Episode 403 Show Notes
Welcome to mintCast
This is Episode 403!
Recorded on Sunday the 8th January, 2023
… Joe, … Bill
— Play Standard Intro —
- First up in the news
- Linux Mint 21.1 Vera released, Goodbye SHA-1: NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm, Pine Tab2 announced, More developers reportedly now use Linux than macOS
- In security and privacy
- Serious Linux kernel security hole uncovered
- Then in our Wanderings, Moss is in Atlanta this week but has sent in his predictions
- In our Innards section
- And finally, the feedback and a couple of suggestions
— Play News Transition Bumper —
- Linux Mint 21.1 Vera released
- Goodbye SHA-1: NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm
- From The Hacker News
The U.S. National Institute of Standards and Technology (NIST), an agency within the Department of Commerce, announced December 15 that it’s formally retiring the SHA-1 cryptographic algorithm.
SHA-1, short for Secure Hash Algorithm 1, is a 27-year-old hash function used in cryptography and has since been deemed broken owing to the risk of collision attacks.
In February 2017, a group of researchers from CWI Amsterdam and Google disclosed the first practical technique for producing collisions on SHA-1, effectively undermining the security of the algorithm.
- From The Hacker News
- Pine Tab 2 announced
- From Pine64
An explanation of what happened with the original PineTab; in a nutshell, it fell victim to pandemic and post-pandemic production issues and other project priorities
- From Pine64
- Sports a metal case which is easy to disassemble for repair and hardware hacking
- Features the RK3566 – a great SoC for a tablet due to low power consumption and low thermals
- Two USB-C ports – USB 3.0 other USB 2.0 speeds and dedicated for charging; micro HDMI port for video output; microSD slot & headphone jack; a 2MPx and 5MPx camera
- Will be available in 2 configurations: 8GB RAM / 128GB flash & and 4GB RAM / 64GB flash storage
- Launch and price point not known yet – expected sometime after CNY
- Dev units available soon (prior to CNY)
- More developers reportedly now use Linux than macOS
- From TechRadar
- New 2022 (Dec 27) figures have claimed some surprising results in what the most popular operating systems were in 2022
- The 2022 Stack Overflow Developer Survey reports that Linux-based software is now more popular than Apple’s macOS as developers apparently flock to other systems.
- Linux distros, representing 40% for both personal and professional use, which are recognized as being some of the most customizable and adaptive operating systems for developers. The 40% share is up from around one quarter in each of the previous five years, which shows a significant shift to Linux that may continue into 2023.
- However macOS figures continue to be strong in an area of the market that’s becoming increasingly expensive, representing 31% of personal users and 33% of professional users.
- Maybe less shocking is Windows’ popularity, which sees it take the top position as the most used operating system, with almost two-thirds (62%) of personal users preferring the OS and nearly a half (49%) of professional users opting for Microsoft’s product.
- The year of 2022 has also been the year of rising popularity for Windows 11, according to monthly Statcounter (opens in new tab) figures, which show a steady increase from less than 3% market share in January 2022 to an adoption rate of over 16% in November 2022. Windows 10 remains the most popular version of the OS to date, representing a significant 70% of the OS’s distributions.
- Moreover, Statcounter reports that Windows accounts for 75% of all computer users globally, including and excluding developers. macOS takes just 16% of the market, while Linux accounts for less than 3%, further implying that this is a popular go-to for developers and programmers.
— Play Security Transition Bumper —
- Serious Linux kernel security hole uncovered
- Just what every Linux system administrator wants just before the holidays: A serious Linux kernel security bug. The Zero Day Initiative (ZDI), a zero-day security research firm, announced a new Linux kernel security bug. This hole allows authenticated remote users to disclose sensitive information and run code on vulnerable Linux kernel versions.
- How bad is it? Originally, the ZDI rated it a perfect 10 on the 0 to 10 common Vulnerability Scoring System (CVSS) scale. Now, the hole’s “only” a 9.6. That still counts as a “Patch it! Patch it now!” bug on anyone’s Linux server.
- The problem lies in the Linux 5.15 in-kernel Server Message Block (SMB) server, ksmbd. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the kernel context.
- This new program, which was introduced to the kernel in 2021, was developed by Samsung. Its point was to deliver speedy SMB3 file-serving performance. SMB is used in Windows in Linux, via Samba as a vital file server protocol. Ksmbd is not intended to replace Samba but to complement it. Samba and ksmbd developers are working on getting the programs to work in concert.
- That said, Jeremy Allison, Samba’s co-creator, notes, “ksmbd shares no code with production Samba. It’s completely from scratch. So, this current situation has nothing to do with the Samba file server you may be running on your systems.”
- Any distro using the Linux kernel 5.15 or above is potentially vulnerable. This includes Ubuntu 22.04, and its descendants and Deepin Linux 20.3. For server purposes, Ubuntu is the most concerning. Other enterprise distros, such as the Red Hat Enterprise Linux (RHEL) family, do not use the 5.15 kernel.
— Play Wanderings Transition Bumper —
30 minutes (~5-8 mins each)
- Well it has been a long couple of weeks but I still feel like I have not gotten much done
- Lots of 3d printing. Finally got the second completed BT device all printed and put together and it snaps together instead of being glued together so that I can get to all the internals and repair as needed.
- Got a PSP for christmas. Jackie got it for me and I love working on these devices. The seller had a good price for it so I don’t really have any complaints but I do want to tell the truth about what I found in regards to this device. First of all it came with ‘theater case’ that provides extra battery power and also provides much louder audio. Which I checked the value of and it covers the cost of what was paid for it. But then comes the fun. Maybe my expectations are a bit high. Let me know. This device had a custom silver case that was in exceptional condition. There was only 2 of the 7 screws that normally holds the device together. The battery would not hold a charge which is fairly normal for a device this age. I had good batteries available and put one in and the device would make a noise but the screen would not turn on. I took the device apart and I notice that the backlight ribbon cable is disconnected so I hook it up and turn the device on, the screen is very broken. So I pull the screen from a working device and put it in for testing. That works. The device powers on and has a very cool halloween themed background. I check it out and it has a custom rom on it so that I can run any games. I load up one of my memory cards that I have set up and sure enough it works. I think the version needs an update but that is fine. I have some screws from other builds that I use to put it all together and I test the UMD drive. It shows that it sees a disk has been put in but cannot read. Not that big of a deal but I will eventually have to decide if I want to pull the drive and put in a battery or try to fix the drive. Also the fancy casing that it has, the umd drive does not stay closed very well until I bend it into the correct position.
- Like I said overall I am happy with the device it just bothers me that someone would sell it as ‘needs battery, cant test’ when it clearly was falling apart before the sale. The casing didn’t have enough screws in it to actually stay together the UMD door would pop open, the screen was obviously broken and someone that took it apart and put it back together knew this. I cant say that it was the last seller before it got to me but I did enjoy getting it back into a somewhat working condition. Now I just need to order some more screens casing screws and possible UMD drives.
- Also got a wii.
- Have not worked on it much yet but i need to verify the cables and i need to research how to mod it and what mods are available for it. I have never had one of those before
- 3d printed a fume extractor that looks like kirby. I used the instructions that were provided and I had the suggested 40mm fan. But I did not have a separate power supply that would provide the needed 12v. So I need to order some 5v fans that will work with norm usb power. I also got a good print on one of the talon coolers for my 3d printer and need that 12v fan for that. The custom fan will help with bridging and cooling in order to improve my prints.
- I also got nextcloud installed on my phone so that i can work on show notes while at the office when things are slow. Yes i can monitor applications or take a meeting and handle different things all at once.
- I also want to mention that there have been a lot of overall improvements to bluetooth in linux. A lot of the recent problems that i had with BT had to do with keyboards reconnecting but it turns out that some of that had to do with the dongles that were hooked up to my computer. I have been using BT a lot more but when i do i make sure that there are no other keyboards hooked up wireless using dongles.
- I have been doing a lot of 3d printing again because it is something that I can do while doing other things. I have a lot of petg ready to print with so I gave that a try. I have had some success with petg in the past even without an enclosure. This time around it worked for a while I was able to get several prints without an issue. Then I switched to a transparent red petg and I had a print that started out pretty well but part way through it started grinding and popping. I unclogged the nozzle and started the print over. This time it did not get as far in so I replaced the nozzle and tried again. Same thing. OK I switched back to the black petg and another new nozzle. I tried to print one of the same things that I had printed before with the same settings and it would not print. Under extrusion build plate adhesion, always something. So I switched to a .6mm nozzle cranked up the heat and tried again. Still could not get a solid print. I put away the petg and pulled out a spool of PLA reset all my settings and things started printing fine again.
- OK I think I have talked about AudioBookShelf before. But maybe not so I want to discuss it now. It has replaced listen audiobook player for me and also because of the well designed server it has also replaced my need to have btsync/resilio sync. Similar to what subsonic was but with a better implementation and less fragmentation. I am using this everyday in the same way I used to use subsonic or madsonic. Its kinda like plex but for audiobooks and podcasts. Instead of having anything saved on my phone I can just access my library from anywhere that I have an internet connection. I have used the download function in order to make sure that when I know that I am not going to have internet I can still have a book but mostly it has never been a problem. Except one time when the internet was out in my neighborhood and I had to force a local connection. It also a great way to stop most of the podcast downloads directly to your phone. Let ABS handle the downloads and then stream from your home server to your phone as needed. You can track your spot in books and podcasts across multiple devices.
- Also I joined the discord and was able to talk to the developer who is going to fix my one issue with ABS which is the fact that you can only increase the playback speed to 3x. He is planning on removing the limit in the next version and changing it to 10x. Not that I think that I will get to 10x but 4 or 5 would be nice. I hope this application sticks around for a long time. I think that I may do some of the requested write ups that are on the website since there is no donate button that I could find.
- Well, for starters, I hope everyone had a great holiday season if you so partake. For my part, Christmas was a bit more of a “muck about” this year, partially because of the weather. The friday before Christmas was the day the wife and I did our last minute shopping, which this year literally meant nearly all of the shopping. We really dropped the ball this year. The temperatures that day dropped down to -20 degrees Fahrenheit with the wind chill, and snow was blowing across the roads creating an icy situation. Road salt doesn’t work at temperatures that low, so the going was slow and arduous. Christmas eve, I drove down to Indianapolis to pick up my oldest son to bring him back for the family get together. It’s about an hour and 45 minutes from my house to his on a good day, that day the trip took nearly 3 hours, with 4 wheel drive on the whole trip. I spent about $270 in gasoline over the course of the three day weekend. Taking him home on Christmas day was slightly less dramatic, though I had to use 4 wheel drive for some of the trip.
- On new years eve, we did an all-enclusive 3 Fat Truckers recording where we invited everyone in the community to join the VDO stream. We also had a couple people call into the show, and a few got called. Dave has a fancy audio interface that has blue-tooth built in so he was able to pipe phone calls into the feed. There was a little drinking involved and lets just say the 2nd law of thermodynamics was hard at work, because the virtuousness of the conversation deteriorated consistently over the course of the the show. We had a really good time though, and over-all I’m happy with the result. That show continues to exceed my expectations in terms of popularity. This last year has been amazing and trans-formative for me.
- Not much has taken place in recent weeks tech-wise. I have finalized the work of migrating all of the webservers I administer from the cloud to devices on my LAN. The result has been perfect. In fact, I’ve not witnessed a single problem with the setup I’ve built. I’ve enjoyed the learning process tremendously. Currently I’ve got 8 servers of different types running on my LAN all behind an Nginx reverse proxy, and they all run great. 3Ftpodcast.org, mintcast.org, wchouser3.com, linuxotc.org.
— Play Innards Transition Bumper —
30 minutes (~5-8 minutes each)
- Steam Deck will be a success and will contribute to the number of Linux machines in the wild
- The Chip shortage will continue and prices on computers will remain high
- Graphics card prices will somewhat return to normal as a new hardware competitor will come out that will be better for crypto than graphics cards
- When using the proprietary Nvidia drivers on Ubuntu, Wayland will be at least enabled on Ubuntu 22.04 and will be the default session in 22.10
- EndeavourOS will be in first place on Distrowatch on the default 6-month ranking list at some point during the year
- GTK theming will still be viable with GTK4, but witl hibraries as opposed to CSS
- Increased focus on Wayland will lead to development of the X12 protocol
- Josh Hawk
- Steam Deck will succeed (not everyone will cancle orders)
- SteamOS will only be really good on steam deck
- PopOS will have at least a beta of their new DE by end of 2022.
- Community arguments about Gnome will worsen and lead to many leaving Gnome as users.
- Alma Linux will become more popular than RHEL/CentOS Stream.
- Gaming on Linux will pick up.
- Fedora will lead the forefront in adoption of latest kernel/DE
- I will make my foray into Linux System Administration.
- Linux phones will double in number and power in 2022.
- I am throwing my elbows out here, Linux will overtake Mac OS in Marketshare by end of 2022
- The Stem Deck will not ship in February
- Asahi Linux will gain hardware acceleration on the Mac
- Predictions 2023
- I predict that there will be at least two new distros appear, one Arch-based and the other Debian-based, which someone somewhere (major podcast or YouTube channel) will proclaim to be the greatest distro ever, and that not everyone will sneer at the thought. One of these will begin to get serious attention.
- I predict that almost everyone will continue to mostly ignore fascinating distros such as SerpentOS and NixOS, and that SolusOS will fall into that same level of unimportance.
- I predict that either ReactOS or HaikuOS will put a version out which is not labeled Beta.
- I predict that Distrohoppers’ Digest will exceed 40,000 total downloads. (this will mean an average of over 900 listeners per episode). This could be easier or more difficult to determine, as Google has shut down Feedburner and we have switched to Red Circle, with which I have no experience.
- I predict that BigLinux will rise into the Top 20 distros on Distrowatch by the end of the year.
- Steam Deck v2 will launch to much further success
- Pi’s will become much more accessible and there will be no new model in the mainline or the zero line
- we will see more handlheld devices that follow along the steam deck pattern. Right now there are some handhelds with windows or android as the primary OS. I am saying we will have more with Linux as the primary OS
- Asahi Linux will release a relatively easy install (an iso or similar image) for Apple Silicon by the end of 2023, at least as a public beta.
- The Raspberry pi foundation will “announce” the release of the pi 5.
- Ubuntu will drop ZFS on root support for 23.04 but continue to develop the “in-tree” kernel module.
- Ubuntu will begin proper support for Btrfs in the installer (meaning creation of sub-volumes and setting up snapshots) by 23.10, having it ready for the LTS in 2024.
- Google will “announce” a new Pixel device based on the RiscV architecture.
— Play Vibrations Transition Bumper —
20 minutes (~5 minutes each)
- From Ray Boylan Sent from Mail for Windows
From your Uncle Ray
VR / Ray S. Boylan
- From Richard Hughes Hey Joe,
I want to thank you again.
I am using the lipo charger circuit board again to revive a battery that is not charging.
Happy New Year!
- TP4056 Lithium Battery Charging Board
- From Nick Conner
Please help, I use Flatpack Audacity in Linux Mint 21, And the track slider is missing when an audio track has been loaded, also the layout is different to normal Audacity, I don;t use this as it has a habit to make Mint crash??
Like the History of Linux !
It works, thanks again!
On Monday, 26 December 2022, 20:29:05 GMT, mintcast <[email protected]> wrote:
Hey sorry it took so long to get back to you. I have found the workaround is to unmaximize the window and then remaximize it. That makes the horizontal scroll bar reappear. It’s a known bug, and I’m not sure if the audacity team is interested in fixing it before the next major release. (Bill)
— Play Check This Transition Bumper —
- Thank you for listening to this episode of mintCast!
- If you see something that you’d like to hear about, tell us!
Send us email at [email protected]
Join us live on Youtube
Post at the mintCast subreddit
Chat with us on Telegram,
Or post directly at https://mintcast.org
- Next Episode – 2 pm US Central time on Sunday, January 22, 2023
- Get mintCast converted to your time zone
- Next Live Stream – 2 pm US Central time on Saturday, January 14, 2023.
- Get the Live Stream converted to your time zone
- ur time zone
- Livestream information is at mintcast.org/livestream
- Joe – Tllts.org, linuxlugcast.com, MeWe, [email protected], Buy Joe a coffee
- Moss – Full Circle Weekly News, Distrohoppers’ Digest, [email protected], other information found at It’s Moss dot com
- Bill – [email protected], Bill_H on Discord, @wchouser3 on Twitter, and wchouser3 on Facebook also – checkout my new podcast 3ftpodcast.org
- Norbert – [email protected]
Before we leave, we want to make sure to acknowledge some of the people who make mintCast possible:
- AudioFreak (Riyo) for our audio editing
- Archive.org for hosting our audio files
- Hobstar for our logo, initrd for the animated Discord logo
- Londoner for our time syncs
- Bill Houser for hosting the Pi400 which runs our website, website maintenance, and the NextCloud server on which we host our show notes and raw audio
- The Linux Mint development team for the fine distro we love to talk about <Thanks, Clem and co!>
— Play Closing Music and Standard Outro —