Episode 439 Show Notes

Welcome to mintCast

the Podcast by the Linux Mint Community for All Users of Linux

This is Episode 439!

This is Episode 439.5!

Recorded on Sunday, June 9, 2024

No promises, I’m Bill; back from Baltimore, I’m Moss; and already tired of the heat, I’m Eric

— Play Standard Intro —

  • Please remember if you want to follow along with our discussions, the full show notes for this episode are available on our website at https://mintcast.org/show-notes/
  • As always, show notes are linked in the show description.
  • First up in the news: Mint Monthly News, Another US state repeals law that protected ISPs from municipal competition, Internet Archive Hit With DDoS Attacks, ProtonPass is released for MacOS and Linux, and new features in VLC;
  • In security and privacy: Linux Exploit found by US Federal agency;
  • Then in our Wanderings: Bill distrohops, Moss has returned from his musical excursion, and Eric deals with multiple security issues.
  • In our Innards section: Linux Pain Points
  • And finally, the feedback and a couple of suggestions

— Play News Transition Bumper —

The News

20 minutes

  • Linux Mint Monthly News
    • from Linux Mint blog
    • Package repositories
      • Work continues on the repositories.
      • We’re now using Datadog to monitor the bandwidth, connections and response time during high load.
      • This allows us to understand the nature and length of the bottlenecks better. It also provides us with long-term volume stats which are important when we look at pricing with Fastly and cloud solutions.
    • Software Manager
      • The mintinstall Software Manager received some welcome changes.
      • It loads faster than before and the main window appears instantly.
      • Unverified Flatpaks are disabled by default.
      • A warning explains the security risks associated with them in the newly added preferences window.
      • When enabled, these Flatpaks are clearly marked as unverified.
      • Note that unverified Flatpaks also do not feature any reviews and do not have a score.
    • Matrix
      • We’ve been using Matrix for more than a month now and we’re really happy with it.
      • The integration in the upcoming Linux Mint 22 is fully ready.
      • There are more than 600 members in the Linux Mint space already, and more than 2400 in the main channel.
      • Other than providing support to users the Matrix channels also allowed us to communicate with other projects and to form a team of artists who focus on the Linux Mint artwork.
    • GTK, libAdwaita, Adwaita, Xapp
      • The concerns voiced last month about GTK, Adwaita and libAdwaita were heard.
      • They were heard by many projects, including upstream apps, desktop environments and distributions.
      • They led to many discussions with a huge number of developers involved.
      • I (Clem) want(s) to stress the fact that some of these discussions involve GNOME developers and are very constructive.
      • Although no big decisions or solutions emerged yet there is a general consensus on the issues of cross-DE compatibility and independence from the GNOME project. There’s also consensus on the idea of working together on common technologies.
  • Another US state repeals law that protected ISPs from municipal competition
  • From ArsTechnica
  • Minnesota this week eliminated two laws that made it harder for cities and towns to build their own broadband networks. The state-imposed restrictions were repealed in an omnibus commerce policy bill signed on Tuesday by Gov. Tim Walz, a Democrat.
  • Minnesota was previously one of about 20 states that imposed significant restrictions on municipal broadband. The number can differ depending on who’s counting because of disagreements over what counts as a significant restriction. But the list has gotten smaller in recent years because states including Arkansas, Colorado, and Washington repealed laws that hindered municipal broadband.
  • The Minnesota bill enacted this week struck down a requirement that municipal telecommunications networks be approved in an election with 65 percent of the vote. The law is over a century old, the Institute for Local Self-Reliance’s Community Broadband Network Initiative wrote yesterday.
  • “Though intended to regulate telephone service, the way the law had been interpreted after the invention of the Internet was to lump broadband in with telephone service thereby imposing that super-majority threshold to the building of broadband networks,” the broadband advocacy group said.
  • The Minnesota omnibus bill also changed a law that let municipalities build broadband networks, but only if no private providers offer service or will offer service “in the reasonably foreseeable future.” That restriction had been in effect since at least the year 2000.
  • The caveat that prevented municipalities from competing against private providers was eliminated from the law when this week’s omnibus bill was passed. As a result, the law now lets cities and towns “improve, construct, extend, and maintain facilities for Internet access and other communications purposes” even if private ISPs already offer service.
  • The omnibus bill also added language intended to keep government-operated and private networks on a level playing field. The new language says cities and towns may “not discriminate in favor of the municipality’s own communications facilities by granting the municipality more favorable or less burdensome terms and conditions than a nonmunicipal service provider” with respect to the use of public rights-of-way, publicly owned equipment, and permitting fees.
  • Additional new language requires “separation between the municipality’s role as a regulator… and the municipality’s role as a competitive provider of services,” and forbids the sharing of “inside information” between the local government’s regulatory and service-provider divisions.
  • With Minnesota having repealed its anti-municipal broadband laws, the Institute for Local Self-Reliance says that 16 states still restrict the building of municipal networks.
  • The Minnesota change “is a significant win for the people of Minnesota and highlights a positive trend—states are dropping misguided barriers to deploying public broadband as examples of successful community-owned networks proliferate across the country,” said Gigi Sohn, executive director of the American Association for Public Broadband (AAPB), which represents community-owned broadband networks and co-ops.
  • There are about 650 public broadband networks in the US, Sohn said. “While 16 states still restrict these networks in various ways, we’re confident this number will continue to decrease as more communities demand the freedom to choose the network that best serves their residents,” she said.
  • State laws restricting municipal broadband have been passed for the benefit of private ISPs. Although cities and towns generally only build networks when private ISPs haven’t fully met their communities’ needs, those attempts to build municipal networks often face opposition from private ISPs and “dark money” groups that don’t reveal their donors.
  • Internet Archive Hit With DDoS Attacks – Moss
    • from PC Magazine
    • The California-based nonprofit that archives books and webpages online experiences distributed denial-of-service attacks, making it difficult for users to access the site.
    • The Internet Archive is reportedly facing ongoing distributed denial-of-service (DDoS) attacks. The attacks began over the Memorial Day long weekend, according to the California-based nonprofit and several users who said they were unable to access the digital archive site for several hours on Monday.
    • “Archive.org is under a DDoS attack,” the nonprofit’s X account wrote Monday morning. “The data is not affected, but most services are unavailable.”
    • A few hours later, the nonprofit added that there was some “back and forth with the attackers.” The organization said it made some changes to its service, but has not yet shared further details on the identity of the attackers or any possible reason for the attack. PCMag has reached out to Internet Archive for comment.
    • After Internet Archive shared that its services were back up and running Monday afternoon, multiple X users claimed the site still wasn’t working for them. On Tuesday morning, the nonprofit confirmed that the DDoS attacks had resumed.
    • The archive site also reported network traffic issues on Sunday. Internet Archive founder and board chair Brewster Kahle said the issues on Sunday could have been due to an “over-aggressive crawling group” or a DDoS attack, adding that the site tends to face more technical issues on weekends.
    • While other digital archive sites exist, many have domain extensions based outside of the US. Internet Archive was founded in San Francisco, California in 1996. Kahle has advocated for “universal access to all knowledge” via books, websites, and other types of media for decades.
    • In addition to cyberattacks, the archival group has also faced a number of lawsuits in recent years. Major US book publishers sued the nonprofit in 2020 over Internet Archive’s digital book lending program, alleging copyright infringement. Last year, a judge ruled that the program violated the publishers’ copyrights. The nonprofit has continued to argue that “controlled digital lending” constitutes fair use, however.
  • Proton Pass brings secure and private password management to all devices
    • from Proton Blog
    • Proton Pass macOS app and the Proton Pass Linux app were announced on June 6th. One of the most popular requests from the Proton community was a standalone desktop app, which is now available on every major platform — Windows, macOS, Linux, Android, iOS and iPadOS, and Chrome OS (via our Android app).
    • As a companion to the Proton Pass macOS app, we’re also pleased to announce the standalone native Safari browser extension. This extension offers enhanced convenience and security for everyone that uses macOS’s default browser. Unlike Safari’s default password manager, Proton Pass allows you to sync your logins across multiple different browsers and devices, ensuring consistent access across all platforms.
    • The Linux version of Proton Pass supports all Debian and RedHat-based distributions, including Ubuntu, Debian, Fedora, and CentOS. All Proton Pass apps and browser extensions are available to everyone, and you can use our apps in offline mode with a paid plan.
    • More information can be found at the link in the Show Notes.
  • VLC Adds AMD VQ Enhancer Filter, Improved Opus Ambisonic + More – Moss
    • from OMGUbuntu
    • A new version of VLC, the perennially popular open-source media player, is out with an assortment of improvements and new features.
    • VLC 3.0.21 is the first maintenance release to be issued year, following on from last autumn’s 3.0.20 release. Maintenance and support for the VLC 3.0.x series continues alongside efforts on the next major milestone, VLC 4.0.
    • A testament to its enduring versatility even in the age of streaming age was recent news that VLC passed a major milestone: 5 BILLION downloads. Announcing that, VideoLAN, the team who make the app, also shared exciting plans for the future of the app.
    • But before the future comes the present…
    • Many use VLC regularly to watch BluRay discs on my laptop; the VLC changelog says this update adds support for Super Resolution scaling on AMD GPUs.
    • VLC already supports Intel’s version and added NVIDIA RTX super resolution support last year. Adding the AMD equivalent is welcome – though not a surprise: it was announced at CES 2024.
    • Sticking with AMD and NVIDIA, VLC 3.0.21 adds a new AMD VQ Enhancer video filter (using AMF, looks to require a D3D11-compatible GPU), and, relatedly, a D3D11 option to ‘use NVIDIA TrueHDR to generate HDR from SDR sources’.
    • Elsewhere, VLC say Opus ambisonic support is improved in this update (which might be the ‘support third order ambisonic with family 2 mapping’ merge), as is Opus in MP4, and VAAPI hardware decoding with certain drivers, including the r600 Mesa.
    • VLC 3.0.21 now supports HTTP content range handling per RFC 9110, and resolves HLS Adaptive Streaming not working in audio-only mode.
    • Beyond that, there are a lot of fixes including a fair few for macOS, including better rendering of Asian-language subtitles, and a bunch of general bug balms and security patches. Library bumps see FFmpeg 4.4.4, dac1d 1.4.2, and libvpx 1.14.1 included.
    • How to Upgrade to VLC 3.0.21
      • VLC 3.0.21 is free, open-source software. Windows and macOS installers will be added to the VLC download page in the next few days, and be available as an in-app update on those platforms.
      • New versions of VLC aren’t generally back-ported/added to the Ubuntu repos. Thus, if you want this update — if none of the fixes and features are things you’d use don’t feel pressured to chase it down — you will need to get it elsewhere.
      • But you’ve plenty of options.
      • Ubuntu users can download source code of VLC 3.0.21 from the VideoLAN website, or wait for this update to be packaged up and rolled out via Flathub (unverified), the Canonical Snap Store (official), or fetch it from some other avenue.

— Play Security Transition Bumper —

Security and Privacy

10 minutes

  • Federal agency warns critical Linux vulnerability being actively exploited
    • from Ars Technica
    • The US Cybersecurity and Infrastructure Security Agency has added a critical security bug in Linux to its list of vulnerabilities known to be actively exploited in the wild.
    • The vulnerability, tracked as CVE-2024-1086 and carrying a severity rating of 7.8 out of a possible 10, allows people who have already gained a foothold inside an affected system to escalate their system privileges. It’s the result of a use-after-free error, a class of vulnerability that occurs in software written in the C and C++ languages when a process continues to access a memory location after it has been freed or deallocated. Use-after-free vulnerabilities can result in remote code or privilege escalation.
    • The vulnerability, which affects Linux kernel versions 5.14 through 6.6, resides in the NF_tables, a kernel component enabling the Netfilter, which in turn facilitates a variety of network operations, including packet filtering, network address [and port] translation (NA[P]T), packet logging, userspace packet queueing, and other packet mangling. It was patched in January, but as the CISA advisory indicates, some production systems have yet to install it. At the time this Ars post went live, there were no known details about the active exploitation.
    • A deep-dive write-up of the vulnerability reveals that these exploits provide “a very powerful double-free primitive when the correct code paths are hit.” Double-free vulnerabilities are a subclass of use-after-free errors that occur when the free() function for freeing memory is called more than once for the same location. The write-up lists multiple ways to exploit the vulnerability, along with code for doing so.
    • The double-free error is the result of a failure to achieve input sanitization in netfilter verdicts when nf_tables and unprivileged user namespaces are enabled. Some of the most effective exploitation techniques allow for arbitrary code execution in the kernel and can be fashioned to drop a universal root shell.
    • CISA has given federal agencies under its authority until June 20 to issue a patch. The agency is urging all organizations that have yet to apply an update to do so as soon as possible.

— Play Wanderings Transition Bumper —

Bi-Weekly Wanderings

30 minutes (~5-8 mins each)

  • Bill
    • So this week found me on another trip to Houston. I loaded out of New Haven, Indiana monday morning, and headed to Houston for a Wednesday morning delivery. I reloaded there, and delivered Friday morning in Kenton, Ohio. A nearly 3000 mile week. This comming week will be similar as I’m supposed to run up to Detroid and back, then switch trailers for one that will be pre-loaded for Columbus Mississippi.
    • Yesterday I decided to distro-hop this production device I’m on right now to Ubuntu proper. Last week I switched from Linux Mint 21.3 to Ubuntu Cinnamon 24.04 temporarily so as to get the newer 6.8 Kernel. This is because starting with 6.7, support for the Focusrite Scarlett is in-kernel. The newest kernel currently available in Mint is 6.5. Getting support for that kernel is possible by manually installing the module from Git Hub. The more I use Ubuntu, the more I wish I just put up with the re-install process. This may be one of those things where the solution for the problem creates more problems than existed before. I’m not on Ubuntu proper, which as we’re all aware, runs on Gnome. While the desktop team have added a lot to improve the overall experience of the desktop. I am finding it a little hard to adapt to, and impossible to adapt my work-flow to. The only changes I made was to disable the “Ubuntu-dock” that sits on the left side of the screen which effectively just gives you back the stock Gnome experience with Ubuntu’s session on top of it. I replaced the dock with the “dash-to-dock” extension, witch works well for the most part. I added flatpak, and replaced the Firefox snap with the Mozilla-built binary. I get a lot of use out of the Linux Mint Webapp-Manager, which is not available in the Debian repos, nor is it a Flatpak. The only way to install it on Ubuntu is to get the .deb file from Git-Hub. Although I’m glad they’ve gone through the considerable trouble of creating a .deb, it’s unfortunate there’s no Flatpak, or better still – in the default Debian repos. So after adding all the stuff I want, I get crashes and error reporting prompts left and right. Man oh man, I can’t wait for the Mint 22 betas.
    • The family and I started watching the new Star Wars show “ The Acolyte” this weekend. I’m not put off by the show, but it does seem to be a bit juvenile, almost to the point of campy. This is going to sound a bit bad, but it kinda feels like what a Star Wars show would be like if CW was in charge of it. Ya Dig? Anyway, we won’t give up on it, and will report back in the future. Currently there are two episodes available on Disney+.
  • Moss
    • I made it back from my trip to Baltimore. And all I’ve been doing since is sleeping. Old people should not be driving over 1,000 miles in a week. At least I don’t have school to teach until August, so I have time to recover. My concert wound up being a full hour on Saturday, so I got to do 11 songs. It was well-received, although the turnout was a lot smaller than I was expecting. The convention may have had over 6,000 attendees, but I’m guessing no more than 80 of those were involved in the filk channel. There were a number of attendees “virtual”, but one never knew how many. I asked early in my concert, and was told there were 6, but I didn’t follow up. I got some very nice feedback on my songs. Everything in Baltimore is expensive, you’d think we were in D.C. The fast food was higher, and the restaurants were WAY higher, some being $100 per person or above. So glad to be back home in Tennessee.
    • I had my first official podcast on Hacker Public Radio last week. My host number is 421, and the podcast is HPR4126, Podcasting for Newbies. Ken thought I was an old-timer HPR type, which is partially true as our first episode of Distrohoppers’ Digest went out as an HPR episode, but we were running on Tony’s hostID then. Also, old-timers here know that we were using the HPR Mumble Room back when Joe and I came on the team, so Ken must have gotten used to seeing me around. I did make one mistake on my podcast – I’ve been working with Full Circle for so long that, when I meant to say Ken, I said Ronnie. If any of you want to talk about anything, or want to expand your sphere of influence, Ken is always in need of podcasts. All it takes is a computer with a microphone and Audacity. Heck, some of the podcasts I’ve heard there are recorded on cellphones.
    • I got a new Venter USB hub with each pot being switchable (on/off). I probably won’t be able to get more stuph for a year or so. I’ve hardly been using my PineTab 2, so I guess it’s not time for new stuph anyhow.
  • Eric
    • It felt like I either experienced things related to or talked a lot about security over the past few weeks.

      I had a family member contact me after being notified by Windows Defender and then Experian that that their health provider experienced a data breach. Apparently, their email, name, and possibly date of birth was on the dark web. They are reasonalby tech savvy so she had already frozen her credit a while ago and has changed their passwords on important sites. They were concerned about an uptick in email spam on their, wait for it, Yahoo account. They keep blocking the senders but, of course, it’s a losing battle. In case you don’t know, Yahoo is terrible and couldn’t care less about spam. They gave trying up years ago and, I swear, it feels like they let spam through on purpose. I suggested that she should try using an email app like Thunderbird or even the default Windows or Mac clients. Any of them are likely to do a better job of flagging spam and it might end up being a better situation. I’m not sure if they will go for it or not. The final thing they asked was if there was any way to remove their data from the dark web. I had to inform them that once the data is out there, it’s out there for good.

      Another incident I experienced was a family member being contacted by a scammer pretending to be their bank. This happened while I was at their house. I noticed that they had received a call but didn’t know from whom. It was around 7 PM so I assumed it was an aquantance. After ten minutes or so, I went to check on them and noticed they were on the computer trying to log in to their banking website. My heart jumped as soon as I realized what was happening, you know, that kind of sick feeling you get. I asked if they had allowed someone to connect to their computer or if they had provided any credentials and they told me no. I think the person on the phone heard me because they hung up at that point. I gently explained what was happening and they thanked me for intervening. Yikes.

      The last one is an attempted scam on Facebook Marketplace. I posted an item and within minutes received a notification that someone was interested. I started chatting with them and asked if they were local and they said yes. Then they asked if they could use Venmo and I said no, I preferred cash. I asked when they wanted to come to pick up the item and they said today. And then they asked if they could call or text me and asked that I please give them my cell phone number. That set of my Spidey senses and I immediately checked their profile. I should have done it to start but shoulda woulda. There was a picture of a couple being wed and a picture of a different woman as the profile picture and then nothing else. No location, friends, posts, nada. I checked online to see what kind of scams people pull with just your phone number and apparently there are all kinds of things they can do to hijack your number. Are we having fun yet? I reported the user’s profile and blocked them. It just blows my mind that someone responded that quickly to just some random for sale post. They must have scraping tools that notify someone that a new post is up and to contact the seller. Hell, maybe it was an AI bot that I was chatting with. How many people do they get with this, I have to wonder.
    • One last thing. I have spent more time than I could have possibly wanted to on reviewing Bluefin Linux, which is a derivative of Fedora Silverblue, their Atomic i.e. Immutable i.e. Composable distro. I go into excrutiating detail on the upcoming DHD episode 53 but here’s a much more brief preview. Firstly, I could not get it to install. I tried multiple ISO files and even tried just plain Silverblue and all of them failed with an nondescript error code 1. After extensive searching, I finally found a bug report from 2018 that has numerou reports of this behavior. There is a workaround however this has not been fixed in six years. It was very disappointing to spend that much time fighting with Anaconda, one of my least favorite installers, only to discover that it is a long standing issue. I hate to be ungrateful but come on. So, once getting past this I realized that my WIFi adapter wasn’t work, a common problem 10 years or more ago, and one I hadn’t seen in probably that long, and certainly not with this system. I was able to fix it eventually but it took yet more extensive research to figure out. I couldn’t get all the apps to respect the dark theme and eventually gave up trying. I’m going to stop there because I think you get the point. The irony is that this is being positioned as the “set it and forget it” approach to managing a Linux desktop. Perhaps that might be true eventually but certainly not for me, at least for now. I actually appreciate what the devs are trying to do and it is an idea that shows promise but I think it will be a little longer before it becomes a turnkey solution.

— Play Innards Transition Bumper —

Linux Innards

30 minutes (~5-8 minutes each)

  • Linux Pain Points This week we’ll be discussing some of the pain points and pitfalls which The Linux Experiment touched on in a recent video where he polled his community for what they believed were issues regarding the use of Linux today. We’ll outline the questions, and give our take. Links to both the video and his YouTube channel are linked in the show notes as well as the show’s description.
    • The first thing he points out is that the number one problem people seem to be having is dealing with the difficulty around integrating between devices
      • discussion
    • Some people have trouble with hardware compatability.
      • discussion
    • The vast majority of people are no longer having difficulty “installing” Linux
      • discussion
    • 20% of the people polled have some trouble installing applications on Linux
      • discusssion
    • 36% of the people polled had a few hardware problems they couldn’t solve, while only 3% reported having hardware problems that actually made using Linux difficult. Not surprisingly, most of the people having problems identify themselves as “beginners.”
      • Discussion
    • Not surprisingly, GPU difficulties rank highlest in the list of specific hardware issues (34%), with wifi and bluetooth both at 17%. Audio periferals come in at 15%
      • Discussion
    • Software problems seem to still be a pain point with using Linux. Availability, and installation seem to be at the heart of this problem
      • Discussion
    • People still seem to be having Wake / sleep / suspend issues
      • Discussion
    • Gaming outside of Steam is still an issue
      • Discussion
    • Only 26% of the people polled said they could do everything they wanted with regard to productivity, while only 1% said they simply weren’t able to get things done with Linux. Again, beginners seem to have the most problems.
      • Discussion
    • The following list reflects the software pain points as reported by the survey:
      • 36% – Gaming
      • 20% – Office suites
      • 18% – Nothing
      • 16% – Graphic design
      • 15% – Video production
      • 13% – CAD
      • 13% – Other
      • 10% – Audio production
      • 9% – Video conferencing / teamwork / communitation
      • Discussion
    • Over all, most people find Linux stable though they acknowlege some issues here and there. Most people find Linux an enjoyable experience.
      • Discussion
    • Interestingly, 50% of the people polled said they had to use the terminal to effectively administer Linux, while 23% reported they didn’t have to use the terminal at all.
      • Discussion
    • 61% of those polled said they had to look up solutions to problems online, and were successful in fixing said problems, while 7% said they looked online, but weren’t able to find solutions.
      • Discussion
    • Of the people who reported interacting with the Linux community regarding problems, 29% said their interactions were friendly and useful while 1% reported a negative experience and were ultimately unable to fix the problem.
      • Discussion
      • <some final thoughts>

— Play Vibrations Transition Bumper —

Vibrations from the Ether

20 minutes (~5 minutes each)

— Play Check This Transition Bumper —

Check This Out

10 minutes

Housekeeping & Announcements

  • Thank you for listening to this episode of mintCast!
  • If you see something that you’d like to hear about, tell us!

Send us email at [email protected]

Join us live on Youtube

Post at the mintCast subreddit

Chat with us on Telegram and Discord,

Or post directly at https://mintcast.org

Wrap-up

Before we leave, we want to make sure to acknowledge some of the people who make mintCast possible:

  • Someone for our audio editing
  • Archive.org for hosting our audio files
  • Hobstar for our logo, initrd for the animated Discord logo
  • Londoner for our time syncs and various other contributions
  • Bill Houser for hosting the server which runs our website, website maintenance, and the NextCloud server on which we host our show notes and raw audio
  • The Linux Mint development team for the fine distro we love to talk about <Thanks, Clem … and co!>

— Play Closing Music and Standard Outro —

Linux Mint

The distribution that spawned a podcast. Support us by supporting them. Donate here.

Archive.org

We currently host our podcast at archive.org. Support us by supporting them. Donate here.

Audacity

They’ve made post-production of our podcast possible. Support us by supporting them. Contribute here.

Subscribe

MP3 Feed
Apple Podcasts
Google Podcasts
Spotify
Youtube

mintCast on the Web

Email
Twitter
Discord
Telegram
Reddit

This work is licensed under CC BY-SA 4.0

This Website Is Hosted On:

Thank You for Visiting