¶ Intro
Hello, friends, and welcome back to your weekly Linux talk show. My name is Chris.
My name is Wes.
And my name is Brent.
Hello, gentlemen. Coming up on the show today, it's our take on Ubuntu's plan for a leaner, meaner grub that drops some of our favorite features. And then one of my favorite open source apps of all time is coming to an end. And what I'm going to do, my alternative, and what I'm switching to, tell you about that today. Then we'll round the show out with some great boosts, some picks, and a lot more. So before we get there, let's say time-appropriate greetings
to our virtual lug. Hello, Mumble Room. Hey, Chris. Hey, Russ. And hello, Brent. Hello.
Hello.
Hello up there in the quiet listening. Always like having the Mumble Room. Here's our virtual lug every single Sunday. We get started with them... Quite a while before the show and hang out and talk and stuff like that. And you're always welcome. Jupyter Broadcasting dot com slash mumble for details on that. And say good morning to our friends at defined dot net slash unplugged. Go meet Define Networking. They have managed Nebula. And when you go to defined dot net slash unplugged,
you'll get started with up to one handy host for free. No credit card required. And you can check out what we think is one of the absolute best mesh network in the world. We love the Nebula platform, and that's what Managed Nebula is from Defined Networking. It's a really strong contender. You can control the flexibility and discoverability of the network and the redundancy of the network, and their long-term story really shines.
It's a much more, let's just say, reliable long-term story, especially when it comes to the 100 hosts for free, and they give you real control. And one of the things I love is I have found it to be surprisingly good just for a couple of machines that are doing direct-to-direct backup that I don't need a big tech login for. I don't need a key that expires every whatever days or any of that kind of stuff.
I just need two machines to talk reliably to each other, and the entire infrastructure is between them. But then, of course, this was designed to manage Slack's global infrastructure back in 2017. So it hit the ground running for one of the most important data-sensitive
¶ Housekeeping
companies in the world with one of the largest distributed backends in the world. Nebula is really incredible. And what's amazing is it's so light on the CPU and the networking, too. And they just recently introduced Always-On VPN mode for iOS and Android. So now your mobile devices can participate in what is the best mesh networking out there. So go check it out. Support the show. and free for 100 hosts. Define.net slash unplugged. That's Define.net slash unplugged.
Go redefine your VPN experience today. Check out Nebula. See why we love it. See why we have been thrilled to have them as a sponsor and why we're deploying it on our systems. A quick mention, if you'd like to catch a very unplugged version of This Week in Bitcoin, This Week in Bitcoin episode 97 is an agent-friendly node management for 2026, where Brent and Wes both sat down with me for a special episode. So that's ThisWeekinBitcoin.show, and it's episode 97.
I still have more node work to do.
We do.
That was a lot of fun, though.
And then, just a reminder, LinuxFest Northwest, just around the corner, and we will have a live show. We'd love to see you there. We don't quite have all the details ironed out. But plans are already in the works, and I think it's going to be a really great event. And I'm really hoping we get the classic late April spring where it's just beautiful. Maybe you never know. Maybe if we did, maybe we'd do the episode outside. That could be a lot of fun.
And we may have a hookup on speakers this year, too. I mean, not like people that speak, but speakers that we can put in the crowd so people can hear the show really well. How about that for getting fancy?
Speakers for the speakers?
I like that idea. We just need to prepare ourselves to implement it.
Yeah, that's true. That's true. Big news this week. Canonical has announced big changes.
¶ Securer Boot
Well, maybe you could call them minimal changes to Ubuntu 26.10's grub. They're calling it a minimal grub for secure boot. Their idea is to reduce the attack surface for grub and remove certain features that could be exploited. Some of those features are some of our favorite features. So, Wes, walk us through kind of the high level of this and then maybe we can get into what's getting removed.
Yeah, well, we can talk about just sort of some of the stuff from the post itself.
Yeah.
Ubuntu Systems supports Secure Boot using Grub. And if you remember from, well, really the last, what, 10, 15 years?
Yeah.
Secure Boot is a new standard that came along with sort of our switch to UEFI booting of systems. And it provides ways to have the firmware have a set of cryptographic keys that it trusts and then verify that it's only going to boot into operating systems signed with those things. And on its own, as just that, as a primitive, like, that's one thing. It can be used for whatever, right? It's like a new tool that your computer can do.
It can be very useful if you want to operate in a secure way and you want confidence that, like, Your machines only ever run code that you signed and no one else can, even if they have the hardware, can run stuff on it.
So it's always made sense, like in the context of an important business laptop where you're out and about and you want to make sure your laptop hasn't been, you know, messed with. Or obviously in a data center where other people have access, things like that. And physical security is really important in these things because if somebody gets physical access, then they can essentially get root to the box. So you just want to verify that that chain is as secure as possible.
I get that use case. All right.
But of course, in the real world, what actually happened is also that Microsoft ended up being behind a lot of this and they wanted to push it out to like consumer laptops as well. And so you need some kind of key if you're going to do that, right? And you're going to want to run Windows and it's not an open source.
Somebody has to sign it. Only Microsoft does that.
Right?
Yeah, Microsoft signs the key.
And then it just worked out that it's not that you, in most situations, not all, in most situations, you can set up and enroll your own keys and sort of manage it as you would hope. That's not true for every single device, especially like Windows on ARM for a while, like all kinds of things.
but it also means we live in a world where like if you want to just be able to have secure boot and boot a random iso on a random laptop you probably need it signed by that key and we have like a sort of complicated setup depending on the distro around like microsoft signs a tool called shim which then has its own set of signatures for various distros that then it has keys baked into that it trusts when it gets signed for like okay i can boot these ubuntu things right and then that's where like
Ubuntu's system of assigned Grub2 comes in. And so that's where it's important to understand sort of the history. Like back in 2020, there was a vulnerability called boot hole. And this was actually a flaw where Grub had in parsing its own config that led to vulnerability. But the important part is like it just...
It's a lot to deal with when that happens because you now need to go basically figure out how to like, you know, there's going to be old shims that trust vulnerable versions of Grub, but that are still trusted by the firmware. So if you want to do it properly, you have to get a new version of Grub that doesn't have the problem.
Test that, make sure it's going to work everywhere, and then sign that, but with updated keys that aren't going to be trusted for the old ones, and then roll that up in the shim layer, and then coordinate with Microsoft to get the new version of the shim thing signed potentially. And then maybe even you need to go like add to the blacklist on the actual hardware things to say, you know, so it knows keys that it shouldn't trust anymore.
And then you've got to get that pushed out to end users.
Yeah.
And they've got to do a successful update that's updating their bootloader.
And then if you don't, then it just means sort of means like any old ISOs floating around are vulnerable and could have problems.
And then there's potential attacks. I don't think this is the main concern necessarily, but like there are in theory some potential attacks where you could boot a Linux setup from like a vulnerable thing that let you then circumvent secure boot and use that to attack windows systems on the same laptop, so there's just a lot of sort of ecosystem implications that have happened in the past that i think they don't specifically mention that but i think there's a lot of that sort of history,
behind this change so basically a bunch of supports grub for secure boot they use grub to boot things in 2610 they're proposing to remove the following features and if you've ever used grub you know that, It's existed long before the modern era of ESPs and UEFI and all that. So it supports a ton of different stuff. So they want to remove support for file systems for the slash boot drive. And actually, maybe it's worth talking about here too.
Some Linux setups, they just have slash boot as like the ESP, the system partition. The EFI standard mandates like this VAT32 partition. And that's what the firmware interacts with. Linux often has its own sort of boot setup. And then so you have some setups that where you have the EFI system partition often mounted at slash boot EFI, but then you also have like a Linux boot partition that could be a different file system mounted at slash boot.
And so you might have just the bare EFI stuff on the EFI partition, and then a lot more of the actual Linux boot stuff lives on the Linux side.
That's how I do it. Is that how you do it? Well, I think boot EFI is its own thing if I'm using Grub. I almost use Grub almost on everything, except for like one system.
See, I think I mostly use systemd boot.
Brent, do you put it all under slash boot or do you break off boot slash EFI?
Yes. I have so many systems that have like gone through our phases of, so these days it's like mostly systemd boot, but it's a little all over because I got systems all over.
The reason I ask is because what I do, and I think this is going to impact me, is so slash boot EFI is FAT32. But Slash Boot, it's usually ButterFS.
Right. And, you know, there's trade-offs like...
And they're dropping ButterFS with this change. Like, we haven't gotten to that part. So I guess I interrupted you, but I just wanted to ask you that. So the changes here is happening at Slash Boot, but some people still have Slash Boot EFI, and there's that nuance there.
Well, yeah, and you have to have the EFI partition.
Yeah.
The question is, do you, like...
Make the whole thing FAT32 or...
Right, and do you want to have stuff that exists on a separate Slash Boot? And, you know, there's a variety of different setups, and there's trade-offs, and, like, some ESPs are only so big, so you can only have so many generations of kernel and RAMFS, and there's a lot of variation here because Linux, right?
So what they're proposing here in light of this because Grub supports a lot of stuff is for slash boot, they want to and basically this means removing it from signed Grub builds, and that's important here removing from signed Grub builds Okay.
So on regular unsigned Grub builds?
Yeah, you would still have access to these features Oh, okay, But remove ButterFS, HFS+, xfs and zfs retain ext4 fat iso 9660 and squash fs also remove support for jpeg and png retain no support for images at all and then remove stuff for like i guess just remove support for apple partition tables which okay that seems reasonable i suppose in addition to these simpler changes we're also going to remove support for slash boot on complex partition
setups such as lvm md raid except RAID 1 and Lux encrypted slash boot. These abilities were inherited by Debian but never tested in Ubuntu, and the Ubuntu installer always set up a bare ext4 partition. And then they sort of go into some of their reasoning here. As for encryption in particular, encryption of slash boot only provided security by obscurity, but not actual security. You want to ensure the integrity of those pieces.
Our TPM FTE solution correctly implements integrity in the early boot stage, and we are committed to keep iterating and improve on it. Keep in mind these changes only affect slash boot. The file system, partition tables, Lux, LVM, RAID solutions continue working in the booted system. We are not removing them from the Linux kernel.
Thank you, Wes. That was a really good breakdown. I think the biggest thing that's probably shocking here is the removal of Lux. I think most people can kind of understand reducing the file system scope, although I am sad to see Butter or Fesco. In particular, I think it's probably the least of the concerns here. And I think also distributions downstream are going to be really disappointed in the lack of image support. I've already seen some distributions talking about that.
I will bring up just a friend of the show, Neil Gampa, was quick to comment in here, noting, suggesting, hey, can we please not drop ButterFS? It's a read-only file system driver that is actively supported by upstream developers. Users who want to leverage boot-to-snapshot setups with ButterFS need this support.
That's exactly right.
So there's some nuance here too. And then ZFS users are sort of bringing stuff up. Like there's the question of, is the obligation to sort of support this around what just the Ubuntu installer did or the wider array of setups people have crafted around running even secure boot Ubuntu on different disk configurations in the wild?
I wouldn't be surprised if they have to walk the Lux decision back. I grant that they are saying that encryption of slash boot only provides security by obscurity, but not actual security. There's one other thing that Encrypted Lux provides that they didn't mention in that paragraph, and that's corporate compliance. And there's not a lot of nuance in a corporate policy that requires your entire laptop hard drive be encrypted.
They don't generally allow for, well, your entire laptop should be encrypted except for your boot partition. That's not generally how the corporate policies are structured. And so I wouldn't be too surprised if the feedback from enterprise customers is, sorry, chief, but we've got to have luck.
Even on Windows, you have the ESP can't be encrypted.
Yeah, yeah. But I would still, I think they would still argue that there's value in having like the kernel images and all. I'm not saying.
Yeah, fair enough.
I'm not saying.
There's often compliance drag and yeah, it takes a long time to get stuff updated.
I think the analysis is technically true that it's security through obscurity, especially when you have their TPM backed solution for verifying all the other aspects of the boot chain. So when you have all other things being true, it is security through obscurity. But I don't think corporations are really thinking about it that hard.
Yeah, that's fair. and it has to be what their auditors are willing to and that their standards already exist and support.
That's the thing. But this is something they're working out now because this is going to be after the next LTS. So this is something they've got to figure out. They're going to have some time. This is an interim release where this would be landing.
Yeah, it does seem like they've done some thinking too on that, like when they wanted this timing in terms of LTS releases and where they sort of strand people if there was a problem. So, you know, credit there at least. I think they thought it could be contentious and are attempting to engage with that thoughtfully, what the reception's like, how it goes, TBD.
I saw some strong reactions to the lack of ZFS support too, just because people kind of went all in on that in some cases. That's what I saw on Reddit is people were like, what, what, wait, hey, I thought this was the distro I could use ZFS with, so I even made my boot ZFS, and I saw that a few times.
I know, right? People do the bootstrap sort of arch install style to get pretty nice Ubuntu setups on ZFS.
Um brent my one concern to be here and this is not really a big deal but couldn't you see like the internet guy hot take on this being that well ubuntu isn't the distro if you want to if you want to use encryption or ubuntu you don't want to use ubuntu because they don't let you fully encrypt your hard drive don't there could be narratives that come out of this kind of thing.
Yeah at the same time ubuntu makes it arguably one of the easiest to encrypt your stuff so um, It's tricky. I would say my initial reactions was like the first one was emotional. Like, don't touch my grub, man. But I can see how they're coming at this as they describe from like a security posture point of view. And someone has to make those tough decisions. And like, we've seen many challenges with including images like JPEGs and things like that, that do get compromised quite often.
so I could see how there was probably a lot of difficult conversations about what do we include what do we leave in here what do we take out what's a realistic expectation for the permutations of the whole boot sequence and how much they get used in the wild I don't envy them in making those choices and there's going to be backlash for sure but it might change the future of how we do things which maybe might be better and.
To Wes's point I think they're like I am the things I'm the most sour about is the image removal butter fast removal and Lux although personally Lux isn't a big deal for me but I just think that's gonna be contentious the biggest one for me is butter fs obviously because I that's what I use for my boots, I think the thing that we have to keep in mind when we're evaluating this decision is the point Wes made earlier on is that the mechanisms that we have today to
update grub in this entire stack when something does go wrong are pretty inadequate and pretty rough. And so the cost of fixing something once it's out in production in an LTS is very high. And so if you can minimize that attack surface today before it's in production, you reduce that future cost.
And you know there are like you know other thing people are using system d boot for a lot of things you're also seeing a lot of systems use uk eyes which is where you roll like the kernel and the inner mfs into a single pe efi style executable and sign the whole thing yeah right so this is sort of like a transitionary step and i think they're to some extent trying to like, limit complexity so maintain grub support and for the unsigned stuff full like
you know all the stuff without having to like swap to hey efi systems we're only going to support system d boot going forward or that would probably be.
Maybe more controversial i'm not sure yeah.
Well the natural question becomes are there workarounds to this and what should we be looking to implement in the future because like some grub installs i feel like are they i don't know they just feel deprecated whenever i do them so what's the better way what's the way to the future.
Yeah, I would ask the audience right now, how are you booting? I bet the majority of them are using Grub.
Yeah, probably, huh?
I think so. And I'm wondering if any of them are even using assigned bootloader or secure boot.
Yeah, good question. How many are?
Or how many should be. Now I'm feeling like I could do it better.
And does this make you want to move to systemd boot if you want Lux and ButterFS on your slash boot? Because I think that's the direction I'm going to go if I were on Ubuntu system, at least.
So you don't get that with systemd boot?
What? I thought I got ButterFS.
So it's the whole point of the slash boot.
Yeah. I don't get ButterFS with Systemd boot?
Well, Systemd just works with the ESP. It's meant as a simpler, right? It's whole thing is just to let you...
Well, I'm always going to have that be FAT32. Because thanks, world. That's what I have now, right? But my slash boot... You're saying my slash boot with Systemd boot can't be ButterFS?
Well, Systemd doesn't have any file system support at all.
I'm at it! Oh, okay.
Like, it's just meant to be itself an EFI thing that lets you boot other EFI executables.
Okay.
So that's where, like, that's where maintaining Grub support. you could of course also you know like go through and have a setup where you've signed all this stuff yourself from your own role sorry.
Yeah no totally yeah.
I just don't know how easy or automated that is right so that's what essentially what i'm doing with this laptop on nix os it's just that there was an easy nix os setup to do that i don't know what the plumbing is like on a bunch of system if you did want to do that yourself i mean it's definitely possible it's just a question of like how painful is it and how much nobody's.
Doing that right i mean not at scale Nobody's doing it. Corporations might be, but like nobody, no. Right? Except for you.
Well, you know, the intersection of very security professionals who use desktop Linux, perhaps.
Yeah, maybe. All right. Well, boost in and let us know because we've got some questions about this one. This seems like a high impact one. Yeah.
I want to get a West prescription for what the rest of us should be doing.
I don't know if they're, I mean, you have to have a, what's your goal?
It's good. Yeah. You know what he's going to say. It depends.
Yeah, I know.
You should run Nix OS and then problem solved.
Ha ha ha ha ha ha ha ha ha ha ha.
Thank you to our members. You know, we are running lean these days. And if we hadn't set up the membership program and had people support us, we wouldn't have a show right now. And we really do appreciate it. It's an opportunity to get in there and keep us going while we transition. Really, where we're at now is we fought the good fight for a very, very long time. And we were able to do so because of our members.
And now we have to adapt the business strategy a bit. And while we make that transition, the show survives through the memberships and the boosts. So thank you very much. You can go to linuxonplugged.com membership to support this show directly.
¶ SystemD-PicarD
Or if you want to support all the shows on the network, jupiter.party, and you get special access for all the shows. So that's linuxunplugged.com slash membership or jupiter.party. Thank you very much for your support. Or send us a boost and support each episode. And, you know, we'll read your message if it's above 2,000 cents. And we have a good time. And I appreciate you. Thank you very much.
Well, Chris, as usual, when I was visiting at the farm and at the studio, we watched a heck of a lot of our favorite TV on your favorite project. But you kind of teased that that might be going away.
This is this is sad, guys. You know, you get you get really, really happy with a piece of software. You get the whole family using it, which is not often a thing that happens.
It's quite the rollout.
Yeah. And then the developer burns out and he says it's time to move on. And this happened this week with ersatz TV. ersatz tv is such a full force multiplier if you have jellyfin or plex because it gives you the ability to set up your own live tv's channels and stations and it's so much fun.
It's essentially like discoverability on top of your collection.
Yeah it's like having your own private pluto tv and what i have star trek channels and bob's burgers and game shows and one of the things we'll do is we'll watch a tv show like say cheers and then when we're done we'll put it into a random rotation in ersatz tv and you'll just have a cheers channel you can tune into and while brend and I were working on the diesel heater. We'd have the start, one of the Star Trek channels. We're always going and it just plays.
And I got, cause TNG is the best. I got one dedicated to TNG and then the other Star Trek channel biases DS nine. Cause let's be honest, DS nine is really good. So like I got DS nine, but then I got all the other tracks in there too. Well, the original tracks.
You have like a second tier Trek like shows channel as well. I learned a lot.
Yeah, it's good. It's, it's, it's been, I cannot describe to you the delight I have in the most like basic because you get a TV guide you get you get this live TV experience you can't rewind people say can you play that back nope can't play that back it's live it's broadcast yeah so great I know it doesn't sound it doesn't sound like one of these things that has been a continuous source of joy but I don't know what am I a year into this thing and I still just absolutely
absolutely love it so grateful that the developer made it and he said in his wrap up he said it's time to announce the final release of ersatz TV in its current form, The existing repositories will be archived following this update. The project scope expanded beyond what was personally useful or sustainable to maintain in my free time. For now, I plan to step away in the future. I hope to reboot the project with significantly reduced and more focused scope.
And they're also welcoming forks in the meantime.
Yeah, that was quite devastating when we got the news.
Yeah, I was legit sad. I was legit sad.
I mean, it doesn't mean it's useless right away, right? It's still, it's open source, so it doesn't go away. You can still run it.
I am, yeah.
It's just you don't know what the maintenance will be like and if forks will develop and will it slowly decay and not support newer things and yeah.
One begins to think perhaps it's time to start looking for an alternative. And so where the free software world closes a door, it opens a window. And we now have Tunar, which has been around for a little bit. And it's very similar to ersatz TV with a, I'd say actually a little nicer interface if I'm being honest with you. It allows you to create live TV channels from Plex, Jellyfin, MB, or just local files on your disk. It lets you build a custom TV channel out of your existing media.
And then you can add the ability to spoof an HD home runner to it with a checkbox. And then it shows up automatically to Plex and Jellyfin or MB as a live network TV tuner. And then you can just pull in live TV into your Plex or Jellyfin. And then it gives you a drag and drop lineup editor. And they have this idea.
Oh, that's nice.
Yeah, it's nice. It is a really nice UI. They have this idea of sort of flex content or filler content. And you can have the thing round an hour out of programming by filling in content. So I went on archive.org and I got, I did this a little while ago. I got a bunch of 80s and 90s commercials. And then it knows the length of the commercials. So it knows which ones it can slot in. And then you can set rules on how often it replays the same commercials.
and so on one of my channels when you tune in it fills out so the shows actually start and end on the hour and half hour block it's really cool does.
It cut in the commercials.
Or just afterwards after between you could actually have it sort of try to dynamically insert them but i just feel like that's going to be a disaster and so it's just at the in-between episodes it plays a couple of commercials from like the 80s or 90s.
It'd be great if you could like index your jellyfin setup to pre-find those slots and then like surface them.
Maybe this is too.
Much work to insert fake ads but.
It kind of does in a way when it does that when it does the tv guide it's kind of what it's doing you know because.
As a kid did you ever think you could have your own uh cable network.
Just no it's a lot of fun it is i it is silly i spent a lot of time trying to get um hardware transcoding working which is always a thing and uh i didn't quite like.
A quick sync system.
Or NVIDIA.
Okay.
Yeah, it's on my H-Droid H3+, which is using QuickSync. And both Tuner and EarthSats TV have hardware encoding and decoding support. However, Tunar is trying to be a little extra clever. And so, of course, I had to hit a very specific bug, probably because Brent was over when I was setting this up.
You're welcome.
So I've got the H3 Plus, and it's an Intel low-power CPU with its own version of QuickSync. And I'm watching my high-resolution 10-bit HVAC custom-ripped Blu-ray TNG, like, you know, 14 megabit files.
That's a good stress test, huh?
It is. Yeah, it is. And poor computer where ersatz could actually use quick sync and decode these files. Tuner was unable to, and this is an interesting test because it was same source file, same network clients and playback client, all of everything, just ersatz versus tuner. And what I discovered is that it wasn't a GPU or a driver problem, but it was actually the transcode pipeline.
ersatz was doing a much simpler filter pipeline and didn't have to pass between hardware and software renders to do it. where TUNAR was trying to be a little fancier and was having to flip between hardware decode, hardware scale, and then software to get back to the right point and then do some color space normalization in software and then re-encode in hardware.
And that popping in and out of hardware and software encode back and forth on my particular quick sync device with these crazy large TNG files hit the bug. And so I can't actually use TUNAR to watch my Star Trek. Of all the things. Of all the things, boys.
Does it work if you didn't hardware offload?
Yes, but then my little Odroid.
Right, I'm not saying you want to. I'm just kind of curious.
Yeah, yeah, it does. But then the Odroid's basically useless because it's just doing that. So bottom line, ersatz just has a cleaner, simpler FFmpeg pipeline. And so it was handling these 10-bit HVAC files where TUNAR was just trying to be a little more fancy.
Is this a known issue, I wonder?
I don't know if it's known actually, Yeah.
Might be worth importing. Maybe you can get yourself, if this is going to be your future.
It's a lot of edge cases, you know, because it's special high encoded Star Trek. Oh, Droid H3 using quick sync. I don't know.
It'd be interesting to point, maybe a bot at the code base just to see what the, like compare the graph building sort of stuff. Maybe there's, maybe there's some future improvements.
I said the same thing.
So here's what I did.
See, I like you, Brent.
Because, you know, I got to have my Star Trek, but I got to start migrating offer sets.
So this was not enough to say I'm not going to use Tunar. So you're using Tunar. But you're also not going to, I see what you mean. You're not going to not have Star Trek.
What's a guy supposed to do? Do you stay with the Dying Project? God bless. Or do you half migrate? So, and I don't know, I almost never do this, but I did the half migrate. So I moved all the other TV channels to Tunar and I left the Star Trek channels on ersatz, Which is starting to get complicated now. Okay, boys.
System D, Star Trek D.
So what do you do when you got two competing standards?
Use both.
You create a new standard, Wes. That's what you do. So I then brought in Dispatcher, a third service. Remember Dispatcher?
Yeah.
Yeah, buddy. Dispatcher is an open source powerhouse for managing all IPTV streams. Oh, my goodness. Program channel data, on-demand video. And so I have probably like 100 IPTV channels in there. And so what I decided to do was consolidate all the ersatz and tunar from two different sources into Dispatcher. So Dispatcher brings them both together and then presents one TV guide to the IPTV client. So the client is totally unaware what server is feeding.
That's pretty great.
It works. It works. It's a weird stack, but it works really well. And Dispatcher is great software. And I have all my favorite IPTV channels in there. Plus now I have my own in their own section. It really is a lot cleaner than how I was doing it before. And I have groups and categories. It's better. I mean, on the back end, it's more, but on the front end, you wouldn't even know.
Yeah.
That's the, that's the great thing. But, uh, it's, it's this weird transition now because I actually think the solution is going to be me replacing my H droid.
Uh, that would be interesting. Yeah.
I think that's the solution is to get a higher end quick sync or some other.
You should try that on another Quicksync box, too, just to see if you can get a source file.
The only reason you're convincing yourself you need new hardware is because your TNG is encoded at ridiculous levels, right? You realize that?
You mean my TNG is future-proofed and looks beautiful? Is that what you mean?
You want to respect the film scans they did, Brent.
You want to respect TNG.
Well, that, too.
I mean, like, a guy doesn't want to re-encode it every decade anymore. He's kind of done doing that. So I went, I got the Blu-rays,
and some of the DVDs. I'll tell you what. I mean, just as an aside, sometimes, especially with Deep Space Nine, and some of these, the DVDs are actually, better quality than the blu-ray so you got to pick and choose i mean i picked and choose i'm picky with my star trek uh i really though i i want to just relay a couple things before i wrap this up i'm going to put links to this stuff dispatcher tunar ersatz in the show notes but
i also want you to go play around with the awesome iptv list in the in the show notes i've mentioned this once before on the show and i don't normally do this unless it's something i really really think is great and so i'm mentioning it again you can play around with this at any level just I just want a web-based app to desktop applications to full host services like I'm doing. At the end of the day, there's a lot of good legal content out there that you can watch absolutely for free.
And there's a lot of really good open source apps to play it in. What I've done is I've stacked a couple of things together. So just as a recap, what you have is a simpler version of this is Tunar. Tunar could feed directly into Jellyfin.
You don't need all this other stuff. If you don't have these crazy files like I have, T-U-N-A-R-R, get yourself Tunar, and point it at your existing Plex or Jellyfin, and then your existing Plex or Jellyfin will see it show up as an HD Home Run network box, and you'll be able to stream your shows like a classic TV show, like a classic cable channel, whatever it might be, with a TV guide where you can see what's playing, and I think you'll find it quite delightful.
It doesn't have to be a very complicated stack. I've gone kind of hardcore here because of my setup, but it's really just Tuner, Jellyfin, and Plex, and that's the entire stack. And then you can add on to that as you like. You could add Dispatcher with lots of IPTV if you wanted to. But I really want to encourage you to get started with this because it is a great gateway drug into self-hosting. And what you'll find is once you get something like this running,
you're off to the races when it comes to a Sovereign stack. You will find it's a very, very fun, and it becomes just the first thing, and then from there it just takes off.
If you want more info on some of the IPTV-specific stuff, that's in Linux Unplugged 645.
I also imagine, Wes, you might have gone sneaky spelunking like I may have, but Chris, if you look around, you can find under the ersatz.tv GitHub organization something simply called Next. And it says, ersatz.tv next. This is an experiment and not intended for use by anyone at this point. Soon, trademark. And the last commit was 31 minutes ago. So keep your eye out. And it's written in 100% Rust.
So I noticed that like the first commit was two weeks ago. So this has been cooking for a minute. MIT licensed cargo. Yeah. It's all right. It's a rust for sure. Huh? Yeah. I'm, you know, this is very early. There's nothing here yet other than channel.toml and lineup.toml. It's something you can see where this is going. And that's pretty exciting. Maybe he'll pop on his PayPal and send Jason a few thank you bucks.
I don't, I don't see a flake.nix yet, but there's still time.
Maybe we can contribute.
I think what I realized partway into that segment, and I still haven't done it, is every time I've talked about these things, I'm trying to relay the deep happiness they bring me every time I use them. But I don't feel like I can successfully convey, like, this is a very rewarding thing to get working.
There's something about, like, we've had experience now with things like Netflix and maybe Private Plex and Jellyfin instances.
And Pluto TV.
And a lot of folks have experienced, like, cable TV and network TV. but the thing that you build while it is shaped and is wearing the clothes of that it's not really the same thing because you have so much more control and it's stuff you've pre-approved my favorite shows and it's.
Always my favorite show it's always an episode I generally well even with Star.
Trek and there's only ads if you add ads in yeah.
Also you introduced me to a lot of Star Trek canon while we were working on projects the last couple weeks.
Oh that's great.
So that's the thing. It's like there's a few things you can actually self-host and run that just give you this constant source of joy and play and new ideas that you can iterate on.
¶ Shout-Outs
Well, it's nice to see we have a little update here from Olympia Mike, who writes in. He says, hey, guys, I just got word from LinuxFest Northwest that they're giving me and my nonprofit, the Computer Upcycle Project, its own booth at the Fest. Not only will I have some upcycled Nix books for people to play with, but I have a ton of hardware to give out for free. Over the years, I've upcycled thousands of laptops that have gone into the hands of people who need them.
However, there are often computers that just aren't good enough to go out to everyday users or missing something in particular. They still work, but aren't intended for those everyday users. I have boxes and boxes of this kind of stuff that I know the Linux community can absolutely find a use for.
Yeah.
So here's a list of what I already know I will have for sure at LinuxFest Northwest. Over 100 ARM Chromebooks that can be jailbroken to run post-market OS. And we'll include instructions for that. Several Intel Chromebooks that have already been jailbroken and running a Debian 13. At least 30 small form factor Lenovo ThinkCenters. Oh, those are going to go fast.
Oh, those are going to go really fast. Yeah.
Several half-top laptops with missing or broken screens, but still work perfectly when plugged into HDMI, tons of USB, HDMI cords, a handful of Intel iMacs running Nixbook OS, two keyboards and mice, lots of random Apple hardware, tons of DDR3 and DDR4 RAM in various sizes. That is right. I said I'm giving away RAM, Wi-Fi cards, and anything else that is interesting that I find between now and then.
I'll also have a donation bin set up too so if you have some of these older laptops that are just sitting around, collecting dust please consider bringing it to the fest and doting it to the organization they're all securely wiped upgraded to nick's book os and given to someone local in need i'll be up there midday saturday and everything will be completely free first come first serve and finish off the whole weekend i'm giving a talk on sunday
afternoon about the story of nick's book os and the computer upcycle project i cannot wait to see you guys all there Amazing.
Go check out Crazy Olympia Mike's Hardware Blowout Saturday at Linux Fest Northwest.
And bring some hardware. Maybe it's a good time to upcycle some of the stuff you're not going to use anymore.
I can imagine, too, you might need some help. It's going to be a lot of stuff to carry around.
Yeah, it's true. That's a lot of stuff. I'm going to ask him if you moved to Flakes yet.
I'm not donating if you don't get Flakes.
That's good to hear from you.
Can I get a Nick's book, but with Flakes on it, please? Love you, Mike.
Spooky Satcom is our baller booster this week, coming in with 133,333 sats. Spooky writes, what a great pre-show and discussion last week. Glad to be a Jupiter Party member. Wes, you were brutal, but well done. Hadn't laughed so hard driving home. So here's some value.
I suppose that might be about the song about you.
Yeah, that was right.
Wes got a little musical last week. Thanks for that. It hurt a bit.
Yeah, that pre-show discussion was, I feel like, I wish we could have captured that in the show. But I'm really glad the members enjoyed it. And we were really discussing the age verification issue that's coming to Linux. Chris07 comes in. Wes, you want to take that?
Mm-hmm. 22,222 sets. First time booster.
Hey!
Nice.
I've been playing around with Turnstone to manage my home lab with fully local models and loving it. Thanks for the show. Here's my value for value. And then we are included a link to Turnstone over on GitHub.
Thank you for taking the time to set up the boost and supporting us. It means more than ever right now. An experimental multi-node AI orchestration platform. Deploy tool using AI agents across a cluster. You know, it's incredible that there are these that I've just never even heard of. There's so many of these, and they're just cooking right now. Five hours ago was the last. Like, when we check these projects out, they're committing while we're doing a live show on a Sunday.
And it's not huge, but there's, you know, five contributors. Okay, one of those is Claude. But four contributors and 280 stars already. It just, yeah, stuff's moving.
Works with any open AI compatible API. Very cool. I had not heard that. Appreciate the heads up on that kind of thing. And also, thank you very much for taking the time to get boosting.
We really appreciate it.
Yeah, we do.
Well, tomato, or tomato, if you will, boosted in 21,346 sets. These are through a couple different messages, and one of them happens to be 12345satoshis. This is a minor time travel boost from episode 657. Thank you for putting in all of the time and effort for the planet Nix and scale coverage. Picking MTR in 2026 is also hilarious, but it's still a great tool.
Yeah, we call that Pix Classic.
They continue a good discussion on the members' feed about privacy and age verification last week. For my part, I'm drawing a hard line here. Free software has been through civil liberties fights in the past, and this is for me clearly another. This big corporation and governments are after my and my kids' privacy, and I will not compromise on this one. If my distro of choice implements an age verification API, collects ID information, implements a race or citizenship API, I will leave.
If I need to run Arch or Gentoo, so be it.
Leaving the distro. Leaving the distro.
How do you feel about that?
Mm-hmm. Mm-hmm. Mm-hmm.
And there is a last boost here. In the past, we went so far as to have GPG developed in Europe when it was illegal in the US. We didn't roll over for Clinton and his clipper chip. This is non-negotiable. And for me as a parent, it's doubly upsetting. I want to protect my children from exactly this sort of privacy invasion.
Man, I remember the clipper chip.
Indeed.
I don't know the Clipper chip.
Good callback. Like a censorship built into the TV. So it could detect swear words or something like that and auto-mute them. The idea was that you'd build in a hardware-level thing. And there were commercial devices based around that for a little bit. Thank you very much. Appreciate the follow-up, Tamato.
It's nice having real people's opinions on where they actually draw their lines. You know, regardless of if you disagree or agree, but just having it spelled out in the reasoning is really useful.
Outdoor Geeks here with 5,000 Sats. Would you try a green boost and report back the open-source green boost NVIDIA? This is an article at Pharonix. Open-source green boost driver aims to augment NVIDIA GPUs, VRAM, with RAM and NVMe to handle larger LLMs. The issue is, of course, you have to have a relatively recent RTX card, which is...
So the second we get one of those.
Absolutely, we will be trying those.
I just found a GTX 960 in the drawer. I don't think that's going to quite do it though I like that idea though Outdoor, it's on the radar officially Thank you for sending that our way Our.
Buddy Hybrid Sarcasm comes in with 10,000 cents Oh! That song begging on Brantley's browser habits Was Jeff's Kiss.
Brantley just He won't pin his tabs How dare you Brantley won't pin his tabs.
If it wasn't so catchy, I'd be more angry.
That's the trick.
Well, E. Scott boosted in 2,500 sats. He has a list here of underpowered hardware, since Chris, you've been asking for it. Well, a pihole 0.1.3 running, or a pi 0.1.3 running pihole.
Two zeros, actually.
It's two zeros, actually. Yeah, yeah. It's a cluster.
Here's what he's got running on it, though. All right. next cloud apache hdps wikipedia jellyfin java web server for work audio bookshelf navidrome fresh r says get t hdm hdm it's too much already homebox me tube paperless nginx pinch flat rom m sterling pdf sync thing tailscale trillium uptime kuma and hoogle as well as open claw that's impressive what on i mean open.
Claw itself takes a fair bit.
On four gigs of ram that might win the that might win it right there how do you beat that i.
Think he scott does it so we don't have to.
That's nuts well done i am impressed i didn't think i'd be impressed i am impressed, Okay. Adversary 17th here with 8,441 slits. Wes, what prompt did you use to create? Chris, it's okay. We're the recovering ricers. Understand your pain. The step to recovery is admitting you have a problem. Oh, he wants to. Oh, yeah. So context here. Wes created a roast song at the end of the membership bootleg last week that roasts me for using Hyperland and a tiling window manager.
And the prompt you used, Wes, do you have it handy? Do you know what the prompt was? It wasn't very elaborate.
I think I have the Brent one. This is a comedy album, party record style. It's a song that simulates a podcast as a funny trick. So it's a Linux podcast about ButterFS versus CFS. And also, it's a frustrated soapbox rant about how, so this is the Brentley one, how one of the hosts, Brentley, won't use pin tabs in Firefox for no good reason. Musical style is non-musical spoken word, no percussion, no instruments, ambient silence podcast audiobook.
I think I just tweaked it for yours, So it's like, you know, some sort of seed of like Chris irrationally uses Tyler window managers. He won't use a reasonable desktop environment or something like that.
What's funny is that really from that, it makes like a chorus and all of that.
Yeah, unfortunately, that prompt works extremely well. And yeah, looking forward to more requests. Thanks. Maybe one about yourself.
Well, you know, you have the prompt now. So I think you guys, that is totally fair game.
Brantley, you want to take the one from your countryman?
Oh, this is Rubikman. 3,222 satoshis. Oh, I see why you wanted me to take this one. You can't pronounce the name of this place. Greetings from Miramichi, New Brunswick in Canada.
I think it's pronounced Miramachi.
Is that Miramichi? I'm against the age verification laws, as it is just another way to track and catalog us under the guise of clutches, pearls, won't someone think of the children? It's not my responsibility to make sure that your kids don't look at porn. if the distros are forced to implement age verification for some areas it will be everywhere because i doubt they will maintain two or more versions and that will be the end of privacy because vpns won't protect you with that yeah.
I do think that's probably true if it if it if it takes off you're they're probably just going to be everywhere it'll be just everywhere.
And a flag in xos right yeah.
Or something system d something like that trellion comes in with 16 000 sats, and just says boost thank you Trillian.
Tarion Bronzewing comes in with a row of ducks.
Love the.
AI hacking open claw and local content keep it coming.
Thank you.
Our dear Gene Bean sends in a couple rows of ducks for a total of 5,781 Satoshis, Here's a little feedback on Cage kiosk, which I brought up last week. Cage is what I use for my two kiosks that show a Home Assistant dashboard. Here is one of them. Any links to a NixOS config? Chris, I know you like diving into those.
I do. I'm looking at it right now.
By the way, regarding building a NixOS image for the Pi, grab a temporary Ampere instance from Hetzner and use it as a remote build host. That's how I built mine. Very speedy.
That's big brain thinking there, Gene. Thank you.
Last boost here. Funny story. I went looking at my transactions after you mentioned it being a light week last week and realized I missed listening to an episode. Got to fix that in a little while.
Thank you, Gene. You are the best.
Thanks, Gene.
A dude trying stuff comes in with 5,000 sats. I appreciate your struggles with the calendars. I've recently been looking to make my switch from macOS, and one of the last remaining applications was a native high quality client from my CalDev server. Also, I wanted to submit a pic. Planify. It's a very pretty task manager that works natively with CalDev. Thanks for the show, boys.
Nice.
Thank you, a dude trying stuff. Nice to hear from you.
See, trying stuff, telling us about it. This is great.
Thank you, everybody who supported the show with a boost. We had 18 of you stream sats as you listened and you collectively all stacked 29,701 sats. When you combine that with our boosters this week, We got a pretty good showing, especially compared to last week. We got 264,768 sats for episode 660 of your Unplugged program. Thank you, everybody who supports us with a boost. Fountain makes it really easy.
There's also a self-hosted route with AlbiHub and lots of great apps you can integrate with, including Fountain. And, of course, thank you to our members who support us every single episode. Thank you, everybody. We really appreciate it. The show runs on your support right now more than ever. In fact, only on your support.
¶ Picks
Now, we got a smattering of picks, boys. A smattering. Because a couple of them actually came in from the feedback inbox this week. So they're listener picks. But let's start with Boar. This one, I believe, I'm going to guess, could be Brent, could be Wes, because I talked to both of you about it, so I can't remember which one he is. I'm going to say Wes.
That's right. Actually, it helped us out behind the scenes a little bit, because we were trying to watch Big Buck Bunny with producer Jason.
Right, remotely. We're all trying to do a group watch of Big Buck Bunny.
Yeah, and unfortunately, he didn't have the file locally.
No.
And it was taking a really long time for him to be able to get it from the upstream.
Yeah, because it was a real high-res version of the file.
Yeah. But I had it locally.
Yeah.
So I was able to use Bore, which is a modern, simple TCP tunnel in Rust that exposes local ports to a remote server, bypassing standard NAT connection firewalls. That's all it does. No more, no less.
So then he downloaded over like a link? Yeah. Like an HTTP link? Or does he use like a command on his end to pull it down? What's the other end?
Yeah, so the other part was I just ran a Python HTTP server in the folder where the bigbuckbunny.mp4 file was.
Yeah, of course, yeah.
And then I could just send a link to HTTP web server. It just does like a listing of the files, et cetera. And then Bohr handles the part of taking that local port and publishing it on a public IP address, and then he could connect to it. And then we were able to watch it and enjoy it together.
Yes, we were.
You know and this took wes like a total of five minutes to deploy and i don't think you had used it previously and chris and i were just like i don't know talking about nothing and wes just solves this problem in five minutes with a brand new tool that he brings to the show so uh oh wait there's even more wes you didn't just use it.
Oh there's more.
Well so i had um i had used it a little bit before but this is probably the best stress test is like i wanted something essentially kind of similar to like a Cloudflare, tunnel sort of setup without all the fancy SSL kind of stuff and other layers on top of it.
But just like an easy way, if I had stuff on one server that maybe even I didn't need it on, like to have it already on a mesh network that I needed, maybe it's a throwaway host, you know, maybe I'm spinning something up and I just want to provide access easily, then this seemed like a good solution and it's only, it's like 400 lines of safe, it's not even unsafe async Rust code, so it's like super trivial to set up. The only thing it was missing, it's already in Nix packages.
It just didn't have a NixOS module. So I threw one of those together real quick, which is really just some options that render out a systemd service to run it because it basically just needs some port allocations and network access. And there you go.
Well done, sir. All right, Bore, link in the show notes and link to the module as well. Our next pick is KD Connect SMS TUI and Scott Syntheson. He says, you all have expressed interest in both TUIs and KD Connect. And because Google is taking away QR code web pairing for messages, I worked with Cloud Desktop to develop KD Connect SMS TUI. Search conversations and messages, send and receive SMS and MMS, inline image display for KD.
That's cool. I-Term 2 and a few other terminals. you have contact name resolution from synced v cards group conversation support in the tui with custom name wow multiple device switching with a pop-up selector archive and spam folders for hiding conversations 17 built-in themes with this is better than my.
Sms messenger on my phone.
And of course rust app, Of course, it's a Rust Ham.
Amazing. Ooh, Ratatouille. And that's a Netflix Flake, too. Great.
It's pretty slick, right? I mean, Scott's on fire with this one. He's got a whole series of hotkeys, so you can whip around this thing like a DOS Pro from the 80s and early 90s. I mean, treat it like it's your Vim. It's pretty cool. So that's...
I will definitely be trying this, because I do have KDE Connect.
Yeah.
It was like, Wes, are you running it already? Well, the Netflix Flake is building.
Thank you, Scott. And that is MIT licensed. Now, Andrew sent in our next one, and it's an alternative to what I talked about last week. This one's called BusyBridge, a complex calendar. It's a free, busy syncing across organizations. It says it's a self-hosted multi-user calendar synchronization service for consulting organizations.
The service allows users to connect multiple client calendars from, say, client organizations to feed their main calendar, keeping availability in sync across all the calendars without duplicating event details that don't belong. Andrew says, I was listening and having a good laugh because I actually had to solve this problem so that way everybody can see what's going on. I've been using it for myself, self-hosted, and it's pretty nice.
It lets you use one main calendar and see all your events color-coded on it. And so he sent me along the project that he found here. It's called Busy Bridge.
This is cool. Python app, self-hosted calendar synchronization service.
Yeah. Bidirectional sync, personal calendar sync, WebDAV, ICS, subscription, reoccurring events, smart busy blocks.
RSVP propagation. That's some attention to detail.
I know. I know.
That's the part I probably wouldn't have bothered to do. You know what I mean? But like someone else has done that? That's great.
Hourly consistency checks. Six-hour orphan scans. Automatic retry of missing busy blocks. Circuit breaker or auto-pause sync when all calendars fail. It's pretty smart.
Auto backups as well?
Yep.
Self-healing? Yep.
This is the real deal. So that's a real nice find. I like that a lot so thank you Andrew for sending that along he says I think it might do more of what you need it might be right it might be right it's often how it goes I you know I uh, I talk about something, somebody's like, you know, you could try this. That's how I found dispatcher, right? Is I found one thing, you're like, you should try dispatcher. I'm like, oh, great.
¶ Outro
All right. So we're going to wrap it up here. Let us know your thoughts on, you know, the future of booting your Linux box. So I want to know if you're using grubber systemd boot and if you use sign bootloaders. Those are the main things I want to know.
Is secure boot turned on? Do you rely on that? What are your thoughts?
Yeah. Let us know about that because I just would like to take a survey from the audience. You guys are pretty technical groups. So I think it'd be telling what your answer is. And yeah, let us know. Send in with Booster, linuxunplugged.com slash contact. Now, you can also get even more show by joining us live. You can make it a Linux Tuesday on a Sunday. Join us at Sunday, 10 a.m. Pacific, 1 p.m. Eastern. That'll be in your podcasting 2.0 app of choice, like Fountain FM,
or over at jblive.tv. But Wes Payne, if they want more metadata or information around the show, we got that for him, too.
Yeah, a podcast 2.0 compliant RSS feed, which means it has all kinds of fun goodies in there. Like, well, a good, but no, JSON Cloud Chapters.
Yeah.
And both VTT and SRT files if you want a transcript.
I heard the developer of Overcast this week say, nobody has transcripts in their feeds. We've had it for two years now, buddy.
Two types.
That's right.
And, you know, you don't even have to be like a full 2.0 client to use it. Stuff like Intendapod uses them.
Yeah, there's also Secret, a video version in the feed, too, you could always find.
That's right. Check that out.
We're out of here. Thank you for joining us. We'll see you right back here next Tuesday, as in Sunday.
Remember if someone has a van that needs rescuing we're looking for a half abandoned van we watch our van.