Welcome to mintCast

the Podcast by the Linux Mint Community for All Users of Linux

This is Episode 415!

This is Episode 415.5!

Recorded on Sunday, June 25, 2023

Back from the swamps, I’m Joe; Getting rained on, I’m Moss; keeping cool, it’s Majid

— Play Standard Intro —

First up in the news, Mint 21.2 betas have been released, Debian 13 gets a name, Ardour 7.5 does remaps, RHEL goes closed-source, and Opera One ships with AI;
In security and privacy, Tsunami comes to SSH;
Then in our Wanderings Joe goes on a little trip, Moss musics, and Majid has toys

In our Innards section, we get all cloudy;
And finally, the feedback and a couple of suggestions

— Play News Transition Bumper —

The News

20 minutes

Mint 21.2 betas have been released – Majid
- from blog.linuxmint.com (via londoner).
- As of June 21, the beta images for all 3 desktop environments of Mint 21.2 (Victoria) have been officially released.
- If you want to try out these betas, be sure to read the relevant release notes especially if you have issues with secure boot or with an “out of memory” error appearing immediately after the GRUB menu. Release notes are also linked in the above announcements.
Debian 13 gets a name joe
- from OMG!Linux (via londoner)
- With Debian 12 released and well-received, attention turns to its successor, Debian 13 — and we already know a few tantalizing details about it.
- First up its codename. Debian releases are named after characters from the animated Toy Story film series. The most recent release being Bookworm (a character in Toy Story 3), the previous being Bullseye (Toy Story 2) and so on, all the way back to 1996’s Debian 1.1 Buzz (Lightyear).
- Which character will Debian 13 be fronted by? Trixie, a blue toy Triceratops introduced in Toy Story 3, who later starred in a one-off Christmas special called ‘Toy Story That Time Forgot‘.
- On to more prosaic matters. Debian’s Jonathan Wiltshire has revealed that Debian 13 will likely include an official port for RISC-V devices, albeit one subject to architecture qualification during a latter stage of the Trixie development cycle. Momentum behind this open-source architecture continues to mount. And with Debian being a flagship Linux distro, its support for the platform is a major coup. Not that the effort is starting from scratch. Debian for RISC-V 64-bit is already a ‘thing’, and Wiltshire notes the effort is “making good process”. By the time of the Debian 13 release in 2025, RISC-V hardware will (one hopes) be easier to come by, thus allowing more community developers to take part in bring up. Exciting stuff.
Ardour 7.5 Remaps Tempo Maps Editing, more joe
- Ardour 7.5 has been released as yet another update to this popular, free, powerful, and open-source DAW (Digital Audio Workstation) for GNU/Linux, macOS, and Windows systems.
- Coming two months after Ardour 7.4, the Ardour 7.5 release is here to introduce mapping tempo to real performance, a feature that will allow sound engineers to create tempo map nodes and easily adjust their positions to match onsets in their recordings. The tempo mapping mode can now also be used by default.
- Another new feature in Ardour 7.5 is the ability to save and restore I/O connections per device when switching back and forth between multiple locations and audio interfaces (e.g. ALSA and PulseAudio on Linux). Moreover, Ardour 7.5 introduces the ability to rename loaded plugins in the processor box.
- This release also makes it possible to automatically activate supported control surfaces once they’re connected to USB MIDI ports. This feature currently works with the Ableton Push 2, PreSonus FaderPort 8, PreSonus FaderPort 16, Softube Console 1, and Contour Design Shuttle controllers.
- While Ardour 7.4 introduced sections to mark a range as a chorus and paste its entire contents and automation elsewhere, Ardour 7.5 improves this feature by adding some editor commands like cutting and pasting, copying and pasting, deleting, and inserting.
- Among other noteworthy changes, Ardour 7.5 improves support for the Ableton Push 2 controller by adding the ability to send Modulation messages instead of Pitch Bend by holding down Shift while using the touch strip, adds support for Roland SonicCell MIDNAM files, and makes the Dummy backend a real-time option.
- Moreover, this release makes several non-editor commands undoable, adds a progress display to session archiving, makes playlist rendering of non-overlapping MIDI Regions and duplication of multiple regions faster, adds support for subgroup busses for MIDI tracks, and optimizes delaylines to support multiple-MIDI buffers.
- The Playhead has been improved as well in Ardour 7.5 to make it insensitive to mouse events by default and to allow you to use it as a snapping target. Of course, various bugs were addressed in this release to make your Ardour experience more stable and reliable.
- For more details, check out the release notes page on the official website, from where you can also download Ardour 7.5 as a source tarball if you want to manually compile it on your GNU/Linux distribution. Otherwise, you can install it as a Flatpak app from Flathub.
Red Hat now limited RHEL sources to CentOS Stream Moss
- Red Hat announced today that CentOS Stream will now be the sole repository for public RHEL-related source code releases.
- In a move likely to alienate some Linux community users and developers, Red Hat has decided CentOS Stream will be the sole repository for public Red Hat Enterprise Linux related source code. Paying Red Hat customers will still have access to the proper RHEL sources via the Red Hat Customer Portal.
- By limiting the RHEL public sources to CentOS Stream, it will now be more difficult for community/off-shoot enterprise Linux distributions like Alma Linux, Rocky Linux, Oracle Linux, etc, to provide 1:1 binary compatible builds against given RHEL releases.
- Red Hat wrote today in a blog post:
  - “As the CentOS Stream community grows and the enterprise software world tackles new dynamics, we want to sharpen our focus on CentOS Stream as the backbone of enterprise Linux innovation. We are continuing our investment in and increasing our commitment to CentOS Stream. CentOS Stream will now be the sole repository for public RHEL-related source code releases. For Red Hat customers and partners, source code will remain available via the Red Hat Customer Portal.
  - To be clear, this change does not signify any changes to the CentOS Project, CentOS Stream or source availability for CentOS Stream or CentOS SIGs.”
- This is another move following the prior CentOS shake-up that will rattle some in the open-source world with Red Hat continuing to shift greater focus on CentOS Stream as the upstream RHEL and catering RHEL more explicitly towards their paying customers.
- Meanwhile Red Hat engineers are also working on CentOS Stream 10 getting underway as the basis toward the future Red Hat Enterprise Linux 10.
Now Shipping: Opera One, first browser with AI – Majid
- Opera One, the latest incarnation of the Opera browser, is out of testing and ready for download. What would have been the 100th version of Opera now marks the beginning of a new evolution cycle for the Norwegian browser company’s flagship product.
- Redesigned from the ground up to usher in a new era of AI-based browsing, Opera One is the first browser to come with an integrated browser AI, Aria. Aria can be reached via a new command line, as well as from the browser sidebar. It offers free access to a leading GPT-based solution along with up-to-date information from the web.
- Since earlier this year, Opera has been making bold moves in the generative AI space in order to provide its users with a reimagined browsing experience that boosts their productivity and creativity through various ways of interacting with browser AI.
- “As people who obsess over browser innovation, we saw fit to rethink the role of the browser in light of the recent developments in the AI space. As opposed to other browser companies, Opera didn’t simply add AI services to its browser. We went back to the drawing board and redesigned our flagship browser. Opera One is built around Aria, our native browser AI, and is the culmination of our work so far,” said Joanna Czajka, product director at Opera.
- Aria, Opera’s new browser AI, is a key component of Opera One and the first Opera feature that named itself. With Aria, Opera One users are getting access to a leading generative AI service for free. The service is a result of Opera’s collaboration with OpenAI, but with expanded capabilities.
- Based on Opera’s own Composer AI engine, Aria connects to OpenAI’s GPT and is enhanced by additional capabilities such as adding live results from the web. Aria is both a web and browser expert that allows users to collaborate with AI while looking for information on the web, generating text or code, or getting their product queries answered. When it comes to customer support, Aria is knowledgeable about Opera’s entire database of support documentation and uses the company’s current product knowledge to answer users’ questions.
- Opera One users are also getting a brand new command line that allows them to use the ctrl+/ (Win) or the cmd+/ keyboard shortcut to display an overlay and interact with Aria. Whenever a question comes to mind, they can use the command line to ask Aria a question and either interact with the browser AI’s response immediately in the sidebar or go back to browsing.
- Aria also makes use of the AI Prompts feature Opera introduced earlier this year in early access. Following user feedback and extensive testing, the ability to get contextual prompts by right-clicking or highlighting text in the browser is now plugged into Aria as well.
- Acknowledging the popularity of ChatGPT, Opera One also offers users access to the popular service in the browser sidebar.
- As opposed to other browser solutions, the AI in Opera is a user-controlled experience, which means users can choose to opt into AI services or to not engage with them. To use Aria, they have to open the browser AI in the sidebar and log in or sign up for a free Opera account if they don’t already have one.
- A key element of Opera One is Tab Islands, and the way they change how the browser’s tabs behave. Tabs are a fundamental part of browsing but the standard way of interacting with them hasn’t evolved much since the early days of the web and no longer corresponds to the richness of the internet and the countless ways we utilize it. For example, researchers have found that the existing tab design in browsers makes it difficult to jump between sets of tasks. Moreover, according to Opera’s own research, the majority of people feel overwhelmed by how messy their tabs get and wish web browsers would do more to help them manage this.
- Opera One’s Tab Islands address this challenge. Tab Islands are a new way of keeping related tabs together in an intuitive way, based on context – without forcing users to change their habits or to even give it a thought. Users gain flexibility in interacting with their tabs: they can keep different browsing contexts separate, move tabs around, collapse islands to make them small and come back to them later or save them into bookmarks or pinboards.
- When a user creates a trip itinerary and researches hotels and routes, the tabs opened in that context will stay together in a dedicated tab island. Or maybe they have a bunch of Google Docs they use for work? They, too, will automatically get a tab island of their own. As they browse and more tab islands are created, Opera One users can easily distinguish the topics they were focusing on and switch between them.

— Play Security Transition Bumper —

Security and Privacy

10 minutes

Hackers infect Linux SSH servers with Tsunami Botnet Malware – Majid
- An unknown threat actor is brute-forcing Linux SSH servers to install a wide range of malware, including the Tsunami DDoS (distributed denial of service) bot, ShellBot, log cleaners, privilege escalation tools, and an XMRig (Monero) coin miner.
- SSH (Secure Socket Shell) is an encrypted network communication protocol for logging into remote machines, supporting tunneling, TCP port forwarding, file transfers, etc.
- Network administrators typically use SSH to manage Linux devices remotely, performing tasks such as running commands, changing the configuration, updating software, and troubleshooting problems.
- However, if those servers are poorly unsecured, they might be vulnerable to brute force attacks, allowing threat actors to try out many potential username-password combinations until a match is found.
- AhnLab Security Emergency Response Center (ASEC) recently discovered a campaign of this type, which hacked Linux servers to launch DDoS attacks and mine Monero cryptocurrency.
- The attackers scanned the Internet for publicly-exposed Linux SSH servers and then brute-forced username-password pairs to log in to the server.
- Once they established a foothold on the endpoint as an admin user, they ran the following command to fetch and execute a collection of malware via a Bash script.
- ASEC observed that the intruders also generated a new pair of public and private SSH keys for the breached server to maintain access even if the user password was changed.
- The malware downloaded onto compromised hosts includes DDoS botnets, log cleaners, cryptocurrency miners, and privilege escalation tools.
- Starting with ShellBot, this Pearl-based DDoS bot utilizes the IRC protocol for communication. It supports port scanning, UDP, TCP, and HTTP flood attacks and can also set up a reverse shell.
- The other DDoS botnet malware seen in these attacks is Tsunami, which also uses the IRC protocol for communication.
- The particular version seen by ASEC is “Ziggy,” a Kaiten variant. Tsunami persists between reboots by writing itself on “/etc/rc.local” and uses typical system process names to hide.
- Besides SYN, ACK, UDP, and random flood DDoS attacks, Tsunami also supports an extensive set of remote control commands, including shell command execution, reverse shells, collecting system information, updating itself, and downloading additional payloads from an external source.
- Next are the MIG Logcleaner v2.0 and Shadow Log Cleaner, both tools used for wiping the evidence of intrusion on compromised computers, making it less likely for victims to realize the infection quickly.
- These tools support specific command arguments that enable the operators to delete logs, modify existing logs, or add new logs to the system.
- The privilege escalation malware used in these attacks is an ELF (Executable and Linkable Format) file that raises the attacker’s privileges to that of a root user.
- Finally, the threat actors activate an XMRig coin miner to hijack the server’s computational resources to mine Monero on a specified pool.
- To defend against these attacks, Linux users should use strong account passwords or, for better security, require SSH keys to log in to the SSH server.
- Additionally, disable root login through SSH, limit the range of IP addresses permitted to access the server, and change the default SSH port to something atypical that automated bots and infection scripts will miss.

— Play Wanderings Transition Bumper —

Bi-Weekly Wanderings

30 minutes (~5-8 mins each)

Joe
- In case y’all didn’t miss me. I was not able to make the last show or the off week show but I am here now. I have taken over this episode of mint cast and will be bringing you some of that old command line love.
- I spent a week in Florida hanging out with several members of my family. A lot of the fun that happened there is also the idea behind this weeks show so I may cut my bi-weekly short.
- My Grandma needed a new computer and I was asked to give my opinion on what she should get and use hardware wise. She is probably one of those people that a chromebook would be perfect for as she checks her mail pays her bills and plays a few simple games.
- However she is used to the workflow with Windows so prefers to stick with that operating system. For a long time now everytime there is an issue with her computer, one of my other relatives will call me because if you work with batch scripting and linux you must be a desktop expert.
- My suggestion in the end was a NUC which went over very well when they saw how small it was. Made sure to get one that had the ram and ssd included as it was her old spinning disk on the other computer that was causing the issue.
- We also needed an easy way to transfer all of her bookmarks and her history to the new computer with minimal fuss. She is a chrome user so that was pretty easy to make sure that she was logged in and synch was turned on. I am aware of how insecure that is but most of the people that I am going to be working with when helping are non-technical. But she was able to get up and running again in a very short amount of time.
- The most difficult part of it was getting the settings for Thunderbird correct. Yes, my 85 year old grandma uses Thunderbird as her email client.
- I got handed an old laptop as well that my grandpa used for the church before he passed away. It was a Lenovo G570 with an old Pentium processor in it. The screen is still pretty nice and I am happy to say that it easily installed Mint and worked very well as a thin client to access my home server so long as the internet connection was good.
- I was using many different remote access tools but i will try to save all of those for the innards.
- While I was in Florida I tried to stick to using either my OneGX or my Venue 11, both smaller devices but I wanted to stay away from devices that I could log into work from easily. I am happy to say that it was pretty easy to do and I had a lot of fun.
- I used the OneGX a lot to reread a large portion of one of my favorite comic series, which is Spiderman 2099 which was published in 1999.
- The larger screen on Venue 11 was really good for accessing my home server.
- I do want to mention that the audiobookshelf function that allows you to download whole books is very useful when you know you are going to have terrible internet connections and I used it for a bunch of books. I was able to get through a 32 book series.
- I was able to get some soldering in, fixing a couple of headsets that I had handy. It was not as easy at it could have been because I forgot to include flux in my travel solder kit. I will be getting a proper travel solder kit setup and probably have the case 3D printed in the near future. But I will also need to order some new fine tips for the device in the mean time.
- That being said I was able to fix a couple of the modded LG’s and I was able to redo the hinges on two sets of Skullcandy Crushers. Dustin let me know if you need some more hinges printed while I’m all set up for it.
- As you can imagine I was pretty limited on what I could bring with me for exercise equipment. So all I ended up bringing with me was one small bag full of bands and some 3d printed parts, some pushup handles, and some grips that I have started using for the bands that prevent bruising to my hands. They are the same ones that can be printed for carrying grocery bags. I tried out a couple of different designs and the simple ones are the best. I think that I will also be able to use them in conjunction with some 550 cord in order to make some more versatile handles for some of my weights at home.
- But I did get to go to Planet Fitness with my 16 year old nephew once while there and he did keep up pretty well.
- I also designed and 3D printed something that I have seen sold commercially but like the price of better when I am making it myself. As I have mentioned here before I have printed many different phone holders and clamps with different levels of utility, usually pulled straight off of thingiverse and maybe with some mild redesigns.
- One of them was a phone clamp that used a bolt to make adjustable and I redesigned to also be mountable from the rear. But it was not easily adjustable from landscape to portrait so I made the assembly to do that and also am using it with a couple of the others that I have gotten over the years as the design is fairly simple and versatile. I am very happy with how it turned out after i remodded the clamp and put it all together.
- Also had to print out a new flap to cover the freezer in my mini fridge. Hopefully this will help prevent icing. Another very simple design and print with high functionality.
- Also trying out some new gym equipment. Not really equipment but i put some anchors into my floor in my garage so that I could add some pulleys. Putting in the anchors was something new for me and i messed up the first two times before I got the technique right and had to get out my dremel and cut the mistakes down and fill in around them.
- Hopefully the anchors dont cause too many stubbed toes and I will have to remove them when we sell the place but the procedure is the same. Rotary tool to cut them down and fill in with some quickcrete around the edges.
- Got my son setup with a wifi phone using Google Voice. I tried some of the tutorials that I had found previously online to set it up without having another phone and those did not work.
  - By that I mean using an application that generates a temporary number for free and using that to do the setup never worked.
  - But my dad was never going to use his phone to setup a google voice number so that is the one JJ used. From there we just control where it rings out to and all is good.
  - Got him in contact with some of his friends and everything is right with the world.
  - Surprising that a lot of the younger people that I talk to are using simple phone to phone text messages for most of their conversations.
- Also got JJ setup on Discord so that he can talk to me and his siblings while he is in Florida. I guess eventually I will need to get him on the actual phone plan.
- Also JJ got a mini bike and I spent some time riding that around. I had fun but I dont think that I will getting something of my own any time soon.
Moss
- My concert at Festival of the Living Rooms #18 went extremely well. A bit of jitters on my part. I have a recording of everything I did Sunday but didn’t capture audio from my Friday night efforts. What I have is on my Bandcamp page.
- I installed Debian Bullseye on my T540p. Thanks to Flatpaks, I have no problem with software. I thought it was odd that I needed to install gDebi in order to get FreeOffice installed, but that’s easy. And then it messed up my initramfs, which, after several attempts at fixing, resulted in me doing a complete reinstall.
- We’re having a thunderstorm right now, and I’ve lost my Xfinity connection a few times already today, so if I disappear you know what happened.
Majid
- So my compulsive buying of technology continues. After having sold that old MacBook (for a profit I might add!). I saw an M1 Macbook Air on sale for less then $600. Took the plunge on it. MacOS isnt my cup of tea, but its usable, far more then iOS on the iPad is. The battery life is insane. I am one of those guys that doesnt multiple short periods on the computer during the day. Office work and casual use. Never really more then an hour each time. With that kind of use, the battery has lasted ALL WEEK. I think for that kind of use case (work, presentations, email etc) I’m going to keep it. Martin Wimpress on Linux Matters Podcast says the Thinkpad Z1 has similar battery life. But thats a 2k+ price.
- Have already tried Ubuntu in a VM on it, work in progress though
- Found a good offer on the Sony Wf-XM4s, $100 off, so bought that too. This often comes up on websites as one the best earbuds. They are good. Not perfect, but with a few eq setting changes, and with ANC on, they are really good. Enjoy wearing them. Not worth the full price, but for how much I paid , worth it.
- Have downloaded Feren OS, looks good. Not a fan of the Windows 11 vibe, but its KDE so can be changed easily. Thinking of replacing my Kubuntu on this podcasting box with it.
- Son’s birthday few weeks ago, bought him a Playstation 5. I’m not a gamer, but even I can tell this is a real step up from previous generations. If nothing else, it doesnt sound as loud as a jet engine!
- Work being busy, more junior doctor strikes. Big plans on bringing waiting lists down, so lots of extra work. Good pay, but only so many days in the week I can work!
- Muslim festival of Eid (yes theres 2 in a year) coming up. Muggins here forgot to take the day off work, so gonna be a bit strange. My own fault.
- Speaking of my own fault, I almost burned down my house! Thankfully nothing major happened, and importantly everybody is fine.
- Did a bit of research on online “banks”. Revolut, Starling etc. Some of them are really good, makes me wonder how they are funding it/making money.
- We are going to be cat-sitting, my daughter is very happy with news… I’m less sure. I like cats, but dont know what to do about leaving the house empty with them.
- My boys really want to go on a holiday in the summer. I’m thinking Morocco, or somewhere else with cheap flights. Whether i’ll have any money after buying more tech, I dont know.

— Play Innards Transition Bumper —

Linux Innards

30 minutes (~5-8 minutes each)

Remote access
- This will be covering a lot of subjects and practical applications on my part. I am hoping the others can jump in and talk about how they access things when they are not at home. there are many solutions and niche use cases for things like this. I have gone over a lot of these things before but I have been getting a lot of people asking me questions about it lately so I am going to do another walk through
- Ssh
  - SSH is one of the classic remote control methods that have been around for a very long time. SSH stands for secure shell. It is encrypted so it is safer to use on unsecured networks
  - SSH was designed as a replacement for Telnet because telnet was laughably insecure. To make it more secure you should setup port forwarding on a non standard port at the router level. Yes it is security through obscurity but every little bit helps
  - What I mean is pick a port at random on your router and have that point to port 22 on your device. This can be used to allow multiple devices to have direct access to ssh if you want although I suggest using one device as an SSH gateway to all your other devices. This limits the number of ports you leave exposed
  - SSH there are a couple of ways that this can be setup and used to make ones life easier while on the go
  - First is just using the standard user, password command line method to view and move files on a remote system or to turn on and off different services and applications. Once you use the user pass method it is just like you are using the command line on the remote system locally (mostly)
  - This can be good if you just need to do something or check something quickly on the remote system, or if you use some file based automation on your home system.
  - You can also do an update or a reboot over ssh although this has risks
  - Installing and testing out a new application from remote as well (I actually do this later on)
  - If I am going to be doing a lot of ssh work or using a lot of tools that use ssh I prefer to use public-private key pairs to take out the need for the password.
  - This method also allows for automation using things like if-up if-down and cron. If you don’t have it set up then you really cannot do any type of automation using ssh.
  - You can set this up following the instructions at
    - https://linuxize.com/post/how-to-setup-passwordless-ssh-login/
    - I considered going through all the commands but that might be bothersome
    - you may want to do this for both machines
    - basically you need two commands
      - ssh-keygen -t rsa -b 4096
      - ssh-copy-id me@remote-IP
    - There are other things that might need doing but you can check that out for yourself at the link
  - One thing that I sometimes use ssh for that a lot of people don’t think about is ssh port forwarding.
    - Port forwarding allows you to access things on another network without having to go through the process of exposing the remote port
    - A quick example of this would be remoting into my server to forward audiobooklibrary so that I can control the remote machine like it was local
      - ssh me@remote-IP -p #### -L 13378:localhost:13378
    - then I just go to localhost:13378 and I have direct access
    - I have used this for things that I don’t want to expose ports for such as note taking tools that I want to remain secure
    - This is a clean and fast way to do this style of remote access. There are other ways
    - One of those methods that is a little bit slower but much more robust and useful is X11 forwarding
    - It is a bit slower but it is usable so long as you -C which allows for compression. Also use -C whenever you can it really does optimize connections
    - The command for this one is super easy:
      - ssh -X me@remote-IP -C -p ####
    - This allows you to launch graphical applications from the remote system locally. Obviously this is slower than accessing direct. But one thing that I like to do that makes things easier than using a bunch of port forwarding commands is to kick off x11 forwarding and launching Firefox.
    - This makes it easy to access EVERYTHING as if I was local
      - Why would I use this over something like vpn?
      - Some networks don’t allow for VPN protocols
      - Sometimes I don’t have a VPN setup
      - we will discuss more on VPNs later
      - But that means that all of my servers are just accessible without having to forward ports
      - Also any internet surfing that I do will appear to come from my home computer. Hello alibi
  - also sshfs
    - this is something that I use often. Constantly really. It is a great way to expand the usefulness of lower end low storage devices.
    - SSHFS is a fuse mount for a remote drives over ssh.
    - It allows me to access all the storage on my server as though it is a local storage device. There are some limitations of course but some of those can be mitigated with automation and others with different styles of access
    - The one major flaw that I have not been able to mitigate is that if you are connected to the remote server and if you move a file from one location on that server to another location on that server using the gui, is that the data will go from the remote server and will pull through to the local machine and then write out back to the server. This can slow things down considerably especially with larger files. You can get around this with other style of connections as I said.
    - I have used several different methods to automate sshfs connection on different systems with different levels of success
      - rc.local is a good way to connect at boot if you put in a wait for network
      - Cron can be useful for this if you are willing to script out some checks for networking
      - The best that I have found is actually if-up if-down. If your system uses it you can create a script that runs when the network comes up and another when the network goes down that will clear the fuse mount and it will be ready when the network reconnects
      - sshfs me@remote-IP:/ /mnt/tower -C -p ####
      - killall -9 sshfs && umount /mnt/tower/
    - I started using this because of how bad network shares were to setup on linux for the longest time. I understand that they are probably much better now but I like this and it works from outside my network. No SMB for me
- X2GO is desktop sharing over SSH
  - Desktop sharing
    - you can use x11 sharing options which will allow you to view what is currently on the screen on the remote system. You can see where this would be useful
    - the only issue with this that I have had is that I use some pretty small screens for my thin clients and my home computer uses two monitors
    - This is basically a way of using RDP
    - Because of some of the limitations of chrome this can be useful. I also found it useful when accessing an already running VM
    - It is a very optimized setup for streaming and controlling your desktop from far away
  - New desktop
    - There are two uses for this that I have found. The first one being when I am using a smaller screen and want something a little bit more optimized I can spin off a new desktop session with a single screen and run everything from there.
    - Also if the computer has been restarted I can spin off a new desktop and have full control including being able to kick off chrome and a VM this came in handy when the power went out at my house and I had to have someone restart my computer while I was in Florida
    - This also give me access to adjust a lot o the automation that I have set up and to access my resilio sync instance and get up and running with new devices easily because of the need to allow new devices
    - This is basically x11 forwarding on steroids and optimized
    - This is my own personal thin client setup. As long as my network connection is halfway decent it does not matter what device I am using so long as it can run x2go sadly there is no android client for it although there have been several interesting attempts
  - Both of these methods are a good workaround for the issue I mentioned earlier with sshfs and copying files from one location to another on the server. It performs the action locally which saves a lot of network bandwidth and time with larger files
  - This does require the host machine to be running linux so I have not found it useful in helping family with computer issues
  - I have used this on computers I have never seen before including my brother’s server and Digital Ocean instances
  - I don’t like using cinnamon over x2go but one of the other great things that you can do with it is install other desktops like Mate or LXDE and just use those when you spin off a new desktop
- VPN
  - VPNs are a great tool that I use all the time as well. It adds a layer of encryption and security and obfuscates your actions on whatever network you are on
  - Another great thing it can do is change your location to anywhere in the world that you have access to a VPN server. This is not as useful as you might think in regards to things like viewing region locked content if you are using a commercial solution because most services will block those IP’s
  - But if you have one set up at home there are some interesting things that you can do and it is a lot easier to setup than a lot of the other solutions that I have discussed
  - You still get the added security for the network that you are attached to but you are passing the trust to your local internet provider
  - Having it setup on your local network allows you to have an IP address that is local to your home network. This means that you can access everything at home as though you were also at home. You do not need to expose all the ports on your router to be able to access things
  - There are many simple ways to set this up. Me personally I use my router which has the functionality built in and provides me with a static DNS. I just have to turn the functionality on and then get the ovpn file and use that on the devices that I want to connect with.
  - You can also do something like setup a raspberry pi with pivpn and you will get the same effect although you will need to expose the port for that.
  - Once you are on the local network all your network shares will be available and you can ssh directly to everything on your local network
  - How to setup a VPN with pivpn on a pi with raspbian installed:
    - ssh into your pi
    - curl -L https://install.pivpn.io | bash
    - then follow the walk through and setup port forwarding on your router, standard port is 51820 I always suggest changing it
    - use command pivpn -a to create a new user and config file
    - I used sftp to get the file onto my computer and sync to get it to my phone
    - install wireguard and point it to the file.
    - It just worked, I verified that when I was off the local network and had this turned on that it would give me a local ip address and allow me to access local servers
    - In the walkthrough it also pointed out that it would force use the pihole as the dns which is appreciated as that will block a lot of ads
    - Also I set this up on the same pi zero that is currently running pihole and I have not noticed that it caused any issues so far.
- I have several servers set up to be able to remotely access information in a more palatable form depending on the information
  - plex
    - This allows me to access my library of videos while on the go. So long as I have remote access turned on I can even use plex.tv to access instead of doing it directly. I use this daily to manage and view my library
  - audiobooklibrary
    - I have a huge library of audio books and ebooks and I use this all day everyday to go through it.
    - It does require a bit of management but I love this application
    - it has also replaced my phones podcatcher. Basically I don’t download anything directly to my phone anymore. It all goes to my server and then I access it from there. My phone is just my doorway to my home system
  - octopi
    - I use this to access my 3d printer from anywhere. If I am at work and I decide I want to print something then I will need to access a couple of different things on my home system to get the print setup and then use octopi to start and monitor the print. It is a great thing to do while on my lunch break
    - I can also verify that the print is starting correctly and not experiencing any errors and if it does start making spaghetti or comes loose from the bed I can stop the print.
    - I am thinking about also getting a CR touch auto bed leveller to help with some of the print starting issues that some times come up
- Remote desktop sharing for helping family
  - VNC
    - it is a very common program that is used to remotely access a desktop
    - it has been around for a very long time and does require a bit of setup to get working properly
    - I have used it to monitor my childrens activities online when my easily distracted child was supposed to be doing homework on her windows machine
    - It is a good tool with a few free clients and servers
  - Windows RDP
  - Chrome remote desktop
    - This is a chrome and google extension. I tested it out and I am actually very surprised at the functionality and will need to test this more in future
    - I did need to install a deb package and the android application to get it working and the text was very small at first in the setup.
    - Once I could tell what was happening I found out that it will work a lot like x2go does in that it will allow me to spin off another desktop!!! except this time directly from an android device.
    - The keyboard usage was horrible on screen as was the mouse which used the screen as a touchpad which takes some getting used to but I can see where this would be epic with some display tweaking and a Bluetooth mouse and keyboard
    - This will be a much easier way of using linux on an android device for me.
    - I am excited to test this out. Maybe even with an external monitor.
    - I am not a fan of using a google service when I don’t have to but this seems like a really easy setup.
    - I did not see an option to access the desktop as it is but the text was pretty small and I don’t know if it would act differently on a windows system.
    - It does require a long pin so there is some security there.
    - If I like it well enough and up using it more on my phone I will do an innards on it and get back to you
  - Team Viewer
    - Team Viewer is an easy to use tool that is designed for you to be able to help people with their desktops from remote
    - It is easy to setup with some simple instructions and is robust and secure.
    - Lots of options and does require a pin to access
    - the problem gets to be that it is super easy to setup with simple instructions so it gets used to scam people that are vulnerable
    - My brother swears by this application and he does a lot of remote desktop support but because of the propensity for abuse I cannot get behind using it regularly
  - AnyDesk was suggested by Bill who could not be here today
    - I have not used AnyDesk so I cannot say how well it works, but looking at the wiki it is also used in a lot of remote support and technical scams
    - One interesting thing that I would like more information on is it seems to have VPN functionality built in

— Play Vibrations Transition Bumper —

Vibrations from the Ether

20 minutes (~5 minutes each)

Brad Alexander
- Hey man,

I saw this on youtube and wanted to share it with you…You were mentioning that super glue on the plastic parts of these headphones can get brittle and doesn’t last…A buddy of mine online sent me this:
https://www.youtube.com/watch?

and

https://www.youtube.com/watch?

If true, it’s pretty amazing…

And, btw, I managed to find a reasonably priced set of HBS-820’s on eBay, and so far, I’ve been pretty happy with them. If you try the baking soda thing, let me know how it works…

Hank Barta
- Thanks for a continually interesting podcast. The subject of git and git servers interested me.

I use git a lot. I have 88 repositories on Github and somewhat less on my private Gitea server. I also have a handful of projects on Gitlab and Bitbucket. Most of these are code repositories, but a few years ago I started keeping notes in Markdown and converting to HTML using Mkdocs. (*) I just checked and I have 355 Markdown files in my “notes” repo on my private server. You can get a feel for what that looks like by checking a public “blog” on Github at https://hankb.github.io/. (repo at https://github.com/HankB/)

As mentioned, I use Gitea running in a Docker container. I tried Gitlab on my first file server but the Atom processor just didn’t have enough oomph and pages would time out, never loading. I switched to Gitea and it ran fine on the Atom (ten or fifteen years ago IIRC.) My server is now a Xeon with 16GB RAM and I still use Gitea in a Docker container. But you asked about Gitea on a Raspberry Pi. I have a “test server” running on a Pi 4B/4GB with 2 6TB HDDs in a ZFS Mirror and I also have Gitea running on that (again in a Docker container.) It hosts the same repos as the main Gitea server and I simply configure my projects to pull/push to both remotes.

(*) Incidentally, I think that Mkdocs and a Git server would solve “the page just jumped while I was reading” issue. I guess you’re collaborating on something like Google Docs and sharing the same page so that any interaction on the page is reflected to all other viewers. Put your notes in Markdown and push to a server to share. Then use MkDocs to render and “python -m http” (IIRC) to serve and each participant has their private view of the page and no interactions between users. But you do give up the real time updates so it might not suit your workflow.

If you have any questions about this, feel free to ask away (and direct me to a platform more conducive to discussions.)

best,

— Play Check This Transition Bumper —

Check This Out

10 minutes

New App to Trim, Crop, Mirror & Flip Videos on Linux – Majid
from OMG!Linux (via londoner)
A new app available from Flathub makes it easy to edit short videos on Linux.
The GTK4/libadwaita app Footage is not a fully-fledged video editor but it is a utility video editors will want to have in their toolbox.
Using this app you can trim video clips; rotate videos; flip videos horizontally (i.e. mirror) and vertically (i.e. flip); and crop videos — all without needing to set up a complicated video project or deal with project settings (like you would in a video editor).

Using Footage you can:

Rotate left/right
Flip (mirror) vertical and horizontally
Crop videos using on-canvas controls
Trim videos using draggable in/out points
Change frame rate
Resize videos
Convert to MKV, MP4, WEBM, GIF
As well as making it simple to perform common edits, Footage also lets export video in a number of formats. For example, if you’ve quickly shot a 5 second video of your cat being super cute you can open it in Footage to quickly convert it to, say, an animated GIF — nice!
In all, this is a well-made, well-designed utility that caters to all sorts of use cases, from casual clip sharing between friends through to professional content to share with clients. Highly recommended.
Get Footage on Flathub
Diablo build for modern operating systems

Housekeeping & Announcements

Thank you for listening to this episode of mintCast!
If you see something that you’d like to hear about, tell us!

Send us email at [email protected]

Join us live on Youtube

Post at the mintCast subreddit

Chat with us on Telegram and Discord,

Or post directly at https://mintcast.org

Next Episode – 2 pm US Central time on Sunday, July 9, 2023
Get mintCast converted to your time zone
for 415 Next Roundtable Live Stream – 2 pm US Central time on Saturday, July 1, 2023.
Get the Roundtable Live Stream converted to your time zone
for 415.5 Next Roundtable Live Stream – 2 pm US Central time on Saturday, July 15, 2023.
Get the Roundtable Live Stream converted to your time zone
Livestream information is at mintcast.org/livestream

Wrap-up

Joe – Tllts.org, linuxlugcast.com, [email protected], Buy Joe a coffee
Moss – Full Circle Weekly News, Distrohoppers’ Digest, [email protected], I’m on Mastodon as @[email protected], and other contact information can be found at It’s Moss dot com
Bill – [email protected], Bill_H on Discord, @[email protected] on Mastodon, @wchouser3 on Twitter, and wchouser3 on Facebook also – checkout my other podcasts Linux OTC and 3 Fat Truckers
Majid – [email protected] @atypicaldoctor on twitter, AtypicalAnaesthetist on Instagram and The Atypical Anaesthetist Podcast on Spotify (https://open.spotify.com/show/6Uo4DsJE8fJmvo8npljbmx)

Before we leave, we want to make sure to acknowledge some of the people who make mintCast possible:

Someone for our audio editing
Archive.org for hosting our audio files
Hobstar for our logo, initrd for the animated Discord logo
Londoner for our time syncs
Bill Houser for hosting the server which runs our website, website maintenance, and the NextCloud server on which we host our show notes and raw audio
The Linux Mint development team for the fine distro we love to talk about <Thanks, Clem … and co!>

— Play Closing Music and Standard Outro —

Episode 415 Show Notes