Welcome to mintCast

the Podcast by the Linux Mint Community for All Users of Linux

This is Episode 453!

This is Episode 453.5!

Recorded on Sunday, January 19, 2025.

freezing again im Joe; Is it spring yet?, I’m Dale; and starting off 2025 slowly Eric.

— Play Standard Intro —

• First up in the news: Linux Mint 22.1 “Xia” released, Parallels can finally run x86 versions of Linux on Apple Silicon, German router maker is latest company to inadvertently clarify the LGPL license, Google and Linux Foundation form Chromium love club
• In security and privacy: Microsoft patches Windows to eliminate Secure Boot bypass threat,
• Then in our Wanderings: Joe enjoys prepares his rack , Dale does routing , and Eric shares 80s kid culture with his kid.

• In our Innards section: A look at Docker
• And finally, the feedback and a couple of suggestions
• Please remember if you want to follow along with our discussions, the full show notes for this episode are linked in the show’s description

— Play News Transition Bumper —

The News

20 minutes

• Linux Mint 22.1 “Xia” released joe
  • From the Linux Mint blog (via londoner)
  • On Thursday (January 16) Clem and the team released the latest stable version of Linux Mint. This is 22.1 codename “Xia”. We discussed all the new features and the changes made from Mint 22 in our last episode (452).
  • If you are running the BETA you don’t need to upgrade, use the Update Manager to apply all the latest available updates.
  • Upgrade instructions for those currently using Linux Mint 22 were published yesterday (Jan 17) in the MInt Blog.
  • You should also check out “What’s new and the Release Notes
• Parallels can finally run x86 versions of Linux on Apple Silicon Eric
  • From ArsTechnica
  • NOTE: While this article mainly mentions Windows, it does have some implications for using Linux on Apple Silicon
  • Virtualization software like Parallels and VMware Fusion give Mac owners the ability to run Windows and Linux on top of macOS, but for Apple Silicon Macs, that support was limited to the Arm-based versions of those operating systems. And while Windows and Linux both support some level of x86-to-Arm app translation that attempts to maintain compatibility with most software, there are still plenty of things that demand an Intel or AMD processor with the x86 instruction set.
  • Last week, Parallels released a new update that partially resolves this problem: Users of Parallels Desktop Pro 20.2.0 now have access to x86 operating systems via an “early technology preview” of Parallels’ “proprietary emulation engine.”
  • The technology preview is currently limited to certain 64-bit versions of Windows 10, Windows 11, and Windows Server 2019 and 2022. Parallels also says it has tested several UEFI-compatible Linux distributions, including Ubuntu 22.04.5, Kubuntu 24.04.1, Lubuntu 24.04.1, and Debian versions 12.4 to 12.8. Fedora will install, but it’s unstable. 32-bit versions of operating systems, as well as older versions of Windows like Windows 7 or 8, aren’t supported.
  • For Windows 11 and supported Linux distros, you can run existing virtual machines using the technology preview, but you can’t set up new ones—useful for anyone migrating from an Intel Mac with virtual machines they’d like to keep. If you’re trying to set up a new virtual machine, the only officially supported operating systems are Windows Server 2022 and Windows 10 21H2, though there are workarounds available for Windows 10 22H2 and Windows Server 2019.
  • You won’t be able to set up fresh copies of Windows 11 or some versions of Linux because the technology preview doesn’t support SSE4.2, additional CPU instructions that became common in Intel and AMD processors in the early 2010s. This also means that Windows 11 24H2 VMs are entirely unsupported, since the 24H2 update requires these CPU instructions to work at all.
  • Parallels notes that these operating systems currently run “really slow” due to the overhead required for translation. Windows takes between two and seven minutes to boot, depending on the speed of your Mac, and “the responsiveness of the operating system is low.” Rather than attempting to multi-task, Parallels says you should close the app you’re using before trying to open another one.
  • Other limitations include a lack of USB passthrough support, no sound, support for just one virtual CPU core and 8GB of RAM, and a lack of support for nested virtualization (which could affect compatibility with features like the Windows Subsystem for Linux). Parallels also says that the translation overhead requires a lot of system resources—for example, “an Intel-based Windows 10 VM with 4GBs of RAM assigned will take 8GBs of your Mac’s memory.”
  • While Apple’s Rosetta 2 generally does a good job of running Intel Mac apps on Apple Silicon Macs, Apple doesn’t support running entire x86 operating systems using Rosetta. The Virtualization Framework built into macOS likewise only supports Arm-compatible operating systems. Though limited, Parallels’ support for running x86 operating systems is a unique feature that other companies haven’t been able to offer yet. It’s also a bit of a blast from the past for longtime Mac users—back in the PowerPC days, Mac owners also had to rely on third-party emulation software like Connectix’s Virtual PC for running x86-based operating systems and apps.
• German router maker is latest company to inadvertently clarify the LGPL license Dale
  • From ArsTechnica
  • The GNU General Public License (GPL) and its “Lesser” version (LGPL) are widely known and used. Still, every so often, a networking hardware maker has to get sued to make sure everyone knows how it works.
  • The latest such router company to face legal repercussions is AVM, the Berlin-based maker of the most popular home networking products in Germany. Sebastian Steck, a German software developer, bought an AVM Fritz!Box 4020 (PDF) and, being a certain type, requested the source code that had been used to generate certain versions of the firmware on it.
  • According to Steck’s complaint (translated to English and provided in PDF by the Software Freedom Conservancy, or SFC), he needed this code to recompile a networking library and add some logging to “determine which programs on the Fritz!Box establish connections to servers on the Internet and which data they send.” But Steck was also concerned about AVM’s adherence to GPL 2.0 and LGPL 2.1 licenses, under which its FRITZ!OS and various libraries were licensed. The SFC states that it provided a grant to Steck to pursue the matter.
  • AVM provided source code, but it was incomplete, as “the scripts for compilation and installation were missing,” according to Steck’s complaint. This included makefiles and details on environment variables, like “KERNEL_LAYOUT,” necessary for compilation. Steck notified AVM, AVM did not respond, and Steck sought legal assistance, ultimately including the SFC.
  • Months later, according to the SFC, AVM provided all the relevant source code and scripts, but the suit continued. AVM ultimately paid Steck’s attorney fee. The case proved, once again, that not only are source code requirements real, but the LGPL also demands freedom, despite its “Lesser” name, and that source code needs to be useful in making real changes to firmware—in German courts, at least.
  • “The favorable result of this lawsuit exemplifies the power of copyleft—granting users the freedom to modify, repair, and secure the software on their own devices,” the SFC said in a press release. “Companies like AVM receive these immense benefits themselves. This lawsuit reminded AVM that downstream users must receive those very same rights under copyleft.“
  • As noted by the SFC, the case was brought in July 2023, but as is typical with German law, no updates on the case could be provided until after its conclusion. SFC posted its complaint, documents, and the source code ultimately provided by AVM and encouraged the company to publish its own documents since those are not automatically public in Germany.
  • Doris Haar, a spokesperson for AVM, noted that the company has “supported the active open source community from the very beginning, as it ensures long-term innovation.” Haar pointed to projects like Freetz and source code offerings.
  • AVM also takes issue with the SFC’s framing of the case. “In the course of the proceedings, it turned out that the source code was sufficient, which is why the opposing party withdrew all allegations of a potential LGPL/GPL violation,” Haar wrote to Ars. The decision (“not a judgement, in German: Der Beschluss”) confirmed an amicable settlement, and AVM “voluntarily decided to cover the costs,” according to Haar. Both parties could have chosen to appeal the decision, Haar wrote.
  • “In this case, too, we actively supported the plaintiff’s side in advance, which unfortunately nevertheless led to these legal proceedings, which were closed in July 2024,”
  • Are “copyleft” lawsuits against router and other networking hardware makers common? Just check the Free Software Foundation (FSF) Europe’s wiki list of GPL lawsuits and negotiations. Many or most of them involve networking gear that made ample use of free source code and then failed to pay it back in offering the same to others.
  • At the top is perhaps the best-known case in tech circles, the Linksys WRT54G conflict from 2003. While the matter was settled before a lawsuit was filed, negotiations between Linksys owner Cisco and a coalition led by the Free Software Foundation, publisher of the GPL and LGPL, made history. It resulted in the release of all the modified and relevant GPL source code used in its hugely popular blue-and-black router.
  • The backstory, such as it exists from reports and retrospectives, is that Cisco bought Linksys, Linksys outsourced certain chipset development to Broadcom, and Broadcom outsourced firmware development to an overseas developer. Everybody up the chain ended up with a lawsuit once people started looking.
  • Cisco made history yet again in 2007 when it was the first entity to be actually sued by the FSF over GPL violations, which started in 2003 and continued to come up with new hardware products. Cisco settled the case with the FSF in 2009, making a donation to the FSF and appointing a Free Software Director at the company to keep track of its licensing obligations.
  • Prior to the FSF lawsuit, the Software Freedom Law Center (SFLC) had filed lawsuits against hardware makers on behalf of the creators of BusyBox, a collection of Linux command-line utilities bundled into one tiny executable. Some settled, more were filed, and some defendants went bankrupt. At one point, a judge ordered all of one defendant’s infringing HDTVs containing BusyBox to be surrendered to the plaintiffs. (This writer would have liked to see that, but I can’t find a resolution thereof.)
  • In almost every case, both the SFLC and the FSF have stated that lawsuits were filed only after multiple attempts to seek compliance from license violators had failed. To this day, it does not pay to ignore the emails from the programmer with questions about source licensing.
• Google and Linux Foundation form Chromium love club Joe
  • While Google awaits a decision about whether it will be required to sell its Chrome browser as an antitrust remedy, the search giant has joined with the Linux Foundation to announce an initiative to support the open source Chromium project upon which the Chrome browser depends.
  • The project, called Supporters of Chromium-Based Browsers, aims “to foster a sustainable environment of open-source contributions towards the health of the Chromium ecosystem and financially support a community of developers who want to contribute to the project, encouraging widespread support and continued technological progress for Chromium embedders,” explained Shruthi Sreekanta, technical program manager at Google, in a blog post.
  • Jim Zemlin, executive director of the Linux Foundation, which gets at least $100,000 annually from Google for its gold membership fee [PDF], said the browser foundation support group will “provide much-needed funding and development support for open development of projects within the Chromium ecosystem,” without specifying the source or amount of that funding.
  • The Linux Foundation did not immediately respond to a request to clarify the funding arrangements. The Register understands that all the members will be contributing funds.
  • According to Sreekanta, Google last year made more than 100,000 commits to the Chromium code base, representing about 94 percent of the contributions. Google’s hope is that other organizations building their browsers on Chromium will step up their contributions.
  • The Chromium project has become the de facto standard foundation for web browsers since Microsoft in 2018 announced that it would release a new version of its Edge browser based on Chromium and its underlying Blink engine, effectively sunsetting Microsoft’s Trident engine.
  • Google Chrome – Chromium plus some proprietary features – already has a dominant global browser market share of about 68 percent, a figure made even more expansive when other Chromium-based browsers such as Brave, Microsoft Edge, Opera, and Vivaldi, among others, are included.
  • The popularity of Chromium, a testament to the cost and technical challenge of competing with Google’s monopoly-funded stable of software engineers, helps with web standardization but threatens to eclipse alternative technologies, specifically other browser engines, as more organizations jump on the bandwagon.
  • There are presently three actively supported browser engines – Google’s Blink, Apple’s WebKit, and Mozilla’s Gecko – and a few niche or in-progress engines like Goanna and Servo. Browser engines handle the parsing and rendering of web pages and include an engine for running JavaScript (e.g., V8 in Blink, JavaScriptCore in WebKit, and SpiderMonkey in Gecko).
  • Apple has managed to make its Safari browser, powered by its WebKit engine, the second most popular browser with a global market share of about 17 percent, aided by self-preferencing defaults and platform rules that require all iOS browsers – though not in Europe anymore – to be built upon WebKit. It remains to be seen whether Safari could sustain that position in the absence of the platform distribution advantages bestowed by Apple.
  • Mozilla’s Firefox browser, powered by its Gecko rendering engine, is also not a part of the Chromium ecosystem. And its global market share, just 2.47 percent in December 2024, according to StatCounter, has dwindled significantly as the Chromium ecosystem has grown. Mozilla did not immediately respond to a request for comment.
  • Supporters of Chromium-Based Browsers is likely to benefit those committed to the Chromium world.
  • “Microsoft is pleased to join this initiative which will help drive collaboration within the Chromium ecosystem,” said Meghan Perez, VP of Microsoft Edge, in a statement.
  • “This initiative aligns with our commitment to the web platform through meaningful and positive contributions, engagement in collaborative engineering, and partnerships with the community to achieve the best outcome for everyone using the web.”
  • Vivaldi CEO Jon von Tetzchner told The Register, “We welcome this effort and we support it. We have not signed up yet, but we expect to do so in the future. We have been in contact with other members already.”
  • Even so, if the Chromium ecosystem gets stronger still, it could further diminish the browser diversity.
  • As web developer Rachel Nabors observed in 2018, “Chrome has the most resources and leads the pack in building the Web forward to the point that we can’t be sure if we’re building the Web we want… or the Web Google wants.“

— Play Security Transition Bumper —

Security and Privacy

10 minutes

• Microsoft patches Windows to eliminate Secure Boot bypass threat (Eric)
  • From Dan Goodin at ArsTechnica (via londoner)
  • For the past seven months—and likely longer—an industry-wide standard that protects Windows devices from firmware infections could be bypassed using a simple technique. On Tuesday, Microsoft finally patched the vulnerability. The status of Linux systems is still unclear.
  • Tracked as CVE-2024-7344, the vulnerability made it possible for attackers who had already gained privileged access to a device to run malicious firmware during bootup. These types of attacks can be particularly pernicious because infections hide inside the firmware that runs at an early stage, before even Windows or Linux has loaded. This strategic position allows the malware to evade defenses installed by the OS and gives it the ability to survive even after hard drives have been reformatted. From then on, the resulting “bootkit” controls the operating system start.
  • In place since 2012, Secure Boot is designed to prevent these types of attacks by creating a chain-of-trust linking each file that gets loaded. Each time a device boots, Secure Boot verifies that each firmware component is digitally signed before it’s allowed to run. It then checks the OS bootloader’s digital signature to ensure that it’s trusted by the Secure Boot policy and hasn’t been tampered with. Secure Boot is built into the UEFI—short for Unified Extensible Firmware Interface—the successor to the BIOS that’s responsible for booting modern Windows and Linux devices.
  • Last year, researcher Martin Smolár with security firm ESET noticed something curious about SysReturn, a real-time system recovery software suite available from Howyar Technologies. Buried deep inside was an XOR-encoded UEFI application named reloader.efi, which was digitally signed after somehow passing Microsoft’s internal review process for third-party UEFI apps.
  • Rather than invoking the UEFI functions LoadImage and StartImage for performing the Secure Boot process, reloader.efi used a custom PE loader. This custom loader didn’t perform the required checks. As Smolár dug further, he found that reloader.efi was present not only in Howyar’s SysReturn, but also in recovery software from six other suppliers.
  • The threat posed wasn’t limited to devices that had one of the vulnerable system recovery packages installed. Attackers who had already gained administrative control over a Windows device could simply install reloader.efi and, because of the digital signature in the OS, use it to install malicious firmware during boot up. On Tuesday, Microsoft finally neutralized the threat by updating Windows to remove the signature.
  • In 2022 security firm Eclypsium identified three prominent software drivers signed by Microsoft that could be used to bypass secure boot. In a post, Smolár wrote:
    • This raises questions of how common the use of such unsafe techniques is among third-party UEFI software vendors, and how many other such obscure, but signed, bootloaders there might be out there. We reached out to Microsoft about the situation, hoping it could bring more transparency into what third-party UEFI applications they sign, so that anyone can quickly discover and report such obviously unsafe UEFI applications if they mistakenly pass (or passed a long time ago) Microsoft’s UEFI third-party code-signing review. We believe that Microsoft’s planned rollout of new UEFI certificates provides a great opportunity to make this happen, pushing UEFI third-party signing transparency and UEFI security one step forward.
  • ESET reported the vulnerability to the CERT Coordination Center last June. It’s unclear why Microsoft didn’t issue a patch until this week. It’s also not yet clear if Linux systems were also vulnerable and, if so, whether a patch has been issued. Red Hat, Suse, and Ubuntu didn’t immediately answer questions sent by email.
  • More info on this topic at the Hacker News

— Play Wanderings Transition Bumper —

Bi-Weekly Wanderings

30 minutes (~5-8 mins each)

• Joe
  • I have been working a lot on the 10 inch server rack. At least the planning and printing portion of it. I not a lot got done on it since the last show and i will get into why shortly.
  • I was able to print a couple of shelves and couple of different brackets for holding different items like my network switch and a dedicated mini pc that i will hopefully be getting soon.
  • I went through a whole roll of pla between good finished products and failed prints and switched to petg and was able to get a good print or two out of that but then it started failing. So i bagged the petg for later drying and use and switched to a fresh roll of PLA. That was able to print for a while and then it started getting cold outside and i started having problems with wall adhesion.
  • I tried a couple of different settings to counter this including turning off the cooling and increasing the extrusion multipler but that did not work and i ended up taking a few days off from printing entirely. I considered getting the enclosure out and seeing if that helped any but that would have meant staying in my cold garage longer and i was not ok with that.
  • By it got cold outside i mean to say that my part of texas closed down again due to snow and ice and no one knowing how to drive.
  • While not printing i was looking to fix one of the other problems that i had with some of the prints for the rack. The size issue. A lot of the prints were just too big for the bed so i grabbed a couple that i wanted to work on and modified them using tinkercad. Previously i had split them down the middle and gave them an overlap with offsets and holes so that they could be screwed or glued together and that worked well.
  • For these new ones although i have not printed to test i think this will be much easier to use across multiple prints. I sliced the rack mounting points off and did the same as above but instead of the middle i had to do it for each side and then create a bracket to extend to the mount points that can be printed separate.
  • I did this for a 3 bay 5.25 inch drive bay that i will then put in another adapter to make it hold 4 3.5 inch drives and if that works i am thinking of ways to attach a power supply to the rack and move my DAS onto it instead of that bulky tower case.
  • Then I realized that the cold was probably not the issue and once I was no longer in fear of my extremities falling off I went to work trouble shooting. The issue very much seemed like heat creep which since the sensors were reporting correct temps is the reason I did not think that it was the cold.
  • After doing some cold pulls to make sure that all the petg was removed I realized that my fan that cools the extruder and not the parts fan was sometimes stopping. This fan should be moving if the printer is turned on. Unless it is due to the cold which I had previously assumed. But I started wiggling the cables and sure enough it would start and stop.
  • My first assumption was that it was my solder joins on the modular cables that I had added that were causing the issue. That makes the most sense. I wanted to shorten up those cables and do some cable management anyways so I took them off and redid them but the problem persisted. I pulled out the trusty voltmeter and tested down to the noctua connector and everything was reading fine.
  • So I started looking at where the wires go into the fan and with wiggling them around sure enough the ground cable was faulty. I don’t want to replace a fan that could work fine especially a noctua so I pulled out a lighter and with some light tension on the cable I heated the shielding and it separated at the correct spot.
  • Some very tiny very delicate soldering and some electrical tape later and it is working again. This was caused by the hotend moving back and forth constantly bending and unbending those wires so I added a zip tie to the shroud that will hold the cables at the same angle and hopefully this wont happen again.
  • Put all the other cables back into place and zip tied them so they don’t get in the way and im off to printing again. Sadly I already ordered a new hot end and cant cancel but at least I will have a spare on hand with heating element and thermistor
  • I was also working on a couple of other projects at the same time. I think that last time i talked about converting an old laptop monitor to a portable monitor and had the board all set up for it
  • This time i was able to create a mount and get the first one attached to my chair. I went through a couple of different iterations of the mount. One that slid on and screwed down and had a heat set insert to fit on standard 1/4 inch mounts. This one turned out to be a little flimsy so i ended up scrapping it. I redesigned and while i dont like using one that makes it difficult to take apart and maintain i made one that would slide over the bottom bezel and had a non heat set mount since i would not be able to twist the monitor to screw it into place and i designed this around being able to use a thumb screw to hold it down.
  • Yes this had to be super glued to the bezel but i am much happier with the stability and safety of then product. I will have to design a stand for table top use but i dont think that will be hard. it is still currently attached to the arm of my chair in the garage and i do cast dex to it but i think that i will also use it in the final stages of setting up the 10 inch server rack.
  • I still need to reorder the controller board for the other one but i need to take it apart first and verify the model number. And still figure out that other 17 inch model with the really old processor. I think the screen is coming off no matter what. I also need to decide if the next one is going to have the hinges all the way removed. May make things easier and more aesthetic. Hello dremel
  • I also pulled out my other Dell Venue 7140. The one with the i5 processor instead of the mobile processor. I was able to find a m.2 ngff hard drive for it in my collection but it is 32 gb. I had stopped using it previously because i was out of extra keyboards with batteries and the battery life was horrible with the beefy processor. I have ordered another charger and another working keyboard with battery and we will see how things go. Hopefully with powertop it will improve the performance. I have noticed that it charges a bit slowly but that may have been an issue with the long usb cable that i was using.
  • Also unlike with the other venue the audio simply works after installing mint. I like having both of them in operation so that I can switch as needed when they need charging. To go along with the onegx mini laptop. But I have to say while the performance is much better on the onegx the keyboard is much better on the Venue.
• Eric
  • I haven’t done much of note as tech projects seem to be the last thing on my mind. The only thing I have been doing is archiving some DVDs to add them to my media server. I’ve been reliving my youth to some extent my showing my daughter the popular teen movies from the 80s and 90s. It’s fun to see her enjoy something that I enjoyed as a kid. It also shows me just how much the world has changed in 30 years and how different it is to be a young person today. This is particularly relevant now as I see the angst of young people around the TikTok ban and how so many of them rely on it as their window to the world. Mine was TV and movies like the ones I’m showing my kid. I wonder what it might be for my kid’s kids? Maybe some ever-present tech like wearables and AR, or some new thing we haven’t even thought of yet.
• Dale
  • A friend who is also a Ubiquiti Unifi fan like I am ordered a new gateway. Some refer to them as routers. There are some technical difference between them, though I will digress. The model he bought was the Gateway Max.
    I previously used their Gateway 3 port. It worked well but was limited in the amount of firewall rules and filtering it could do. So I moved to pFsense and I’ve been using it for a year or so. I wasn’t completely happy with it only because of the Unifi devices are all centrally managed. Trying to do things like VLANS is a bit of pain.
    Well, after my friends raving review of the Gateway Max. I was compelled to buy one. I hadn’t bought many brand new tech in 2024 so I thought I would end the year with a worthy upgrade. Ubiquiti greatly improved the functionality of their gateways. It is a night and day difference. They are now on par with others in their league. I was also surprised that it supported 2.5 GBit. That will be nice if my cable provider ever increases the speed past 1 Gbit. I am very happy to be one hundred percent back on Unifi with the single pane of glass management, as it is called.
  • My other new tech purchase last year was a 2024 iPad Air 11”. I’ve been curious about iOS for quite a while.
    My previous 3 year old Android tablet is a Lenovo Yoga Smart Tab 10”. It started having WiFi issues and other odd glitches. It would connect and have no internet access. This was on either my phone or my Peplink mobile router. The YouTube app, History, and Spectrum TV would just stop. No error message just a black screen or a frozen image. Reinstalling didn’t change the issue.
    It’s been about a month since buying the iPad. It took some adjustment because the gestures are different. A friend who has an iPhone helped me get up to speed. It was refreshing learning something new and feeling like a new user. I’m really impressed with the sound and the camera quality of the iPad. I use it for Skype, Zoom, YouTube, History Channel App, Science Channel App, and Spectrum TV. Which is my cable providers app for watching tv.
  • Speaking of my Peplink MAX Transit Duo Pro mobile router. I’ve had it for 5 months and I must say it is my 3^rd best new tech purchase of last year. Though I think it is my favorite next to my iPad.
    The mobile router has made a significant improvement in my mobile data access. Places where I had no service with AT&T or Verizon, I had service with my Peplink. The plan I am using has access to AT&T, Verizon, and US Celluar. Which covers most of the country. It will only use one carrier at a time. There are other models where you can bond multiple connections. I am very happy with the Peplink and the service which is through a different company. Though there are still dead spots in New Mexico. I am even using my phone with WiFi calling via the Peplink. I think the benefit is that it is not carrier locked to set of bands. My Peplink uses CAT-12 and CAT-7 LTE cellular bands. The 5G model above it was much more expensive. I wasn’t too impressed with 5G on my phones so I opted for the LTE Peplink. From what I am told. The 5G is much better with the Peplink. So that is a future upgrade path.

— Play Innards Transition Bumper —

Linux Innards

30 minutes (~5-8 minutes each)

• Talking docker
• Docker is a containerization system that is getting a little long in the tooth now. The company has had its ups and downs with trying to monetize and it seems like every time they find a good path for it someone kicks it out from under them like with docker swarm and kubernetes.
  • Joe
    • I used to use docker a lot for various things including plex and an odd setup using vpn and chrome and a torrent tool and separate from those a subsonic and libresonic instance which I used to use for audiobooks and podcasts.
    • Libresonic was a good application similar to the audiobookshelf that I am using now but with all the subsonic forks it was difficult to keep track of what was still being maintained and what was a dead fork.
    • I stopped using docker when I got tired of the update process. It wasn’t so bad with most things but with the vpn and chrome there were so many updates between vpn itself and the other two attached docker instances that I was having to redo it every couple of weeks and it got annoying so I moved on to installing barebones which is a lot more stable.
    • But since I knew we were going to do this episode I decided to do something different to test out the state of things now.
    • I installed portainer. Which allowed me to learn portainer and docker compose. Portainer is great it allows me to not only easily create multiple instances using docker compose and link them all together as needed
    • plus you can update them with a fresh pull with just a single click. I don’t know how this compares to kubernetes but I am enjoying it greatly
    • I have set up jellyfin, orcaslicer, jupyter notebook, freecad and even an instance of audiobookshelf. I had also tried cura and prusaslicer but I could not get those to work properly, I also need to finish setting up the volumes for jellyfin and the slicers so I don’t have to get creative moving files around.
    • All of this using docker compose for each stack. It also makes it very easy to backup an image and redeploy as needed. I haven’t really needed the template feature but I have tested it to make sure that I could use it with an existing instance and it seems to be fine so long as you go in and manually change the port mappings which is really easy with docker compose
    • Also since I still have all my old notes from the days when I used docker regularly I am going to move my older docker commands for vpn and chrome moved to compose files and see if they still work in a modern environment.
    • And as a further test I wanted to install a full os and see how it works. For my test I decided to use KASMWEB which is prebuilt and ready to go. I had some trouble getting it to install and there is an issue with the password variable not being set but after dropping to the command line for the install and using portainer to find the password I was able to get in
    • it is pretty cool and comes with some interesting pre-installed applications but you cant install any of your own. Yes I am aware that they would go away on reboot but with one of my own I could mount the /home and the rc.local and make a startup script to install on reboot and home would have all my settings. So I am looking. Or potentially use all appimages for applications in a mounted volume.
  • Eric
    • I have used Docker somewhat begrudgingly in the past when software I wanted to use, normally something server-based, either recommended or required using Docker to run their product. My first experience was the Discourse user forum software. Their software in particular was always a nail-biting harrowing experience with things like updates requiring a lot of reading and even more luck.
    • Lately, I have needed a container engine for running distrobox. If given a choice, I prefer to use Podman instead, which is a Docker alternative developed by Red Hat. It has a number of differences from Docker, many of which make my life easier. In particular, running on demand and not running as a daemon and not requiring root privileges or additional user changes.
    • My IT career was prior to containerization when virtualization was the state of the art
  • Dale
    • My first experience with Docker was a few years ago using the implementation TrueNAS Scale used. When it worked, it worked well. When they didn’t, it was quite difficult to figure out what happened. I had a friend who was more familiar with Docker help me and he was struggling to figure out what happened. He told me that the current version of TrueNAS Scale has greatly improved their Docker implementation. All of the management is performed from the Web GUI. They do have the ability to enter the container to make any necessary changes. If you are more a command line user when it comes to Docker. This is probably not for you.
    • I’ve been using Snaps on Ubuntu Server for the past year or so. If you are not needing the numerous configuration options of Docker. Snaps are a good set it and forget it option that you can have with Docker.
      The confinement of the Snap is controlled by kernel patches that Canonical maintains. File access is dependent on the person or group that created the Snap.
      • For example, the Plex Media Server Snap uses the home folder of the user that installed the Snap. It is a folder I created during install called plexmedia and is owned by root and group for root. This folder is ZFS pool I have mounted under my users home folder.
      • Nextcloud on the other hand isn’t limited to the users home folder with an exception. My Nextcloud storage is a ZFS pool mount at /mnt/storage0. This will be the root folder as far as Nextcloud is concerned. That is the exception I mentioned previously.
        If you need the Nextcloud Snap to have access to apps outside its containment. They need to be placed in /var/snap/nextcloud/bin/.
        • For example, a thumbnail utility that automatically creates thumbnails for videos and images needs access to ffmpeg.

— Play Vibrations Transition Bumper —

Vibrations from the Ether

20 minutes (~5 minutes each)

— Play Check This Transition Bumper —

Check This Out

10 minutes

• https://ubuntu.com/blog/docker-vs-snaps-a-side-by-side-comparison

Housekeeping & Announcements

• Thank you for listening to this episode of mintCast!
• If you see something that you’d like to hear about, tell us!

Send us email at [email protected]

Join us live on Youtube

Post at the mintCast subreddit

Chat with us on Telegram and Discord,

Or post directly at https://mintcast.org

• Next Episode – 2 pm US Central time on Sunday, February 2, 2025.
• Get mintCast converted to your time zone
• for 453 Next Roundtable Live Stream – 2 pm US Central time on Saturday, January 25, 2025.
• Get the Roundtable Live Stream converted to your time zone
• for 453.5 Next Roundtable Live Stream – 2 pm US Central time on Saturday, February 8, 2025.
• Get the Roundtable Live Stream converted to your time zone
• Livestream information is at mintcast.org/livestream

Wrap-up

• Joe – Tllts.org,  linuxlugcast.com, [email protected], Buy Joe a coffee
• Moss – Full Circle Weekly News, [email protected], Mastodon @[email protected], occasionally on HPR
• Bill – [email protected], Bill_H on Discord, @[email protected] on Mastodon, also checkout my other two podcasts Linux OTC and 3 Fat Truckers
• Majid – [email protected] @[email protected], AtypicalDr on Instagram and Threads and The Atypical Doctor Podcast on Spotify and also Linux OTC.
• Eric – I can be reached by email at [email protected].
• Dale – [email protected], Dale_CDL on Telegram and Discord.

Before we leave, we want to make sure to acknowledge some of the people who make mintCast possible:

• Bill for our audio editing
• Archive.org for hosting our audio files
• Hobstar for our logo, initrd for the animated Discord logo
• Londoner for our time syncs and various other contributions
• Bill Houser for hosting the server which runs our website, website maintenance, and the NextCloud server on which we host our show notes and raw audio
• The Linux Mint development team for the fine distro we love to talk about <Thanks, Clem … and co!>

— Play Closing Music and Standard Outro —