Episode 419 Show Notes

Welcome to mintCast

the Podcast by the Linux Mint Community for All Users of Linux

This is Episode 419!

This is Episode 419.5!

Recorded on Sunday, August 20, 2023

Joe, Got my head in the clouds, I’m Bill, …Majid

— Play Standard Intro —

  • First up in the news: LXD-Linux Containers Forks LXD Project as “Incus”, Indian Defense Services are Switching to Linux, Mint’s birthday coming up, Messaging Layer Security, State of Solus, Alarm raised over MozillaVPN, EFF launches the TOR University Challenge, news on OpenZFS and ZFSBoot, and Devuan 5 is here;
  • In security and privacy: SkidMap and Downfall;
  • Then in our Wanderings: Majid has cloudy days
  • In our Innards section we talk about cloud storage solutions and attempt to demystify some of the procedures for hosting your own cloud storage.
  • And finally, the feedback and a couple of suggestions

— Play News Transition Bumper —

The News

20 minutes

  • LXD-Linux Containers Forks LXD Project as “Incus” Bill
    • Written by Michael Larabel on Phoronix 7 August 2023
    • Following Canonical deciding to pull in control of the LXD project and LXD maintainership being limited to Canonical employees, the Linux Containers project has announced the forking of LXD as Incus.
    • Incus is a fork of the LXD project created by Aleksa Sarai, the developer known for his work on runc and other OpenContainers projects.
    • Aleksa started this fork due to the recent Canonical decision around taking LXD away from the Linux Containers umbrella. Incus is now going to become a fully community led alternative to LXD and hosted under Linux Containers.
      • “The goal of Incus is to provide a fully community led alternative to Canonical’s LXD as well as providing an opportunity to correct some mistakes that were made during LXD’s development which couldn’t be corrected without breaking backward compatibility.

        In addition to Aleksa, the initial set of maintainers for Incus will include Christian Brauner, Serge Hallyn, Stéphane Graber and Tycho Andersen, effectively including the entire team that once created LXD.

        There is no clearly defined roadmap at this point. Incus will be tracking changes happening in LXD and will likely in time diverge from it as different decisions get made. A stable release of Incus is likely at least a couple of months away so existing LXD users shouldn’t rush to find a way to migrate quite yet!”
    • More details on the Incus project via today’s announcement on LinuxContainers.org.
  • Indian Defense Services are Switching to Linux
    • From It’s FOSS (via londoner) Originally reported by thehindu.com.
    • In the past, we have seen governments trying to switch to Linux for their administration needs. But, that usually comes with its own set of challenges, ranging from interoperability, all the way to training the end-users.
    • And as it turns out, the Indian government is all set to take up that challenge once again by implementing an internally developed Linux distro.
    • According to a recent report, the Defence Ministry of India has decided to replace Windows with an in-house developed Linux distro called ‘Maya’ on all computers that are connected to the Internet.
    • While details are very slim on this distro, we know that it is based on Ubuntu and has been developed locally within a very short 6-month period.
    • On this, an unnamed official from the Defence Ministry had this to add:
      • Maya has the interface and all functionality like Windows and users will not feel much difference as they transition to it.”
    • That does sound promising because many users find it difficult to adapt to a new interface that’s not like Windows. This should, in theory, help them adapt to a Linux distro faster.
      India, like most countries, has to face cyberattacks on a daily basis. Those range from malware attacks, all the way to ransomware attacks, which have affected critical infrastructure in the past.
    • Maya was specifically developed as a way to deter such attacks on critical infrastructure, and it also features an ‘endpoint detection and protection system’ called ‘Chakravyuh’, the details of which are yet to be ascertained.
    • Initially, Maya will be installed on all internet-connected computers in the South Block of the Secretariat Building in New Delhi.
    • That block houses important offices such as the Prime Minister’s Office, the Ministry of Defence, and the Ministry of External Affairs.
    • But, the Ministry of Defence will be the first one to get Maya, the official directive has already gone live, with an August 15 deadline.
    • It is good to see that more and more governments are pushing for the use of Linux across critical administration agencies. And, this certainly is a big push in India 🤯
      In the case of India, the state of Tamil Nadu had previously decided to switch to another homegrown Linux distro called ‘BOSS Linux’ for their administrative needs, and that had received appreciation from many.
    • I am looking forward to seeing how Maya performs, and if we can see it implemented for more common uses across the government.
    • ADDENDUM from londoner: Maya was previously used for the codename of Linux Mint 13 in 2012. No connection with the doomsday theories from the ancient Maya civilization – it is the name of Clem’s daughter. In Hindi, the word Maya means “illusion” or “hallucination”. Speaking of Mint…
  • Next Sunday, August 27, will be Linux Mint’s 17th birthday!
    • Version 1.0 “Ada” was released way back in 2006. It had a KDE desktop, as it was based on Kubuntu 6.06 “Dapper Drake” and was called a beta. It was replaced three months later by version 2.0 Barbara which switched to the Gnome desktop.
  • Messaging Layer Security: Secure and Usable End-to-End Encryption
    • from IETF News
    • The IETF has approved publication of Messaging Layer Security (MLS), a new standard for end-to-end security that will make it easy for apps to provide the highest level of security to their users. End-to-end encryption is an increasingly important security feature in Internet applications. It keeps users’ information safe even if the cloud service they’re using has been breached.
    • For an app to provide end-to-end encryption, it needs an extra layer of cryptography that sets up encryption keys among the devices participating in a conversation, so that these devices can encrypt users’ data in a way that cloud services can’t decrypt. Before MLS, there was no open, interoperable specification for this extra layer. MLS fills this gap, providing a system that is completely specified, formally verified, and easy for developers to use.
    • MLS builds on the best lessons of the current generation of security protocols. Like the widely used Double Ratchet protocol, MLS allows for asynchronous operation and provides advanced security features such as Post-Compromise Security. And, like TLS 1.3, MLS provides robust authentication, and its security properties have been verified by formal analyses. MLS combines the best features of these predecessors, and adds on features like efficient scaling to conversations involving thousands of devices without sacrificing security.
    • Draft versions of MLS have been deployed at scale to protect sensitive real-time conversations in Webex and RingCentral communications products. These early deployments provide validation of MLS’s ability to work well in real-world scenarios, at the scale of major communications services. Other apps, such as Wire, Wickr and Matrix, are planning to transition to MLS, and the IETF MIMI working group expects to use MLS as the end-to-end encryption layer in their solution for interoperable messaging.
    • This is just the beginning for MLS, though. There are already a handful of MLS implementations, including multiple open-source implementations. But, more implementations will make it easier to use MLS in more places. Likewise, more deployments will provide valuable lessons on how future versions of MLS need to improve. And while MLS is a major piece of the end-to-end security story, there are still important pieces yet to be written, for example, creating a strong identity that can integrate with MLS’s authentication system and secrets management systems that help users have a more seamless experience.
  • State of Solus – August 2023 Bill
    • from sol.us blog
    • Long-time Solus users know that the project has navigated some choppy waters in the past with bus factor. Too much responsibility on too few shoulders has led to burnout, stalled work, and even an extended project blackout. For Solus to continue long into the future, we need people to enjoy working on Solus, and we need it to be a team effort.
    • In short, the new strategy is to spread responsibilities across a larger team, enabling individuals to fill in for each other as availability dictates. Our new processes enable us to seamlessly onboard new and offboard existing team members as necessary. Since our return in April, Solus Staff has grown to a team of 16 volunteers, and we’ve been working on internal documentation and workflows so responsibilities can be readily shared.
    • Case in point, to test our processes and documentation, we have been rotating the individuals that perform the package repository sync, with 11 out of our 16 staff members having already completed the process.
    • Solus Staff is the umbrella term for everyone who has a role on the Solus team. Note that the roles are a little different from what was laid out in the New Voyage blog post. As we have collaborated over the past few months, we found these were the roles people naturally fell into.
    • The roles and their responsibilities are as follows:
      • Boring Admin
        • Be responsible for the financial side of Solus, in particular OpenCollective.
        • Manage the keys for all important Solus accounts.
      • Comms
        • Reach out with news to the Solus communities, and solicit feedback.
        • Moderate Solus communities to keep them friendly and useful.
        • Supervise work on Help Center documentation.
      • Infrastructure
        • Maintain the services that are knitted together to make Solus: services hosting the homepage, Help Center, build server, the dev tracker, forum, and others.
        • Packaging
        • Push their own packaging work, review work done by other packagers, and show new packagers the ropes.
        • Coordinate weekly syncs with other Packaging Team members, Infrastructure and Comms teams.
      • Web
        • Work with Infrastructure to develop the sites and services that deliver Solus: particularly the primary web property (getsol.us) and the Help Center.
    • At the end of the day, Solus is a Linux distribution, so we expect that most people will join Solus Staff as packagers, and take on other responsibilities as they wish.
    • Solus Staff now includes the following people:
      • Alex Vorobyev (aleksvor)
      • Algent Albrahimi (algent)
      • David Harder (davidjharder)
      • Evan Maddock (EbonJaeger)
      • Fabio Forni (livingsilver94)
      • Gavin Zhao (GZGavinZhao)
      • Ikey Doherty (ikey)
      • Joey Riches (joebonrichie)
      • Joshua Strobl (JoshStrobl)
      • Philipp Trulson (der_eismann)
      • Reilly Brogan (ReillyBrogan)
      • Rune Morling (ermo)
      • Silke Hofstra (silke)
      • Tracey Clark (TClark77)
      • Zach Bacon (ZachBacon)
    • Other Recent Work
      • Help Center content was moved onto a new stand-alone site at help.getsol.us. With this new Docusaurus-based site, we can quickly review and incorporate changes suggested by anyone willing to send us a Pull Request or open an issue on the accompanying GitHub repository here. Please take a look around and let us know what you think.
    • Launching the Solus Matrix Space
      • We now have four public Matrix rooms set up, migrating our old setup from IRC. All our rooms are listed in the Help Center.
      • All Solus IRC channels have been retired, except for #solus, which remains solely to direct people to Matrix.
  • Alarm raised over Mozilla VPN: Wonky authorization check lets users cause havoc Bill
    • from The Register
    • Updated A security engineer at Linux distro maker SUSE has published an advisory for a flaw in the Mozilla VPN client for Linux that has yet to be addressed in a publicly released fix because the disclosure process went off the rails.
    • In a post to the Openwall security mailing list, Matthias Gerstner describes a broken authentication check in Mozilla VPN client v2.14.1, released on May 30.
    • Essentially, the client can be exploited by any user on a system to, among other things, configure their own arbitrary VPN setup, redirect network traffic to outside parties, and break existing VPN setups. That’s no good on shared computers with multiple users.
    • The issue was identified, says Gerstner, when an openSUSE community manager wanted to add the Mozilla VPN client to openSUSE Tumbleweed, a Linux distribution. The software was reviewed by the SUSE security team, a standard procedure, and they found the VPN software “contains a privileged D-Bus service running as root and a Polkit policy.”
    • Polkit, formerly PolicyKit, is an authorization API for privileged programs. The SUSE security team noticed that the privileged mozillavpn linuxdaemon process had incorrect authorization logic.
    • Citing the listed XML-based Polkit policy declarations, Gerstner observed that the way the authentication check is written, the code asks Polkit to determine whether the privileged Mozilla VPN D-Bus service – rather than the user – is authorized to perform the action.
    • Since the D-Bus service runs with root privileges, the authorization check always returns true. That means the D-Bus call will work for any user account, regardless of privileges.
      • “The impact is that arbitrary local users can configure arbitrary VPN setups using Mozilla VPN and thus possibly redirect network traffic to malicious parties, pretend that a secure VPN is present while it actually isn’t, perform a denial-of-service against an existing VPN connection or other integrity violations,” said Gerstner.
    • Gerstner also calls out the absence of any Polkit authorization checks for various other D-Bus methods like getLogs(), cleanupLogs(), runningApps(), firewallApp(), firewallClear(), and deactivate(). These all execute functions that should be authorized. For example, it’s fundamentally insecure to let any local account on a system deactivate another user’s VPN.
    • Responsible disclosure needs to work both ways
    • Polkit itself had a recent significant security issue, but the Mozilla VPN vulnerability is the result of improper implementation. What makes it noteworthy is the way the disclosure was handled.
    • According to Gerstner, the issue was privately disclosed to Mozilla on May 4, and SUSE heard nothing further until June 12, when its security team learned the flaw had been disclosed in a GitHub pull request to the Mozilla VPN repo.
    • “We asked upstream once more what their intentions are regarding coordinated disclosure but did not get a proper response,” said Gerstner.
    • Nonetheless, the SUSE team waited until Thursday, August 3, after 90 days had elapsed, to post publicly about the flaw, which Mozilla has now assigned CVE-2023-4104.
    • Gerstner says Mozilla VPN plans to stop using Polkit authentication completely in the upcoming v2.16.0 release, which does nothing to change the fact that all the D-Bus APIs remain unauthenticated and usable by any local user.
    • Improved authorization is expected in v2.17.0 – which does not yet have a release date – by requiring the D-Bus caller to have the CAP_NET_ADMIN permission, or the UID associated with the user who activated the connection. This is expected in one or two months.
    • As for the other potential information leaks described in the post, Gerstner says there is no word on how or when those will be addressed.
    • Asked to comment, a Mozilla spokesperson told The Register that “while the timing is uncertain,” the organization anticipates sharing more information on Monday. ®
    • Updated to add:
      • “We acknowledge that our communication regarding this bug report could have been more precise, given our commitment to be responsive and collaborative partners,” a Mozilla spokesperson said in a statement to The Register.
      • “We have been working to implement improvements to address the issue, and as a result, will advance the timing of this fix in a special release of 2.16.1 for Linux on August 11th, 2023.”
    • Mozilla has also made public the initial bug report.
  • EFF Launches the Tor University Challenge
    • from EFF.org
    • Electronic Frontier Foundation (EFF) on Tuesday launched the Tor University Challenge, a campaign urging higher education institutions to support free, anonymous speech by running a Tor network relay.
    • Universities answering this call to defend private access to an uncensored web will receive prizes while helping millions of people around the world and providing students and faculty a vital learning experience.
    • “Journalists, political and social activists, attorneys, business people, and other users all over the world rely on Tor for unfettered, unmonitored access to knowledge and communications,” EFF Senior Staff Technologist Cooper Quintin said. “Anonymous speech always has been a pillar of democratic society, letting us discuss anything without fear of retribution. And facilitating this discussion can be a great educational opportunity for students and faculty alike.”
    • Made up of volunteer-run relays, the Tor network allows human rights defenders and organizations, at-risk communities, and people experiencing online censorship or government surveillance to browse the unrestricted internet with as much privacy and anonymity as possible. A Tor relay is a computer that’s a part of the anonymization process; a Tor bridge is a relay that’s not publicly listed, in order to circumvent censorship in countries that block IP addresses of known relays.
    • Currently, roughly 7,000 relays and 2,000 bridges help make up the global network by simply donating a spare computer, bandwidth, and time. Universities already volunteering Tor relays include the Massachusetts Institute of Technology, Georgetown University, Carnegie Mellon University, Technical University Berlin, University of Cambridge, and others.
    • University-run relays provide students with hands-on cybersecurity experience in a real environment helping real people, while stimulating discussion about global policy, law and society, particularly regarding free speech issues. It can help build community between students and faculty, as well as advance research and recruitment.
    • Universities are ideal sites for hosting Tor relays as they tend to have good network connectivity, lots of technical expertise to run relays—including professors, students, and IT teams—and generally value freedom of thought and expression. By running a Tor relay, universities can directly promote themselves as defenders of intellectual freedom and vanguards against censorship.
    • To learn more about the Tor University Challenge: https://toruniversity.eff.org/
    • To learn more about Tor: https://www.torproject.org/
  • OpenZFS 2.2 is nearly here, and ZFSBootMenu 2.2 already is Bill
    • from The Register
    • The next minor version of OpenZFS is nearly ready, and ZFSBootMenu makes it easy to boot Linux from it, via a clever workaround.
    • The advanced OpenZFS filesystem is getting close to its next release, version 2.2, with release candidate 3 (around this time last year, OpenZFS 2.1 got to rc8, so it might be a little while yet). Version 2.2 will improve support for Linux containers, with support for overlay filesystems (sometimes also called union filesystems), support for Linux 6.3 IDmapped mounts (which are explained in this talk), and delegation of dataset namespaces to containers.
    • Block cloning should improve the efficiency of marking identical blocks as shared by different files, or even parts of the same file. The new BLAKE3 algorithm can be used to generate ZFS checksums, which is also used in the new CdC Veilid P2P tool we recently covered, and management of the disk cache has been improved.
    • This is all good stuff, and it should work with Linux kernels from 2013’s version 3.10 right up to 6.4, and 2020’s FreeBSD 12.2 onward. ZFS remains more or less the state of the art in open source filesystem design. Both SUSE and Oracle remain enthusiastic about Btrfs, but Red Hat isn’t. Meanwhile, the new bcachefs still might not yet make it into kernel 6.5.
    • The big snag with ZFS, though, is that it isn’t part of the Linux kernel, and it won’t be any time soon. It’s easy enough to add it on. There is the userspace version, ZFS-FUSE, and Ubuntu, for instance, includes the modules for kernel support as standard. Canonical seems to be backing away from integrating ZFS support, though. Ubuntu’s ZSys module to integrate ZFS handling into the operating system has seen little maintenance in the last couple of years, and some users now recommend avoiding it.
    • All is not lost. The teams behind a handful of Linux distros are actively working on full, native ZFS support. Notably, NixOS has first-class support, and the Void Linux team are working on it, although it still requires some extra manual work at this point. The Proxmox hypervisor and container host also supports it. As with everything on Arch Linux, with some manual steps, it’s also possible on Arch and its derivatives.
    • A core issue is that GRUB has only very limited support for ZFS – Sun released just enough ZFS code under GPL 2 to enable GRUB to boot OpenSolaris, as LWN described back in 2010.
    • Usefully, there’s a totally separate, cross-distro way to keep the root filesystem of a Linux system on ZFS, and boot from it: ZFSBootMenu. This supports multiple distros, including Alpine, Debian, Ubuntu, Fedora, and openSUSE (although currently only Leap 15.4). There are additional scripts available to help you install the distro of your choice onto a ZFS pool, such as for Ubuntu Server. For it to work with most distros, the installation instructions require that your computer boots via UEFI, although installation on MBR using SYSLINUX to boot is possible, and it’s documented for Void Linux.
    • The way that ZFSBootMenu works is clever. In effect, it’s a tiny Linux distro, which boots other distros. From its own description:
    • ZFSBootMenu is a small, self-contained Linux system that knows how to find other Linux kernels and initramfs images within ZFS filesystems. When a suitable kernel and initramfs are identified (either through an automatic process or direct user selection), ZFSBootMenu launches that kernel using the kexec command.
    • This means that, like on FreeBSD, ZFSBootMenu can see inside ZFS snapshots, and present a menu of different bootable environments. For instance, you could roll back to an earlier version of your OS, if a bad update has stopped something working.
    • It would be great news if Canonical adopted ZFSBootMenu and moved forward with ZFS support as the legal issues to seem to be surmountable – but in the meantime, if you’re willing to do a little bit of well-documented manual work, thanks to this nifty little tool, it is possible to install most distros onto what Sun called [PDF] “the last word in filesystems.”
  • Devuan GNU+Linux 5 Is Here for Software Freedom Lovers Based on Debian 12
    • The Devuan developers announced the release of Devuan GNU+Linux 5.0 “Daedalus” distribution as a 100% derivative of the Debian GNU/Linux operating system without systemd and related components.
    • Based on the latest Debian GNU/Linux 12 “Bookworm” operating system series, Devuan GNU+Linux 5 is powered by the long-term supported Linux 6.1 LTS kernel series.
    • New features in this release include the use of the libseat1 library for rootless startx and access to input and video devices, which removes the DBus dependency from xserver-xorg-core, and the enablement of a true Wayland desktop without elogind.
      • “Users can now enjoy a Wayland desktop without elogind by installing libpam-ck-connector, Sway, and seatd,” said the devs in the release notes.
    • The devs also note the fact that libseat1 can use either seatd or elogind as a backend, which can be set manually using the LIBSEAT_BACKEND environment variable. seatd users are reminded to ensure their user is a member of the ‘video’ group.
    • Even if it doesn’t ship with the systemd init by default, the Devuan GNU+Linux 5.0 “Daedalus” installation media provides users with the choice of installing non-free firmware packages during installation if they’re needed for their hardware, allowing for full compatibility.
    • True software freedom lovers can avoid the loading of non-free firmware imposed by the automatic installation by choosing the “Expert install” option in the installation menu.
    • Devuan GNU+Linux 5.0 “Daedalus” is available for download as installation, live, netboot, and Docker images right now from the official website. If you just want the live ISO, which features the latest Xfce 4.18 desktop environment by default, you can click on the direct download link below.
    • Existing Devuan GNU+Linux 4 “Chimaera” users can upgrade their installations directly using the instructions provided by the developers here. It is also possible to upgrade from Debian Bookworm to Devuan Daedalus.

— Play Security Transition Bumper —

Security and Privacy

10 minutes

  • New SkidMap Linux Malware Variant Targeting Vulnerable Redis Servers
    • from The Hacker News
    • Vulnerable Redis services have been targeted by a “new, improved, dangerous” variant of a malware called SkidMap that’s engineered to target a wide range of Linux distributions.
    • “The malicious nature of this malware is to adapt to the system on which it is executed,” Trustwave security researcher Radoslaw Zdonczyk said in an analysis published last week.
    • Some of the Linux distribution SkidMap sets its eyes on include Alibaba, Anolis, openEuler, EulerOS, Stream, CentOS, RedHat, and Rocky.
    • SkidMap was first disclosed by Trend Micro in September 2019 as a cryptocurrency mining botnet with capabilities to load malicious kernel modules that can obfuscate its activities as well as monitor the miner process.
    • The operators of the malware have also been found camouflaging their backup command-and-control (C2) IP address on the Bitcoin blockchain, evocative of another botnet malware known as Glupteba.
    • “The technique of fetching real-time data from a decentralized and essentially uncensorable data source to generate a C2 IP address makes the infection difficult to take down and makes pivoting the C2 IP address simple and fast,” Akamai noted in February 2021.
    • The latest attack chain documented by Trustwave involves breaching poorly secured Redis server instances to deploy a dropper shell script that’s designed to distribute an ELF binary that masquerades as a GIF image file.
    • The binary then proceeds to add SSH keys to the “/root/.ssh/authoried_keys” file, disable SELinux, establish a reverse shell that pings an actor-controlled server every 60 minutes, and ultimately download an appropriate package (named gold, stream, or euler) based on the Linux distribution and the kernel used.
    • The package, for its part, comes with several shell scripts to install the kernel modules and take steps to cover up the tracks by purging logs, and launch a botnet component capable of retrieving additional rootkit payloads: mcpuinfo.ko, to hide the miner process, and kmeminfo.ko, to analyze, modify, or drop network packets.
    • Also downloaded is the miner binary itself, although in some variants, a “built-in miner from an extracted ‘GIF’ binary file” is used.
    • “The level of advancement of this malware is really high, and detecting it, especially in larger server infrastructures, can be very hard,” Zdonczyk said. “When testing it on home computers, the only serious indicator that something was wrong was the excessive operation of fans, and in the case of laptops, the temperature of the case.”
  • Downfall
    • from 9 to 5 Linux
    • Debian 11 “Bullseye” and 12 “Bookworm” have been patched with updated kernel and intel-microcode packages effective August 12.

— Play Wanderings Transition Bumper —

Bi-Weekly Wanderings

30 minutes (~5-8 mins each)

  • Moss Will Not Be Here Today
  • Bill
    • These last two weeks have been a continuation of the crazy busy running I’ve come to expect this summer. The kids have been back in school, and that has brought on more challenges than I’d like to deal with. Indiana is as many would be aware a conservative state. Which means most people say they care about education until it comes time to pay for it. Sadly, there is an increasing number of people who believe public schools have become nothing more than an institution for indoctrinating liberal values, which is not the case. As a result of this belief, conservative politicians have turned public education into a platform, and declared ware on our schools. Our schools have been de-funded to the point where they are nearly unable to function. One of the first things we’re noticing is the transportation. On average, bus drivers have to run two routes – meaning students (my middle boy being one of them) may have to wait an hour after school to get a ride home because of the lack of necessary transportation resources. I blame this on a combination of dwindling resources, and the overall driver shortage which affects every bit of the transportation industry. We see this trend repeating it’s self all over the country – especially in regions with “conservative” constituencies. It’s an awful thing given that if I could afford it, I’d take my children out of public school in favor of the local private schools which are performing well, and by all accounts are not suffering the same problems with regards to funding and transportation. The problem is that if I was to take my kids out of the public schools, I’m in some small way perpetuating the problem by removing yet more funding from the schools. I am not exaggerating when I say I struggle to get people around here to care beyond when it causes inconvenience in their lives. When it comes to education all anyone wants to talk about is the perception of liberal indoctrination. It’s maddening how people will hold on to their miss-guided opinions even when their beliefs are debunked.
    • Well I had my “every six month” check up with the doctor this past week, where after a blood test, it’s revealed the medication I’m on for cholesterol is not working. My Triglycerides, as well as overall cholesterol is sky high. My A1c is also well above comfort levels, and has gotten iteratively worse over the last 5 years. I’m not sure what my doctor is going to do since I went and had the lab work done after my appointment with her, but I’m sure I’ll get a phone call monday – tomorrow as we record this. I have a friend who is going through a similar struggle. His doctor prescribed Ozempic, which is likely what my doctor will do as well, though I wouldn’t want to speculate too much.
    • So the only thing I’ve done tech-wise this last week is to add Redis object cache servers to all the websites which I administer, including mintcast.org, and the Nextcloud instance we use for our cloud storage and document collaboration. Redis is a caching server that organizes data more efficiently, and runs much of it’s caching in memory so as to increase performance and lower latency by taking much of the work load off the database it’s self. Users should notice some performance benefit such as faster page loads and such. Since my sys-admin skills are self-taught, I’m learning these things as I go. I was excited to learn how to get these things up and running.
  • Majid
    • So I have been exploring the cloud and networks during these past two weeks, and in part it has led to us deciding the innards to be on this subject.
    • Like many people I have a variety of cloud services that I use. This started of really as document and photo backup. However as time has gone on, and I have progressed in my career, I found that having constant access to my files was really useful, to the extent that I’m not sure I could work (or play) without those conveniences. I try and compartmentalize everything. I have a grandfathered OneDrive account which I use for photo backup. I have a Google Drive for my islamic stuff. Again I had some old promotional offers (100Gb when buying a chromebook for example) which meant I kept it. Photo backup didn’t used to use your allowance, but now it has, which annoyed me, and was the first time Nextcloud came to my mind (more on that later). For work, I started off with dropbox, but after they put their 3 device limit on their free plan, I was out. I ended up on MEGA due to their generous free storage, and I liked the fact that it was zero-knowledge encrypted so no on could see my files. I had planned that this would be temporary, but its now been about 9 years! Part of that is because the apps it has work fantastically on all OSs. Linux, Android, Windows, even iOS and MacOS. However concerns over privacy, and the fact I’m hitting their 20Gb limit (was initially 50GB) meant I started looking elsewhere. Nextcloud was suggested to me, and I read a bit about it, but didn’t feel confident with the setup. So I started onto exploring others. I could just pay for one of the big ones, but dropbox was too expensive for what the space they offer. Drive and OneDrive don’t play well with linux. (I know about GNOME accounts btw). None of these are zero-knwoledge or encrypted. Looked at Nextcloud again, see the Innards for that story!
    • So then started a loooking round the internet
      • Proton Drive
      • pCloud
      • iDrive
      • Sync
      • Internxt
      • Icedrive
      • Filen
    • So currently I’m on Filen. Lets see how it goes
    • So life outside tech has been the usual. Busy, strikes, doing a lot of teaching for the new set of doctors we have had
    • My interview on the “Scholar & Student Podcast” is now live on YouTube. Its a bit religion heavy to be honest, but theres a whole bit about heavy metal and gaming if you are interested!
    • I feel I have to rant a bit about the Lucy Letby Murders in the UK. I cant believe how negligent the hospital management were and babies were harmed. I feel that whilst there are many failures, I feel that privilege played a part, and I feel strongly that if she had been a man, or person of colour, action wouldve been taken much earlier. To the extent that they amangement should be done for corporate manslaughter. At first I thought it was just me and maybe my own biases. But even the head of the Royal College of Nursing said the same in a statement to the press when it comes to the race question. Also families of the victims have asked for inquiries into corporate manslaughter. It makes me angry as I’ve seen good clinicians punished for much less, for being whistleblowers, for going the extra-mile, whilst a literal murderer (the worst child-killer in recent UK history) was treated “as a victim”.

— Play Innards Transition Bumper —

Linux Innards

30 minutes (~5-8 minutes each)

  • In this episode, we’ll be discussing some options for cloud storage; which ones work best with Linux and which ones you should be apprehensive about. We’ll also attempt to explain how to set up a Nextcloud server for your private use; we’ll go over the basic networking stuff, as well as how to get a domain for free (if you don’t already have one) and access your Nextcloud instance from the outside internet.
  • When it comes to cloud storage we have a few options with varying levels of support for Linux. Some of these options only have third party software options, some have full support and others can only be added to the desktop through “online accounts” integration with the desktop environments. Some of the options include:
    • Google Drive
      • Technically the best option in terms of available free storage, and efficiency, though lacking in full Linux support.
      • No official Linux client, though 3rd party options exist with varying levels of efficacy.
      • Debatable privacy practices; no built in data encryption. Though there is nothing stopping you from encrypting data and uploading it after.
    • Microsoft One Drive
      • No official Linux client though there is a descent command line client which syncs to your home directory
      • less free storage than Google Drive
    • Dropbox
      • official desktop client
      • very low free storage and limits on file-size transfers.
      • Good performance reputation
    • Box.com
      • no official client
      • no third party client
      • WebDAV support was ended this past April
      • FTP service only for enterprise customers
    • MEGAsync
      • excellent desktop client
      • excellent storage limits
      • some debate about privacy
  • For those of us who desire to be in control of the entire cloud stack Nextcloud is the obvious solution. There is some learning involved though. Lets briefly go over the steps for one method of installing Nextcloud on a Linux based computer such as a raspberry pi. For the sake of this discussion we’ll use the Docker all-in-one image provided by the Nextcloud project. It’s worth noting a little learning about how Docker works would help with understanding some of these steps. To install Nextcloud on bare metal, Jay Lacroix does an excellent tutorial on his site: learnlinux.tv.
  • For the sake of this discussion, we’ll assume you do not have a domain name of your own, but you do want to access your Nextcloud from the outside internet. To accomplish this you’ll have to utilize three things:
    • Dynamic DNS
    • NGiNX Reverse Proxy Manager (Docker Image)
    • Port Forwarding
  • Once these things are acomplished, it’s just a matter of connecting the clients to the appropriate domain name.
  • We will now cover a method Majid is working on which involves using Nextcloud Pi. On a Raspberry pi. Nextcloud Pi is a purpose built distribution which essentially converts a pi into a Nextcloud appliance.

— Play Vibrations Transition Bumper —

Vibrations from the Ether

20 minutes (~5 minutes each)

— Play Check This Transition Bumper —

Check This Out

10 minutes

IBM introduced its Personal Computer (PC) also known as the IBM Model 5150, lending legitimacy to microprocessor-based computers. IBM’s first PC ran with a 4.77 MHz Intel 8088 microprocessor and used Microsoft’s MS-DOS operating system (but actually branded as PC-DOS). In 1983, Compaq Computer Corp. released the first clone of the IBM PC, a machine embodying an identical copy of the PC architecture — which IBM had made publicly available — and beginning the gradual decline of IBM’s share of the personal computer market.

The PC architecture, based on Intel’s x86 microprocessor family, continues to dominate desktop computing with over 85% of PCs using an x86-based CPU.

Up until this point in time the term “Personal Computer” was not in use. Instead, they were generally called “home” or “micro” computers. PC does not usually include Apple Mac computers either. Until the beginning of 2006, Macs used first Motorola 68K CPUs, and later PowerPC ones, so their architecture was radically different back then. In 2006, they began transitioning to Intel CPUs, but earlier this year they completed another transition, this time to their own Apple Silicon.

  • On August 20, 1995 the NY Times published an article on the “Need to Preserve Obsolete Hardware and Software”

The New York Times‘ George Johnson reminisced about obsolete computer hardware and software in a column titled, “Let’s Boot Up the Trash-80 and Play Some Oldies.” Written just before the release of Microsoft’s Windows 95 operating system, the article bemoaned the lack of a home – virtual or otherwise – for computer antiques. The fate of Windows 3.1 was obvious: “In digital bonfires across the country, millions of copies of the old software will be wiped from hard disks to make way for the new. One by one, all those carefully crafted bits — the 1’s and 0’s that form the gears and pulleys of Microsoft’s contraption — will disappear in infinitesimal puffs of heat.”

Software, however, is preserved by many individual collectors and computer enthusiasts and by The Computer History Museum.

  • Check out the Computer History Museum if you want to know more about the history of early computers, and the people behind them. It’s in Mountain View, CA.

Housekeeping & Announcements

  • Thank you for listening to this episode of mintCast!
  • If you see something that you’d like to hear about, tell us!

Send us email at [email protected]

Join us live on Youtube

Post at the mintCast subreddit

Chat with us on Telegram and Discord,

Or post directly at https://mintcast.org


Before we leave, we want to make sure to acknowledge some of the people who make mintCast possible:

  • Someone for our audio editing
  • Archive.org for hosting our audio files
  • Hobstar for our logo, initrd for the animated Discord logo
  • Londoner for our time syncs and various other contributions
  • Bill Houser for hosting the server which runs our website, website maintenance, and the NextCloud server on which we host our show notes and raw audio
  • The Linux Mint development team for the fine distro we love to talk about <Thanks, Clem … and co!>

— Play Closing Music and Standard Outro —

Linux Mint

The distribution that spawned a podcast. Support us by supporting them. Donate here.


We currently host our podcast at archive.org. Support us by supporting them. Donate here.


They’ve made post-production of our podcast possible. Support us by supporting them. Contribute here.

mintCast on the Web

This work is licensed under CC BY-SA 4.0

This Website Is Hosted On:

Thank You for Visiting