Level1 Linux Weekly 4: Project Glasswing, Grant's Linux Gaming, Siomon Updates

H seems another week has elapsed. You know what that means? It's time for a weekly Linux update news thing, whatever. And today's root beer is a stretcher 45 caliber calorie root beer. I don't spreader zutch. Spre's a dodge. No, no. All right, this thing is kind of taking shape. Maybe we'll do a little bit of news first, then I've got a special guest, and then this week in projects. I don't know. Let's get started. I think one of the headline things from the last week in news has to do with security and AI. There were um some reports from the FFmpeg. You know FFmpeg it powers basically everything to do with movies and codec decoding whether that's H. 264 265. FFmpeg powers everything. And there were credible reports from Anthropic and FFmpeg that Anthropic found some kind of severe kind of old security vulnerabilities in FFmpeg, but not just open uh not just FFmpeg. Uh OpenBSD, which is one of the most secure FreeBSD distributions and several other things. Now, Curl a few months ago made the news because they were inundated with SLOP AI reports about security. And if you look at those, those are terrible. They were very bad. And the AI reports to the curl team were unconscionably bad. Like if you did that, you should feel bad about your life choices. Fast forward a few months and Anthropic is getting ready to release a new model. And they haven't released the model yet. But either as part of the most weird stealth marketing campaign, or because they're legit onto something, they use the model to analyze open source software, foundational software, structural software that underpins a lot of our civilized society, including FFmpeg, but also the BSTs, Linux, and other things. And they notified maintainers of issues that they found. The issues that they found in FFmpeg were serious enough for the FFmpeg to take it seriously. And FFmpeg is they do not screw around. And those are some of the smartest developers that there are. There there's a there's an old meme where it's like there's a comment in some code and it says uh the following code looks incomprehensible and unmaintainable, but I promise you it's the best way to do this. The following number is a counter. Increment the counter with how many hours you spent trying to make it better before ultimately reverting. And it was some absurdly large number and everybody looks at that as meme and it's like a haha. And so it is a milestone if anthropics model has that level of comprehension and is able to find bugs and see bugs that people do not. Uh some of the other bugs 27 years old, 10 years old. Um and so these are bugs that have been here for a long time. This is great for twofold. One is the obvious. The second one I'll talk about a little bit more in a second, but the one the obvious one is a lot of these old bugs are going to get fixed if this is real. Now if I impeg they said, "Well, it looks like a human being wrote it, so not slop either, which is good. We may have crossed a milestone here in terms of AI analysis and hardening things in open source which is fantastic. This is also some people that are critical of uh Anthropic would say that you know because Anthropic is withholding this model until some of these kinds of issues are buttoned up because the model is too good. But I think if the model is this good and a bunch of people flock to it that it'll either cost too much or they don't have enough compute to actually get it done because at the end of the day it's just a piece of software. And I would be curious about the the geometry of that piece of software and its hardware requirements. So that's a whole other separate conversation. But I thought it was interesting enough to mention I'm a little skeptical, but maybe. Now the second thing is that there are a lot of um intentionally introduced weaknesses in our software that a lot of people are not aware of. I if you've been following my content or this channel for a long time, I always point at the uh the OPM, the Office of Personnel Management hack and scream. And in a nutshell, this whole the whole reason that hack happened, IMHO, is because we United States actors uh paid an encryption company to make an encryption algorithm that had some deliberate weaknesses introduced into the algorithm, the default algorithm. and some other state intelligence agencies noticed that and it's like we know what you have done and you know the US intelligence apparatus is probably saying well we know that you know what we've done what are you going to do about it and the OPM hack was what happened it is fantastic that we are going to have these kinds of things to

button up our own in insecurity like the loophole is closed on deliberately introduced weaknesses and I think that deliberately introduced weaknesses is why We have seen kind of a pattern over the last 5 or 10 years of uh mandatory IDs for doing anything online regardless of your age and uh mandatory email decryption proton mail forcing you know it's like well we need a back door to be able to do lawful surveillance we can't possibly let you uh tolerate end to-end encryption whereas had it been Apple and not proton mail I'm sure that Apple would have shut it down. Apple did shut it down with the UK. The UK tried to pass that and it turned into an international incident. uh Salt Typhoon is telecom access and so being able to do um you know with warrant back doors the companies have implemented that the most insecure and dumbest way possible which has been a boon for spies and folks that would seek to criminals really um that goes all the way back to like Kevin Mitnik in the 80s like Kevin Mitnick taking over the uh Las Vegas phone system like that is a really entertaining set of stories and I'm sure the people in the comments uh below will help you get caught up on that if you're not in on that. But the telecom industry did not learn its lesson. It has never learned its lesson since the 1970s. And so Salt Typhoon has taken advantage of that in telecom. It's like, oh, law enforcement needs access to this just like your encrypted iMessage and your encrypted this that and the other and also that you have to identify yourself when you go on go online. All of that is nonsense and makes no sense from a technical standpoint. If the encryption has any weakness, the weakness will be exploited by criminals because the technology can't tell the difference between a reasonable request and an unlawful or a criminal request. So this AI software may help us finally find and close those kinds of loopholes that have been introduced deliberately in our software demonstrably deliberately as in with the encryption thing the dual elliptic curve encryption and the OPM hack and lots of stuff you can search and it sounds like paranoia but it's happened repeatedly and with more or less documented proof. So that's exciting. I think that's exciting. The second aspect of that is that we will be able to harden that assuming that one that's not compromised and two that the open models are not far behind with their ability to do those kinds of things. So kind of exciting in a nutshell like that's what to unpack what's going on with like oh the security reports for open source software have turned into not slop. Feronx had a couple of things this week that were really interesting. The first thing from heronics is the updated stricks halo. Ubuntu 26. 04 4 promises significant performance uplift on Stricks Halo and Michael Arbul at Fonics has tested it. You should check that out. It looks pretty awesome. So, yay Stricks Halo. Can't wait for the Stricks Halo successor, probably Medusa Halo. It's going to be a lot of cores and a lot of fun graphics. Uh the second thing is the AMD ISP4 driver. This affects me particularly because the HPG1A laptop, it has an ISP camera and I'm constantly struggling with that still after having had it for months. So, there's a guide in the forum. You can get it up and running. Some kind souls have been contributing to that. Thank you, kind souls. HPG1A, ISP cameras, ISP cameras are great because they use less power and they can sleep and wake and you get into weird things like, oh, if you have secure boot off, the ISP camera stops working because HPG1A firmware, I don't know, there's BIOS updates that can come through firmware update manager, but be aware of that if you're using Stricks Halo in that context. Still a big fan of Stricks Halo. And you know who else recently made the transition to uh Linux full-time? Our editor. So, welcome our special guest. Oh, we got to get There you go. Come on. Got to get in here tight. There's all kinds of debris at our feet. I'm sorry. — Hey guys, how's it going? It's Grant. How y'all doing? — So, how is your like honestly like how is it going? — You know, I really like the desktop experience. It's really clean. It's really fast. — You're using KDE? — I am. Yeah, KDE. And um I'm just using Bazite, like stock bas. and I like it a lot, but the problem is I am really confused about game performance. — Okay, — so a lot of stuff is fine. I play a lot of Street Fighter. Street Fighter is great. Street Fighter's fantastic, but the thing about Street Fighter, it's 2D. Not a lot of movement, right? So, I go to try something like um Spider-Man 2. Spider-Man 2 is terrible. — Is that on Steam? — It's on Steam. — Okay. — It's really choppy. And I think the problem is, so for this one specifically, um, it was originally a PlayStation 5 game. PlayStation 5's whole thing was the, uh, the selling point is the SSD. And they've done like a bunch of custom SSD stuff. And on PC, the workaround there is it uses direct storage. — I don't know if there's a direct storage equivalent for — I have no idea about that game. I'm

useless here. It's a cool game, but the problem is that yeah, it's the direct story stuff because it's like, you know, in a in an open world game when you fast travel, there's usually a loading screen. Nothing in Spider-Man. It just instantly goes — and that's because of what they're doing with the SSD. So, I think it's a problem with that. But like, and obviously, you know, stuff that's not really graphically intensive is great, — but a lot of the graphically intensive stuff like NBA 2K is weird. I'm just throwing everything I got at it. Well, you're going to get some engagement below andor in the forum. So, like if you've encountered this and you have a fix, come to the forum. — Fixes or anything you want me to look at or try — like Yeah, because I mean — if it's if I will probably be able to get a hold of something if you want me to try it. — You you've also been updating your forum thread, which is nice. This is my adventure. — I haven't looked at it in a couple of uh in about a week or so, but um yeah, I'm in that forum thread. I'm hanging out. um open to trying pretty much anything because Windows is so atrocious now. I hate it. But and Basite is just so much more. It's just clean and it just works. — I like how possessive Windows is with one drive these days. Like you couldn't not want one drive. Are you insane? — I don't use it. I don't use any of this extra. I don't want Cortana or whatever they're calling it. Copilot. — I don't want any of that. — I just want it to work. I need like remote desktop and video games and like browsers. — Yeah, — that's what I want. — Why is it so hard? — So, just give me that. And Linux does all that stuff. Great. — It's just Yeah, I don't know. I'm not obviously I'm not as technically minded as you are. — But — I'm a rando. — I mean, but you're very technically minded. — That's because I don't do anything else. — But it's easy enough. I'm not but I'm not like a neophite 100%. Like I can put stuff together. I know how to use Google. It's totally fine for someone like me. — Yay. Well, there you go. — Yeah. — What are you waiting for? — Anybody if I were to if my mom asked me to build her a computer, I would probably build her like a Linux mint. But yeah, I've been having a great time. — Okay, cool. — I love it. — Well, thanks for hanging out doing the thing. — Come on the forum, say hi. — So, there you go. It's not hard. You can — It's not hard. Do it. — All right, back to our regularly scheduled programming. — Okay, forum thread. What are we going to talk about this week? — I'd be curious to hear a deep dive into SIV and implementing networks with virtual functions. I've not taken it beyond creating and allocating virtual functions, but understanding some of the deeper functions, the driver tools required to implement a virtual function would be cool. Enter VF routing configuration, Q offload, etc. That's probably that's too long to get into in this kind of a format. But the way that you throw open the doors there is like the forbidden router series. So if you do the forbidden router, great. More power to you. But if you do virtual functions with your forbidden router as opposed to the software nicks, you'll find that the performance is quite a bit better and the latency lower because your CPU is not doing as much or any of the work in those scenarios. the network card is going to do all the work and that will make it apparent why it's worth the benefit to use a nick that has SROV as opposed to your pair of virtualiz pair of virtualized drivers from your hypervisor or even just you know like the soft E1000 CPU driver that you get. The more that you uh move closer to the hardware, the better the performance is going to be in general. And this is also why the price of admission is what it is for some enterprise solutions. Um, beyond that, it's just the VLANs and connecting it all together. Like what problem do you want to solve? Like what's going on in your home lab that you want to experiment with this? That'd be my question. There were a couple posts here like the A to Z of self-hosting series and organize that. Uh, I am working on updates to the level one website and that we can talk about that in the project update. Um, and that might make more sense as a forum thread and the website update part of it in that is also email. Like what are we going to do with email hosting? I think that um we might be on the precipice of a new renaissance for self-hosted email. The problem with self-hosted email is that a lot of providers, a lot of big providers uh will gang up to keep you out. And part of the reason that they gang up to keep you out is not unreasonable and that is you're not a very good system administrator and you'll get it up and running then you'll forget about it and then the spammers will find it and take over. See also like we have enough of a problem with that on our home lab where people put their home lab stuff on the naked internet and then like 3 months later it's being used to like denial of service at children's hospital in Toledo. Very bad. with the ability to send email and like trusted email, it will turn into something where you get lots of unsolicited commercial email. Like your thing will be sending other

people spam and then so Microsoft and Google and all of the big providers will block your IP address or your entire subnet. It may piss off your ISP like your whole ISP may have a problem with that. If you're running something like Starlink, you're on carrier grade NAT, you're not going to be able to receive mail anyway. In fact, most ISPs block the uh ports that are required at the network level for you to receive email. I think with some of the problems that I was mentioning earlier with like Proton Mail and surveillance, some of those problems can be overcome with a provider like Proton Mail. As opposed to providing an interface where they actually host your email and do everything, they really just provide an endpoint for sending and receiving email and messages. Your machine is always online and there to pick up the messages as soon as they come in an encrypted format. and then the provider doesn't store it at all. We already see this happening with VPN providers. There are VPN providers out there where their claim to fame is everything runs from RAM. We don't have any permanent storage for anything that runs like we just set up the thing it runs from RAM. When you log in, this server is checking a thing to make sure that your uh account is valid, but all of the traffic and all of the stuff happens on this machine that is completely ephemeral. It literally doesn't have permanent storage. It only runs from RAM. And I think that there's going to be a renaissance for that for email. I'm tempted to build it if I had time uh or the budget were not really that large to hire the people to do stuff with it. Um that would probably make one hell of an email provider where it's like, okay, here's the end points on the internet and there is an administrator that is making sure that your connection is not uh turning into spam central uh or that your machine is not turning into spam central. But that point on the internet where the email is picked up and dropped off in an encrypted form um is ephemeral and is passed to your machine like your machine connects to that infrastructure and does whatever but your machine can connect to that infrastructure over tour. it could connect to that in infrastructure over, you know, an ephemeral connection, Wi-Fi, hotspot, somebody else's cell phone, whatever you've set up for your network side of it. But then also, I think that there's a lot of room for innovation in the client side for the email, like the actual client software cuz like SMTP is not great. Pop 3 is terrible. Uh, IMAP is also terrible. We could actually build something that has a fancy backend. And like Outlook had the right idea like 10 years ago, but the plot has kind of been lost there. Um, novel bought groupwise through Zimbra. So maybe this is a discussion thread on the forum. Like this could be this could spin off into a really interesting project. Um, speaking of spinning project, uh, there were also a couple questions about self-hosting book series. And I'm I'm following that thread. So like if you're doing something amazing for self-hosting your own ebooks and audiobooks and you have a cross device synchronization of what you've read, your bookmarks, your notes, uh show off your setup. I want to hear from you. Let's do something in the forum. And finally, Simon, for sensor monitoring, added support for some more Z890 boards and tightened up the support for the um the new A variant. So I've got the TRX is 50 Wi-Fi. the microenter clearance. Um, but also the TRX50A is a new version which is a much much better version of the board um than this version of the board. And uh it works pretty well in Simon now for sensor monitoring and everything else. And also some Z890 boards from ASRock have been added to that because Z890 has been really popular because the Intel Plus CPUs which are actually a pretty good deal. So yeah, there you go. So yeah, kind of a long update this week and I haven't managed to polish off my root beer yet. That's weird. Thank you for hanging out. Thank you for all the support. Thank you. Uh there were some supporters last year that gave us money for Simon. Thank you. Appreciate that. I'm Wendless Level One. If you have any questions, the level one forum, there's threads. There's things happening there. It's a lot. It's sort of exciting in these tumultuous times. All right. I'm signing out and I'll see you there.