β ΒΆ Intro
Hello, friends, and welcome back to your weekly Linux talk show. My name is Chris.
My name is Wes.
And my name is Brent.
Hello, gentlemen. Well, coming up on the show, we've each prepared a topic, but we haven't told the other one what it's about. So I have no idea what the other guys want to talk about this week, and then we'll round out the show with some great boosts, some picks, and a lot more. And I know what I'm going to talk about. But before we get there, I know we've got to say time-appropriate greetings to our virtual lug. Hello, Mama Room. Hello. Hello. Hey, Chris. Hey, Wes. And hello, Brent.
Hello. And hello up there in the old quiet listening. And a shout out to the live stream and our members. We've been cooking now for about 40 minutes or so. So it's nice to be here on a Sunday morning doing the Unplugged program on a Tuesday. And let's say a big good morning to our friends over at Defined Networking. Go check out Manage Nebula from Defined Networking. It's built on the open source Nebula platform that we trust and love. And you control all the bits. It's so simple to scale.
You can get started easily at define.net slash unplugged. You can try out their hosted version. Use it on 100 hosts absolutely for free. And it turns out you control the infrastructure.
β ΒΆ Housekeeping
You can build it yourself if you just want to have two nodes talking to each other for a backup, which can be very handy. Or if you need something, the scale of an enterprise system like Slack or something even larger. You can run your own lighthouses. You can own the network path and you can avoid building your core connectivity, your infrastructure, your network around somebody else's black box. It's fast. It's secure. It's decentralized.
It's reliable. It's the way most mesh VPNs wish they were, but just they're not designed to be. For your home lab, for a fleet or for serious production network, Managed Nebula gives you control without giving up convenience. Try it out. Defined.net slash unplugged and redefined your VPN experience. That is Defined.net slash unplugged. You're going to be impressed. So there seems to be a bit of concern over things going on over at Bitwarden.
And I'm not sure. There's been a leadership shift, some premium price increases, some statements about their public mission and community have changed and been changed again. And so I just thought we'd discuss this for a moment because I've ended up over the years falling back on Bitwarden. Do you still use Bitwarden?
I do.
I know, Brent, you never fall down into Bitwarden.
I've been hesitant.
Yeah, well, perhaps for good reason. Their new CEO did have a response post my first 100 days of Bitwarden where he did say open source is still the foundation of everything at Bitwarden. But I'm just kind of curious if people are starting to create a Bitwarden backup plan. And I'd like to poll the audience. What password manager are you using? And does it sync across your devices? And did you move off of Bitwarden?
Did you move to another hosted service? Did you move to something totally self-hosted, Vault Warden, et cetera?
Yeah.
Or do you sync around a key pass file, Brent style?
And I wonder if we can, you know, I mean, I think there's room here for us to kind of take what the audience says, review it, come together with what we kind of come up with, and maybe create a Bitwarden migration guide because it's something you and I might want to consider.
I know I have seen a few number of folks trying out the Proton password manager. Maybe if the audience members have any experience there too.
And I know the 2FA folks also make a password manager.
Oh, interesting.
There's a few options out there these days, key paths and others. So BoostIn... Or go to linuxunplugged.com slash contact and let us know. We're trying to figure out what to do over here.
Just don't boost us your passwords. That doesn't work.
β ΒΆ Keep the Music Going
All right. So let's get into it, boys, because we've got three topics. I have no idea what they're about. So I'm just going to sit back and enjoy the ride, I suppose, because I'm going to go last. That way I get the full effect.
You're assuming that ours don't involve quizzes for you or any sort of work on your part?
I hope not. But I've gotten the basic gist that we're going to have a little Bose with Brent here, that he has been working with Bose smart speakers to some degree. But that's all I really know, Brent. So bring us up to speed, as they say.
Well, I've been hanging out with my parents lots lately, and they're just as big music folks as I am. So they have, years and years and years and years ago, they bought a Bose SoundTouch 30, which I guess, I looked it up, I can't believe this, was available from 2013 to 2014. So only for a year somehow. But they're around. I've seen them around quite a bit. And they use this thing daily. They're just always music playing off this thing.
And it's the kind of speaker where you can have little presets. And they're not super technical, but they have buttons on the top. They can go, hey, I want CBC in the morning or whatever. Oh, yeah, you might not understand you're in a different country. But so they've used the heck out of this thing. It's been a great speaker. Sounds great. It's not too huge. And like, it just works. Except Bose announced a few months ago that they would stop supporting this speaker.
And what that means is that any of the presets you had or any of the streaming you were using on this speaker would just stop working one day. And that day happened just a couple of weeks ago, the 5th of May. And I have not seen my parents that angry in a while about a product that they purchased because it's a thing that's worked forever. They never had to, you know, they set it up once and it just kind of worked.
And all of a sudden one day they went to do their morning routine of putting the radio on and it doesn't work at all. And they can't do anything about it. They don't understand why. They never got any, you know, an email or whatever saying that they're so. But we've seen this happen over and over and over.
Yeah.
It
Reminds me of the first time meme oh your first time huh.
Ah well some of us have been there before so when they bought this thing way back then this is the exact reaction i had was like oh it it seems great now but we you know been talking about this kind of thing happening for the last 10 years at least so i thought i might try to help them with this thing because like now it was just basically mostly a brick as far as streaming anything goes but you could still use it for Bluetooth, which is the main way I was using it when they weren't around.
And like an AUX connection, but that's never how they were using it. So I did a little spelunking around our dear open source communities. And it turns out I'm not the only one who wants to solve this. And a lot of people have been working quite a bit on this since that announcement, because, When Bose announced that they were going to stop supporting this thing, there was a massive upheaval. And they decided to open source some of the APIs for this speaker, or this series of speakers at least.
And that just has enabled the community to go nuts and make all these tools to bring back the functionality to these speakers. So from what i've seen the idea is to just make them as useful as they were previous and not need bows in the middle which maybe arguably should have been how it was designed in the first place.
But we're here now and luckily this thing's not trash because these projects are well along even in a couple months and i decided to implement this thing maybe i can just rescue my parents mornings with music and i decided uh to look at how to accomplish this because i was like i don't know maybe we can use home assistant like an integration or something that can stream music to this thing that's always an option uh but it turned out that well of course this thing just runs
linux right and oh no kidding of course it does and so there are.
It's got a whole OS on there.
Maybe questionable design decisions. Like, for instance, they just have Telnet access open constantly. No authentication needed or anything.
Yes, good.
And then the method I used. I mean, that's good for you. Yeah, the method I used to get into it is, I was like, well, I'm not that familiar with Telnet. I want to use SSH. Turns out you could just put an empty file named, you know, remote underscore services onto a USB drive. Plug that in the back of the thing because it has USB, which I don't know if it should. And then it just enables root access to this box.
Love that.
With no password or anything.
Yes.
So with no password or anything, you just SSH to this thing.
What could go wrong?
Questionable, maybe security practices, but it's a benefit for us because this thing is super easy to get into. I decided to, well, there's a variety of projects that are solving this in interesting ways.
Like more than one addressing this particular?
Yeah.
Like, wow.
There are various approaches, I guess you could say. The one I leaned on after doing quite a bit of research is called Aftertouch, which is, you know, sound touch after they canceled this out. Anyways, and it is quite complete in the sense that it has excellent documentation and allows various options for how to get into the speaker and change basically some settings in a variety of ways so that you can host the streaming yourself.
So instead of Bose being like the person in the middle that sends the streaming services to the speaker, you just have either a NAS or a Raspberry Pi. You could even use a VPS because they have some...
Like tls certificates that uh are work wonderfully with this thing but the other thing is you could just run this software on the speaker itself as well because it's just linux so it can just be standalone which is which is amazing i thought it was really well designed because um aftertouch, offers a lot of options for how to install this in a variety of places so they have a docker setup, also just a native systemd setup that, of course, is the way I went with NixOS.
But they also have a pi quick installer. So if you have a pi going already, you just run one command and it sets everything up for you, which is pretty sweet, I have to say. So one of the methods to solve this is to do just a DNS redirect for the BOSE domains. That's one of the simpler ways to do it, let's say.
Because it's still reaching out to their servers?
Yeah, there's like, I think, three of their servers is constantly reaching out to to try to gain information about which streams are available.
Etc. And then they just shut down the servers on their end.
Yeah, they just said, well, we don't really want to run this.
But they left it just sitting there blasting your network. I mean, I know it's not a lot of traffic.
But just the principle of it. I know.
The principle of it.
Yeah, yeah.
Interesting. So you intercept that basically by screwing with the DNS.
Exactly. And you can do that a variety of ways, right? You could just do it on your router or whatever you want. But it has to point to something. So you want to run aftertouch somewhere. So I decided to run on the little NAS that I have behind me. And that was a wonderful way to do it. But I didn't intercept the DNS.
What I did instead, as the project suggests, is because this thing just has open root, once you plug in a simple little USB drive, you can go in and just change the DNS entries and point them to where you need them. So you don't even need to intercept them. You just tell the speaker, go look here instead. And AfterTouch supplies basically a couple things. So one thing is you can use a web UI to do all of the migration of the speaker.
So as long as you have the service running and the speakers on the same network, it'll just auto detect the speaker. And then there's a big migrate button and that'll change all of the entries for you, which is awesome and makes it super, super simple. So there's that part. And then it also provides a bunch of access to streams and stuff. So you get the exact same functionality, and you don't need Bose at all. I kind of wish this was available a long, long time ago. Like,
they should just open source this stuff from the start. It's going to happen anyways.
It almost makes a guy want to go on eBay and pick one up.
Well, that's what I've been thinking about is... We're lucky because we have the know-how to do this. And it was relatively simple for people like us. But my parents would have never, ever done this. So, like, give it a couple more weeks, they would have chucked this thing or, you know, that's the danger is like they're perfectly usable speakers. But how many people are just going to?
Not only are they usable still, but they like the sound. And it's not necessarily going to happen for, you know, they replace that with something else. They might not like the sound. It's got, those speakers have a unique sound to them and people enjoy it.
I, uh, sneaky turn down the bass like to negative five because it has that setting too. And I, they're so bassy. I don't like it anyway.
Yeah, they are. They're very bass heavy. Yeah.
So, so it's pretty sweet. Um, now the UI has a bunch of information, a bunch of technical information, which I like.
But also from the perspective of let's say my parents, they just get to use it so I was able to reprogram all their touch buttons as well to what they had before and they're not even going to know that it's doing anything different, but I know that it is because now it's all completely local and I can run the server myself and I am highly considering just running that service on the speaker itself because I have another box to do it, right?
And so that's the little project I've been working on this week trying to solve that That is neat. I would say, job's finished.
It's, job's finished. It's kind of remarkable, the community. So you have Aftertouch. Obviously, there's SoundCork and there's others. They've really taken advantage of what's available here.
Did you get a sense, like, okay, so obviously there's this model, but, like, how many models are supported by these various efforts? How new can you go? Like, what does this open up?
I think a lot of these sprung up around the SoundTouch models specifically, which have a lot of similar architecture. I'm not aware of all of the models, but there's like a SoundTouch 10, which I think is a smaller version of this. And this thing is a 30, which is probably the size of like a tiny suitcase, like a carry on or something like that. But I would imagine, a lot of the design of these speakers is common with some other more modern ones. So I would imagine you're going to
see this expanding to, to include other speakers as well. I sure hope so.
I just wish there was a general speaker OS that was just this. It was just this.
Yeah.
I also see in here that they support the stereo pairing that these Bose speakers can do.
Oh, that's nice.
In the past required, I think a cloud account.
Yeah. Yeah, there's, I mean, that's kind of the joy for what Bose ended up doing here under pressure, was open sourcing the API for all of this. So it means there's a command line program now that you can just access every single function that was in there. So I've included a link to the PDF that Bose sent out. And I think they could have probably open sourced more of it, but at least what they did give was enough to get all this functionality back.
So the stereo pairing functionality is like, if you have several of both speakers, you can either set them up beside each other and have a stereo environment or in separate rooms, right? Because they just run off the network. So they're just touching each other and you can have them streaming synced between various rooms or different floors in your house or something like that.
So with i would say these might be hitting ebay really cheap real soon so maybe it's an opportunity to grab a bunch of them chris you and i were trying to find a speaker system for when we're working on cars this would be kind of perfect yeah we'll come around this yeah come around the shop good to go up an ebay alert i think is uh is the real lesson here today.
Nice catch. And it's nice for the folks, too. And a nice way to solve that. So that was the Bose SoundTouch 30 with the code name Mojo.
It is. That's a good code name. It's got more Mojo now, I would say.
Yeah.
Lots of Mojo.
You brought back the Mojo.
Well done. I wonder if we'll get extra functionality, too, once the projects kind of implement all of the initial functionality. Like, keep dreaming. Let's go nuts.
I'm curious. Did you detect sort of what the possibility for a prank mode might be? You know, like it looks like it's going to play the audio you request, but it just plays Rickroll every time, something like that, or Linux Unplugged, random episodes.
Yeah, I was able to find Linux Unplugged through the streaming services, so I was going to put that on one of their presets.
Every Sunday morning, just have Kron turn it to the JBLive.fm stream.
There we go.
Yeah, that'd be awesome. Unfortunately, it didn't stream, so I'll have to put in a bug report or something, and we'll get that working.
All right. I do want a chicken coop speaker, so you never, you never. Thank you, Brownlee.
You're welcome.
β ΒΆ Gettin' NASty with It
All right. So I know it's time for This Is The Way with Wes, and it looks like Wes took a look, a first look at Nasty.
Yeah, that's right.
And Nasty is getting a lot of attention in the NixOS, Bcash, and Rust communities.
Which we don't have any interest in.
So it's an interesting cross-section, and I've been seeing a lot of talk online about it, so I'm glad you took a first look. Tell us about it.
Yeah, okay, so Nasty, it's GPL3 effort from Bartosz Fenski. I'm looking back on it, and I realized that first, I first saw it being posted about in the BcacheFS subreddit, because it's a NAS appliance-like project with BcacheFS under the hood. And we'll get more into how it works, but it came out on April 1st, and it was sort of a, it was billed as a mostly vibe-coded BcacheFS NAS. You know, it seemed sort of experimental, like a new project.
And that's kind of how I took it. And then I saw that it kept getting posted about. It looked like regular progress, good sound and updates. And then, I don't know, 10 episodes back or so, we made it a pick. It's something just to keep an eye on. And I thought, well, they've had even more releases. They've made some big switches recently. And it seemed like it was probably time to really see if there was some there
there. Because, of course, we have had mixed feelings on the show of various... Nases. Yeah, right? Some are really nice. They can work for some people. It's been a struggle for us to necessarily adopt them for our own particular workflows but we are very bcachefs curious.
And and we're nixos friendly so it seems like if there was going to be one that got us it would probably be nasty because it's sort of in our our wheelhouse if you will say.
That was kind of the hope here.
It is a good name right and it so it builds itself on the github page as it turns commodity hardware into a storage appliance serving nfs samba i scuzzy and envy me over whatever. What is that? OF. Managed from a single web UI. Updated atomically and rolled back. I don't know. Like I'm using MVME over anything.
Oh, it's MVME over fabrics.
Like I'm using it over anything these days. Oh, it so stinks. I got an MVME that's overheating at home, so I want to replace it. I go online and look. Everything's crazy expensive, and I've never even heard of these vendors before.
Oh, no.
There's some Chinese name I can't pronounce. So you're buying it from some third-tier vendor. The state MVME. If you've got MVMEs, you've got literal gold. Right now. But so, yeah, that's what Nasty pitches itself as. And like Wes said, looks like it's using Bcache, compression, checksumming, erasure coding, tiering encryption and snapshots, which is really interesting.
It also brings sub volume support, encryption lifecycle support and backups, including deduplication, incremental backups to local S3, SFTP, REST, Backblaze B2 and per profile schedules and retention.
Yeah, I was impressed by how much is already in here, right? Because it isn't just the core NAS part about managing the disks and interacting with BeacHFS. That's all there too, right? But like there's all kind of backups, alerts, firewall management, TLS stuff. You can do Let's Encrypt up. It has a tail scale integration, sort of automatic if you want to plug into your tail net really easily to allow remote access.
It has a capability to spin up VMs for you as well as what they call apps, which are really just Docker containers. Which you can run sort of like directly by putting the container info in in the gui or it has a spot to drop a docker compose if you want so that's kind of nice yeah so there's just kind of like a lot happening which can be good or bad right we have mixed feelings on this and with some of these.
Projects but what made me curious of course was it's nix os and then it's powered by a rust demon under the hood and so like actually getting it running in a vm kind of getting configured with some like test disks which are just all virtualized right now i haven't put it on real hardware yet, um and then kind of seeing like well what does it look like and it had a pretty basic little installer kind of with like a nix os install okay but that was easy enough i think the download
was like less than two gigs for the iso and then it was using maybe like four gigs on disk when i got everything installed it does kind of have a nice option where you can either opt to use an entire disk just like this is your nasty os drive and then you'll have other disks on the system that you use actually for whatever your pool is going to be yeah but it does have an option to just take up like a certain amount of space of the disk and put the os there and
then leave the rest of main available for storage so i thought that was kind of a nice touch that you know didn't actually need to have yeah. What's interesting here is it turns out Nix OS is kind of just the provisioning layer. So it's there just to kind of provide the kernel modules, the base system d units, the base packages and software that you're going to need for this thing. And the Rust engine is kind of the real runtime.
Oh, really?
Yes. So it keeps a bunch, kind of like Cosmic, it keeps a bunch of JSON files in varlib nasty, which just follows directly the Nix OS pattern of just using varlib for the application state. And what's great about that is the state can be easily checkpointed, snapshotted, and backed up because basically all the stuff that you do in the UI is just stored in those JSON files.
So if you toggle your Samba shares on or NFS exports, that kind of stuff, you don't do a whole NixOS rebuild because a lot of this stuff isn't in NixOS. It's sort of dynamically applied by the Rust runtime to Systemd. But it's still kept in a way that you can manage.
I noticed they also offer a 2E, so then I would imagine you can toggle it. Either way, that's going to write to the JSON settings.
Right. And there's still some stuff, like I think some of the firewall stuff, like there is some stuff that's built at the NixOS layer, and so that does require NixOS rebuild, but the daemon just does that under the hood for you anyway. So you don't really have to interact.
I have a question here. Wes, how do you feel about that architecture decision?
I think it makes sense for what they're doing. they're trying to compete with the high level of dynamic behavior that you see in a lot of these style of application so if your entire goal is like I want a purely mixed managed infrastructure as code approach this isn't quite that it does have sort of a like the JSON side of it means that you do get a more effectively declarative style of approach but it's not necessarily quite the same is like a the same
ux of writing something that's meant to be that right it's more about having a nice way to capture the state and have it be easy to introspect and edit and back up and manipulate or diff even, So it kind of depends on what, like, how much you need, you know, do you want a nice UI that you know you can go toggle things on and when you click the enable Samba button, like, you don't have to do a full rebuild of the NixOS stuff, it just does it for you.
So in your opinion, is this, I guess what I'm trying to get at here is, could you use this thing and never have to touch the UI?
Yeah, I don't know, I don't think it's meant for that.
Okay.
So I don't know that there's a great interface to go manipulate those JSON files. If you were willing to make the JSON files, then yeah, totally. I don't think there's a great, it looks like maybe they're starting some REST API. Right now a lot of it is web sockets between the Svelte UI JavaScript layer and then the Rust engine backend.
Yeah, but it does look like that's something they're working on here, JSON RPC 2.0 over web sockets.
Yeah. And so I think there's probably a version of that where you could have it more be programmatically exposed to just talk to the engine directly and have it synchronized to the state.
Seems like you're kind of impressed with it, though.
Well, there's just more here than I thought. Like, it might be one of the nicer ways if you want to play with BcacheFS. Because, like, there's a nice UI that walks you through building the array, and it does support encryption, and it supports compression, and it supports various redundancy levels and stuff.
I don't know if it's strictly everything, because there's, like, a lot of options you can do with BcacheFS, but it's a lot more than, like, even I've probably tried, right, just in terms of building different styles of arrays.
And because it's nix west you know that the like dkms situations well managed it's all handled for an appliance so you don't really have to worry about like how do you get it and how is it well supported because it's just built in from that i mean i'm not saying go put all your data on the system right now right it is very much pre i mean it's like version 008 they just did a big switch for like the app stuff is now powered by caddy instead of nginx which makes lets it be
a little more dynamic and they can they kind of automatically let you do if you want to set up like a subdomain system per app that can just happen automatically right off the top of your appliance so you kind of get some of the things you can do nicely in a clean way on a modern linux system but with a helper ui on top like you can go run like it's easy to get root ssh on there no problem there's a terminal in the ui you can
use so you can just go run docker containers yourself that's not a problem you can introspect the state you can kind of manipulate things but you don't have to.
It is very fascinating to watch the momentum of this. Like a few of these projects we've been covering recently, they committed five minutes ago on a Sunday while we're live streaming and recording. Like they're working just nonstop on this stuff. There's a real momentum and, you know, people contributing. So I'd say it's growing. It's just two contributors at the moment, but it's growing. It looks good. Worth keeping an eye on, but not worth switching your data over
to yet. It's sort of the final verdict.
Yeah, I mean, if you want something that's going to be steady and not have any major changes of architecture or something, I don't think it's there yet, right? It's still pretty new. But I do think it's worth, it's a nice entrance into the space of available sort of appliances for this because it feels leaner. It feels more introspectable. It kind of feels like a little bit more of a modern architecture for how you might build one of these today. And I like that.
Yeah. Thank you, Wes. Check out Nasty. We'll have links in the show notes. I want to thank Connect 10 Internet. They're not a sponsor, but I did reach out to them to get a discount for you. Jupiter 35 will get $35 off your total order. Connect 10 Internet offers high-speed, reliable Internet services across the U.S. and Canada, and I've been utilizing them for my backup Internet connection.
They have services for everybody that wants to use it for backup Internet to people that want to use it for high-speed data with high priority. So they offer truly unlimited plans with no data caps and high-priority data. I like them, so I said, hey, I'm going to talk about you mostly in next week's episode. But they got me a discount code early, so I'm telling you about it now. It's Jupyter35, and it'll take $35 off your order. And they just came out with this killer idea.
$39 a month, and it's a backup Internet plan. So they have a slick router that auto-monitors your connection. And when your main internet goes down, they instantly connect to one of their four major wireless carriers, they just bundle all four. And then when your mainline internet comes back online, it switches you back automatically. Uh, now I just built this using Linux and then like they contacted me and they're like, Hey, guess what? We got this new thing.
And I'm like, we think it's perfect for you. And I'm like, two weeks ago.
It is perfect for me.
Yeah. Uh, so I'm using something different. I'm using like they have this fortress router. How would you describe this thing? Brent? It's like, it's fortress is a great name for it.
It kind of looks like a spider with a ton of antennae coming out of it. And it's, it's industrially built. You can take it apart and look at what's inside if you want to undo many, many, many, many screws. But it's very waterproof. You can throw this thing around if you need to. It's been all the way to California and back for some reason. It's a great device.
It really is. And it is very robust. We put it up way high on top of a barn. And I'm just getting crazy internet speeds. And it picks the best network in the area. And this device runs OpenWRT. It's an impressive bit of kit. So it's connect10internet.com. I'll put a link in the show notes. That's connect10internet.com. And if you use the promo code Jupiter35, they'll take $35 off your plan. And they do have that new $39. They'll take $35 off your order.
And they have that $39 backup internet plan. I just realized there's a lot of numbers that are confusing. So to make it clear, Jupiter35 is the promo code. It takes $35 off your entire order one time. And they have that $39 backup internet plan. Does that make sense? I hope so. It's a lot of numbers.
β ΒΆ Rise of the Robots
It sounds like a good deal.
It is a good deal. I'm really impressed because I can both connect to 5G and 4G. And the way I had solved this in the past was I had multiple carrier plans. And then I have a pep link that would just combine or switch between. But you had to have actual like multiple SIM cards in this device with multiple plans. And now Connect 10 just puts it all in one service.
They are the meta provider. and they have the gear to switch between the networks for the one that has the best signal and has given you the best data. I just think it's super cool. It's been working really well. Like I flipped over in the evening, Peak time and was getting 120 megabits down during peak traffic. And I was like, this is great. And that's just like, you know, worst case. That's worst case for me. It's really awesome.
So that's my worst case speed. So go check it out, connect10internet.com. We'll put a link in the show notes, and the promo code is Jupyter35. And next week I plan to talk more about some of the backup internet infrastructure that I've been building at the farm. And they were a big part of making all that work. I've been really impressed. So it's promo code jupiter35connect10internet.com.
Well, two of us have gone so far, I think, with some interesting projects. But there are three hosts on this here show. So, Chris, what did you get into this week?
Boys, you know I've been doing the OpenClaw thing now for quite a while. I set up a dedicated Lenovo ThinkCenter that's running or was running OpenClaw. Um and uh as time went on i started using them for more and more serious things i think it's so funny when people say what do you use it for what do you use it for like dude everything like what your imagination is the limit um.
It's i have these from like watching you use it it's one of those tools that you don't know what you're going to use it for until you like integrate the tool into your routine or you have it near you and then you're like oh wait a second this is gonna do way more than you could have ever imagined before you even integrate into your life. So I think the answer to the question, what are you going to do with it is like, just.
Yeah, and I think, you know, a clarifying thing for me was having a small business that has a thousand tasks that needs done and I only have time for 10 of them.
That's a big use case for sure.
So I was like, oh, well, all right, that needs solved, that needs solved, that needs solved, that needs solved. So I have agents that prep clips for me, you know, based on the stuff that I feed them. They prep the clips for me. They monitor the infrastructure for me. They read alerts. They can update the home. I have three different home assistant instances that they are monitoring and updating. They're working with Git to make sure the projects are getting checked in and managed.
They're keeping my Nix boxes maintained. And they also deploy infrastructure. And then on top of that, there's reporting that they're providing me. There's email summaries that they're getting using the GWS CLI. A lot of stuff in there. There's a lot that I use them for. Ordering your groceries.
Yep.
Ordering my groceries is another one. I know it sounds silly, but how many times are you walking around the house and you're like, oh, I need to get this?
Or you open up the fridge like oh i'm out of butter and then five minutes goes by and you completely forgot to ever put it on any list and then you're at the grocery store like what the crap was i what was it so i just i just fire off to the bot really quick we're out of butter and then it uses the kroger api and it adds my preferred butter to the shopping cart so.
Great it's also like for me it's useful for that too but it can also then help build like now i can interface better with that stuff and start recording that and then have a data set of my own locally not dependent on their database.
Yeah that's what i do too as i have a preferences.json file with all my brands and sizes and flavor preferences and all that that's all built in my own data set that would move to any other api and.
You can like you know save all of your orders see how you know your own local rate of inflation measure how your preferences change over time whatever you want.
And as i started using it it kind of went from could it do this could this work to, well, this needs to work now. I'm not doing that task anymore, so this needs to work. And the reality was is that I had built this around OpenClaw very early on when it was still called, Claude something.
Right. Claudebot?
Whatever it was. And then Moabot. And then OpenClaw. It's funny. See, it seemed like such a big deal back then. And it just went through all the transitions. And then a lot of things I solved for, like memory and other problems, like excluding plugins and all this stuff, the project started solving for and replacing the solution that I had built for it. And then I would have to spend time adapting to their new solution.
And not just once.
Every week?
I mean, yeah.
Every week. Yeah. Also, there's this problem that I have with OpenClaw. I still think it's a great project. I'm just telling you what I ran into. It's one control gateway. Many agents, one control gateway. And that is useful for certain things, but not for how I use it. I'll get into that more.
Yeah, I had a good... OpenClaw is fundamentally basically like a channel-first harness. It's like really built around connecting to these channels of talking to you, whether that's WhatsApp or Telegram or Slack or whatever it is. And Hermes has a different architecture.
So I decided to try out Hermes. I liked a couple of things about it. It's Python-based versus Node-based. And I will be honest, I do like that. The project natively ships a flake.nix. So they got my attention with that. The other thing they do that I just sort of appreciate as somebody that's using it in production is so far they seem to have sort of thematically focused releases.
So OpenClaw, they ship very fast and they just kind of include everything that they have ready in each release where Hermes kind of is a little bit more planned. This release focuses on this set of features. This release focuses on security and then this release focuses on another set of features and it's a little more implicit and thought through that way. I just find that release cadence works a little bit better for me.
But the thing that really works for me is instead of one big gateway with Hermes, each agent has its own gateway. And at first I was like, oh, what a mess. But man, is that great. Because not only does it make it super easy for each agent to use their own model, which is great for an agent that can just use a cheap free model or a local model that doesn't need to do a lot. Another one can use a heavy lift model. But it also means when I want to make configuration changes,
I'm only restarting one agent's gateway at a time. And my other agents don't get taken down. And so far this hasn't happened. But if they blow up their config, I'm not taking the other agents out. Although it hasn't blown up the config yet.
Yeah, this is what it calls profiles, right? So you can have different profiles where you each kind of get their whole own setup, which you would get with a single OpenClaw instance. And then you can do all the normal stuff so they can have their own subagents or do whatever you need to, but they can function independently. And you had already sort of adopted that architecture in your own personal world. And it's another case where OpenClaw hadn't really got there.
And now there are other models out there that is just a natural one-to-one fit for how you already use it.
Chris is just too bleeding edge. it seems.
Well, there's just different approaches too. I think, you know, one of the things, if I were really trying to build my own complete thing, but I wanted to base it off something, I might either just go straight to Pi or I might use OpenClaw.
Hermes has another thing that I just want to mention, because I know it's one of the first things that comes up, is they have what is called this closed learning loop, where they have agent curated memory that kind of goes through and automatically creates skills for complex tasks that it's noticed it's been asked to do. And it uses, you know, some LLM summarization to go through and build a skill and it auto creates skills for itself.
This is both a good thing and a bad thing, in my opinion. I think it can be a bad thing in the sense that if you're practicing, say I'm building out a swag pipeline and the commands aren't right, something isn't right. It could accidentally auto learn the wrong thing, the wrong tool call, the wrong path. And so you have to kind of be, I think you have to watch it. At least that's in my opinion.
You probably want to be auditing the changes it's making to your skills.
So that's what I've done is my agents say this is what I've auto-learned and I have to approve the auto-learning right now. I'm just kind of watching it that way. But the Hermes system seems to be really, really solid. The skill system is excellent. The memory system, I think, is quite good. I not only have a good markdown-based memory system, but then I'm using an external memory system for some of the more vector-type-based stuff.
It feels a little bit faster, too. It seems like it responds a little bit faster.
Yeah it seemed like it had very clean and well documented extension points so like for your stuff with like you had even experimented with writing your own open claw plugin yeah and it's totally possible to do but it just felt like like instead of having to conform to this whole plugin architecture here you kind of just basically implement like a version of an abstract class in python and it was just like a simple clean well-documented api that you could really
implement with whatever and there's already a bunch of python things that interface to all of these Rust built vector engines or whatever you're actually tying in.
Yeah. And a lot of them have MCPs. I want to note something though because transitioning between an agent harness like OpenClaw to Hermes isn't like moving from Debian to Fedora. It's a different kind of, hop, I guess. It's a different kind of transition. In a way, it's maybe easier because these things are so text-based, so markdown-based.
Things live in sort of the same common things like a soul.md and an agents.md, and the memories on both systems are markdown-based, that the migration path is surprisingly clean, if not just slightly time-consuming, depending on how you do it, but it's not like a jarring change. I don't know if I'm putting it right, but it's not, And not that moving distros is like this huge, jarring change, but it feels like less of a transition than maybe just swapping from Debian to Fedora.
Probably helps, too, to go from OpenClaw, just in the sense that, like, it's so big. It had so much momentum that I think there are a lot of folks, too, that were incentivized to also have a similar architecture and or well support folks coming over from it.
But yeah right not only do you can you use sort of helper intelligence tools to do some of the migration but a lot of it like you know it has to store state to persist between its its loops anyway so like it all kind of needs to be in these folders you just might need to update some config files or use different config files to get it running yeah.
The trickiest stuff comes down to don't run both gateways at the same time trying to use the same telegram bot token or whatever you're like that's the trickiest bit.
How do you do the cutover yeah just don't.
Have token collision for whatever chat platform you're using.
And that's kind of just standard Linux sysadmin operational thing.
Yeah, yeah. Also, I'm so impressed with how far you can get with a good set of skills and some wrappers with these free or cheap open source models like Minimax and Kimmy and Quinn. It's a massive unlock that I don't think our community has fully wrapped their head around because at least I don't see people talking about it. I don't think what I'm about to say is any huge, massive discovery of some master AI workflow that turns these things from ambiguous to deterministic.
But it is such a rock solid workflow. I'm surprised I don't hear people screaming about it from the top of the hill. And it's a way to take advantage of free models or cheap models like DeepSeek, like Minimax. And it's simple. You set yourself an actual little bit of a budget to go burn some money on a frontier model like a ChatGipity or like a Claude. And then you use something like open code. Connected to one of these higher-end models. And again, you're just,
you know, set yourself 25 bucks, right? It's not going to be a big deal. And you have these higher-end models operate your agent, be it OpenClaw, Hermes, whatever it is, have it operate it like a puppet because they all have command line interfaces and MCPs and ACPs. So you can have OpenCode using GPT 5.5 operate a Minimax-based agent like a puppet. it. And while it's operating that thing through its job, you can have it sit there and watch and monitor everything the agent does.
Every mistake it makes, every wrong tool call it makes, as it tries to figure itself out where it got ambiguous in the instructions, the bigger powered model can watch all of that. And then you tell it, where does it need improvement? It goes back, it hardens up the skills, it improves the wrappers, and you do the run again. And you have the bigger model watch one more time. Maybe you do it three times.
And you just do it till there's no mistakes. And from that point forward, that cheaper model is going to execute that task without issue just about every single time. I don't care if it's LLM or what, because you're combining scripts, you're combining wrappers and skills into something that is actually a very solid workflow where the LLM isn't making up a bunch of stuff. It's following a very specific sequence using very specific tools,
and it produces the same result every time. It's reliable. And I don't know why this is like one of the bigger conversations in this space, because it's so simple and straightforward and produces incredible results. So what did I do after I migrated from OpenClaw to Hermes? I brought up OpenCode. Put 25 bucks on OpenRouter, used Jippity55, and I had it just orchestrate all the tasks I normally have these agents do under OpenClaw. Now do it under Hermes. Watch everything that breaks.
Wrong skill path, wrong tool code. What didn't it get right under this new system? And then it just went through boop, boop, boop, boop, boop, and fixed every agent line by line by line on anything that came up. And within like, I don't know, probably a day of just like, oh, I'll try this. How did it do? I was done. Everything had been caught and it was working. And that is such a powerful combination. I mean, I mean, there's the stuff I'm doing with these things is really incredible
from from cutting clips to creating T-shirts. It's really amazing. And it's all going each point. You know, I have quality gates where humans have to interact and improve things like it's it's really solid. And doing such, I can get by on these models that probably by the end of next year, I'm going to be running on my own local hardware.
Yeah, right. You kind of I think it plays to a lot of different strengths in that we've seen, you know, some models are good at, quote unquote, thinking. and doing complex planning or, you know, debating pros and cons or planning architecture. And other models are really reliable sort of tool callers and loot creatures. Yeah, exactly. Better hands than they are at, you know, actual sky-high architects.
And so you can leverage both of those things and then helps as well, as you say, right, with the token budget of like, you only really need the top level of intelligence for certain parts of those tasks. And especially in the initial sort of training phase. And then maybe if something breaks or, you know, something goes awry or whatever, but.
Yeah, or you have a big model change and maybe you want to run through it again and make sure nothing major changes or API goes from version one to version two. And yeah, yeah, do those kinds of updates. So you need a way for some kind of lifecycle management. So probably something that's get backed and something that has a startup document that tells a new fresh LLM session. These are where your skills are at. This is how I deploy them. And when you do that, all of my stuff is Nix backed.
All the skills get deployed via Nix. So if the agent wants to update its skills, it has to stage it in the Nix repository first. and then everything is checked in via Git. So if a skill goes sideways, if I made a wrong update, I can roll back. And nothing goes live into production without going through the Nix process. And to me, this is where Hermes really, for just me personally, kind of went to the next level over OpenClaw where it felt like I was always fighting that with OpenClaw.
Hermes just leans into the configuration I want. And for others, it totally supports other configurations. But for me, this integration was tight.
I mean, and so what folks might not appreciate is that, you have spent a lot of time fighting with nix and open claw and i as have i i mean we started jointly maintaining a custom package for it we did yeah because like we were just github.
Actions building stuff for us in the background after each update.
Yeah and it would like strip any non-linux non-x86 part from like the npm packages there was so much like.
Windows cuda stuff in there and mac os stuff.
Which did not make sense to download over starlink so it's like with open claw it's right It's like an NPM project, and then there is Nix-OpenClaw, which is hosted under their org and is, I don't know, semi-official. It seemed to be community-done, but recognized as a thing by the project.
And didn't really seem to follow releases, but more like just snapshots from development. So there wasn't like a one-to-one, there's been an OpenClaw release, and it doesn't necessarily match to this Nix-OpenClaw release. Like, the two are not insane.
Yes, it was more like, where is Nix-OpenClaw caught up to in the commits from the upstream? And so it worked, and it was there, but sometimes there were delays. They've been better, it seems, recently, but there was a while, especially when we were forced to sort of start our own, that it was taking a little while to get updates. Versus Hermes, they just have a flaked on Nix right in there. They're using UV and the UV to Nix sort of Python integration right there.
It seems like a well-done thing that is intentional, and that seems like a sign of the overall sort of difference between the projects.
Oh, and it makes my life so much easier. And if it's something I'm running in production on that particular system, it just makes sense. A couple other things I like is it has a 2E. I know that's silly, but what I found is, I can code, or whatever, I can do long sessions in a TUI. All day, right? But Telegram, that's for one-shots. Telegram's one-shots, and I could not imagine building an application, or usually for us, it's some back-end tool via Telegram.
It's just not the right interface for it.
I can't do it.
Especially, like, the bots are good. It's surrounded by distractions, too, right?
Yeah, yeah.
Give me a minimal TUI. That's what I want.
Yeah, people know I'm online, they're chat-chatting with me, and the TUI is really good it's really good they've really done a good job i mean it's like you know up there with open code and codex and the other ones and then brent you might like this feature i just started playing with it just to talk about it on the show and kind of ended up liking it is it has a built-in kanban board for agent orchestration and project management and you what you
can do is provide it with a spec and then as a spec decomposer and it breaks it down into individual steps and builds out a Kanban board. Kanban. And then you can watch the Kanban and see like what's in progress, what's blocked, what's the next thing. You can move things around, add your own, open them up, see the work log, add comments, inject comments. So it's got boards, tasks, links, workspaces. You can assign different agents, different jobs. You can have a default coder
agent. Mine's called Scotty.
I think the thing that's most interesting for me here is it's neat how it's like it's not just the board.
Yeah.
It's sort of the integration with like a work dispatcher to actually run the board.
Yes. That's the best part. And it's a CLI. It's a database. So you can have the agents just use it for their own backend task management, and then you just use the dashboard to look at it, or you can interact with it and create tasks for them. It's either one.
I like that.
It's not just a throwaway thing. It's deeply integrated, and that is nice. And because there's a CLI for it, the agents can just, oh, yeah, I'll go update that task for you. No problem. So you don't even have to do that part. But it is a nice way to manage all of it. It's just an example of something they've built. And they've built in several things that are just nice to have quality of life stuff. And I like it. I like the design. I like the performance. I like the reliability
so far. We've gone through a couple updates. I like it.
I do see a really, hmm, fascinating little detail here in their quick install. It says, oh, yeah, quick install. You can do it on Linux, macOS, WSL2. All of those are expected. And the fourth one here, it says Termux. So they're officially supporting running this thing on an Android device. I am curious what we can do with that. because I don't know.
Interesting.
That just seems crazy and we should do it, you know, we should do the things that you don't have to.
So that is interesting.
Maybe we add that to the to-do list.
I want to just, I'm going to wrap up this with just an anecdote of, I think these are more powerful than people realize. I actually recently was using my Hermes agent in combination with a tool that I think we should talk about in the future called Windows MCP. And Windows MCP lets you completely remote control the Windows desktop.
I mean everything. Resize Windows, click a button, process management, everything that you can do through the Windows desktop, you can basically do through this Windows MCP.
So install Linux.
Well, so what I did is I had my Hermes agent reach in and control a dedicated Windows laptop that I set up to run this tool called Forescan, which reads proprietary forward air codes from cars. And using this, I had the agent live troubleshooting the air codes that were coming in. So I would do the button pressing. I'd push on the pedal. I'd turn the key. And the agent would tell me when and then it would capture the data, show me the charts.
And we were able to prove that the computer was sending a signal that we weren't sure it was being sent or not. And then we could see when the voltage hit and dropped.
That's so cool.
And this is just using a set of tools that I put together like voltmeters, the Windows MCP, 4Scan. Oh, and then I obviously, probably worth mentioning, I had a USB to ODB2 dongle. And I started looking into this. There are devices you can buy out there that are native Linux devices that bring in ODB2 data right into your Linux box. And there's pre-existing Python libraries that know how to read and interpret that data.
It is an unbelievable little world out there.
It's amazing where you could build a little diagnostic tool set where you hook cars up to agents with voltmeters and ODB2 scanners.
And this is kind of really the test of the harness, right? Because this is the goal. These things are more useful, the better you can enrich their context with all of this useful information, and then now also have them have the right tools to interact with it.
And this was an example where the multi-chat system is useful. And Hermes supports handoff. It also supports a few other things like slash goal, which is becoming really popular, but slash handoff is this neat idea because when you launch in the TUI, you're generally in your own gateway session. That's optional, but that's the default. But when you want to move to Telegram, you can do a handoff to Telegram. So I set it all up before I go out to the shop, do a handoff to Telegram.
Then when it's telling me, okay, press the accelerator, that stuff's coming on Telegram because I'm out there, I'm in the shop, I'm on my phone. And then when it's time to go figure out what to do with the data, hand back to the TUI and get down to the research. That research, by the way, that gets outsourced to my agent, Dax, that goes out and actually does the research with all the APIs and skills she has for research, while Laura and I continue to work on the data that we get back.
And then Dax comes back in another thread with her results. And it's just, I don't think people are really fully grokking how far you can take this. Like, right now, people are creating, like, fart apps. And, you know, remember when iPhones first came out?
Yeah.
Everybody made, like, beer apps where you could, like, you drink the beer. Like, that's the stage we're at right now with most AI-generated code. But when you combine the features of these things with something like an agentic harness that allows you to tie into different things like a Linux CLI and an MCP, you start stacking some stuff and it starts getting really, really powerful. And it feels like Hermes is probably the better platform to build that on, for me at least, than OpenClaw.
At least that's kind of my take, right? I just want to take a moment and thank our members. It's very light sponsorship this year. We have Nebula, and that's it. So if it wasn't for Determinant Systems and the members, we'd be cooked, as the kiddos say. But the members, they keep us cooking, which is a good thing. LinuxUnplugged.com slash membership or Jupiter.party if you want to support all the shows. The high-level features are you keep us going.
β ΒΆ Shout-Outs
Independent media is a pretty rare thing. The Linux magazines couldn't make it work. We're trying to make it work in podcasting. you get an ad-free version of the show or the bootleg version bootleg clock in an hour 31 right now lots of content in there just a way that we can say thank you give you more show as it were and uh you can support us by going to linuxunplugged.com membership jupiter.party for that you set it on autopilot or send us a boost support each individual episode.
As always we've got a couple baller boosters this week and up first turd ferguson with 33,333 sats. Did you guys see Greg KH call for more Rust kernel developers? Have they built it, that Rust support and no one has come? Seems like if it was popular, they'd have the opposite problem they have right now.
Well, speaking of agentic clipping, we have a clip of Greg KH talking about this from Rust Week. I don't know how Greg gets out there. He's a busy guy. And Wes you collected something like 15 clips from this yeah, and this happens to be relevant to turds question.
But we need your help, We have a ton of work to do the rest for Linux team as a whole bunch of projects They have a great their own, Was it WebWord? It's not Zulip. Anyway, there's a good list. They have a mailing list. There's a bunch of beginner stuff to get involved in. A lot of fix-mes, a lot of stuff. They're doing a really, really good job. I need your help. If you want to write some kernel code, please do this stuff. And this is good.
I don't get the sense that they're desperate for developers. That wasn't the sense I got from that clip. I got the sense they want more, like they've built it and they would like more to come.
And I think that in the leadership, there is a hope, right? That Rust presents an opportunity to collect more young folk to continue the project on and be the next generation of people who will work with it because Rust is just a more modern, friendly language, and you might use it working for a startup or a tech company and then be able to port at least some of that knowledge over to work with the kernel in a way that you're just not going to with C.
I do think it's notable, A, that Greg is being such an advocate for this, and B, it's a pretty good presentation. It's technical, but it's a pretty good presentation. He kind of just tries to de-escalate the fear around it all.
Yeah, and there's also good deets about, you know, like they've brought some of the improvements. Like if you try to implement something like the Rust API way, you can do a similar thing and see and get not the same exact benefits, right? But you get safer code out of it, even if you don't get the compiler complaining about you if you break it. But it can be a good way to organize your thinking. So it's improving it even in the parts that aren't Rust yet, which is kind of neat.
Great. Hybrid sarcasm comes in with 22,222 sats. And it just says boost thank you hybrid appreciate the support this week we need it boost received thank you very much your.
Inner child comes in with a row of ducks, Not seen last week's baller boost on Fountain. What gives? Do you prefer Peep's Watch on Yub Dub or Fountain? What are the perks for joining the Jupiter Club for $15 a month? And lastly, what would it take to get you guys to come to a show in St. Louis in Vance Crow Studio?
God, I'd love to go to St. Louis. How do I get to these places? That is something to crack.
That's a good question.
Let's take it in order.
Good question, Intertile.
I suppose we probably prefer you listen to it wherever you want, really. I don't know if we have a strong preference.
Yeah, it kind of works what works for you.
Yeah. Really, that's why we put it as many places as we can. I guess a tiny preference to a podcast app.
Yeah. If that's what gets you using a podcast app over just using YouTube, then do that.
Yeah, yeah.
But otherwise, use what you do.
Wes, it's Yubtub, I think.
My bad. My bad.
The Jupiter Party gets you the bootleg versions of all the shows. Really, what we're trying to do there is we're just trying to make it feasible to stay independent. And so we have a couple of value-for-value options, and that's just been a popularly requested one because what we do is not particularly interesting to apparently most of the rest of the tech world anymore. They all care about AI and the LLM stuff and don't seem to realize it all runs on top of Linux.
Hello! We're still here, but thankfully the audience still cares. And so there's not an audience of sponsors to really make a show for as much these days, but there's still an audience of people that care. And so it hasn't always worked, but we're giving it our best. And so the Jupiter Party sort of finances, if you like multiple shows, there you go. It's covering multiple shows where we have just the membership for Linux Unplugged, if that's just your bag.
And lastly, yes, we would love to come to St. Louis. How we ever make that happen, I don't know. Brent can't keep his van on the road.
Yeah, once we get that fixed, then maybe we need to figure out some sort of race there, a reason to race.
Yeah, that'll get us going. That'll get us going. I like where your head's at.
My new souped-up van to compete against.
The West Wayne. West, West, West, we got to come up with something. The pain. No, we got nothing. We got to get it. Like, bang bus. Man, I think with that name, it just had to happen.
You know, I'm noticing Wes doesn't have a rig. So this might be the year of the Wes rig.
We need a name. If we had a great name for, like, a Wes something.
It's just that private train cars are very expensive.
Yeah, that would be. The pain train would be.
The pain train. That's so perfect.
Could we get away with calling a van the pain train? because I feel like that would also...
We'll do like a train wrap.
Yeah, right, a train wrap, yeah.
Choo-choo. Well, the dude is abiding again this week with 19,000 sets. Well, I wanted to note that I appreciate your takes on the latest AI news. I deployed Hermes to a VM with my Proxmox node and started playing with it. Currently using the OpenCodeGo subscription, I picked Quen 3.6+, which was $5 for the first month just to get the hang of it. I set it up with Telegram. It's kind of surreal to ask your bot questions and see the reply. I'm curious, what models or subscriptions do you guys use?
And also how much, quote, power you give them to perform tasks on your behalf. Cheers.
I'll start. I'll start with the answer. I'll say this. I have really liked Minimax. And so I broke down and I bought their yearly sub while they had it on sale back in like April. So I'm so maxed out on tokens. Like I have so many tokens through Minimax. It's been wonderful not to worry about that. And then I kind of use the Zen platform or open router as kind of like when I need a hit of one of the larger models. And that's worked pretty well for me.
I do think that what I'm about to say is going to get me a little bit in trouble. But I'm just going to admit to it, I set them up on their own dedicated hardware for a reason. They have their own dedicated OS with his own dedicated Git repo. So I don't really see the point to restricting the crap out of them. And I don't really give them access to public chats. I don't really use, like, I don't just go spelunking through random emails with them.
So I'm the only person they really talk to except for me and the wife. It seems like a pretty safe set. So I give them full YOLO mode, which I constantly have to argue with them about because all of these things want to be excessively safe by default. All these people that are worried, like, trust me, they're obnoxiously safe. They're obnoxiously safe. And, like, I have to constantly explain to them this is dedicated hardware. This is a purpose-built install.
The entire reason is, like, this thing is supposed to manage this entire box. And I do. I want them to manage the entire box. I want them to update the services, update the OS, all of it. Install new stuff all of it so if there's a YOLO mode I'm using it for the most case on my Hermes system I sometimes go a little more careful um if I'm say on an Ubuntu box or Fedora box or a Mac which I haven't really done but I would be a lot more.
Careful like any box that doesn't have roll back by default.
Basically yeah or declarative configuration that would break obviously like that's there because Nix OS has those breaks in there I get to be a little bit more YOLO on the AI side. But if I'm using, I have seen it go sideways on an Ubuntu box specifically. You've got to be careful there and stuff like, But I go full blast. If there's a dash dash YOLO, I'm doing it. What about you, Wes?
Yeah, I mean, I think it kind of depends on, I agree, I also am running it on its own VM. So it has root in its own box. That part I don't mind. I think it just kind of depends on what tools you connect it to, right? Like what passwords are, what keys does it have for what things, what MCP tools do you connect in?
I also think this is an argument why MCPs are still valid in the age of OpenClaw and these agents is because MCPs give you a place to kind of have control over what the agent can do. And that seems like the proper place to bake that in because that's going to be more agent agnostic and more setup agnostic and system agnostic. So I still think MCPs play a real good role here in controlling what the agent actually can and can't do.
If the only way it can talk to X thing over here is it has to take a snapshot first and then do the change and that's just sort of baked into the command or it only has read-only access, then you just kind of have a limit on what it can possibly screw up.
And this is also where, if you do want to go the CLI route for some of these tools, you know, it's not a lot of work to just have the agent create a safe wrapper where it does things read only by default. And so it isn't calling the actual CLI tool. It's calling a wrapper that calls the tool. And that wrapper has some safeties built into it.
Of course, NixOS makes that very easy, but you can do that on any system.
Yes, yes. So that's just another way where, so it's not like I'm just totally crazy with it, But with these different pieces combined, I am able to have the agent have complete control over the infrastructure. But you do have to be careful when it comes to a security standpoint and all of that. You want to make sure that things lock down and not hanging out in like public chats and things like that.
And there's a lot of different ways to rig it. So it kind of depends on your own how you like to run things, right? Like it can just be a thing that lives in your sort of CI automation pipelines or it can be a personal assistant that's talking to you on Telegram or anything in between.
And by default, the way Hermes came out of the box was it was, you know, for stuff that was going to need a CLI system command, it's just going to ask me. And I could do allow once, allow always. You know, so for the first 30 or 40 times I do some, you know, whatever, it's going to ask me and I'll just say allow a bunch of times. And it would, in theory, eventually build out a whitelist that it's allowed to do and it would be fine.
It also, it's just, it's funny how much of this stuff, like a lot of the open source and sort of infrastructure is code. And just a lot of the principles that folks in our space talk about really do pay dividends. And another of those is like, if you have a nice mesh network setup, then it's another way, right? Like you can kind of have, give it its own identity on the mesh and then use sort of the mesh firewalls or other firewall systems and ACLs. To control what it has access to that way, too.
And I have to say Nebula is so good for this because the agents can stand up the entire Nebula network on their own. If you have the magic of SSH, just the agents will stand up the entire network. And there's no API key you have to go beg for. There's no Google sign-in you have to do. From zero, from prompt, they can stand up a secure mesh network without any other company's permission or involvement. It's so effing powerful.
This is so, I'm using this for my home assistants that are on separate networks, but I want to have a, when you have three different home assistants, you inevitably want one dashboard, right? You want to be able to control all of the different stuff from one screen, because one's for the chicken coop, one's for the RV, and one's for the studio, right? I'm not some crazy baller, it's just I got chickens.
Now I got three of these things, and I want one dashboard with the buttons for the lights and the crap and the stuff that I do all the time. I don't want to have to load up three different home assistance systems. Well, guess what? They're all on three different networks, but Nebula, boop, boop, boop, boop, ties it all together so simply, builds it out so quick.
It's really great. Anyways, it's just... I think there's so much advantage if you can build the right harness and apparatus around it so you can give them some power. What they can do for you is save you a crap ton of time. And it lets me enjoy infrastructure and free software projects that I was starting to run out of time for. You know, just as my kids have gotten older, life off air has gotten busier
and busier. And some of the cool stuff I was able to build on and do before I don't have time for. But I can keep up. I can keep them managed. I can keep them secure. They're not going to sit there and rot and just, you know, like one of the biggest issues with home labs is they can just sit there and kind of just fall apart and have issues and get out of date and things break over time and your backups fail and it can just become a huge source of stress.
Like these agents, they're, man, they're keeping on top of it. They're telling me when my freaking NVMe hard drive temperatures are too high in one particular rig and when this backup failed and all of it. It's so powerful. So it's worth giving them the leash, but just be careful. All right. I know. I know. I went on for too long. But I think it's pretty exciting. And also, we don't have a lot of boosts. That's it. Thank you, everybody who streams that.
I want to pull one forward, actually.
Oh, yeah, do it. If you don't mind. Let's do it.
There's one here sticking out to me. Rubik Man boosted in 1,488 sats. Thank you.
Mm-hmm.
And it says, I'm confused. Are you pronouncing jif or gif like Jeff or geoff? What's with that?
What's confusing it's an animated Jeff everybody knows that yeah I thought we settled this years ago.
There's an episode somewhere that goes into detail about this I don't remember which you'll have to listen to the.
Back catalog.
But thanks Jeff.
It depends on the program you use to save it.
That's true yeah some prefer the.
Yeah thank you to our SAT streamers came in with 18 of you stacking 21,017 SATs, Not too bad. Not too bad at all. Thank you very much. When you combine that with our boosters who boosted last week's episode and a couple of you that came in at the last minute today, we squeaked just over 100,000 sats. Not a big banger, but I'm still pretty happy. 101,023 sats. We definitely could definitely use to see the support pickup just because the sponsorships are so low.
So this is part of what is keeping the show going. And you can boost with something like Fountain FM. If you're on iOS, you should definitely check out Cast-O-Matic. And AlbiHub just keeps going from strength to strength. I just updated the latest AlbiHub. It's so impressive. And then you can connect to a whole plethora of apps. Get started at newpodcastapps.com. And thank you, everybody, who boosted episode 668. We really do appreciate you.
β ΒΆ Picks
I'm going to start with a pick this week. I have a soft spot for a program back in the day called Norton Commander. Before we'd really settled on the Windows 3 desktop and the macOS desktop paradigm, there were people that were trying to make file managers and graphical interfaces for DOS. Like maybe the OG2E, if you will. And GNOME Commander is a Norton Commander-inspired file manager. It was written in C++. It's recently been rewritten largely in Rust as they
moved over to GTK4. I know. Surprise, surprise. Is gnome commander 2.0 also adds embedded terminal to display output which is nice that is nice improvements in the search dialogue the internal viewer has been improved accessibility has seen some improvements keyboard shortcuts dialogue is there now and you're gonna like this one brent more tab states are restored on restart so now you can over tab on your file manager.
So it's not.
All though it's just.
More yeah yeah i need them all chris.
Well i mean there are limits you know there are limits why this thing still looks like a classic app he sure does you know it reminds me also of midnight commander it's two panes i just love it you know when you can have one pain have two as they say so no go commander is a twin panel graphical fire manager and um gpl3 so that's that I just had to start with that because of the nostalgia. I like the feels.
Well, while you're pretending that the terminal doesn't exist with your graphical thing over here.
As I do.
I brought the graphics to the terminal.
Oh.
Yeah.
Oh.
Yeah, try out Halo.
Flipping the script on us here, Wes.
Terminal flow field screensaver with Perlin noise, braille rendering particles, and 24-bit handsy color.
Oh, you had me at screensaver.
Yeah, here's your TUI screensaver.
I have a real soft spot for screensavers. I was big into the X11 screensavers back when they were around on the proprietary platforms. I loved After Dark. I just love screensavers. And we've moved away from them.
Yeah, it's already got a couple different preset themes in there, right? So you got that.
Ironically, when we had these big old boob tube CRTs that were probably burning 200 watts constantly, we left them running all the time with screensavers.
Yes, we did.
Now we get these LCD screens that pull five watts, then we turn them off all the time.
Well, we have live terminal resize handling. And, yes, don't worry. We have native Windows terminal support.
Yeah. They do recommend you use Kitty or Ghost DTY or iTerm if you're on the Mac or something that's got, you know, lack of a...
You do want, like, a nice, yeah, graphics-y terminal.
You know where this would be great is if anybody out there has a screen in the background of your, like, Zoom work calls. If you're like a work from home, you combine this with Hollywood behind you, you're going to look, yeah. You know what, Brent?
I have a blank one behind me that seems just perfect with this. That thing is the very first monitor I ever got. It's like almost square. It's terrible for anything but exactly this. So thank you, Wes.
You guys remember the Hollywood package too.
Right?
Oh, of course. Oh, yeah.
Oh, good one. Go look that up out there. I know there's a Snap available, but still.
I have a question on this one.
I think there's other packages too. Yeah.
Where's Halo? How did you find something like this? Because this project is three days old.
How did you find this? Were you trolling somewhere?
Can I see? This is just in console.
I do like it a lot. Here, hold that. Can I see it? Hold that up again. So it's like worms going across the screen, kind of.
Mm-hmm.
All right. All right. That's neat.
You can run it with just a UVX if you want.
How the heck did you find it? I mean...
Trolling GitHub.
Oh, yeah. He does that. I've been noticing...
You see, the trick is you follow people who write cool stuff.
Yeah, you've been...
And then you hope that they write more cool stuff.
He's been upping his links with this.
It's like...
Your linkage is going up. I get a report from the agent, and I can see the uptick in the linkage because you found a good vein of stuff recently.
You know, that's the difference between Wes and I. I don't think to use GitHub as a social media platform.
He's kind of using it as a data source, too. You should just watch it.
It'd be nice to automate it more.
Yeah, you never know. You never know. All right, we will put links to Halo and,
β ΒΆ Outro
of course, to GNOME Commander, in the show notes over at linuxunplugged.com slash 668 or check out jupyterbroadcasting.com where you got Linux Unplugged and the launch and This Week in Bitcoin. And you can always call the launch as well. Call us and chat with us. It's kind of fun. Anything else we should cover before we run, boys?
No although just a reminder we want uh people's bitwarden password migration stories or what you're using in place of bitwarden and does it sync because that's what got me that's what effing got me is i just i'm so frustrated because it got me and i knew this i knew this was going to happen i had a whole plant for platform rant i was going to get into we're running out of time uh they got me and i knew it was going to go this way and i they got me for the sync because i just
want bulletproof never think about it I save.
My password I have it elsewhere.
And I want it to work but also the mobile has to be like first class because if I create an account on the mob's I gotta capture the mob so I can log in on the desktops later it's gotta work, help us people and then maybe we can come up with a solid solution that everybody trusts in our community it's something we can recommend to the wider audience so I will also say maybe.
Consider boosting in if you have experience with making a Linux router.
Oh, that was a request that we still need more input on. Let me tell you what. Let me tell you what. All right, Wes Pano, is there anything else we should let people know about this here podcast? Like maybe extra metadata around the show, something like that. You got anything?
Yeah. Well, you know, we make the bots work hard to produce diarized transcripts so you can have as much possible metadata about exactly what we said with the addition of some comic slop misspellings occasionally.
Also we've got json chapters as well as those are.
Entirely handcrafted by editor drew.
That's right as well as chapters we try to embed into the id3 file so whichever works best for you we try to make it available and of course we are live you know that. Yeah, that's right. We make it a Tuesday on a Sunday at 10 a.m. Pacific, 1 p.m. Eastern over at jblive.tv and jblive.fm. Also sometimes up there on the tubes. And of course, we record all of it and more for our members, for our Jupiter Party and our Unplugged core.
Thank you, everybody, for tuning in. Go check out the Unplugged.com website, linuxunplugged.com, for past episodes, this episode, and links to everything we talked about as well.
Subscribe links, our mumble room, our chat room. there's a lot going on around this show that doesn't make it on air every single week but you'll find links to it over at linuxunplugged.com thanks so much for joining us on this week's episode of your Unplugged program and we're going to see you right back here as in Tuesday and you know what that means we'll see you back here next Sunday.
Okay, I have a request. You mentioned you didn't have time in the show for your rant, but you have plenty of time here.