it. And that actually is a pretty token efficient way to go about it. But hopefully we'll have more options, especially as we get more hardware built for this and as models get down smaller and smaller and smaller.
Let us know what you tried, how it works.
Thanks for the boost. Yeah, keep us posted. That's a good one.
Antoine comes in with 2,468 sets. In case you have not seen this yet, someone came up with a home assistant voice control that is a Star Trek comms badge.
Want?
There's an instructable for it. And we get a link. Did you like this? That's double the value. I have not yet. I'm pulling it up right now.
So I think what they're doing that's pretty clever with this is it looks like the comm badge from TNG. Ooh, yes it does. And I think the front part of the comm badge, I don't know how much is actually happening there. Because there's a little computer that I think you put under your shirt on the back end. And then they maybe, I think, magnetically clip together through the shirt. That could totally work. And so you have.
A- Like a tiny little ESP or something?
Yeah, exactly. Yeah, a little Arduino kind of thing with Wi-Fi. And, you know, the little tiny ability to essentially run a home assistant assistant, and use the home assistant conversational pipeline through your Star Trek comm badge. Now, obviously, the use case here, gentlemen, I don't think I need to say it. But in case you're listening, you're like, why the hell would you use this? So that way you can walk around your house, slap your comm badge and order the lights to turn on or whatever.
Right. That's that's the end state here. Slap in your chest.
And see, this could work with some models. Gene beans running.
I want I want. Thanks, Antoine. Appreciate that. And. All right. Well, Bobby pins here with 10,000 sets. Well, I'm just about ready to finally dive into Nix. My question for you nerds, Nix nerds, should I start with a general use PC and Hypervibe or an appliance level media server or the coveted Nix Bitcoin node?
I probably wouldn't start with that one. I mean, it might depend on how familiar you are with the Bitcoin stuff. If you've run Bitcoin nodes before, then it might be totally doable. If you're learning both running a node and using Nix to do so, that's a lot to do at once. So maybe the media server is a pretty attractive one.
I was leaning that way.
Too.
Yeah? Why?
Well, because it's something that you can build up slowly. You can build one service, build another one, build another one, and it can just iterate. Whereas if you're trying to get a desktop system that you need everything to work right away, there can be a large learning curve. So just having a little computer set up as a media server where you can just poke at it whenever you have time. And if it's not completely online 100% of
the time, well, maybe it's not at the end of the world. That would be a good way to try some things and break some things.
I also think the expectation is different there, right? When you're using it on the desktop, you have certain expectations, if you've used Linux before, about the way package installation works. And what, I have to update this file in order to make this change persist? It's a bit of a gear shift. But when you're using a headless server, all these things that kind of seem confusing on the desktop are actually strengths on the server and really are great.
And you start, I think, since you're coming with a different set of expectations, I think you can appreciate, especially in a server context, Nix a lot more. And then once you learn to use it in a headless environment with a couple of services, you're going to be just absolutely itching to deploy it on your desktop. But you'll have a greater appreciation and understanding at that point. I think, you know, the desktop thing could be fun, but... high probability it goes sideways, you know?
Yeah, and then just longer debug cycles and maybe break the thing you're trying to work on. If you have a bunch of spare laptops or desktops or whatever, then go for it or your comfy dual booting and all that. But whatever you can find the lowest friction way where you're not going to get frustrated because you don't know how to do it in Nix yet is usually the best.
Also, your question specifically said, I'm just ready to finally dive into Nix. We are assuming you mean Nix OS. Of course, the rest of your question suggested that. But it's an important realization, that Nix OS and Nix are distinct. And it's even more fun when you realize you can run Nix on any operating system and get some of the benefits. So that's like, I don't know, level three when you get to do that.
Peanut butter and jelly right there. That is what that is. Your favorite distro with Nix is better and better. All right, thank you everybody who boosted. We have the boost below the 2,000 set cutoff. We'll keep them in the dock for prosperity. And we read them, we appreciate them too. And thank you to everybody who streams those sets. 22 of you streamed collectively, 31,000.
237 sats not too bad at all it's a nice little boost in itself now of course, mr hybrid sarcasm he brought it in and uh he brought the power and the strength so when you bring it all together this week gentlemen for episode uh 600 656 that's right we hit the road to scale before we go by the appetizers and all that this episode stacked 1 million 195 353 saturnies. Thank you to our members, to everybody who supports the show from, you know, just a few sats or a few fiats to, you know, a million.
It makes a difference, especially right now. If you would like to make this episode or next episode a winner, you can boost with Fountain FM. They make it real easy. They have a hosted option or a self-hosted option. There's a whole plethora of applications over at new podcast apps that bring new features and the ability to boost. If you want to just stick with the simple autopilot, linuxunplugged.com slash membership. Thank you, everybody who supports this here episode.
You gosh darn mean a lot to us.
¶ Picks
And we do have some picks for you, and there are some good ones, so let's get to those before we get out of here. First up is one that Wes found that I could see being very useful for folks out there that are trying out Hetzner. I think Hetzner's getting a little tick up in usage with all the open-claw stuff going on.
Do watch out. They have a price increase coming in April, so just be warned. They still have reasonable rates in the industry for sure. But it's coming. Yeah, and you can maybe understand why, given what all is happening and what it costs to run a computer these days.
But tell us about Hcloud Upload Image. You found this this week.
Yeah, so the backstory is Hetzner already provides an MIT-licensed CLI to interface with them. So it's just Hcloud, which is great. But one thing they don't make especially easy is dealing with disk images, especially if you just want to be able to take a disk image that you build locally, upload it to Hetzner and then use that to spin up new VPSs from. You can do a lot of other stuff with the CLI, but not really that exactly in one step or something.
So Hcloud Upload Image is a little Go app that does exactly that. So it creates a server with the right type. It enables the rescue system. It boots into the server. Then it downloads the disk image that you're trying to upload to it into the rescue system, which then lets it just drop that and overwrite the existing disk, right? So it just takes your image and overwrites the disk via the rescue system.
Right, okay.
So it's destructive.
It's quite destructive.
Yeah, this is for spinning up a new one. It spins up its own little...
Okay.
So then it shuts down the server, and then it takes a snapshot of that. So it's silly, like, spins up a new server, puts it in rescue, overwrites it, snapshots it, and then deletes the actual server, and all you're left with is the snapshot. And then you can take that snapshot with the Hcloud CLI itself and stamp out VPSs.
That's great. So you could essentially have, from your machine, you could upload a custom cloud image that you can then use as a template.
Yep. And so I was doing that, and I was running something as a local VM, but it was getting to take up more resources than I could allocate on the machine I was running it on. And so for the moment, I thought, okay, I'll spin up a VPS and offload it there. And so I was able to, it's a NixOS system, so I was able to add a new build output that built with the stuff ready, which it's really just like a KVM virtual machine.
So there's not a lot of crazy Hetzner-specific stuff you need to do, and then have NixOS output a raw disk image, and Hetzner even supports ZStandard and GZip and BZip and similar, so then you can just compress it and upload it, and away you go.
So you just built it from the package manager and sent it up to Hetzner. Stupid easy.
I did hit some confusion because you need to look out, apparently, depending on which data center you use and if you use one of their dedicated performance or the sort of standard shared CPU ones.
Right.
The shared ones seem to be MBR legacy booting.
And you need to be EFI, I assume.
Well, I can do whatever.
Oh, but the image needs to be ready.
Versus if you're on the dedicated ones, those are using EFI.
I got you.
And I don't know how universal that is, so maybe do spin up a test one and check out what the default Hetzner image does for that, whatever VPS model you choose. And this is MIT licensed.
Hcloud upload image. We'll have it linked in the show notes. All right. So my pick is Launcher Studio. If you find yourself downloading the Go binaries as Wes suggested or whatever they might be, so that way you can run them on your mutes distribution. Well, it is kind of a bummer that you don't get a icon in your menu or if you use an application launcher, you can't just easily type the name. Launcher Studio is a GTK4 open source desktop application that lets you create
application launchers, .desktop files, on modern Linux desktop environments. So if you've got a custom app you've written or a download or something like that that didn't get a proper menu entry for your launcher or your menu, you can use Launcher Studio, which is the latest and greatest in what has been kind of an ongoing series of applications that do this kind of functionality that have kind of come and gone over the years. It's MIT licensed and it is Rust-based.
I mean, Despite being GTK4, it does sound like it could be maybe handy on something like KDE Linux for your random side-loaded stuff, and you want a nice .desktop.
No, it works. That's what I used it for. You just install it via Flatpak. It's available on Flathub. But it also works on Hyperland because it's creating .desktop launchers in your .local share applications folder.
It's already a standard.
It's already a standard. So any desktop environment that looks at that for .desktop files will support this, which, as far as I know, is like all of them today. And so that is Launcher Studio. Now, Wes, you've got a couple of handy little proxy picks, if you will.
Yeah, well, as I offloaded this VM, now it was on a Hetzner IP address. And there's some stuff like, you know, I like using YTDLP to pull down some things, and it can get fussy about IPs sometimes. And so I thought, well, I have a residential IP. I'm not trying to do anything crazy. What about just a proxy? Of course, they're already on a mesh network, but I didn't really need to route the whole thing, and I could do, like, forwarding individual stuff.
But for the use case I was doing, it made a little more sense to just set up a proxy because I really didn't need everything to go through it. It was just some specific requests. So first I found TinyProxy, which is a lightweight HTTP and HTTPS proxy daemon for POSIX operating systems, written in C. It's a classic GPL2 license, but still seemingly actively developed and it has a NixOS module. So it was super easy to set up. Enable equals true, of course.
And then for the settings, you can pick the port. You can pick what address you want it to listen on, timeout options. And then what's really nice is they let you configure, like, in CIDR format, what networks you want to allow requests from. So I could say, like, only allow my local LAN and my mesh network, you know, and local host to, or whatever you want. But you can have it listen globally and then further segment it if you want.
So it's quite flexible for whatever security strategy you might want.
Okay.
So that's one option. That's just if you can just work with a regular HTTP proxy.
But wait, there's more.
There is more. This one doesn't have a license, so beware on that. Maybe we should get an issue going for that. There might already be one, but it is Rust.
Okay, all right.
And it's SOX2HTTPProxy, an executable to convert SOX5Proxy into an HTTP proxy.
What are we using this for, Wes?
Well, maybe you need an HTTP proxy. Something doesn't support SOX, right?
Uh-huh, I do. I often need an HTTP proxy.
But maybe you don't want to go stand up a whole proxy infrastructure.
I do not, Wes.
Right? But everyone has SSH. And SSH has dash D, which can run a SOX proxy.
Yes, it can.
So, if you combine this project with that, now you have an HTTP proxy. so now you can go use SSH to funnel your HTTP requests without having to have specific SOX support easily over maybe your mesh network.
Alright you got me that's pretty cool so I take it you're using this.
No well I just set up tiny proxy so I did try this out I.
Was trying to guess which one you stuck.
With but for me I was like building something I was just going to leave as infrastructure for ad hoc stuff this seems like it'd be very handy because you already have SSH.
Yeah very much SSH is my, you know, it's with me everywhere. KD Linux, turn it on. Turned on SSHD. In fact, we were SSHing into each other's KD Linux boxes. That was fun. That was great.
Powered by Nebula.
KD Linux is really coming a long ways, and I can't wait to their future releases. And I think if you're a Plasma fan, it is worth your time to dip back in and try it. Like Wes said, it is an excellent VM citizen, too. Snappy, smooth. Resize the VM window, you know, my Spice window, whatever. It resizes inside there perfectly. no complaints at all. That kind of stuff used to crash these things. You know, it's come along so far.
It's also a nice place to check out some of the latest in thinking about ways to put together Linux systems if you like that kind of thing.
And Plasma.
¶ Outro
All right. Well, if you're going to be in Pasadena around March 5th to the 7th, come say hi to us. We do have meetup.com slash Jupiter Broadcasting. We'd love to say hi to you. Of course, you can send us a virtual message with a boost and be there in spirit as well.
And then if everything goes as planned, we'll have an episode for you next week from Pasadena, either from the scale floor or from our Airbnb, something like that, with all kinds of fresh takes from Planet Nix and from Southern California's Linux Expo, the largest in the Northern American area. Wes, one last pro tip before we go. Tell people where they can get more metadata around the show.
Yeah, well, if you want chapters.
Sure.
You know.
But what if I want them in a really good, consumable way that a machine might like?
Oh, well, then you want JSON cloud chapters.
I've been having like two, three years we've had those now.
Yeah, that's right. Just a JSON file. Well, you got to read the XML file that is the feed and then you get a JSON file.
Then you get the JSON file.
Don't let that bother you too much. Don't think about it too much. Just read the chapters and enjoy them and skip around the file as you like. or if you want the full complete story for whatever reason, we have transcripts, ETT and SRT and we attempt to diarize them so that you can actually tell which of us said the silly stuff.
We give it a shot at least. We hopefully will be live next week. No promises. We never really know. Sometimes we do have to pre-record but if you have a podcasting 2.0 app, we'll try to make it pending in there and I hope to see you next week. Links to what we talked about today are over at linuxunplugged.com slash 654. LinuxUnplugged.com or all the great shows at jupiterbroadcasting.com. And if you'd like even more show, you have the membership options or the Mumble
Room. You can show up like lots of people have. Dozens of people have shown up right here in our Mumble Room this week to listen to a low latency opus stream. And we love it. It makes it a live vibe. It's great. Details at LinuxUnplugged.com. You never would have guessed. Thank you so much for joining us on this week's episode of Your Unplugged Program. And we'll see you right back here next Tuesday As in sun.