References

• Original Event

References

Streamed June 2nd, 2026 at 1pm, Microsoft reduced the gain of the overall recording, but preserved the original recording.

• Original Event

Want to hear my raw opinions outside of my videos? Patrons and YouTube Members get access to full commentaries on for major big tech events. Thanks to viewer support, I can refuse sponsors and create art/videos to equip you with independence to survive in an ever-changing tech landscape.

References

Originally livestreamed 10pm PST October 19th, 2026, Google removed the preshow after the recording was done using YouTube’s in-place video editor. Instead of an AI-assisted music performance like previous years, the preshow involved two influencers playing an AI-generated jumping game. No changes are apparent otherwise.

• Original Event

Want to hear my raw opinions outside of my videos? Patrons and YouTube Members get access to full commentaries on for major big tech events. Thanks to viewer support, I can refuse sponsors and create art/videos to equip you with independence to survive in an ever-changing tech landscape.

References

The live version of the Samsung event is a “replay,” which is Samsung-speak for “We edited out the glaring livestream mistakes in YouTube Studio, which is only available to creators with 2M+ subscribers." I watch only the unedited recording with no subtitles.

Among the things that were modified/removed include:

• The preshow had many commercials that looped over an hour before the event.
• The original bitrate of the video was closer to what is standard in 480p despite being in 1080p. This was changed to be 4K in post.
• Throughout the presentation, different camera angles were chosen compared to what was shown during the livestream.
• Many transitions were shortened or pauses during the speakers’ presentations were removed.
• At 36:12, the camera during the livestream failed to focus on Miles when he was speaking and was trained on the background instead.

If you every used Linux for an extended period of time, you no doubt have been inundated with the varieties of packages and vast number of distributions. Despite this, if a program is worth its salt, it’s available as Flatpak, but what happens when you encounter something that isn’t a Flatpak? There’s hundreds of ways outside of Flatpak and many of them like Debian .debs and Red Hat’s .rpms are restricted to specific Linux distributions. This is where an important, but a relatively new skill in Linux comes in: making Distroboxes.

A Distrobox is running another specific flavor of Linux with near native performance on your main machine. Distrobox functions as a compatibility layer. Unlike a virtual machine, applications installed in a Distrobox have standard access to your system and to run virtually any Linux application you want anywhere. This means any configuration files are stored in the same locations they would as if you had installed them normally. Whether it’s a graphical application, a web browser, or build tools for a development project, Distrobox is the most flexible way to run almost any application from any Linux distribution.

Getting Started With Distrobox

First, I’m going to present a use cases. If you are installing programs the you intend to use on a regular basis, I recommend consolidating them to a single Distrobox. When it comes to more specialized programs or development workflows, create a new Distrobox. While you can make the majority of applications work, often times, this requires getting in the weeds and learning more about that specific environment before you take a deep dive.

One common usecase for Distrobox are applications that are restricted to a specific distribution. One example is Signal, which is unofficially supported as a Flatpak, but also only endorses a Debian or Ubuntu installation. Furthermore, this locks out all non-Ubuntu distributions from using Signal.

The first thing you’ll need to download Distrobox from your Linux distribution’s repositories, which shouldn’t be a problem for the vast majority of Linux users. If you prefer a more forward-facing way to play with Distrobox, you can use BoxBuddy, which adds some of the more day to day operations visible in an interface. I’m going to focus more on the main application, which requires using a terminal. Whether you want to use an interface like BoxBuddy or not, you will need to use a terminal to do something at some point, so I would recommend learning it.

To start with building a Distrobox, you need to evaluate which Linux system you need. There a list on Distrobox’s GitHub documentation or the “Image” dropdown menu in BoxBuddy. The list might be daunting, but you don’t know, start with fedora:latest or ubuntu:latest, which means running Fedora or Ubuntu respectively. Since Signal asks for a Debian/Ubuntu-based distribution, we’re going to use ubuntu-latest.

To create your first Distrobox, use `distrobox create -n yourdistrobox -i fedora:latest

If you are doing this for the first time, it will prompt you to pick the image from one of the latest Ubuntu mirrors. After, Podman will pull the latest Ubuntu image down so you can run it. Afterwards, you will be prompted to “enter” your Distrobox with distrobox enter yourdistrobox. This command can also be appended with commands your want to run in your Distrobox like distrobox enter yourdistrobox -- sudo dnf upgrade -y.

In terms of maintenance, you need to manually upgrade each of your containers as each system is independent of each other, even if they share the same image. Distrobox provides a basic command to run on every Distrobox you control in distrobox upgrade --all.

Exclusive Applications

The first thing to do is create a new Ubuntu Distrobox and run the commands from Signal’s website to install Signal as normal. Here’s where a bit of Linux know-how and trial and error comes in. Because Distroboxes are stripped down, some quality of life is missing and basic features aren’t installed out of the box. While Signal functions when you launch it, a few things are missing like the file picker for uploading images, localization of non-Latinized languages, and sound for audio/video calls. If you have issues, examine these issues.

• If you need a file picker, you will need the xdg-utils.
• Corresponding language fonts are needed, such as google-noto-sans-cjk-fonts for Chinese, Japanese, and Korean support on Fedora. On Ubuntu, this package is calledfonts-noto-cjk
• If you require sound, you will need the package for Pipewire. In the case of Ubuntu and Fedora, this is simply pipewire.

Here’s a sample Ubuntu one-liner:

sudo apt install xdg-utils fonts-noto-cjk pipewire

Afterwards, we need to integrate Signal through your GNOME or KDE menu, so we don’t have to open the terminal each time to run your Distrobox applications. Depending on the kind of application you use, you need to use a different distrobox-export command. Typically, this is named after the desktop file (e.g. Signal) from Signal’s website.

distrobox-export --app "Signal"

For command line programs, use the -b flag and the path of the binary.

distrobox-export -b /usr/bin/signal-desktop

Lastly, to stop or remove a Distrobox it’s a quick distrobox stop <yourdistrobox> and distrobox rm <yourdistrobox>.

So that’s our first application! Signal is a more simple example, but it’s not far off from what most applications are like. Most programs will automatically install these things for you, but the first time you install something, you should be prepared to take action.

The Workflow Distrobox

Moving away from special applications, let’s make what I call a workflow Distrobox. This is where you use one Distrobox to house various utilities that you intend to use on a regular basis. One example is a home for a particular development workflow. For me, one example is compiling whisper.cpp, which I use to make subtitles for my videos. I use a Fedora container with cmake and gcc-c++ to do C++ compilation.

Like with Signal, you can take this to the next level by using a Distrobox to version software or clump all of your daily applications together. I typically have “personal” containers appended by the corresponding container distributions, such as “fedora-personal” or “ubuntu-personal.” In these containers, this is where you would install things like web browsers. Some of the most popular web browsers like Brave and Vivaldi are not available officially Linux distributions outside of Ubuntu, Debian, or Debian. While you can run Brave or Vivaldi in their equivalent Flatpaks, the official install methods still stand by their Debian .debs and Red Hat .RPMs.

Like Vivaldi, Proton Authenticator only provides a raw Debian or Red Hat package. This is also a great way to show Distrobox has full access to your home folder and stores your configuration data identically as if the application was installed natively.

To install a .deb or .rpm package, run distrobox enter yourdistrobox, then download the corresponding package and install it as if you were on that distribution. If you are using BoxBuddy, you get the option to upload distribution packages to install. Next, you run the corresponding package commands to install the packages you downloaded.

cd ~/Downloads
sudo apt install ./vivaldi-stable.deb ./proton-pass.deb

Another common task for me as a video editor is to use NVIDIA’s CUDA container toolkit to make rendering videos easier. With NVIDIA’s CUDA binaries, they often require specific versions of Ubuntu, Fedora, or openSUSE and are slow to support new versions.

Instead of installing CUDA as a distribution package and creating a potential conflict with what’s already installed or compiling ffmpeg from source to get CUDA support, I can use a Distrobox based on LinuxServer.io’s full featured image of ffmpeg. Distrobox lets you create new Distroboxes using existing container images.

distrobox create -i docker.io/linuxserver/ffmpeg:latest -n ffmpeg

This creates a new Distrobox with ffmpeg, compiled with CUDA thanks to LinuxServer.io, and in a new container for us to use.

Complex Usecases

One of the newest uses for this is Davincibox, which allows anybody to run the video editor DaVinci Resolve on any Linux distribution. Currently on NVIDIA cards specifically, you need to change some specific rendering options in the settings.

• In DaVinci Resolve’s top menu, navigate to DaVinci Resolve → User → UI Settings → Uncheck “Stop playback when a frame or clip cannot be processed.” Despite this option’s wording, I have not experienced any issues in rendering videos.

In addition to these problems, DaVinci Resolve attempts to claim permissions of specific CUDA libraries, which breaks their functionality when you stop the container or reboot your system. As a workaround, you need to remove these libraries, then “rebuild” these libraries when davincibox repulls the main image with pristine libraries.

#!/bin/sh
# davincibox-fix
distrobox stop -Y davincibox
distrobox enter davincibox -- sudo rm -vf /lib/libcuda.so /lib/libnvcuvid.so /lib64/libcuda.so /lib64/libnvcuvid.so
distrobox stop -Y davincibox

Building Assemble Files

But more simple than something like Davincibox, you can take every step I used to create my Signal container and repeat that process in an .ini file that works on every Linux distribution. Distrobox has the ability to “assemble” applications using a custom .ini file. This means you can theoretically make any Distrobox container of most desktop Linux applications and replicate it in a file. The concept of Distrobox’s assembly files comes from the cloud computing world and it’s also a new way to share applications with other people. Instead of sharing a shell script that only works on a specific distribution or accounting for changes in one’s setup, you can distribute Distrobox .ini files to quickly install new applications through the magic of containers.

Let me break down some of the commands and what they look like when you make your own .ini file.

• Image: Location of the source container. This can be generic like quay.io or docker.io image of Ubuntu or something specialized like LinuxServer.io’s ffmpeg.
• Additional packages: Any package you want installed. This is run after the initial hooks from below.
• Init: Integration with systemd or openrc. I have never had to touch this.
• NVIDIA: Whether you need NVIDIA support or not.
• Pull: Whether you want to pull the image again when running distrobox assemble
• Root: Whether you want to enter the container as a root account
• Replace: Whether you want to replace your existing container of the same name after the distrobox assemble signal.ini command runs.

[signal]
image=docker.io/library/ubuntu:latest
additional_packages="xdg-utils pipewire fonts-noto-cjk" 
init=false
nvidia=false
pull=true
root=false
replace=true
# Instructions from https://signal.org/download/
init_hooks=wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg;cat signal-desktop-keyring.gpg | sudo tee /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null && rm signal-desktop-keyring.gpg
init_hooks=echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' | sudo tee /etc/apt/sources.list.d/signal-xenial.list
init_hooks=sudo apt update && sudo apt install signal-desktop -y

Distrobox Limitations

That said, Distrobox has its limitations. While the vast majority of programs you might use work, there’s a few catches. Here’s some of the things you can’t use with Distrobox or issues you might run into.

• Distroboxes will take some time when they are launched for the first time. This can be alleviated by adding them to your ~/.config/autostart folder to start them when you boot up, but you might not need every container to start when you log in. Afterwards, they will launch with near native performance.
• Programs like VeraCrypt or GNOME Disks, which require direct access to your filesystem or disks.
• VPN provider specific software, where VPNs and containers are a massive rabbit hole. Alternatively, you can use Wireguard or OpenVPN configuration files from your provider, especially since Wireguard is part of the Linux kernel.
• Using Distrobox isn’t a widespread practice yet, so certain programs may have unintended issues or need additional packages. Brave fails to show the icon in GNOME’s task switcher and DaVinci Resolve has unusual rendering problems unless certain options in the menu are checked.
• This might be an edge case, but using Fedora Distroboxes require internet connectivity. I’m not sure why this is, but I have not experienced this with Ubuntu, Debian, or openSUSE.

Despite these issues, Distrobox is an improvement to desktop Linux in a major way—you don’t have to install programs that mess around with your system. When you install system packages, it increases the chance that something will go wrong. This is why verified Flatpaks are important, because they won’t cause update problems or block your system for turning on. Where you need to run these kinds of programs, this is where Distrobox serves an important purpose and can run them without breaking your system. You’re not getting an opinionated view on that software, but using it as it was intended.

Ragebait Compilation

• Linus Tech Tips’ video “FINE! I’ll Try Linux ONE MORE TIME…”
• Lennart Pottering’s Mastodon on age verification in systemd/Linux
• Google’s Matthew Forsythe: “Android developer verification: Balancing openness and choice with safety”
• NVIDIA’s Henry Lin: “NVIDIA DLSS 5 Delivers AI-Powered Breakthrough In Visual Fidelity For Games”

Track Listing

• shimtone - Heartwarming (ほのぼの)
• KK - Starry winter (星が輝く冬)
• crepe (くれっぷ) - Fairy Lullaby (妖精の子守歌)
• H★ - Saturday morning
• gooset - Bittersweet
• Outro: Khaim - Neon Lamp

References

Neither Winward nor I watched the keynote. I watched the first 15 minutes and declared it a waste of time. However, the keynote was interrupted by an unnamed protester (X (formerly Twitter), TikTok), while not horribly loud at 1:43:59, this caused Microsoft to edit the audio track and remove the room noise during this portion, but you can still see the people in the background looking over.

Similarly, while I was downloading the Ignite session, the page was taken down for 15 minutes, but they did not remove the video manifest. No major changes appear to be evident.

• Microsoft Ignite 2025 Innovation Session: Windows & Microsoft 365 Copilot: Secure AI & agent productivity
• Microsoft Ignite 2025 Agents at Work: Windows Powers the Era of Intelligent Productivity

Sources

• Sam Altman on saying “thank you” to AI: “tens of millions of dollars well spent–you never know”

In the world of Android, you get a rare privilege in mobile operating systems—installing custom app stores. The most popular of which is F-Droid. F-Droid is a free and open source app store with lots of great apps you can download and also one of the last holdout alternatives to the Play Store. If you use an alternate Android ROM, F-Droid maybe one of your primary ways to obtain apps.

How F-Droid Works

One of the best things F-Droid is it provides an discoverability for apps you have probably never heard of. An app I’ve used quite a bit in the last year is Stocks Widget by Prem Nirmal. It’s a simple stock portfolio tracker, gets very frequent updates, and it’s an app I never would have known about were it not for F-Droid. This also leads to new apps the Mastodon client Moshidon or the podcasting app AntennaPod, both of which are fantastic, as well as apps like OpenPods that much too saucy for the Play Store.

The other benefit of this is F-Droid is also the home to many other popular apps like Tuta Mail/Calendar or Proton VPN. They also provide a framework for other providers to make their own F-Droid repositories like the password manager Bitwarden and the IronFox browser. This way, you’re guaranteed to get the latest updates for those apps.

But I have a lot of reservations and concerns, some external, and genuine concern for the current processes within.

Everything is Outdated!

First, let’s install F-Droid, you go to the website, tap the download button, tap past the warnings of Google and your Android OS, and now we get the first problem. The default build of F-Droid is not able to update apps automatically because they target compatibility with phones running older versions of Android. While I am sympathetic to people with older devices, either because they live in a developing nation or for budgetary reasons, if a smaller project other than F-Droid did the same thing, I’d probably stop using it because they aren’t keeping their own application up to date.

This makes the F-Droid installation process even more convoluted where people have turned to forks of the F-Droid client like Neo Store, but this introduces another party into the works just as you are trusting F-Droid and it hammers F-Droid’s servers. There is a mitigation for this where you use an alternate F-Droid client by the F-Droid team called F-Droid Basic that targets modern Android.

While it’s commendable that F-Droid provides the means for people to host their own repositories, F-Droid’s own store is actually in dire straits. Many of the applications on F-Droid are out of date. For example, Stock Widget’s page makes the claim that the app was last updated weeks ago. However, visiting the project’s GitHub repository shows the app is getting frequent updates every week. This is far from the only app where popular apps like Tuta Mail and Proton Pass don’t reflect the same versions that exist on GitHub or the Play Store. There’s conjecture about this being the build servers, but truthfully, I have no clue but this appears to be a problem unique to F-Droid. No other service I know has distributed an outdated version of an executable that prompted you to get updates after you installed it other than F-Droid. Not keeping apps up to date is just unacceptable; not keeping your own store updated doubly so. It’s disrespectful to developers when you can’t deploy the apps they made and instead force everyone to wait for some review process which ends up going through most of the time because it was open source anyway.

F-Droid Repeats Linux’s Problems

Let’s get into the real reason I wanted to make this video—F-Droid repeats the same problems many Linux distributions do, except perhaps worse than many of them. That sounds harsh, but there are multiple instances of F-Droid acting as an arbiter for what apps people choose to use.

What’s An “Antifeature?”

The first example of this is what qualifies as an anti-feature? In case of the mapping app Organic Maps, arguably the best free and open source mapping app. If you didn’t know, Organic Maps is an offline mapping application, so you download your mapping data from OpenStreetMap prior to your journey. The perks of this is it often has more up to date footpath data than Google Maps and can operate under limited connectivity.

However, Organic Maps is branded with a “non-free” flag on F-Droid because the mapping data is “proprietary” binaries, even though OpenStreetMap is publicly published, editable, and freely distributed information. If someone at F-Droid cared so much, why even list the application if you don’t like this? Clearly someone wanted this to be here, but this creates problems for Organic Maps, who have gone as far to argue for avoiding F-Droid altogether. The side effects of F-Droid over focusing on licensing means these apps get dragged through the mud being marked as having anti-features when in reality F-Droid scares people out of downloading these apps or hides them in the name of licensing fears.

For the record, I believe an app store reserves the right to platform an app or not. But when that same app store will platform you and shame you for not following their lifestyle? Why does F-Droid list permissions at the bottom, but the “anti-features” are more important to see?

Religion Is NSFW?

This is far from the only example, because the other problem is a more recent example where all Bible and Quran apps were marked as “content that should not be publicized or visible everywhere.” F-Droid, if it shouldn’t be publicized or visible, take the app down, why are we going through this? But what follows this warning is the most asinine thing I’ve ever seen in an app store. “Promotes porn and violent contents.” Violent contents for recounting war, I can understand why someone would come to that conclusion. I can also understand this flag being written the way it is because we can’t blanket use English-centric terms like “NSFW.” What I cannot understand is labeling the Quran and Bible as promoting porn. I’m sorry two of the traditionally most Puritanical religions on the planet Earth promote porn??

That’s not even the worse of it. The worse part was they removed this tag, but only after fascists on Twitter complained and started citing the Bible and Quran out of context deep in the GitLab issues. This isn’t even mentioning the Play Store, the Apple App Store, and the majority of Linux distributions don’t stoop to the low of labeling Bible or Quran apps as NSFW. So congratulations F-Droid, you angered believers of two world religions, only changed course to cave to fascist weirdos online, and believe you have the right to decide what apps are visible by default to others.

What Can Change F-Droid?

Unfortunately, I don’t think I’m first to bring up these issues. The worst part about this situation is there are apps that are stuck on F-Droid and will not be made available through some other means. Big examples like the podcast app AntennaPod or the text to speech accessibility tool RHVoice. You cannot download these apps from another source except the Play Store. It’s very similar to popular applications prominently advertised for F-Droid. I don’t it to just be F-Droid; I want it in other stores beyond F-Droid.

If the way F-Droid go about doing it is hostile to the developer by not keeping it up to date and anti-user in the name of some FOSS purity, this seems like plain old gatekeeping to me. F-Droid talks big game about the injustice of Google locking down their ecosystem, while they enforce arbitrary rules across apps in their store all the same. The bottom line, developers ought to be the ones with the means of distribution and how, not delivered with a filter or modified like F-Droid does.

Also, I know somebody will bring up scraping APK files from GitHub and GitLab. Unfortunately, while this is slightly better, I don’t think this is the answer. App stores are necessary because they provide a better user experience, but not when they act as arbiters to what can/cannot be included. The goal of app stores should be to publish quality apps first and foremost, not pushing a nerd philosophy.

While F-Droid isn’t the only alternative app store on Android, they are just the one with the largest app volume. We just don’t want to make a singular store the face of all of this and unfortunately, F-Droid is just branded as such by the 1% that have Android phones and probably tell people to use NixOS when they aren’t advocating for nerdy Android stuff. The good news is we are starting to see the beginnings of that with stores like Accrescent, featuring better security controls and doesn’t have open source stipulations. The downside is having more app stores similar to Accrescent with the same focuses or like F-Droid, they need to make their project more sustainable, but that’s a story for another time.

Track Listing

• Yuhei Komatsu - Pastel
• KK - Oya oya (おやおや)
• Yu Hayashi - Familiar scenery (おなじみの風景)
• gooset - feeling blue
• Outro: Khaim - Neon Lamp

Updates

• November 27th, 2025: Due to repeat issues about F-Droid builds failing, Stocks Widget has removed all F-Droid support. You may still obtain it via the Play Store and a debug version from GitHub. As of time of writing, the F-Droid page deceives its users by flagging the app “This app’s source code is no longer available,” despite the fact the app was outdated on F-Droid for years, fully available on GitHub, and licensed under the GPL.

There’s been a lot of buzz for a while about the alleged next version of Windows, the mythical Windows 12. Moreover, Microsoft’s trust is at an all time low, they’re getting overrun by protesters, and they’re hyping up the next steps of AI. We won’t know what Windows will look like in 30 years, but we will know what it won’t be like. So rather than make claims that Microsoft could attempt to destroy Linux again or the imminent next version of Windows, let’s examine what the proverbial Windows could be.

Related article: Microsoft accidentally revealed a UI design prototype for the next version of Windows at Ignite 2022 - Zac Bowdin, Windows Central

The Inciting Videos

Windows 12 wouldn’t even be a topic of conversation if we didn’t mention two videos uploaded to the Windows YouTube channel: one by David Weston, one of Microsoft’s security VPs also known as DWIZZZLE on the streets. The inciting video was included DWIZZZLE opened with something absurd.

The world of sort of mousing around and keyboarding around and typing, will feel as alien, as it does to Gen Z to sort of use DOS.

David “DWIZZZLE” Weston, Microsoft Windows 2030 Vision with David Weston

Now before we analyze this, I don’t think Microsoft put a lot of thought into this video. Every summer, Microsoft uploads cringey videos across their YouTube channels with very little thought or substance. The name on the clapper board of this video is Tyler Kalberg, a freelance photographer, because Microsoft laid off all their videographers.

Furthermore, it’s clear whoever edited the video skipped over a ton of points that DWIZZZLE and admins should be interested in. Things like improving application security, quantum cryptography resilience, and memory safety are strong topics that need attention. Unfortunately, the camera cuts away after all of them and we don’t get to hear more because apparently we don’t have enough time. Perhaps the filming was going long, but there were also multiple hard cuts throughout the video awkwardly bridging DWIZZZLE’s talking points together. Some were clearly cutting out the interviewer or filler, but it’s hard to know for sure.

Later in August, Pavan Davuluri, recently promoted to president of Windows and devices, also reiterated what DWIZZZLE said at a much less exaggerated degree in an August podcast. The problem is to get there, you need to listen to him get asked meaningless questions about his hobbies for 10 minutes. Pavan is the most interesting because he stands the best chance at unifying the fragmentation of the Windows team. He still can’t get over the humiliation of introducing someone with the wrong name during Build 2 years ago though.

Historical Reputation

When we talk about Windows 12, it’s important to remember the past, but also the trajectory of Microsoft as a company. Many people are quick to remember the prominence of Windows in Microsoft of the 90s, but things have changed since then.

Rewind time and go back to Microsoft Build 2014. Many reviewers were anticipating enhancements to Windows 8’s touch screen focus and the promise of “Project Threshold” or Windows 9. For many reasons like the branding conflict with the original Windows 9 and critical reception of Windows 8, Microsoft believed the leap to Windows 10 was justified, especially to announce the new Start Menu with eager applause.

Of course, Windows 10 wasn’t without its wrinkles either. The after effects of Windows Phone still lingered and despite hopes of Microsoft’s faithful, the Windows phone couldn’t compete against Android and iPhone. Privacy hit a new all time low with criticism emerging from European regulation bodies. This also meant Windows under Terry Myerson went from being the center of the company to one of the most neglected portions of the company.

Instead, Microsoft decided to pursue greener pastures with the ever-elusive computer in the cloud. So imagine the world’s surprise when a new event deep into the COVID-19 pandemic that lagged out so hard nobody except CNET could watch it came out. Windows was making another leap with Windows 11. Throughout this demo, it became apparent someone at Microsoft (probably Panos Panay) burned with Apple envy. A new interface that moved the taskbar into the center. New UI elements that hide the barely cobbled together Vista and XP elements if you look deep enough. Most of all, a greater focus on security with stricter hardware requirements for TPM-based security and modern processors.

The Importance of Vision Casting

Stepping back for a moment, let’s take what we know about Microsoft’s plans for Windows 12 and compare these to both Windows 10 and 11. An aspect of corporate America, but a major change Microsoft brought to Windows 10 has nothing to do with the technical merits of Windows—it’s vision casting.

For example, Windows 10 had a huge burden to fill to combat the negative feedback of Windows 8 across the board. At the same time, Windows 10 also needed to focus more on the business experience and the different use-cases of Windows, whether that was in the cloud, a laptop, or an embedded device. That’s why Windows 10 put a big focus into decoupling apps from the base operating system and a deeper focus on other Microsoft products like integrating OneDrive.

Windows 12 on the other hand has to overcome a different problem. The opposition to Windows 11 in the enterprise could not be more apparent. I work for a smaller sized company in the United States with a little under 100 employees, but moving to Windows 11 took around 2 years despite having compatible hardware. At scale, it’s clear from market share that Windows 11 is only going to win by obsoleting computers and being the default on newly purchased PCs. Lenovo and Dell are making bank on these upgrades!

ARM & Access

There’s also the almost tarnished consumer brand that is the Copilot+ PC. Power users will quake at the idea of a PC featuring Recall capabilities and potential privacy concerns, but the reality is Windows has always invaded their users’ and your privacy. The real thing consumers need to be annoyed about is using Recall is incredibly taxing on your battery despite its benefits and it’s arbitrarily restricted to systems featuring integrated neural processing units (NPUs). It’s created a world of haves and have nots within Windows, but this might be kick that Microsoft’s users need, so hear me out.

Satya Nadella is an ambitious guy who has made Microsoft a trillion dollar company from the former nearly bankrupt company that bet everything on the home computer. Microsoft has a lion’s share of the cloud, beating out every cloud provider except Amazon Web Services (AWS) in market share. They profited from the promise of artificial intelligence by investing deep into the tech and into OpenAI, the biggest household name of AI chatbots. They’ve effectively manipulated politics in their favor while avoiding the ire of the current United States administration (for the most part).

PRES. TRUMP: What about Microsoft? That’s a big number.

SATYA NADELLA: Each year, we are close to, in the United States, around 75-80 billion dollars.

PRES. TRUMP: Good. Very good. Thank you very much.

CNBC-TV18 - US President Donald Trump Hosts Tech CEOs Dinner At White House |Zuckerberg, Cook, Gates Attend N18G at 4:25

The thing Microsoft is missing is a use for AI, but also the hardware. For years, the chipmaker Intel has held a stranglehold on PC makers and has tried and failed to innovate in the era of mobile devices. More than just Intel, Microsoft has used the requirements of the Copilot+ PCs to force vendors to make better computers and not charge less than $1000 for bad hardware. This is where the requirements for NPUs and the ARM architecture come in; they attempt to solve the issues of the battery life and Microsoft’s usecase for AI.

Lastly, it’s about accessibility. While Windows hasn’t been the worst platform of accessibility (that award goes to Linux), the advent of AI has brought the prospect of a new form of computing that would be greatly enhanced by the Copilot+ PC. Something missing from the Mac and Linux users, native dictation and the integration of AI into the desktop workflow. AI will open new ways to use the computer, whether those methods are productive or not, only time will tell.

What Does This Mean For You?

This is a long way of saying Windows 12 or Windows 2030 is irrelevant to you. Originally, the intent was the Copilot+ PC was supposed to be Windows 12 (codenamed Hudson Valley), but that didn’t happen. We’ve been told the AI bubble will burst, but that hasn’t happened yet. Seeing how well Windows 11 adoption is going, it’s likely going to be years, 5 years or more, before Microsoft gets the chance to do something like release a new named version of Windows again. It’s going to be a long time before Windows 12 is relevant to you.

There is one thing that continues to get worse and that’s Windows itself. While I believe Windows raising the bar of PCs is commendable, everything else about Windows is poorly executed or littered with ads. And maybe the end of Windows 10 is your kick in the pants to get that shiny new MacBook or switch to Linux. But Microsoft doesn’t care. They already ignored your feedback about Windows 11! They don’t care you’ll leave.

Fun fact to make you hate Microsoft more: Jacqueline Scott Corley, the judge that presided over the United States Activision Blizzard anti-trust case, has a major conflict of interest—her son works for Microsoft.

Video References

• Full Keynote: Introducing Copilot+ PCs
• NoAzureForApartheid’s TikTok
• Microsoft President Brad Smith responds to protesters overrunning Building 7
• Microsoft Reveals the Future of Hybrid Work (April 7th, 2022)
• Microsoft Ignite 2022 - Windows: Building what matters most for your business
• Windows 11 - Brings you closer to what you love (Private)
• Microsoft Ignite 2024 - What’s New in Windows Security, Productivity and Cloud, featuring both David Weston and Pavan Davuluri.
• Microsoft Build 2023 Keynote Day 2: Shaping the future of work with AI
• Windows 11 | First Look - @Windows on YouTube (Unlisted)
• Microsoft Build 2014 Day 1 Keynote
• The Windows 95 Launch (Reupload)
• Microsoft Build 2015 Day 1 Keynote
• TWiT News 373 - It’s Windows 11 Time!
• Watch: OpenAI CEO Sam Altman, other executives give opening statements at Senate AI hearing - CBS News

Track Listing

• Sumochi (すもち) - Toy dance (おもちゃのダンス)
• Fukagawa - Simple Afternoons
• Sumochi (すもち) - Heartwarming town
• yuhei komatsu - Bump!
• BGmer - A Moment of Peace
• gooset - SOLDIER
• Khaim - Neon Lamp

References

Streamed on September 17th at 8pm EST, the original livestream from Facebook’s website was in 360p. A 1080p version was simultaneously streamed to YouTube, which Winward and I watched. Later, Facebook edited their site’s livestream to use the 1080p version.

• Original Video (Facebook Live)
• Original Video (YouTube)

Sources

• The initial demonstration of the Neural Band is from Meta Connect 2022
• Mark Zuckerberg vs Lex Fridman in Jiu Jitsu
• The song that originally played was Diplo & Sleepy Tom - Be Right There. Due to copyright, this song has been replaced with J-Louis - Before You (Rachel Foxx flip)

References

• Original Video (YouTube)

Want to hear my raw opinions outside of my videos? Patrons and YouTube Members get access to full commentaries on for major big tech events. Thanks to viewer support, I can refuse sponsors and create art/videos to equip you with independence to survive in an ever-changing tech landscape.

References

Unlike many other Samsung events, this event was fully prerecorded.

• Original Event

References

Originally livestreamed on August 20th, 2025, Google modified their livestream later, deleting the preshow videos and a major mistake. I watched the unedited livestream with no subtitles.

• The preshow originally contained various AI slop videos, ranging from pigeons carrying pizza slices and basketballs going into hoops. Many of these were New York themed.
• At 43:43, Alex Cooper accidentally displayed on-screen photos probably from their rehearsal, which looked absolutely atrocious.

I spent 1 entire week of my channel, which I could have spent doing better things learning about making a server the right way. Using solely information on the internet and leveraging what power I have as a content creator and I’m throwing in the towel and am close to deterring people from making their website. Obviously it’s impossible to make the “perfect” website, but I’m going to break down why it’s near impossible to have a website today.

Bot Protection

One of the growing problems with posting content on the internet is AI. This includes the torrent of garbage that hits your server. I doubt there are people visiting my website from outdated versions of Internet Explorer or attempting to visit common WordPress PHP exploits that totally exist on your website.

Recently, generative AI has changed this for the worst where now every tech company boarding the AI train wants to scrape your website for data. This results in your website getting hammered by AI trying mine your artwork and text content for who knows what and this isn’t counting the mainstream crawlers like Google, Microsoft, and Perplexity are doing!

Unfortunately, modern problems call for modern solutions and whatever you pick in today’s day and age must have a way to integrate AI blocking. There are two programs for this: Anubis and Cloudflare. If you don’t implement either, you are doing yourself a disservice. “B… B… But Cloudflare controls so much of the internet,” tell these gatekeepers to touch grass.

Containers: Choices and Restrictions

The worst way to build a server is using native distribution repositories and there are still many people brainwashed into thinking that this is the only way to do things, both from Linux losers online and in documentation. This is where containers come in as universal ways to package applications in the way the original application developer intended.

For example, as of time of writing, Debian 13 (trixie) was released, but with an outdated version of Podman. Mere days later, Podman receives a new release. This is further proof of Debian shooting themselves in the foot where the version of Podman in Debian 12 (bookworm) had no Quadlet support, which is essential to updates, maintaining feature parity with Docker, and includes bug fixes.

The problems have less to do with containers themselves but rather the two standards competing for attention: Docker and Podman. Of the two, Podman is the better choice as it doesn’t require root privileges but also mostly backwards compatible.

The issues come in when certain programs are not made with Podman in mind because they are targeting features that are only available in Docker. For example, if you want to run Traefik, you have to use a Docker container because of the way Traefik expects things to be done the Docker way.

This is compounded by distribution modifications or hindrances, further most server distributions running outdated versions of Podman that won’t support Quadlets, which autostart your containers on login. Granted, making Quadlets requires a script to do this correctly, but this is a reason distributions matter a lot and I don’t have a good solution to these mismatched versions, especially given server software is always out of date.

Website Name & Server Software

The problem is the actual implementation process is very bad and poorly explained. It’s one thing for Anubis as a community project, but it’s another for a multimillion dollar company like Cloudflare.

For example, this documentation Cloudflare page tells you to fix a setting in your dashboard, so I spent 4 hours searching online through the dashboard. Turns out the problem is with how the proxy is going to my container and I have no clue what it is.

The first problem to building a website comes with server software. The technical term is “reverse proxy,” which is where you declare to a computer where you want everything pointed. One of the most popular of the bunch is nginx.

nginx is one of the oldest internet reverse proxies, but because it’s older, there’s a lot problems with the default configuration. For one, nginx will report your version on the default error page. This often rats out your Linux distribution and if you are vulnerable to any of crippling security issues.

The lesson nginx will teach you is to redirect your error pages. If you use a static site builder or another solution, you need change your error or redirect pages to be something else. This is compounded there are virtually no tutorials to setup Cloudflare with nginx online and spawned many competitors because people couldn’t be bothered to deal with nginx since it was made in an era where these flaws weren’t problems.

The alternatives include Traefik and Caddy. The worst by far is Caddy, which is sad because I found it very easy to setup by itself. The problem is integrating Cloudflare with Caddy requires building from source another module just to get Cloudflare to work properly and the moment this happened, it caused my server to crash. Turns out, despite the image optimization I’ve done to the files on my website is not enough and building Caddy modules eats up all my memory.

Now there are people who say Cloudflare Pages is much better, but this introduces a different problem. Cloudflare Pages requires posting this information on a Git server, which is likely controlled by someone else (GitHub/GitLab) since you came crawling here. The problem is the last thing I want is every mistake and typo I ever make to be published in a record for the rest of eternity. Beyond that, services like GitHub have already shown they will gladly mine information from your repositories and use it to train Microsoft’s artificial intelligence. No thanks.

The Real Failure of Self-Hosting

All of this boils down to I cannot build an effective website. In order to host a website, you need a Linux distro with everything updated, but also sane enough not to break. You also need a reverse proxy with support for bot protection so your content doesn’t get stolen and your website stays up. But there’s one last major problem with all these things: this information is gatekept: both by those who are experts in the field and by idiots online who believe containers are the devil and you should avoid systemd and learn binary to write a crontab instead.

For reference, I used a burner account to download various documentation from Red Hat about how to use containers and Podman. Red Hat generally has very good documentation and Podman is no exception. While Podman has good documentation, in no way does it get you started with the information that actually matters. There’s no assistance in writing a Dockerfile, which you will have to write in order to publish your website. Guides for this are scarce, but it’s pretty easy to figure out how these work because many random strangers on GitHub publishes their Dockerfiles for all to see and they are a great reference for you to reverse engineer what is basically a shell script.

The problem comes in bringing all these messy aspects of server making together. I have browsed virtually every single page on YouTube, Google, or anything AI has touched and it is impossible to find information on how to get Cloudflare to stop infinitely redirecting your website to oblivion. You’ll find someone who set up Cloudflare with Caddy or installing nginx in a Podman container, but nobody does it correctly, marrying your reverse proxy, Podman container, and Cloudflare firewall. Reading Cloudflare’s documentation is so poorly written I cannot ascertain what to do to begin with and Podman is just as bad.

I also ran another test and as a content creator, I am privileged with a very technically savvy audience who are bright about these kinds of topics. So as a social experiment and also an act of desperation, I posted a calm cry for help on all of my social media accounts: Mastodon, X (Formerly Twitter), Bluesky, and my YouTube Community page. I have hundreds of followers across my social media and thousands of subscribers and only 1 person responded referring to a TechnoTim video that was actually not that bad as long as I suck it up and use Docker instead of Podman. But it was only 1 comment to a content creator. I’m sick and tired of people saying “ask around on a forum” because I have burner accounts that have gone ghosted numerous times on Matrix and Discord, why should it be different for anyone else?

This is the real problem with self-hosting communities. Compounded by information constantly changing, people won’t even give you answers to basic problems. Tell me what to do, don’t give me cryptic advice or tell me to read documentation. I have a high BS tolerance, but this broke the camel’s back. I scoured all of Google, YouTube, Reddit, Cloudflare/nginx/Caddy forums and I’m very close to throwing in the towel. If it wasn’t for the people who give me money to do YouTube, I wouldn’t even bother.

Sources:

These are all of the links I read for the nothing I accomplished. To protect my own privacy, I have not linked any Discord, Matrix, or forum conversations I did. Needless to the say, many of my questions went unanswered or I was talked down to. I used burner accounts to simulate the experience most people would experience and did not wish to be given special treatment.

• One of the first Google searches I got for using Caddy and Cloudflare. When this article was originally written, it was probably fine. Since then, Caddy has made major changes to prevent most of the instructions from working. Not only that, but the “easiest” advice is to use a self-signed certificate (which did not work) or upload some root certificate nonsense (which also did not work).
• This YouTube video by @beamnetworks1 on nginx and Cloudflare HTTPS certificates at 7:27, except this is a self-signed certificate and does not work anyway. I got nothing but 502 errors and rejections because it wasn’t using an auto-generated HTTPS certificate. Give up all this origin server junk.
• A Reddit thread from r/selfhosted (Onion Link) about Traefik’s documentation. Many users have complained about poorly written documentation (yes!) and why you should give up and just use Caddy. This led down another rabbithole about nginx proxy manager and information about it was much more limited and it did not bypass the Docker problem either.
• A blog post about native installations of Caddy. The problem with this guide is it focuses on using native distribution packages and doesn’t discuss containers at all.
• A incredibly long GitHub guide to use Caddy
• Podlet, a script to create container startup files AKA Quadlets for Podman containers
• A sample podlet from the Universal Blue forums
• A forum post about Traefik and Podman. Basically, this guy was just told to RTFM politely and make a Quadlet, so see above. They weren’t even directed to the correct variables for their Quadlet. Icing on the cake, the issue was auto-closed by the moderation bot and nobody has asked this question since. What great help.
• Cloudflare’s root certificate, which buried in developer documentation and not available to download from the dashboard. To make this worse, this is the first thing you are presented when you look up how to do basic reverse proxy stuff and might as well be worthless.
• While I was editing this video and working on future content, I found an article on Fedora Magazine about podman auto-update, which is functionally similar to what Podlet is. At least it appears to be, I haven’t had time to test it.

The following were shared with me because of my influence.

• A guide by Daniel Melzak for making a Caddy Dockerfile. My personal Dockerfile does not do the Hugo building, as that already occurs on my personal computer. This is also missing the Cloudflare integration and update management.
• TechnoTim’s video Traefik 3 and FREE Wildcard Certificates with Docker

Video References

• Google I/O ‘25 Keynote
• Niccolò Ve’s video: “Open Source Infrastructure has an AI problem” (YouTube Link)
• Microsoft Build Day 1 Keynote. This version is edited to remove protesters who interrupted the beginning of the presentation.

Track Listing

• Kei Morimoto - Utopia
• gooset - Recharging
• Sonic Mania - Metallic Madness Zone Act 1
• Sonic Mania - Metallic Madness Zone Act 2
• Outro: Khaim - Neon Lamp

Recently, the Linux community is making me very disappointed. It’s not because someone in Fedora decided to remove 32-bit libraries. It’s not because of my precious Wayland and freedesktop.org standards being stalled. But hang on, isn’t all of this just Linux drama? What impact does all of this have on me? Before we get into that, I want to analyze the anatomy of drama within Linux and open source communities.

The Right Target Audience

Before we address any particular juicy drama, let’s break down an important part of covering a story on the internet. I strongly prefer first party sources whenever possible. Reading is easy, but interpreting information isn’t, because interpretation is what we, as users, act upon this information.

Example of Following a News Trail

• You watch a clip from the WAN Show that mentions a lawsuit with Anthropic and Facebook involving copyright. Since Linus and his team don’t cite sources or show the articles they are reading, just trust them bro.
• You don’t trust them and use a search engine to find the article they are reading.
• The search takes you to a LA Times article by Lauren Harvey, which mentions the aforementioned court case with a link.
• The original document is from Publishers’ Weekly, who uploaded the full court case.

This is why I hate reading news.

How I Read Linux News

For example, let’s say we’re covering a new release of software like OBS Studio’s (as of time of writing) recent 31.0.4 hotfix release.

• Simply analyzing the patch notes is far too overwhelming unless you know what to look for, but it’s helpful for those who are actively developing projects around OBS.
• We could analyze the end product by opening OBS prior to the update, but it looks visually similar to the last release.

Jordan has also published a companion blog post: “X11 Session Removal FAQ”

Follow Jordan

Jordan works at Centricular and helps develop GStreamer. He is currently a release manager for Flatpak, GNOME OS, and other projects related to the GNOME Foundation. Jordan assists GNOME with building CI pipelines and organizing GNOME’s versions with major Linux distributions. He currently resides in Greece.

• GNOME Blog
• GNOME Blog RSS

Referenced

• Jordan’s breakdown of (now former) Fedora’s Project Leader, Matthew Miller’s, inaccuracies about Flatpak
• GNOME Podcasts, Jordan’s first Linux application.
• GNOME Builder is a development tool for working GNOME tools like GTK, GLib, dconf, and other APIs.
• GNOME OS is GNOME’s flagship way to use and test the most recent releases of GNOME.
• openSUSE Aeon Desktop. Currently in Release Candidate stage, not for daily use.
• The Washington Post’s Joseph Menn’s article: “Apple yanks encrypted storage in U.K. instead of allowing backdoor access” (Soft paywall)
• Jordan’s talk from Linux App Summit 2025: Flathub: A paradigm shift for distributing applications
• Matthias Clasen’s call for fixing GNOME’s documentation
• GNOME’s help application yelp
• Amazon Web Services (AWS) became a GNOME Infrastructure Partner
• Signal’s president Meredith Whittaker and dev lead Joshua Lund’s blog post: “Privacy is priceless, Signal is expensive”
• After leaving WhatsApp and selling it to Facebook, the Signal Foundation was created by Brian Acton, who invested $50M into Signal.
• Android Authority’s C. Scott Brown: “Own an Android phone? You might be 30% less likely to get a match on dating apps”
• Brodie Robertson’s Tech Over Tea interview with KDE’s Nate Graham at 1:21:06 and how KDE’s telemetry is not very useful.
• Richard Brown’s talk at FOSDEM 2025: “FDE is almost there, how do we tackle the last hurdles?”, licensed under Creative Commons Attribution
• Igalia is a Spanish consultancy that has dedicated time to working on GNOME’s screen reader (orca).
• Jordan’s Blog Post: “An update on the X11 GNOME Session Removal”
• Jean Baptiste Lallement’s (jibel) Ubuntu Discourse post: “Ubuntu 25.10 drops support for GNOME on Xorg”
• The infamous GitLab issue that created conspiracies about GNOME sabotaging Ubuntu
• The Register’s Simon Sharwood: “Linus Torvalds goes back to a mechanical keyboard after making too many typos”

Video Intro

Warning: the following articles and videos either miss context of the original developer discussions or could spread incorrect assumptions about interactions between GNOME and Ubuntu developers.

• OMG! Ubuntu’s Joey Sneddon: Ubuntu 25.10 Drops Support for Using GNOME on Xorg/X11
• The Register’s Liam Proven: Ubuntu 25.10 and Fedora 43 to drop X11 in GNOME editions
• Brodie Robertson: Ubuntu Linux And The GNOME Wayland Problem
• Michael Tunnell: ⧸e⧸OS 3.0, GNOME Dropping X11, Alpine Linux, Ubuntu wants a Rusty Sudo, & more Linux news

Track Listing

• Intro: Khaim - Maybe
• Outro: Khaim - Neon Lamp

Bonus Content:

Patrons and YouTube Members get access to Jordan and Winward nerding out over Apple products for half an hour.

Donate

References

• Original Video (YouTube)
• Introducing iPhone 16e - February 19, 2025
• Apple’s Scary Fast Event - October 30, 2024
• Apple’s Let Loose Event - May 7, 2024
• President Donald Trump introduces Trump Tariffs chart - Fox 5 DC

I complain all the time about Windows and Linux users. If I had money, I’d complain about Apple more frequently! Today, there’s a breed of computer user that gets me more than the Windows stans, Apple fanboys, or Linux losers–self-hosters.

Now hold your horses! I’m not against self-hosting, I self-host my own website using a VPS! But what I know for a fact is the way I configured my website is utterly wrong and most guides you will find online are outdated or outright wrong. What’s more is I can’t get basic 404 pages up and running without finding a way to pipe Cloudflare certificates into my server let alone a Docker container or configuring database storage outside of it if I wanted to export my data!

Enough ranting. Before you actually start start hosting anything, you need a website name. Barring home labs and social media, if you want presence on the internet, you need to have a domain name. A domain name is a shortcut to an IP address. Most people aren’t typing out IP addresses by hand and instead type something like trafotin.com. The URL is binded to your IP address when you setup a web server.

What Makes a Good Domain Name?

This brings up the importance of a good domain name. If you are planning on self-hosting and depending on what you want to do, be very cautious of the domain that you wind up buying.

Domain names are broken up into multiple parts. In this example, let’s look at example.trafotin.com.

• My domain is trafotin, which is anything between the last dots in a URL (yes, there can be more than 2 dots!)
• My top-level domain (TLD) is .com, which is one of the most common top-level domain. Other examples include .net, .org, or country specific alternatives like .co.jp.
• Some websites, especially if you plan on self-hosting, use subdomains like example in the above. For example, Gmail is a different service from Google Search, so Google uses the subdomain mail.google.com.

How to Pick a Domain Name

Now before you go out and buy a domain name, there’s a bunch of other catches. When you buy a domain name, especially if you are going to be sharing it with people for ease of sharing it or because you want to publish a public website, you want this to be short and memorable.

Dictionary Words & 6 Character Domains

Be wary with domains that are a single dictionary word or less than 6 characers. The estimated price at many of the domain registrars sold for upwards of $15,000 USD minimum and sometimes much higher at hundreds of thousands of dollars. You don’t need to spend remotely near this much money, but it’s something to be aware of. Many domains less than 6 characters or single dictionary words have been taken or it is unlikely you will get them due to price.

Avoid Cheap TLDs

The other thing to be wary of is to not buy domains that are too cheap, especially if you planning on making a public website or using it for communication services like email. Very cheap TLDs like .xyz or .info are often instantly blocked by Gmail/other email services or banks. For example, malware distributors have taken to using the TLD .us to distribute malware. Usually the tell is these domains are around $1 a year to use.

• The Perils of an .xyz Domain, Gordon Hempton
• These are the top-level domains threat actors like the most | Bill Toulas, Bleeping Computer

Unfortunately, these domains are given a low reputation by malware scanning services because scammers often buy these domains because of their price and use them for nefarious purposes. The same is true with the popular domains too, but the price barrier keeps the riff raff out. If you are using this purely for personal purposes, this won’t matter unless you share links with people.

Cultural Double Meaning

Lastly, be aware of the “double meaning” of certain TLDs. It’s commonly accepted .gov is commonly associated with government websites, but there are also some more obscure TLDs for specific purposes. People know about websites like twitch.tv, but .tv is also the top level domain of the country Tuvalu. Similarly, you can buy wacky domains like .social for social media, but also be warned with even more implied meaning with domains like .gay as this could have the connotation of adult content or be difficult to direct other people to because of the familiarity with traditional TLDs. Just be cognizant of what domain you want and any unintended interpretations.

WHOIS Privacy Planning

Now that you have a domain that you want to buy in mind, you now have to go buy it. These are where the problems begin and it’s largely to protect your privacy and your sanity. What many people don’t talk about is WHOIS privacy.

WHOIS is a public record of internet users and website operators. When you register for a website, an physical address and email of the recipient must be made publicly available.

The other thing to be aware of is privacy when purchasing a domain name. When you buy a domain name, you will need to submit a real email address you control. Do not submit a temporary email as you will need full access to this burner email to prove you are you. You should. Also be prepared that this email is going to be permanently associated with your domain forever. This also is accounting for the phone number requirements of some cloud or VPS providers.

Addressing Concerns

The worst part is your address and unfortunately, accidents happen. The reason to consider protecting your address is the risk of your registrar getting compromised. Years ago, Linux YouTuber Luke Smith promoted Epik, a far right registrar that was eventually hacked and leaked information of its users. This hack also included WHOIS information, which included the addresses provided by Epik’s users as well as other publicly available WHOIS information from other providers too. While what happened to Epik is rare, the threat is always there for registrars and scrapers other than Epik too (Luke also backpedalled, but his response was awful).

The reason why the burner address is so important is to protect your email in the event of spam, but how does someone protect their address? The first alternative is using a commercial/municipal mailbox. Depending on where you live, you can pay for secondary mailing address, either through a commercial company or through the government/municipality for a fee. However, because my brain too cooked, I chose to do something different.

Every year, my family piles into a car and we travel to a different part of the United States than where I live on vacation. When I first registered my domain name, we went on our yearly vacation, so I created my account and bought trafotin.com using hotel internet and provided the address of the hotel we were staying at, which at the time was my place of residence. Many of these services also won’t block hotel addresses because the growing use of hotels as affordable housing. Coincidentally, your registrar will frequently ask you to update your address every year, so even though I’m not buying domains anymore, I use this vacation as my opportunity to update the WHOIS information with the new hotel of that year. If they ask you for a phone number, you can use a fax machine in the hotel business center.

Also, pay attention to what I did here. We can’t just provide junk information as this can result in your account being suspended or someone living at the provided address accusing you of fraud. If you are also honest with the process, you can always keep track of this while protecting your information. I believe this is as close to providing real accurate information that would appease a lawyer while safeguarding your own. The most important is to never lie; we don’t want to break the law. The internet police won’t come after you, but we need to be good patrons of these services and respect ICANN.

Provider Concerns

So you’ve picked out a domains and got your addressing in order, the last and persistent threat you need to worry about is the registrar you buy your domain name from. More importantly, you need to pick a registrar that respects your privacy, your security, and your wallet.

The first thing is to analyze the worst kind of domain providers: the best example being GoDaddy. Until 2022, GoDaddy paywalled WHOIS privacy behind an additional fee, so in the past, if you failed to pay, have fun getting doxxed for a feature other registrars give you for free. They also offered managed hosting that was also hacked because of bad security practices. Finally, GoDaddy also charges way more than their competition and provide substantially worse support. Their support has also been exploited numerous times and had unauthorized domain transfers. If you engage with support like I have, they demand your turn off 2FA while they work on your account, which is monumentally stupid on many levels.

For the record, I have a domain name of what most people perceive as nonsense consisting of 8 characters. Getting 8 character, easy to type domain, and a .com TLD is already a struggle, but thankfully, I only pay $15 a year, but my last registrar Namecheap always jacked up my rates every year, even after their initial 2 year discount. Namecheap also participates in the same sleezy hosting and auctioneering tactics that GoDaddy does, but I moved away awhile ago.

The domain provider I eventually settled on was Cloudflare. Now I know a lot of Linux losers will criticize me for picking Cloudflare, but the fact of the matter is they are one of the few domain providers who actually try to protect the privacy and security of their customers with strong defaults. The only other I could think of otherwise is Google and they definitely don’t respect your privacy and sold off their domain service to Squarespace.

Cloudflare isn’t much better, controlling a sizable chunk of the global internet traffic and doing non-standard proxy stuff in the DNS settings. However, I don’t have a better option and they have remained true to their promise of not overcharging by not offering shady domain auctioning like many of the other registrars do. Furthermore, you don’t have to the convoluted dance you previously did where you buy a domain from another service (in my case Namecheap), then immediately transfer it to Cloudflare. I did that and it’s awful, but thankfully, you don’t need to do this anymore.

Lock It In

Finally, once you have picked your domain provider and registrar, you need to be prepared to own and pay for it for the rest of your life. Theoretically, let’s say I quit YouTube and shut down all of my online activities (that you know about anyway). If I did, I would have to still pay for my domains. Unfortunately, there’s a popular industry of people who buy up domains the moment they are put up for sale. After buying them, one of two things happens:

1. The new owner resells the domain in an attempt to make profit.
2. The new owner keep the domain and use it for something else.

Now the latter is the most problematic as the new owner may have beliefs don’t align with your own. The most egregious of the potential scenarios is your website is bought out and used distribute malware or scam people. If you are like me and owned a domain name for multiple years, your domain has built up years worth of reputation, fulfilling what it was originally doing on the internet. Just know unless you know the consequences of selling a domain, you’re going to be paying for it from now until the end of time. Set up automatic payments and know it’s another reason why it’s so important to pick a good domain registrar.

Your Domain is an Asset

After going over all the steps from picking a domain, maintaining your privacy owning one, and the choice of registrar, it’s a process that requires a lot of thought and can feel like a marathon. The core takeaway of this process is there’s the exclusion of anything “non-technical.” Nobody will tell you the gambling related consequences of owning a .bet TLD. Not many people will go through the lengths I did to visit a hotel to comply with ICANN and protect my own information. I recommend doing it this way because the risks are real.

Owning a domain is a great step to giving your self a digital identity, but it’s also a big responsibility. If you are prepared to go through these steps and be proactive about it, you can go back to self-hosting Nextcloud or the content that puts you on the map. I chose the domain I did because it’s not just a flex, it’s an asset that points to my content and I will protect it accordingly. The last cautionary tale is not to go and replicate what I did. See if it works for you, but don’t let someone else tell you what to online, especially a cartoon character.

Video References:

• Luke Smith’s video: Setting up a Website and Email Server in One Sitting (Internet Landchad)

Track Listing

• Kei Morimoto - More Beautiful Than Diamonds (ダイヤモンドより美しく)
• Minobe Yutaka (蓑部雄崇) - Iliaster Battle Mode ( イリアステルバトルモード ) from Yu-Gi-Oh! 5Ds (遊☆戯☆王5D’s（ファイブディーズ）) Sound Duel III Disk 1
• Nanaki Amano (天野 七祈) - A Little Fun (ちょっと楽しい)
• KK - Oya oya (おやおや)
• BGmer - Garden Party (ガーデンパーティー)
• Ann Paris - Timeless
• Outro: Khaim - Neon Lamp

References

During all 3 keynotes, protesters claiming to be former Microsoft workers shouted at speakers. I watched the unedited Day 1 keynote with Winward as well as the unedited Day 2 keynote by myself. For the purposes of the video, I combined the keynote video with audio provided by the protesters for clarity.

The Microsoft Developer YouTube account later unlisted the YouTube versions around 11am EST on Tuesday, May 20th. After, Microsoft uploaded edited keynotes to the YouTube channel and the Microsoft Build sessions page.

According to The Verge’s Tom Warren, the Day 3 keynote was also interrupted by a protester, which inadvertently led to a presenter leaking private sales conversations about Walmart. This deal was not private as it was disclosed publicly during the Day 1 keynote. These protesters have the most credibility, claiming something would happen within 2 days from Wednesday, as Israel launched air strikes against Gaza on Friday, confirming their claims.

• Unedited Day 1 Keynote. The protesters start speaking at 3:52.
• Edited Day 1 Keynote. The audio track with the room noise and the protestors was removed.
• No Azure For Apartheid’s protests by Joe Lopez, the first protestor on Day 1. (TikTok, X (formerly Twitter))
• No Azure For Apartheid’s protests by a woman only identified as a “former Google worker,” the second protestor on Day 1. (Instagram, TikTok, X (formerly Twitter))
• Microsoft’s 50th Anniversary Panel with Satya Nadella, Bill Gates, and Steve Ballmer.
• According to Paul Thurrott and Richard Campbell at 2:58, 2 more protestors attempted to rush both the left and right aisles when Lopez and the former Google worker were speaking. They were swiftly stopped by security and their shouting can be heard faintly in the original broadcast.
• Unedited Day 2 Keynote. The protests start at 1:00:43. Shortly into the protestor’s speech, Jay Parikh stopped talking because the protestor was close to the front of the stage and the mics were muted.
• Edited Day 2 Keynote. The section where the video is changed is around 1:00:56, which occured seconds later after the protestor was escorted out of the venue.
• No Azure For Apartheid’s protests by a “Palestinian tech worker” and others on Day 2 (TikTok, X (formerly Twitter)).
• The Verge’s Tom Warren’s article “Microsoft employee disrupts Satya Nadella’s keynote with ‘Free Palestine’ protest” The photo used by The Verge is by Agence France-Presse’s Jason Redmond via Getty Images
• xkcd 1597: Git
• “Elon Musk is Lying About Being Good at Video Games” by @Quin69TV
• “Elon Musk Ignites Online Speculation Over the Meaning of a Hand Gesture” - Ryan Mac, NY Times
• “Tesla Cybertruck event in 5 minutes” by The Verge. The original event was removed.
• Elon carries sink into Twitter HQ
• Meta Connect 2024
• Jeff Bezos Interview with AFA President Gen. Larry Spencer, Ret.
• Mark Zuckerberg testifies on Capitol Hill (full Senate hearing) - The Washington Post
• Amnesty International’s report: “Myanmar: The social atrocity: Meta and the right to remedy for the Rohingya”. The cover photo is by Tamara-Jade Kaz and the photo is by Ahmer Khan.
• Facebook CEO responds to flap over Kauai land suits, Hawaii News Now
• Mark Zuckerberg’s 2017 Puerto Rico VR Safari (Reupload)
• National Enquirer photo is by Patricia Wall of The New York Times.

References

• Original Event: The Android Show: I⧸O Edition
• Original Event: The Android Show： I⧸O Edition ｜ Device Showcase ｜ Xiaomi
• Original Event: The Android Show: I⧸O Edition ｜ Device Showcase ｜ Pixel
• Original Event: The Android Show: I⧸O Edition ｜ Device Showcase ｜ Samsung
• Original Event: Official Replay ｜ Galaxy S25 Edge： Beyond slim ｜ Samsung I didn’t even know this event happened and do not have the original, but it is entirely pre-recorded.
• Original Event: Google I/O ‘25 Keynote
• The infamous Google AI search goof: Put glue on your pizza to keep the cheese from falling off
• A rock a day keeps the doctor away, u/Darth_Vaper883 (Onion Link)
• The song used by both Google and Microsoft is “Fabulous” by C.U.T..
• The event where Microsoft used “Fabulous” is Microsoft’s Copilot Consumer event of 2023.

I recently made a video about making an unattended Windows installer and got flooded with a ton of comments of people asking to switch to Linux or pleading with others to switch to Linux. I’ve wanted to analyze the problems of this for a long time, but more on the biggest issue people have with using Linux.

While the discussion of installation comes up, I don’t think installation is the biggest blocker for people. If people are installing Linux, they are already willing to make a concerted effort to escape Windows. Instead, the problem lies in the experience, not in the applications being bad, but just getting all of your ducks in a row when you first get started.

Today, I want to take a critical examination of the mindset of the people online who beg people to use Linux. I’m avoiding the common arguments like not having the applications you need or hardware issues–this is about the people problem of Linux. Is it standardization? Is it toxicity? You better keep on watching (or reading)!

Installing Is “Fine”

When discussion of Linux comes up, the installation experience is brought up every time. I’d be lying to you if it was straight forward–it’s not. For a lot of people, it’s buying a USB stick, downloading the Raspberry Pi Imager, then flashing your chosen distro to an ISO file.

When I have done this for other people, often times, I am the one supplying the USB stick, because most people don’t have one. They just store all their data in Google Drive or Dropbox, they don’t need a USB stick! On top of that, you have to pick a distro to use and whether that’s even right or not is something people who follow my channel know I have complained about ad nauseam. It doesn’t matter what you pick for our purposes, so I won’t beat that drum to death.

Trafotin’s non-exhaustive distro checklist:

• Must deliver updates when upstream does ASAP.
• Must have secure defaults (e.g. Secure Boot, Wayland)
• Must be run by corporation or community (not a single person)
• Must support some form of rollback (e.g. bootc, BTRFS, etc)
• Must be innovating upstream or changing desktop Linux.
• Must have critical developer mindshare (no BSD).
• Must withstand the wrath of non-technical people.
• Patches security issues within week of issue.
• Package manager must have rollback/redundancy
• Must respect privacy without configuration.
• Must support NVIDIA drivers (as good as they get anyway)
• Must run DaVinci Resolve else you couldn’t read this.

There’s Only So Much That Can Be Done

After finding the appropriate distribution or “distro,” you have to somehow wrangle your Linux ISO file into Raspberry Pi imager and install it to your USB stick. Then you need to backup your data, reboot your computer, then find the boot key to boot into your Linux USB. Now this sounds painful and it certainly is for people especially the first time, but this is actually the best this installation could possibly be.

Replacing the operating system your computer came with is a concerted effort, but it’s not that bad with a bit of knowledge, eve following the occasional YouTube tutorial. While mashing a random key when your computer boots up is pretty annoying, there’s nothing Linux or people who develop for applications for Linux can do. It’s not the best for those not in the know, but it’s the best it can be right now.

A similar comparison is installing a custom Android ROM like GrapheneOS to the Pixel device of choice. GrapheneOS has done virtually everything within their power to work with the constraints of the Android security model and buttons on their website to guide and automate the installation process.

That leaves the actual installation process which you’re bound to find plenty of guides about how to install something like Ubuntu. This is something that Linux app developers can do something about and I think it’s also in a good spot. It’s very clear what you need to and often times you are literally able to mash buttons and complete your installation with little issues. My only major gripe is of most major distributions is full-disk encryption is not recommended out of the box. It should be mandatory on all computers, but Windows/Mac are equally culpable in not enabling it by default too.

Installing Things is a Nightmare

Installing Linux might be a bit cumbersome, let’s get into the real problem–most people will not use Linux because it’s an experience problem. Once you’ve installed Linux and logged in for the first time, getting set up is almost always where problems start to crop up. First off, if you are an NVIDIA user (statistics claim 60% of all desktop computers), you might not even be able to login upon your next update!

Beyond that, it’s installing applications that’s a big problem. You could resort to the packages in your software store, but more than not, they can often break or block updates in the majority of distros (if they even work). You also have to hope that the distro that you chose hasn’t modified the program in a significant way or updates it in a timely fashion.

What’s more there are yearly updates and of all the people I’ve installed Linux on, none of them except one have succeeded in upgrading between major versions without my intervention. I’ve seen this happen on Ubuntu, Fedora, and openSUSE and this is unacceptable.

Even though Windows conceals it, people are still able to move between 24H01 to 24H02 with little issue (even Microsoft has to fumble for months). I’m sure part of this is rooted in the distrust Microsoft has created where people will assume updates break everything, but if you at the people who use things like Debian who stubbornly refuse to update, it’s an example of the fear of updates infecting even the Linux users.

A lot of people who consider themselves part of online Linux circles claim this is because of fragmentation. There’s too many solutions for the same problem. While this is partially true, there’s a reason that will resonate with people better–perfect is the enemy of good.

Many people want their packages to be perfect and we all settle for the same formats and solutions. The problem is many of those formats and solutions are often enumerating problems on top of not proliferating more opposing systems.

How do you download something like Audacity, the audio recorder I use? Well you go to their website and you download the AppImage they provide. The problem is AppImages are inherently broken and require out of date FUSE2 libraries that nobody uses anymore. How can I trust a package provided to me when the method of distribution is creating more problems than it intended to solve?

Things to ignore in online “Linux” circles:

• Extrapolating drama from project issue trackers
• Open source and free/libre software purity tests
• Involving or criticizing the Linux Foundation over desktop Linux
• Bickering over package formats
• “Why is <XYZ Linux thing> so corporate??”
• Controversy surrounding project governance
• “I switched to <XYZ> because…”
• RTFM, forced Googling, and ask your AI sessions
• Fighting over programming languages
• Licenses and people debating them
• Blogs and news outlets pandering to desktop Linux
• Messages based around fear and uncertainty

Linux “Users” Are Not Part of the Linux Community

Why can’t everyone agree on what to use? I think the problem is rooted in the chase over the unicorn of a new Linux user. The experience of desktop Linux is not very good when people have to tell people to Google a solution or read documentation. Desktop Linux will not succeed with a mainstream audience when many parts of it are one developer quitting away from going under.

Using Linux is like being a part of a food pantry. Everybody needs to eat and there’s lots of people who are hungry. There are people who go to get the food they need, but there’s also people who need to bring food to the food pantry so everyone can eat, clean the food pantry so its food that doesn’t go bad, or people to serve the food.

Today, Linux is only at the stage where there’s a lot of people who are hungry, but not enough people to perform the basic functions of developing software. Most distributions can’t even vet their packages or collapse because someone left. But food is still being put on the table and though people might complain, the minority take it the best they can.

What’s a bigger problem to me is the people who serve the food (the Linux users) in the Linux food pantry are too content. They want things to stay the way that it is because they like learning new things and people having the same magical experience they did. They scour the issues pages of projects for juicy gossip and tweak the presentation of the food, but it’s still the same old food the desktop Linux food pantry has been putting out for years.

Most of the people who work at the desktop Linux food pantry do not or have trouble empathizing with people. These are the same people who cosplay as developers when all they did was change some words in a settings file. I was there at one point in my life and I regret it deeply and apologize to everyone who has deal with this side of me. It’s also developers who often make applications just for themselves. Developers in the kitchen and the people being fed need empathy for each other.

Linux Doesn’t Need More Users

Unpopular opinion: Linux doesn’t need more users. Linux needs people who will make the experience better. Using Linux is not about customization or choice, just like using a food pantry isn’t about the flavors of food; it’s about the food or tool doing its job along with raising a community. Then and only then, can Linux call itself a platform for people to use.

There needs to be more people involved and I’m tired of people online pretending desktop Linux is fine. We’ve seen this over the last couple years and the contrast of behavior to people the “Linux community” has declared did something right and someone who “didn’t get it.” How about both people have valid experiences?

I’m a relatively busy person outside of YouTube and I fear for myself that my own attitude towards the “online Linux user” is getting too bitter. The “online Linux user” is not developers, it’s the people on Reddit showing off their Hyprland configuration. Great drinking game, guess what the comments are when you open a Reddit thread or a YouTube video about what the comments are going to be. That’s how much group think there is in the supposed Linux community and there’s cult-like behavior stopping change.

The real Linux community is the people running the food pantry. It’s not pretty, nor nice to listen to, nor interesting, but it’s the truth. If people are going to spend time complaining about “drama” or “did you hear X thing from this influencer did with Linux,” we have a problem. The only way for this to happen is to bring the money and development power to major desktop Linux projects. It’s time to stop wasting time on customization, packaging applications, or installing Linux. I’ve had enough and users: it’s time for you to actually help out around here.

Related post: Canonical’s Jon Seager announces Ubuntu will replace sudo with sudo-rs

Video References

In order of appearance.

• Katerina Koukiou’s presentation of the new Fedora installer, licensed under Creative Commons Attribution.
• Richard Brown’s FOSDEM 2023 talk: What could go wrong? Me, I was: Containerised Applications are the way, licensed under Creative Commons Attribution.
• Sebastian Wick’s Linux App Summit 2025 talk: The Future of Flatpak
• Aleix Pol Gonzalez, Felipe Borges, Sebastian Wick and Jordan Petridis’s Linux App Summit 2025 panel: The App Ecosystem and the Future of Desktop Linux Distributions
• Pewdiepie: I installed Linux (so should you)
• Matthias Clasen & Florian Leander Singer’s Linux App Summit 2025 talk: GTK apps on Android
• Akademy 2025: KDE e.V. Board - Report of the Board

Track Listing

• H☆ - Saturday morning
• Yosuke Matsuura (松浦洋介) - Midnight Chill Coffee
• noru (のる) - Warm Light, with You
• Outro: Khaim - Neon Lamp

We hear a lot about Windows and the push for always online, ever present Microsoft accounts. Every day, Microsoft is patching yet another thing that can get you an old-fashioned local account like on Mac or Linux. But why does everyone make a fuss about it? Why is Microsoft trying so hard to convince people to use Microsoft accounts?

Today, I want to examine what the benefits of a Microsoft accounts are, but also critically analyze some of the criticism that Microsoft gets from enthusiast users. Microsoft accounts aren’t all bad, but most people don’t get the same benefits by ignoring them. How can you reap similar benefits without Microsoft’s involvement? Should you even do so?

Why does Windows push Microsoft accounts?

Microsoft gets a ton of criticism from online communities and on social media about the efficacy of having a Microsoft account. Before we dive into that, it’s important to understand why Microsoft pushes accounts so hard and some of the benefits that having one can get you.

Firstly, Microsoft accounts are unified identities typically created by system administrators to control what employees or users do on company-owned devices. Windows comes with group policies which let admins control what people do with their computers and protect them from basic threats.

Read more about Microsoft accounts in Microsoft’s Learn documentation.

One great example is the role that Microsoft accounts play with the Windows encryption solution Bitlocker. Bitlocker utilizes TPM to ensure the encrypted computer wasn’t tamped with and protects the computer from theft. In this chain, Microsoft accounts store a recovery password to allow admins or user to move their data or unlock it in the event of an emergency. The recovery password is necessary so employees aren’t locked out of their computers.

There is no debate about how important full disk encryption is and Microsoft is not exactly innocent in keeping Bitlocker behind a paywall in the past. Solutions like Bitlocker block people who steal your computer and actually make that password you use for Windows something meaningful. The only time Bitlocker should be turned off is as an absolute last resort.

Something to remember is the majority of Windows users will capitulate and sign up for a Microsoft account, both because they are encouraged to do so and consumer-facing benefits like syncing settings and Xbox integration. I would venture to say less than 5% of global Windows users are clamoring for life without Microsoft accounts. IT admins use them, it has benefits to the average user, and provides recourse in the event they forget their password or cannot access their computer.

Why Microsoft Is Tough to Trust

Now that I’ve weeded out the haters, it’s time to complain about online accounts. The primary reasons to avoid using a Microsoft account come down to privacy concerns and how aggressive Microsoft is against making one.

First, Microsoft is one of the most privacy invasive companies in Big Tech. The data collection in Windows is so bad they have received fines from various governmental agencies for not properly preserving our privacy. What’s just as concerning is Microsoft has been guilty of violating users’ privacy with Windows in the past.

• European Commission’s use of Microsoft 365 infringes data protection law for EU institutions and bodies; European Data Protection Authority
• Microsoft flags over $400 mln charge for Irish privacy violation fine on LinkedIn; Reuters

The other major problem is Microsoft’s vested interest in collecting and using data, personal or otherwise. Ever wonder why Microsoft forces Bing into Windows Search? It’s because they profit heavily from even accidental clicks as it’s monetized traffic to Bing’s ad network. While Microsoft is far behind giants like Google and Facebook, they have been aggressively making partnerships with major online advertisers to expand their ad network with Netflix’s ad-supported tier, Criteo, and Taboola.

Another angle is the financial incentive Microsoft has to forcing people to create accounts. It’s a way to boost their user numbers, Bing searches, and advertising deals. That’s why Windows is littered with advertisements–to feed the corporate beast. But more importantly, locking in the business and enterprise users. Beyond Windows, Microsoft has leveraged their influence to get even the US government hooked through cybersecurity upgrades and assisting military technologies. Microsoft has also provided AI tools for military purposes in the case of Israel.

Microsoft’s earnings are very misleading as the total revenue from search in fiscal year 2024 is a made up category and leaves up to debate what “traffic acquisition costs” are.

Finally, Microsoft has been very aggressive towards those who rebel against their advice. Among the hostilities include watermarking unsupported Windows 11 installations and patching out various workarounds to using Windows 11 without an online account. If only a small percentage of users are doing this, why is Microsoft so concerned? If so, then maybe more people or businesses are abusing these exploits than we think.

Among the deceased include:

• Bypass Microsoft account requirement when setting up Windows 11 with internet by using a blocked Microsoft account
• Microsoft to officially provide bypass for setting up Home and Pro without internet connection [wishful]; u/aveyo Onion link
• Microsoft announces in a footnote that a PowerShell script, bypassnro.cmd, commonly used to bypass Microsoft account requirements is going to be removed.

As of time of writing, this can be bypassed by opening Command Prompt using Shift + F11 and entering the following:

start ms-cxh:localonly

With a company that makes billions of dollars, it’s inevitable there’s going to be some evil within Microsoft. But with workarounds, they are undesired by nature and they are not sustainable for internet denizens and IT professionals to use. Command prompt exploits of Windows 11 are helpful, they are workarounds at the end of the day. So instead, I propose a different strategy: we’re going to turn to a different feature of Windows and the way Microsoft intended.

Unattended Installations

Microsoft may block workarounds, but there’s one form of customer they’re much more careful with messing around with–the enterprise (most of the time anyway). Using a feature of a standard Windows USB, you can essentially put your Windows installation on auto-pilot while you can spend your time doing something else.

The benefit of unattended installations is you aren’t just bypassing the Microsoft account enforcement; you’re bypassing clicking anything in the installation altogether. Best of all and unlike the workarounds that you might see on social media, this is a fully documented process by Microsoft intended for IT departments. The documentation requires us to write our own autoUnattended.xml, but there’s a tool for that further down.

Creating an Installation Media

The first thing we need to do is create a Windows 11 installation USB drive. To do so, you use your Windows machine to build a USB drive using the Windows Media Creation Tool from Microsoft’s website. An alternative is to use Rufus, which employs its own customizations. If you want more customization beyond what Rufus does, you will need to write your own. Downloading either, just follow the on-screen instructions to wipe your USB drive of choice and turn it into a Windows stick.

Once you have your newly acquired Windows USB, the next step is to generate an autounattend.xml to put inside. It’s basically a file that dictates things to the Windows installer and does them during the Windows installation process.

In the IT world, this is often done to pre-download applications onto a fleet of identical computers. For our usecase, we can also use our autounattend.xml to remove preinstalled programs, handle Windows product keys, and bypass Windows account requirements.

Writing a XML file from scratch is not fun in the slightest, but there’s a website for this: Schneegans.de’s Unattended Generator. What is a schneegan? Apparently, it’s a snow goose.

Go to Schneegans and start configuring your install. It offers additional options as well that might interest you.

• Display language
• Bypassing Windows 11 requirements
• Install without internet (but only if you don’t have any)
• Computer name
• Wi-Fi Network (DO NOT DO THIS ONLINE, EDIT YOUR XML LATER)
• Windows product keys: Just pick something other than Home, due to the afforementioned paywalling of features.
• User accounts: admin vs user
• Debloating Windows by removing various preinstalled programs
• Building your own Powershell/Batch/CMD script

Enabling Bitlocker for Free

Now that we have our admin/user accounts under our control, we have to get into the joys of Bitlocker.

Windows Pro, Education, Enterprise

If you are a Windows Pro, Education, or Enterprise user, you can enable Bitlocker from Settings → System → About → Bitlocker → Turn on Bitlocker.

Next, you will be prompted to save your key to a file with 3 options: saving your recovery key to your Microsoft account, a file, or printing it out. Since we are avoiding Microsoft accounts, that leaves the last 2 options. I also recommend making a note in your password manager verbatim of the file Microsoft gave you. You can also upload it to cloud storage.

Home

If you are a Windows Home user (because you or a loved one cannot stand that activation watermark), you will not have access to this GUI and instead must resort to hackery. While Microsoft blocks you from accessing the GUI, you can still use a series of convoluted PowerShell commands to figure out what to do.

Most of what needs to be done needs to be done in Windows Terminal.

Preliminary Checks

First, you must identify your disks using the command

Get-Disk

This will list your disks and ensure it is partitioned as GPT. If you have repeatedly upgraded Windows, this could read MBR instead. If does not, have fun reinstalling Windows, rewind the video, or scroll back up.

Next, check if TPM is elligible for Windows 11 as is 2.0 or higher. After entering the command below, there will be a SpecVersion section in the output.

Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm

If you bypassed the Windows 11 requirements, this is your reminder, Windows doesn’t like that and could make your life more difficult in the future. Staying on Windows 10 is also not an option anymore. Either upgrade your computer, buy a Mac, or switch to Linux. If you are are a valid Windows 11 user, proceed below.

Bypassing the Paywall

First, boot Windows into advanced startup. Navigate to Settings → System → Recovery → Advanced startup → Restart now and confirm.

After your computer reboots, the Windows recovery screen will appear. Navigate to Troubleshoot → Advanced Options → Command Prompt. From here, enter the following command to turn Bitlocker on.

manage-bde -on c: -used

After, close Command Prompt and click “Continue” to boot back into Windows. Next, open Windows Terminal under your administrator account.

• Right-click on Start → Windows Terminal (Admin)
• In Start → Windows Terminal → RMB → Run as Administrator

Next enter the following command.

manage-bde c: -protectors -add -rp -tpm

This will produce your Bitlocker recovery key similar to the normal way. Write the password down, save it to your password manager, print it out, store it someplace safe like in a USB or cloud storage.

After you saved your recovery key, run the following to start the encryption process on your C:\ drive. You can also repeat the command, but change c: to the letter of another drive you exclusively use with Windows (e.g. d:).

manage-bde -protectors -enable c:

See Bitlocker’s Status

To verify if Bitlocker is working, run the command below. You can also repeatedly spam it if you want to see the progress of your data being encrypted.

manage-bde -status

Afterword

Once you have gotten your unattended install with your administrator and user accounts, bypassed the Microsoft account requirements, and enabled Bitlocker, you have essentially gotten the major benefits you would have gotten with a Microsoft account.

Now all that’s left is to remove the privacy invasive features and advertisements…

Video References

• Windows Central’s Zac Bowden shows the no@thankyou.com exploit is patched
• Introducing Your AI Companion; Microsoft, YouTube. Note this version is a reupload as a former Microsoft employee loudly protested and was escorted out of the venue around 14:40.
• What’s New in Windows Security, Productivity and Cloud; Microsoft Ignite 2024
• Shaping the future of work with AI; Microsoft Build 2023
• The 2021 Microsoft Windows Event
• Windows: Building what matters most for your business
• Windows Weekly 926: You’re Ugly When You Cry; Hosted by Leo Laporte, Paul Thurrott, Richard Campbell at 54:41

Track Listing:

• shimtone - Heartwarming (ほのぼの)
• gooset - Earth
• yuki - It’s A Bit Messy (ぐだぐだな感じ)
• Crepe (くれっぷ) - End of Summer (夏の終わりに)
• BGMer - Gear Melancholy (歯車の憂鬱)
• Outro: Khaim - Neon Lamp

In the next part of the Firefox saga, I’m going to cover one of the end game of Firefox, our raid boss being Mozilla itself. I’m a big fan of Firefox, but what really irritates me is the nagging little things Mozilla adds and turns on without my permission.

Bye Bye Mozilla! But Why?

Since the making of my last video, Mozilla has added a weather widget in the new tab page, more suggestions to ads/sponsors, and made everyone angry by consulting a lawyer for a legally-binding terms of service (this was pretty stupid and largely a non-story). I understand Mozilla needs to make money outside of being sponsored by Google (their “opposition”), but a consistent claim that you’ll find online is Mozilla has lost its way, needs to make Firefox the center of the company again, and build a “community.”

I want to give a more harsh reminder: Mozilla is not a privacy company; they are an investment firm that originally made a web browser. It’s a factory with thousands of employees folks! The community Mozilla fosters doesn’t involve end users (and honestly could do without entering a Mercurial server).

Ordering Mozilla to make Firefox a focus of the company again is the equivalent of ordering Microsoft to make Windows the focus of the company again. The reason I dislike Mozilla, but still use Firefox is until Mozilla makes some of their “anti-features” unchangable, there’s no reason to leave. We’re stuck with our current situation.

“But there are forks!” I hear some of you cry. The problem with many Firefox forks is they are poorly maintained, slow to deliver updates, or introduce problems in addition to the aforementioned problems of Firefox. This also goes without saying you need to trust your fork to keep up with all of these changes and they may not share the same sentiment to Mozilla as you. Many of them, if not all of them, are best avoided or replaced with browser extensions.

The road to configuring Firefox is pretty technical and requires frequent maintenance and if that isn’t for you, there are a few pre-configured options that work great. This is also your excuse to click off the video and use these instead.

• Mullvad Browser (for Windows, Mac, Linux)
• IronFox (for Android; on Accrescent and F-Droid)

The Arkenfox user.js

Now that the disclaimers are out of the way, how do we properly configure Firefox? The first step is understanding how Firefox’s administrative policies work. Firefox stores all of your settings in your Firefox profile, which is a folder that stores various settings to Firefox, your bookmarks, and data about the websites you visit. Where your profile is stored depends on what operating system you use, but it can also be found if you navigate to about:profiles and navigate to your current active profile. Finally, navigate to the “root directory” then click “Open Directory”.

Next, Firefox’s settings are stored in prefs.js, but you can’t and shouldn’t change this file at all, because Firefox is constantly touching it. Instead, we are going write a basic JavaScript file called a user.js containing all of the desired changes that we want.

While there are many Firefox configuration files, the most popular and consolidated user.js is the Arkenfox user.js. In addition to the normal Firefox user.js, you can write your own user-overrides.js to override Arkenfox’s configuration. That’s right, it’s an override of an override of your Firefox configuration!

No More Firefox Forks

The benefit of using the Arkenfox user.js is you get your Firefox configured the way you want off of the security-hardened Firefox base, then the user.js forcibly overrides any settings in Firefox, including incoming settings from undesired Mozilla features.

This is why most Firefox forks are obsolete because you are taking the initiative to fix Mozilla problems when they won’t. The major reason is you don’t have to trust any developers beyond Arkenfox, where many other Firefox-based browsers take their work from. in fact, many other Firefox clones use the same work done by Arkenfox, but often do not keep up with its updates.

The other thing for people who have watched my content previously is Mozilla has made many backend changes to the way data is cleaned in Firefox and Arkenfox has also taken previous feedback to heart and reenabled many features people expect. It’s so good that I never change anything, but I still included some preferential options for people who prefer to use Firefox a different way.

Downloading Arkenfox

The first thing to do visit the Arkenfox user.js GitHub and downloading the zip file containing the entire repository. Next, extract these files into the profile folder. After, you must run the scripts like prefsCleaner.bat (Windows) or prefsCleaner.sh (Mac/Linux).

To get your profile path in Firefox, navigate to about:profiles in the URL bar, then there will be a full list of your profiles. Navigate to your desired profile under “Root Directory” and “Open Directory.”

You can also open the terminal on your operating system and navigate to the path of your Firefox profile, which is cd <your profile path>

• Windows: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\<profile>
• Mac: ~/Library/Application Support/Firefox/Profiles/<profile>
• Linux: ~/.mozilla/firefox/profiles/<profile>
• Linux (Flatpak): ~/.var/app/org.mozilla.firefox/.mozilla/firefox/profiles/<profile>

Your user-overrides.js

So this is where I present to you my own user-overrides.js. I’ve included notes about what each option does as well as the corresponding action. Each command is enclosed in user_pref("...", "<value>");

There are three types of commands:

• Boolean (true/false)
• Number (a numeric value)
• String (anything, typically a URL)

Whatever is inside matches the corresponding option in your Firefox about:config. If you want to enable a specific feature, remove the // in the user-overrides.js from the desired tweak.

My user-overrides.js

My user-overrides.js can be found on my GitLab.

Common Options/Problems

With all of these changes being made, there’s bound to be troubleshooting. Now before you run away to another browser, you can always spin up about another Firefox profile and make different changes, so repeat the above steps for each Firefox profile you have.

Homepage

// 0=blank, 1=home, 2=last visited page, 3=resume previous session
// user_pref("browser.startup.page", 1);
//user_pref("browser.sessionstore.privacy_level", 0);
// change about:blank to any website (e.g. trafotin.com)
// user_pref("browser.startup.homepage", "https://trafotin.com");

By default, Arkenfox fully disables a homepage and new tab page. This is because Mozilla continues to include annoyances within the new tab page. Additionally, Arkenfox disables the internal service that saves your session when you close Firefox.

I added settings to re-enable these, but you can no longer change them in the menu and you must do so in your user-overrides.js.

Where’d My Browsing Data Go?

  // user_pref("browser.privatebrowsing.autostart", false);
//user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", false); // 2811 FF128-135
//user_pref("privacy.clearOnShutdown_v2.browsingHistoryAndDownloads", false); // 2812 FF136+

// optional to match when you use settings>Cookies and Site Data>Clear Data
  // user_pref("privacy.clearSiteData.historyFormDataAndDownloads", false); // 2820 FF128-135
  // user_pref("privacy.clearSiteData.browsingHistoryAndDownloads", false); // 2821 FF136+

// optional to match when you use Ctrl-Shift-Del (settings>History>Custom Settings>Clear History)
  // user_pref("privacy.clearHistory.historyFormDataAndDownloads", false); // 2830 FF128-135
  // user_pref("privacy.clearHistory.browsingHistoryAndDownloads", false); // 2831 FF136+

Related to browser session restore, Firefox has very robust data auto-deletion, which recently got an overhaul. This includes anything like cookies, browsing data, cache, everything.

Arkenfox includes this special recipe for those who want session restore or more control over the Firefox auto-deletion settings.

Unless you need session restore, it’s advised to not touch these and instead learn how to allow websites to store data.

1. Visit the desired website you login, usually a login page.
2. Press Ctrl + i (⌘ + i on Mac) to open that website’s settings. You can also click on the padlock, “Connection (not) secure”, then “More information.”
3. Navigate to permissions, then the box “Set cookies,” “Allow.”

This way, you can save logins and site data without touching your Arkenfox configuration, while still deleting all that pesky browser data.

Before you complain, this is much harder to do in Chromium-based browsers.

To RFP or No RFP?

If you’ve been using Arkenfox’s user.js before today, there’s one big configuration to cover–Firefox’s fingerprinting resistance or RFP (Resist FingerPrinting).

user_pref("privacy.resistFingerprinting", true);
user_pref("privacy.resistFingerprinting.letterboxing", true);
user_pref("webgl.disabled", true);
user_pref("privacy.spoof_english", 2);

In previous iterations of Arkenfox, this was enabled by default, but now it is disabled. The reason is if you need such an extreme level of protection, we already have Mullvad Browser for that, which still is the closest way to get to being the Tor Browser without being the Tor Browser.

If you have previously watched my other video about Firefox, I strongly recommend updating and removing any changes related to RFP.

New Tab

user_pref("browser.newtabpage.enabled", true);

Arkenfox disables the new tab page, as it is a common vector for Mozilla to deploy experiments and unwanted links on you. I have encountered some folks in the wild who prefer this, so you can reenable it, but be warned you might need to deal with some Mozilla stuff you might not have signed up for.

Search Engine Suggestions

user_pref("browser.search.suggest.enabled", true);
user_pref("browser.urlbar.suggest.searches", true);

Some people still prefer to have their URL bar be their search engine. Setting these options brings the predictive search back.

Disk Caching

user_pref("browser.cache.disk.enable", true);

By default, Arkenfox disables disk caching, which can improve performance. I have never enabled this because I could not notice a speed difference, but I included it for the performance freaks.

Running & Updating

When you are done with your user-overrides.js, it’s time to put it into practice by installing it.

First, close Firefox and you will be modifying all the configurations in bulk using the terminal. Arkenfox can change over 5000 settings of totally random things in Firefox.

Using the terminal in your <profile> folder, run the scripts in order by typing ./ then the script. You can also drag/drop files into your terminal to run them:

1. prefsCleaner.sh: Follow the on-screen instructions by typing the number (1 to start), followed by a Enter.
2. updater.sh: This will make a backup of your previous Firefox configuration (not your user-overrides.js), update your user.js, tweak it with your user-overrides.js, then you should be good to go.

Post-Install

Arkenfox disables all telemetry out of the box and while Pocket is a web-based service, capturing the network traffic shows Pocket never attempts to phone home, except when you interact with it of course. Any other changes are purely cosmetic or preference.

• Google is still the default as there is no about:config settings for it. You may change it to be whatever you want.
• You may also customize your tab bar or vertical tabs as these are independent of Arkenfox.

Updating

You must also return to this folder and run these scripts when Firefox or Arkenfox receives a new release. Make a shortcut on your desktop (or somewhere else) to this folder so you can come back and run the scripts.

If you use multiple Firefox profiles, this process will need to be repeated on all of your profiles. I use a shell script to execute all of the scripts in sequence.

The best way to track updates is to subscribe to the Arkenfox GitHub RSS feed. This is because Mozilla doesn’t have a RSS feed for stable Firefox updates, only the Nightly (Alpha) releases. Instead, you must subscribe to their email newsletter.

To subscribe to Arkenfox’s RSS feed, add the following to your RSS feed reader.

https://github.com/arkenfox/user.js/releases.atom

Video Credits

• CNBC Video: Mozilla Foundation president talk AI integration on Firefox and Google’s antitrust ruling

Track Listing

• KK - Sunday-afternoon (日曜の午後)
• crepe (くれっぷ) - Fairy Lullaby (妖精の子守歌)
• KK - Lazy Club Activities (だらだら部活動)
• yuhei komatsu - COLOR
• KK - Ordinary Landscape (いつもの風景)
• yuhei komatsu - Holiday
• Nakagawa Koutarou (幸太郎中川) - Shiunin Sora’s Theme (紫雲院素良のテーマ) from Yu-Gi-Oh! ARC-V (遊☆戯☆王 ＡＲＣ－Ⅴ )
• Outro: Khaim - Neon Lamp

Generative AI has been a big part of tech over the past 2 years, everything from the latest AI nonsense OpenAI has cooked up to new competition from DeepSeek’s R1. Let me make a different proposal to what you might here from a lot of more traditional tech users–we need all the AI. And I mean all the AI. I’m not talking about stuff like Claude or Perplexity, it’s all about local models. Here’s why you need to have local AI models that serve your needs and some examples you can use it to augment the work that you do.

The AI That Respects You Is Open

Generative AI can be a powerful tool, but there’s more to consider than just capability. For years, companies like Google and Facebook now utilize their own versions of generative AI, but they also leverage their platforms to further advantage themselves.

A big problem with a lot of generative AI tools is many of them are developed in secret and we have very little knowledge of what kind of information they were trained on beyond “publicly available information.”

Tweet from vx-underground: Kadrey v. Meta shows Facebook has been using pirated books to train their AI models.

What’s more is as AI because more prevalent, people begin to expose their most sensitive selves when they may not have intended. Many of the major players of generative AI either have a vested interest in selling personal information (Google, Facebook, Microsoft, etc) or parlay other surveillance giants/governments (ChatGPT, Claude, DeepSeek, etc).

What’s more, large language models like ChatGPT and Perplexity are only available in the cloud and have significant environmental impact (swept under the rug of course). While AI companies are quick to release research papers about their AI, reviewing sources of said papers reveals that these papers are often pushed out with inaccurate sources and references to boost their credibility and bypass academic peer review.

Owning Offline AI

That being said, I’m going to be up front and admit I’m not a moralist nor an accelerationist. The cat has been out of the bag and at this point as many of these tools are freely available, you should use them where you think they will work.

There’s a cultural problem endemic to tech enthusiasts: either you are an accelerationist who relies so much on AI and fail to admit its shortcomings or the doomer who will shout from high heavens at every mistake and copyright violation.

Read Ethan Zuckerman’s article: “Two warring visions of AI”

Owning your AI is the solution to this problem. Even if someone from your government threatens to ban the app, open source will find a way. Even if your model is censored by its makers, open source will find a way. Any law banning/regulating AI only punishes the law abiding citizens and the nefarious netizens will continue to develop in secret. It’s too late to put the genie back in the bottle, so you might as well make the best of the situation.

When you use offline AI, it’s just you and the AI. There’s total privacy as it all happens on your device. You can give the AI greater access to your data because you’re operating in 1 system. The best part is integrations with stuff that’s already on your operating system–you can write scripts and find ways to bring it into the work you do every day.

The Weakness of Offline AI

Before we get started, there are some drawbacks. While models like DeepSeek have shaken the industry up, the cloud-based models are still better in terms of performance and quality of results. The tradeoff is you giving your data of course.

There’s always pushback from people online that AI is a bubble, generates garbage slop that ruins the internet, and is making people lazier. All of those things are true, but the inverse is true as well. AI is being used to propagate knowledge and provide new forms of accessibility.

Blanket statements for and against AI do not accomplish anything, but a real tangible problem AI has is a usecase for the individual outside of academia and the workplace. Want to get some code quickly written? Need to proofread a document? Want an answer to your math homework? AI has you covered, but otherwise, there’s no reason to use AI at all.

Steep Hardware Requirements

Before you get excited about offline large language models, you should be aware of the hardware required to run many of these models. I have a high-end NVIDIA card and running some AI is no problem, but it’s incredibly power intensive and largely favors NVIDIA hardware.

There’s also a major concern for storage requirements. While you can get some memory efficient models, they often don’t perform as well as their highly tokenized counterparts. DeepSeek may advertise itself as a offline ChatGPT, but what they don’t tell you is they require over 400 GB of storage to operate in addition to steep GPU requirements.

This is a Developing Story

The last thing to be aware of is AI is rapidly changing and advancements are being made all the time. Things you hear from me will likely be outdated within a year. And for those of you who are still skeptical, if you don’t support open source AI, you are allowing proprietary companies like OpenAI, Claude, and Perplexity to dominate conversation.

If you are interested my other thoughts about AI, I wrote about it last year. All this being said, if you want to support open source software, we need to welcome and use open source AI.

Ollama

Now we get into tooling and there’s plenty of options available for you, but the most popular is a program called Ollama, It pulls models from some of the big contributors to open source AI, and provides a nice command line front-end.

Now this is where the complications come in, because Ollama is installed differently depending on which operating system you use. On Windows/Mac, there’s tray icon support. On Linux, the key differences is you don’t get a tray icon. If you prefer a normal graphical Linux frontend, try Jeff Samuel’s (AKA Jeffser) Alpaca, which automates the installation through Flatpak and then you can pick and choose what models you want. Alpaca also makes it easy to manage previous chats and upload documents.

If you are using Linux (or Windows) and are interested in more work with Ollama from the command-line or with custom server commands, you can try running the official Docker container.

For example, I use the Ollama Docker image in a Distrobox with access to my NVIDIA card. Then I export the Ollama binary to my host system. Whether you are running Windows, Mac, or Linux, you will need to run the Ollama server on your device to make your AI chat work (even if you use Alpaca).

distrobox create -i ollama/ollama -n ollama --nvidia
distrobox enter ollama -- distrobox-export -b /usr/bin/ollama

If you choose the Docker container route, you will need to periodically update the container image. Because of Docker’s nature, it’s also prudent to subscribe to Ollama’s GitHub RSS to get update notifications. You can also configure a Podman Quadlet or systemd job to auto-update Ollama for you.

docker pull docker.io/ollama/ollama

From here, I can run the Ollama server,

ollama serve

Then in a new tab/window, launch the Ollama client.

# List available models
ollama list
# Install a new models
ollama pull gemma2
# Run a model, install if not available
ollama run deepseek-r1
# Remove a model
ollama rm llama3.2-vision

What Would I Use AI For??

This begs the question: I store video games and family photos on my computer; I have limited space on my computer. How can I make the best use of my storage and what AI models should I use?

I want to break this up into a few categories, then some blanket recommendations. Especially with the general purpose ones, this can be consolidated, so don’t go downloading all of them, just pick and choose what you are comfortable with.

• Real world answers: This is where you ask questions that you would normally ask a search engine. The benefit of this is you don’t involve a third party service and it’s all done on your device. Downside is you might need to fact check because AI is not perfect. These are the big AI models most associate with: Facebook’s Llama, Google’s Gemma, and DeepSeek.
• Image description: This is very useful for alt-text or those with visual impairments, but very prone to error, so be prepared to edit responses. The best as of writing is Facebook’s Llama with is special vision models.
• Mathematics: Models like Phi3.5+ and Qwen excel in solving advanced algebra and calculus when most general models fail. The best way to word your prompts is like word problems. An example is “Jack and Joe leave their homes at the same time and drive towards each other. Jack drives at 60 mph, while Joe drives at 30 mph. They pass each other in 10 minutes. How far apart were Jack and Joe when they started?”
• Coding: If you are a programmer or server maintainer, AI can save you the headache of trying to search forums and documentation. Results may vary, so don’t blindly ship the code, but test it. It’s also a great way to experience programming languages you don’t know or may otherwise never learn.
• Proofreading/Summarization: If you are having writer’s block or you need your work reviewed, feed your work to an AI and get it proofed. It can often correct grammar or introduce counterpoints to your arguments.

Video Credits

• #MadeByGoogle ‘24: Keynote
• DeepSeek’s X (Formerly Twitter)
• Introducing GPT-4o
• Meta Connect 2024
• More than a decade after a stroke, Randy Travis sings again, courtesy of AI - Lee Cowan et al.; CBS News
• Ollama’s blogpost for the Windows preview build
• Perplexity Is a Bullshit Machine - Dhruv Mehrotra and Tim Marchman; WIRED and animation by Jacqui VanLiew; Getty Images

Track Listing

• Minobe Yutaka (蓑部雄崇) - City (シティ) from Yu-Gi-Oh! 5Ds (遊☆戯☆王5D’s（ファイブディーズ）)
• gooset - Bittersweet
• The song for the capital of Assyria scroll is Minobe Yutaka (蓑部雄崇) - Break time! (休み時間)) from Yu-Gi-Oh! GX (遊☆戯☆王デュエル モンスターズＧＸ)
• zukisuzuki BGM - Manager
• Outro: Khaim - Neon Lamp

Referenced:

• Original video
• The Verge’s coverage of Eddy Cue’s testimony for Apple during the Google anti-trust - By David Pierce
• Footage of Satya from Microsoft Build 2024
• Satya Nadella’s tweet to the new administration
• VIDEO | Apple CEO Tim Cook arrives at the U.S. Capitol for President-Elect Trump’s inauguration; WKYC Channel 3
• Trump, a populist president, is flanked by tech billionaires at his inauguration, Ali Swenson, Associated Press

I love two factor authentication (2FA) and it’s essential to operating accounts in the digital world. But have you ever been forced to use it? Last year, I had to help my dad use the Symantec VIP Access app for his Fidelity account and apparently it’s deployed in many other businesses as well.

First, a bit of background. Fidelity is a popular investment broker here in the US and in particular, my dad got so annoyed by the text messages every time he had to login to his retirement account. By default, Fidelity does everything through your phone number so I was tasked to find a way around it.

For years, Fidelity only supported one other form of 2FA, that was Symantec VIP Access, a lame proprietary app that was basically a gated wrapper for standard 2FA, like in Google Authenticator. In August 2024, Fidelity made an announcement on their Reddit page (Onion link) that they now welcome any kind of 2FA app.

The thing that was irks me about apps like Symantec VIP Access is it’s a proprietary solution and not an open one. Deep down in the app, it is running the normal Google Authenticator stuff good websites run. They also make it so you can’t export your codes and include unnecessary data collection in the app, which is just unacceptable for an app to guard your accounts.

• Official Symantec VIP Access page
• Symantec VIP Access on εxodus
• Symantec’s App Privacy Label on Apple’s App Store

Like most financial institutions, Fidelity has terrible practices and I had to go through the trouble of setting all of this up, but I’m making this video to celebrate Fidelity amends and prepare all of you the next time you are forced to use Symantec VIP Access.

python-vipaccess

Some people on GitHub, cyrozap and Dan Lenski, have reverse-engineered the desktop and mobile apps and Symantec’s protocol, so you don’t need to use Symantec’s app and continue using an open-source authenticator app like Aegis or Ente for desktop/iPhone users.

Read cyrozap’s blog post about reverse engineering server calls for Symantec VIP Access

python-vipaccess GitHub

Installation

You will need Python and pipx installed in order to use the script. You can use scoop for Windows, pipx from Homebrew, or your Linux package manager. I use a Distrobox/Docker container to run it to keep my system clean.

Next, we need to install python-vipaccess from pip using pipx.

pipx install python-vipaccess

Now you can launch python-vipaccess from your terminal.

Symantec’s Provisioning:

python-vipaccess will generate your Symantec token by negotiating with their server the same way their app does. Symantec uses a proprietary, server-side protocol to issue you a token to obtain Google’s open-source TOTP standard to generate a code. This is yet another reason Symantec sucks, because Google Authenticator or other open source authenticators only require one device–yours.

vipaccess provision -p -i Fidelity -t VSMT

• -p prints the output without saving it to a file.
• -i is the 2FA issuer. Default is VIP Access, but this could changed to Fidelity for example.
• -t is the token format requested from Symantec’s servers. The token in this case is VSMT.

There are alternative tokens marked for either for mobile or desktop, but all equally functional. Keep this in mind if when you interact with IT or customer support.

• SYMC/VSMT (Mobile)
• SYDC/VSST (Desktop)
• More classification codes from Broadcom (parent company of Symantec)

Running the command should get an output that looks like this:

Generating request...
Fetching provisioning response from Symantec server...
Getting token from response...
Decrypting token...
Checking token against Symantec server...
Credential created successfully:
    otpauth://totp/Fidelity:VSMT95687533?secret=HHW3IFLSHQJBTZQRTULZQN5Q7DV4ZOQR&digits=6&algorithm=SHA1&image=https%3A%2F%2Fraw.githubusercontent.com%2Fdlenski%2Fpython-vipaccess%2Fmaster%2Fvipaccess.png&period=30
This credential expires on this date: 2027-02-19T16:44:55.044Z

You will need the ID to register this credential: VSMT95687533

You can use oathtool to generate the same OTP codes
as would be produced by the official VIP Access apps:

    oathtool    -b --totp HHW3IFLSHQJBTZQRTULZQN5Q7DV4ZOQR  # output one code
    oathtool -v -b --totp HHW3IFLSHQJBTZQRTULZQN5Q7DV4ZOQR  # ... with extra information

Let’s translate this output:

• Under Credential created successfully, this is the information we need to set up the service.
• IT/customer support will ask you for an account ID. With the example output above, this is VSMT95687533, but you will need to supply your own.
• If support asks you for a different token (e.g. “it’s the code that starts with ‘SY’”), regenerate your code with the matching token. You can also politely tell them your app is showing you something different and read your code aloud.
• Afterwards, manually enter the text after ?secret= into your authenticator app. In this example, the Google Authenticator seed is HHW3IFLSHQJBTZQRTULZQN5Q7DV4ZOQR
• Make a reminder in your calendar app of choice, password manager, or physical planner to setup Symantec prior to the expiration date.

Track Listing

• Minobe Yutaka (蓑部雄崇) - Satellite (サテライト) from Yu-Gi-Oh! 5Ds (遊☆戯☆王5D’s（ファイブディーズ）)
• Neötrön (ネオトロン) - City Girl Walks Down a Country Road (シティーガールは田舎道を歩く)
• Nyalpaca BGM - City Girl (シティガール)
• Outro: Khaim - Neon Lamp

January is a slower week when it comes to tech news, but I go away for a week and there’s drama in “the Linux community.” This week is going to be something different from the usual for me–I’m going to dissect the news. One thing that always grinds the gears of “Linux users” online is anything involving the Linux Foundation.

I’m going to break down a recent story of the Linux Foundation, because there’s always a ton of negative sentiment from random people online and I want to properly evaluate it and see if the concern or ideas for change are valid and why the Linux Foundation makes the decisions they do.

Linux Foundation Announces the Launch of Supporters of Chromium-Based Browsers

A couple days ago, the Linux Foundation, who are the stewards of various projects in the open source world, made the announcement of the Supporters of Chromium-Based Browsers initiative. The initiative promises to raise funding and development support for other projects that use Chromium.

There’s quite a bit to unpack here, but I think it’s important when we read about issues like these, we don’t let our opinions be shaped by what a journalist or content creator said online, we want to look at the source material and come to our own conclusions like educated adults. Online communities of “Linux people” who are generally not involved in these projects reacted very negatively, but I want to break this down.

Reading the Rulings

Let’s dive into the Google anti-trust ruling. Here in the United States, Google has been under a lot of pressure from regulators and now is officially a convicted monopoly. The question is what is the remediation to rectify their damage? Enter United States of America et al., v. Google, which breaks down the final judgment the court made in November 2024.

The remedy must prevent Google from frustrating or circumventing the Court’s Final Judgment by manipulating the development and deployment of new technologies like query-based AI solutions that provide the most likely long-term path for a new generation of search competitors, who will depend on the absence of anticompetitive constraints to evolve into full-fledged competitors and competitive threats

EXECUTIVE SUMMARY OF PLAINTIFFS’ PROPOSED FINAL JUDGMENT United States v. Google LLC (page 5), November 2024.

Key to the arguments of the federal government cite the Microsoft anti-trust cases (everywhere where Microsoft is in parens) and the solutions devised by the federal government is Google must divest their ownership in Google Chrome and Android.

Google’s ownership and control of Chrome and Android—key methods for the distribution of search engines to consumers—poses a significant challenge to effectuate a remedy that aims to “unfetter [these] market[s] from anticompetitive conduct” and “ensure that there remain no practices likely to result in monopolization in the future.

EXECUTIVE SUMMARY OF PLAINTIFFS’ PROPOSED FINAL JUDGMENT United States v. Google LLC (page 3), November 2024.

The Current State of Chromium

Whether this will come to pass is another thing entirely and commentators say that the incoming Trump presidency will need to see it through or not. Regardless, the threat of Google not being able to own an open source project might also come bundled with clauses that prevent the company and its developers from working on it anymore.

Chromium is used by so many projects everything from all the browsers based on it, Electron-based applications like VS Code and Discord, the Chromium Embedded Framework (CEF) that’s in many applications (Steam, OBS, etc) and video game launchers (League of Legends, Warframe, etc). The short of it: Chromium is popular and lots of projects use it.

This is a bit of a worst-case scenario, but that’s the reality and in its current state, Chromium could not survive in a post-Google world. Google knows this too. By their own disclosure, Google represents 94% of all contributions to Chromium.

By getting the Linux Foundation involved Google and the open source world benefit because it means there’s more non-Google voices helping develop Chromium and this scenario where the world is stuck with an undeveloped Chromium never comes.

The Role of the Linux Foundation

Despite the name, the Linux Foundation is not just about Linux, nor should they feel obligated to give anything out of the interest of its members. Google happens to be a paying member of the Linux Foundation and while they have not donated the Chromium trademark, having a framework like the Supporters of Chromium-Based Browsers is great for future proofing the project.

Read this blog post about the Linux Foundation’s mission statement.

This also brings up the mission and goals of the Linux Foundation. A lot of people online would have you believe the goal of the Linux Foundation is to raise money for the Linux desktop, but this isn’t true when we consider two major parts: mission statement and financial responsibility.

The Linux Foundation, as a non-profit 501(c)(6) lists in their bylaws:

The purposes of this corporation are to support, promote, protect and standardize Linux and other open source software and technologies.

The Linux Foundation Bylaws (Updated March 2024)

So as a non-profit, the Linux Foundation is serving its mission statement by protecting open source software like Chromium? I see nothing wrong here, sounds in-line with the mission statement.

Chromium is open source software, a reasonable argument could be made it’s a standard given how many projects use it, and the fund would protect Chromium in the event Google couldn’t develop it and give it neutral governance.

What’s the alternative?

Now imagine with me someone online says “How come you don’t give to the Mozilla Foundation? It’s only fair Mozilla gets some love as the dying web browser!” As much as I would like that, first let’s consider the Mozilla Foundation is also a non-profit organization and makes a good portion of income from the Mozilla royalties and expenses on software development of “fundamental technologies like web browsing and email.”

• The Linux Foundation’s previous filings
• The Mozilla Foundations previous filings

If you are curious about the difference between a 501(c)(3) and a 501(c)(6), the simplified version is the Linux Foundation is allowed to lobby for politics, the Mozilla Foundation is not.

While $18M is not a lot of their income, it’s significant enough that a tax regulator would have a second glance if the Linux Foundation were giving money to the Mozilla Foundation. Non-profits swapping money this way or through a fund could get negative attention of tax regulators and causes both the Linux and Mozilla Foundations to lose their non-profit status in a worst case scenario.

Non-profits are supposed to be spending their money, not giving it away. They can’t give money to the GNOME Foundation and the KDE e.V. for the same reasons. The Linux Foundation, when they spend money on a cause, they can’t do it when it would replace work in the organization they are giving money, because that organization needs to reciprocate and do the same.

There are also exceptions to this rule that I am not familiar enough with: things like scholarships or grant writing. There have also been cases where intermediate foundations do work for both parties. People are also needed to manage the funds appropriately, so it’s a lot of work.

Contrary to this, Chromium has no foundation support and the developers as well as Google have previously expressed they have no interest in opening a foundation for Chromium. Since there’s no foundation, the initiative is also open to other interested browser makers like Opera and Microsoft, not just Google. It’s not just these companies either because the fund is open to other Chromium interest groups/projects and can increase non-Google voices in Chromium. So what better to invest in an initiative like the Linux Foundation to support Chromium as the standard it has become?

Everyone is sure quiet…

This of course brings up yet another argument from the “critics” of the Linux Foundation that claim Google is only doing this to look good. My rebuttal is Google is being awfully quiet about this if they intended this to look good. If Google wanted regulators to notice this, they would typically publish it on “The Keyword,” their blog.

For example, Google used “The Keyword” to dispute a ruling from the UK’s Competition and Markets Authority (CMA). In this way, the Linux Foundation differed, because they used their equivalent newsroom to make their announcement, but no notification via social media.

Similarly, if we look on Google’s X (formerly Twitter) account, news of the Supporters for Chromium Browsers Initiative are non-existent. If this is about Google trying to posture themselves as anything but a monopoly, kind of weird they aren’t talking about it.

This Was Never About Desktop Linux

The reality is what these “critics” just can’t stand the darling desktop Linux users just don’t matter compared to the server and embedded device Linux users by many orders of magnitude. The natural distrust of companies plays a big role in this, but this is an example of what desktop Linux users shouldn’t be.

If desktop Linux users constantly beg the Linux Foundation to give to the Linux Foundation, yet criticize the Linux Foundation for using their spending and resources appropriately, I wouldn’t be giving money to them. More over, the Foundation can’t give money because of the complications of non-profit tax law in the United States (or overseas in the case of KDE e.V.).

I’m going to close with the wise words of a friend of the channel, who actually works for the Linux Foundation,

They’re going to tell you the same thing as everyone else. “Show me the money…” Make a better product.

Jorge Castro, CNCF | October 2024

Maybe when desktop Linux is actually a widely used, then there will be funding put in place for the open source desktop. Until then, keep on dreaming, start donating, and stop spreading these nonsense conspiracies.

Video Credits

• Open Source Summit 2024： A Hub of Innovation and Collaboration
• Trump, a populist president, is flanked by tech billionaires at his inauguration, Ali Swenson, Associated Press
• Google I/O 2024
• Watch Sundar Pichai, Google, and the AI Boom - Emily Chang et al, Bloomberg
• Google CEO Sundar Pichai questioned on tracking of users’ locations, CBS News (2018 hearing)
• WIRED25: Google CEO Sundar Pichai on Doing Business in China, Working with the Military, and More
• Bill Gates vs United States - Deposition
• Trump: DeepSeek’s cheap AI should be ‘wakeup call’ for US tech, Reuters
• Panel Discussion：Why a Universal Definition of ‘Open Source AI’ is Essential for Humanity
• Keynote： Linus Torvalds, Creator of Linux & Git, in Conversation with Dirk Hohndel
• Alphabet CEO Sundar Pichai on layoffs: Important to create capacity from within to invest for future

Track Listing

• IchinoseSound - Summer Peach
• Noru (のる) - Let’s Go For a Walk (今日はお散歩日和。)
• Sharou (しゃろう) - 10°C
• Kurippu (くれっぷ) - Skip of the Beginning (始まりのスキップ)
• Ann Paris - Timeless
• Outro: Khaim - Neon Lamp

A while back, I was tasked to help a friend of mine setup his new gaming PC. Since he’s mostly a single player gamer and has a burning hatred for Windows 11, it got me thinking. I don’t think anyone has tried to gather everything they could about Steam on Linux. I wanted to take a revisit the fundamentals and focus on the fast lane to get you caught up with using Steam on Linux. A lot has happened over the last couple years and what does it take to get started with gaming of Linux?

A Gamer’s Sacrifice

An important thing to know about Linux gameing is there are some games you can’t play, whether using Linux in the traditional computing sense or a Linux handheld like the Steam Deck or the Lenovo Legion Go S. I’m proud to report if the majority of games you play are single-player games, you will have little to no issues playing them on Linux. Likewise, if you are considering emulating games or playing retro games, most of the same programs like RetroArch, Dolphin, or PSX are available and functionally similar to their Windows versions.

The majority of competitive games won’t support Linux. This includes games like Call of Duty, Rainbow Six Siege, or Fortnite won’t work at all. There have also been games like Apex Legends and League of Legends that used to work on Linux, but don’t anymore. The reason is these games require you to install kernel level anti-cheat into your computer to make sure you aren’t cheating.

Meme Compilation

• Nicki Minaj skin is Distracting - Modern Warfare II from @fadedjokeh on YouTube
• [Severe profanity warning] The Ubisoft 2019 E3 Rainbow Six Siege streamer match, where the rapper Lil Yachty teamkilled someone
• We Like Fortnite from @StrikeRoom on YouTube (reupload)
• Destiny 2 pledges to ban all Steam Deck and Linux users in the name of cheating

This isn’t to say all multiplayer games don’t work on Linux. In particular, certain games like the Halo: Master Chief Collection support running on Linux using a weakened version of Easy Anti-Cheat and Fall Guys is the same way. The outlier is games like Warframe and Overwatch 2, which employ their own brand of anti-cheat or Marvel: Rivals, who pledge to allow Linux gamers to play. Your millege may vary, but if you are ever in doubt, an important site to remember is Are We Anti-Cheat Yet, which documents the status of games with anti-cheat and if they work on Linux or not.

Related: Riot Games breaks their silence on Linux as a platform: Linux is not allowed. They further spit in everyone’s face by releasing empty source code for the Vanguard anti-cheat as a April Fools’ joke.

Linux Locks Your Future Game Choices

What’s more is some AAA games with intrusive DRM for Linux can cause issues for you. The best examples of this are the EA and Ubisoft games, both of which deploy various types of copy-protection, virtual machine detection, and obfuscation layers to slow down pirates from cracking the game on day 1. This has also resulted in issues like some of the mid-2010s Assassin’s Creed games from working on Linux. That or clients like uPlay or Origin not working for random reasons.

Related: (Former) scene cracker Voksi describes why Ubisoft uses multiple layers of DRM on their games.

Now while the DRM and anti-cheat issues may not mean much to you now, this still affects future games with invasive DRM or rootkit anti-cheat features. It’s important to remember that when you are using Linux, you are locking yourself into playing only games that don’t struggle with these issues, short of using Windows. It’s important that you know this going in so you know whether or not installing Linux is best choice for you.

There are also plenty of resources that document issues or potential hiccups. ProtonDB documents the work that many other Steam gamers on Linux have done to get games to work or if games are working or not. Before buying/playing a game, visit ProtonDB to prep for any particular issues. It’s really also a buyers’ guide if you have no interest in troubleshooting issues.

Quick Procedure to See If Your Game Works

Recent titles require some time in the oven for the Linux community to work on them, but the majority don’t need extra attention.

1. Visit ProtonDB to see if the game works.
2. Visit Are We Anti-Cheat Yet to see if the anti-cheat works.
3. Evaluate if the game developer will break Linux support at a future date. If they do, is it on purpose or by accident?

Getting Started

So disclaimers out of the way, you’ve decided to make the plunge at installing Linux; the first thing that we have to get into is installing Linux itself. I won’t get too much into the weeds here, but the distribution you pick is incredibly important. I’m going to save you the trouble right now and tell you whatever you were told online, on Reddit, another YouTube video–throw it out the window. There’s a lot of old advice online, including from me.

As of writing this, the best gaming Linux distribution, if you need to ask, is Bazzite. You don’t have to think about updates or using the terminal. You just care about your games and keeping your games working.

Not only that, if you use one of the Windows-based gaming handhelds, there’s a high likelihood that Bazzite will outperform Windows and integrate better with the hardware. While most steps can be replicated across most flavors of Linux, there are many pitfalls with libraries games depend on, especially legacy libraries needed by Windows to play games or need to be kept up to date to match what’s Steam or games expect.

Related: The Verge’s Sean Hollister’s review of Bazzite on the ASUS ROG Ally X

GNOME or KDE?

Looking up Bazzite online makes it easy to think it’s only for the handheld gaming devices, but Bazzite has a desktop mode similar to SteamOS or you could opt for something completely different.

The 2 environments are KDE and GNOME. I recommend starting with KDE; KDE is what’s used in the Steam Deck after all, but occasionally it suffers from some bugs like copy/paste stops working randomly. GNOME is personally a better experience for me, but it doesn’t handle monitor scaling as well as KDE does.

Just try out both of them and Bazzite’s install page provides an easy command to switch between the 2 via 1 terminal command and reboot.

Steam

Bazzite comes with Steam preinstalled and various under the hood utilities to get things like your controllers to work better or optimizing performance as a whole. There’s optimization for hybrid GPUs usage for laptop users.

After logging into Steam, the first thing that you need to do is open the Steam settings → Compatibility → Enable Steam compatibility for all games.

The reason is Steam will only give you access to “Steam Deck verified” games out of the box. By changing this compatibility setting, you change this so Steam attempts to run all games in your library using the Proton compatibility layer. Steam will prompt you to restart, then start installing and playing games!

Troubleshooting

Of course, you should always be prepared for stuff to go wrong. As a general disclaimer, your results may vary from others online and if you aren’t prepared to troubleshoot, your game may not work at all. As always, check ProtonDB and see what other people have done. If you are having problems, try some of the suggested solutions.

Variants of Proton/Wine

Often times, the version of Proton that Valve ships isn’t optimal in certain cases. Valve also provides an “experimental” version of Proton that is periodically updated with hotfixes for newer titles.

To change your Proton variant, right-click on your game, Properties → Compatibility → Force the use of a specific Steam Play compatibility tool and select your desired Proton version (e.g. Proton Experimental).

ProtonQt-Up

Additionally, there are other third party versions of Wine. The most popular is Proton-GE, GE being the creator Glorious Eggroll. Proton-GE is by far the most popular, but it does need to be manually updated every release. ProtonQt-Up is preinstalled on both SteamOS and Bazzite.

To update other custom Proton, you need to use ProtonUp-Qt. It’s basically a manager for installing custom Proton versions and supports all of the Linux game launchers including Steam.

To use ProtonUp-Qt, select the game launcher you want (ProtonUp-Qt automatically detects it). In this case, select Steam and select “Add Version.” From here, select the desired Wine fork (default is Proton-GE) and install it when prompted.

Unfortunately, it does need to manually updated. If you are having a problem launching a game, open ProtonUp-Qt again and update your Wine fork to the latest version.

Launch Options

In the case of troubleshooting, Steam games all have launch options if you right-click on your game and visit Properties → General → Launch Options.

Here you enter in witchcraft variables you find on ProtonDB that worked for other people. There’s a few things to look out for and it’s how each of them is broken down.

Below is a sample command; don’t use it with every game, but it’s helpful to know the difference between each one.

Special note for GNOME users and have issues right-clicking, visit Steam → Settings → Interface → Enable context menu focus compatibility mode

mangohud PROTON_NO_ESYNC=1 __GL_SHADER_DISK_CACHE=1 __GL_SHADER_DISK_CACHE_SKIP_CLEANUP=1 DXVK_HUD=compiler PROTON_ENABLE_NVAPI=1 PROTON_HIDE_NVIDIA_GPU=0 %command% --launcher-skip

Overlay Programs

Every command always starts with overlay programs, which run on your Linux system and do specific things. In this sample command, mangohud is MangoHUD, a program that lets you track performance in an overlay. Another popular one is gamescope, a program called Gamescope that can fix how windows are drawn within games.

While Bazzite includes these, you will need to make sure your system is up to date, otherwise these overlays don’t work or prevent games from launching. If you have no interest in such tools, you need to remove these from your launch arguments.

Environment Variables

Everything with an = are environment variables. These tweak Wine to do things.

Esync

With PROTON_NO_ESYNC=1, Proton is normally configured to make games that are CPU-bound to use Esync, which forces the game to be multi-threaded, even if it isn’t on Windows, which can increase performance. Some games don’t handle this well or older CPUs are incompatible, so it needs to be disabled in these cases.

Fossilize & Shader Caching

Other environment variables like the __GL_SHADER_DISK_CACHE... are needed to control shader caching. On both Windows and Linux, Steam and games on Steam need to load shaders for you to see things in a 3D environment. On Linux, Steam uses Fossilize, which runs when you launch a game with a popup telling you shaders are being processed.

The flag DXVK_HUD shows on-screen when shaders are being compiled by Fossilize or in the background by DirectX/Windows.

NVIDIA

If you have an NVIDIA graphics card, you’l learn quickly that NVIDIA is the boogeyman of stuff not working on Linux and doesn’t support the Steam Deck Big Picture Mode interface.

More over, there are environment variables for games like Batman: Arkham Knight and the Witcher 2 to unlock the NVIDIA specific features in games. Most of the time, it’s the variables PROTON_ENABLE_NVAPI=1 PROTON_HIDE_NVIDIA_GPU=0, which allows Wine to directly interact with your NVIDIA GPU.

Launch Arguments

Finally are the old school Windows arguments. These are always following the word %command% and the --yourargrument. It’s also great if you need to bypass game launchers or intro screens.

Popular commands include -novid in Valve’s games to skip the logo crawl and --no-launcher in games like Balder’s Gate 3. Most launch arguments usually follow a wording similar to this.

Now You Know

Lastly, you are not limited to Steam when it comes to games, but it is where the vast majority of games are. There are launchers that can run games on other platforms like Epic, GOG, Battle.net, and retro games.

Track Listing

• KK - Ordinary Landscape (いつもの風景)
• yuhei komatsu - Scattered Sakura (桜が散る時)
• crepe (くれっぷ) - Fairy Gift (妖精の贈り歌)
• crepe (くれっぷ) - End of Summer (夏の終わりに)
• Yu-Gi-Oh! Duel Monsters GX Spirit Summoner (遊戯王デュエルモンスターズＧＸ ＳＰＩＲＩＴ ＳＵＭＭＯＮＥＲ) - Deck Construction Music
• Outro: Khaim - Neon Lamp

Today, I wanted to dive into specific applications, but more importantly, not video games. I won’t be talking about failures as much because while a lot of work has gone into making video games working on Linux, not much has been/or can be done about non-gaming applications in Wine. Everything from Microsoft’s ClickToRun installers to applications opening to black screens is just an indicator there isn’t much Wine can do except grovel for support.

It’s not a total loss, because some of the right applications can work with the correct tweaks. Today, I’m going to be using the program Bottles to run Windows applications and highlighting what it takes to get KakaoTalk working in Bottles

Installing KakaoTalk

For those who haven’t heard of KakaoTalk, KakaoTalk is a instant messenging platform and it’s incredibly popular in Korea. Now, don’t go using expecting any kind of privacy, it’s not private by any means, but in many ways, it’s the WeChat of Korea.

The reason I’m starting with KakaoTalk is installing KakaoTalk in Bottles is pretty easy, but it does have some quirks to it. So how do we get it to work in Bottles?

Installing KakaoTalk in Bottles

First, download the Windows installer from the KakaoTalk website. Then in Bottles, create a new Bottle and select “Application.” Mono will need to installed when prompted.

With the ellipsis (the 3 dots), click “Browse Files,” and this will open a virtual Windows C:\ drive. Copy/paste the KakaoTalk installer into this folder.

Copy the path to the folder. This is a location we will need to use to install things and create shortcuts.

• Click “Add Shortcut” and paste the path you copied into your file manager’s search bar. Select the KakaoTalk installer, then click the play button in the new shortcut.
• Proceed through the KakaoTalk installer as you would on Windows.
• A new shortcut will need to be made for KakaoTalk, linking to C:\Program Files (x86)\)\Kakao\KakaoTalk\KakaoTalk.exe. From here, you can make this a desktop icon or add it to your Bottles library.

Font Oddities

Since KakaoTalk is a Korean application, it’s imperative to have fonts with support for Korean Hangul. In order for a font to support this, it needs to be a CJK font–a font that supports Chinese, Japanese, and Korean. Bottles has an extra package to install some pre-baked CJK fonts aptly named cjkfonts.

Afterwards, to make this change, you go into the settings of the KakaoTalk app in the top-right corner, then change the font in the menu…, then restarting KakaoTalk when prompted.

There’s also a weird instance where Bottles pulls from your system fonts. As a content creator, I have a lot of fonts that I’ve used for one reason or another. Unfortunately, all of them get jammed into the poor little KakaoTalk menu and I can’t figure out which of them are the preinstalled cjkfonts or not. I’m pretty sure it’s Source Sans Han.

The Bottles Installer’s Double Standard

Now all of this is pretty easy to execute, but it’s not so easy to implement in an installer. While Bottles allows you to build custom installers, in my testing anyway, there’s a bit of double standard of backups of programs you import versus running as an installer. In the past, I’ve written installers for Lutris and Bottles follows a similar format, but how do you write a Bottles installer?

First, let’s dig into the Bottles documentation. Installers in Bottles are designed to bypass all of the steps we just did to install KakaoTalk. The other reason I picked KakaoTalk is installing and using it requires little interaction from users and largely works in Wine, so it’s a prime example for a good installer. The only dependency it requires is cjkfonts and some minor tweaks to an .ini file.

Check out the installers writing guide from the Bottles documentation.

You could do this of course, but what’s actually going on underneath the hood? KakaoTalk stores all of its settings in a *.ini file. Let’s say I were to make a KakaoTalk installer, all I need to do is install KakaoTalk using the link from their website, then create a minimal .ini file that can be populated using the KakaoTalk installer.

The installer needs to be written as a YAML file and it’s the same format of the other files that the other built-in installers and backup files use.

1. Metadata for the installer: name, description, Wine rating, and Windows architecture. I copied my information from the KakaoTalk Wine AppDB listing.
2. Dependencies: These are built-in requirements in Windows to run KakaoTalk. Internally, this list can be viewed in Bottles → Your Bottle → Dependencies with brief descriptions about each package. It does require a basic understanding of how Windows app development works.
3. Info about the Windows binary: This includes the name, a user-specified icon for Bottles, the name of the executable, and the destination of the executable prior to running the installer.
4. The Steps: A series of scripting actions to run the installer or do specific things to complete the installation. In my KakaoTalk installer, I pulled KakaoTalk’s installer from their website, then created a prefs.ini, which KakaoTalk uses to configure fonts so Hangul support works without user interaction.

Writing the installer isn’t horribly difficult once you’ve figured out what the steps are. What’s more difficult is running the installer itself and this is likely why you don’t see many configurations for Bottles out there.

In Bottles, loading a configuration you have previously exported has a different standard than what is in the actual installer repo. This is on purpose to an extent because installers are vetted through the GitHub under the organization’s “programs” repo. To be fair to the developers, when you ship something in the default build of the program, it should be held to a higher standard than what people hack together themselves.

Background video: There’s more flavor with Vanilla OS - with Mirko Brombin and Luca Di Maio (C’è più gusto, con Vanilla OS - con Mirko Brombin e Luca Di Maio)

Improvements Are Coming Soon

As an overall installer improvement, my proposition is the backup should be able to pull Windows installers from the internet, just like what the built-in Bottles installers can. It would be a big improvement to the developer experience and it wouldn’t require forking the repo to test the installer if there was a framework that allowed users to run installers that could download installers from the internet.

As a project, Bottles’ development has slowed down a lot, but their developers been gearing up some major changes with Bottles Next, a rewrite of the Bottles user interface and backend logic to better serve its developers. I won’t get into the specifics, but since Bottles has gotten some pretty significant sponsorships, this is now their top priority and essential to the wellbeing/future of the project.

It’s clear that Bottles believes they can take development to the next level. Right now, it’s a matter of navigating the installation process and taking it slow. With the right application or game you want to play, you can probably accomplish it. The experience leaves a bit to be desired, but that’s why they’re rewriting it and can’t wait until that day comes.

GitHub

I submitted a pull request to Bottles recently.

Track Listing

• Sarah Kang ft. Won Jang - Summer Cold
• J. Louis - Can’t You See
• Private Press - DEEEEEEP from Cyberpunk 2077
• gooset - Shizuku (雫)
• Outro: Khaim - Neon Lamp

For the last 6 months, I’ve used Universal Blue, a series of Fedora images with a strong user-facing focus. On the surface, Universal Blue is no different from your standard Linux distribution. Instead, Universal Blue is about the future of desktop Linux and a glimpse of how it could be better.

But more than a year ago (and recently), I chatted with Jorge Castro, one of the lead developers, and I have never seen something from any other project in a long time that offers a lot of promise. A lot has happened between now and then, so has it been any different from using a different Linux distribution?

Picking an Image

The first thing to know is Universal Blue isn’t so much a distro as different variants of Fedora’s Atomic Desktops. you do is pick which Universal Blue spin you want. I am using Bluefin, the GNOME experience. There’s also Aurora, the KDE experience, and Bazzite, the gaming version with both GNOME and KDE with the Steam Big Picture mode. For the more technical users, you can build your own using BlueBuild.

Essentially, you pick the version you like the best and it provides you a custom experience. Bluefin and Aurora are good for more desktop computer users and Bazzite is for the gaming crowd. I’ve used both Bluefin and Aurora as daily drivers, but haven’t tested Bazzite at all.

Universal Blue Images

• Bazzite (Gaming)
• Bluefin (GNOME)
• Aurora (KDE)
• Base images

Installation

After you’ve decided on which image you want, you can add support for specific hardware or setups. A ton is supported here.

• Desktops
• Framework laptops
• Microsoft Surface devices
• ASUS laptops
• NVIDIA installations

This is a huge deal because a lot of these modifications require custom kernels, installing third party drivers, or NVIDIA breaking your display manager. All of these are a pain to install and maintain on Linux and in an image, you don’t need to think about it.

After you’ve downloaded the ISO image, burned it to a USB drive, you can install your desired distribution. Installation is very similar to Fedora’s install, unless you install Bazzite, which is a different process, albeit similar and more glamorous.

When you first boot in, especially if you are a Secure Boot user, the very first thing to do is enter is the preset password for mokutil, which signs your system with secure boot. Unlike many other Linux distros, all uBlue images come with Secure Boot support enabled out of the box.

To enable Secure Boot, using the arrow keys, select “Continue boot”, Enter, then enter in the password universalblue when prompted. Periodically, Universal Blue rotates keys via updates.

What’s So Different?

Bluefin includes a ton out of the box. For starters, a lot of management software not included in GNOME is included out of the box and some GNOME extensions make Bluefin similar to Ubuntu. The thing about Bluefin is it’s fairly unremarkable as a desktop. Under the hood, it’s how things are handled differently.

Atomic: The Same, But Different

Since Bluefin and Universal Blue are part of the Fedora Atomic desktop family, things that people know are different, but most of the same actions are backwards compatible.

For one, your Linux system files cannot be changed. Instead, your system is updated with the new system being queued up as independent systems and brought up the next time you reboot.

Related video: Red Hat’s Adam Šamalik gives a brief rundown of Fedora Silverblue, the parental base of Universal Blue.

This is a big bugaboo for neckbeard Linux users online, but what’s more interesting is modification is possible using existing frameworks in Linux, despite discourse online. This idea stems from a combination of obscure documentation and how Linux allows users to override developer-configurable pieces of their system.

Here’s a rudimentary example: while you can’t configure your /usr/ directly, you can configure your application in /etc/. Importantly, systemd uses /etc/systemd/system and you can use systemctl edit to edit systemd services and jobs.

Another obscure example is what isn’t said in the documentation. I use DaVinci Resolve as my video editor of choice and in theory with an Atomic Desktop, I shouldn’t be able to edit my system files. However, some third party applications like DaVinci Resolve are installed in the /opt/ folder and Fedora Atomic lets you install within /opt/ and it persists beyond reboots.

Reboots are also way for you to recover from a bad update or disaster. If you don’t like an update, force your computer off or run a quick version recovery to get everything in your system back before an update was installed.

A criticism I and many developers have levied on “stable” Linux distributions is stable isn’t even safer. Using this kind of rollback on reboot is the way you keep a rolling package base and the peace of mind knowing you will always have a system one reboot away.

Related video: Richard Brown’s talk “Regular Releases are Wrong, Roll for your life”.

Installing Packages

If Fedora Atomic or Universal Blue is different, how do you install things? Like with system configuration, there’s many avenues to install the things that you need.

• For Flatpaks, you get Warehouse , which allows you to graphically interact with Flatpak data, install Flatpaks, and take snapshots of specific application versions.
• BoxBuddy is a graphical way of interacting with Distrobox. Distrobox is how you can install any program from any Linux distribution, provided it doesn’t require a horrible amount of system access. BoxBuddy provides a graphical way to update and also install programs within containers.
• For GNOME Extensions, Matthew Jakeman’s Extension Manager lets you install GNOME Extensions without a browser extension and toggle existing extensions.
• AppImages are also a portable method to install specific software that you need, albeit being messier to update and increased application size.

Related video: Luca Di Maio (AKA 89luca89)’s talk “Developing on Aeon with Distrobox”

But what if you don’t (or can’t) use any of these? Something to remember is Fedora Atomic still gives you an avenue to revert back to old school Linux packaging, but you will need to reboot in order to get these applications to appear.

For example, if I needed to install a .rpm file, like VeraCrypt.

rpm-ostree install veracrypt.rpm

If you previously installed something, it can also be removed.

rpm-ostree remove htop

Putting all of every method from configuring systemd and layering rpm packages, we can install Mullvad’s app as an example.

First, let’s add the repo, then install Mullvad. Afterwards, reboot as the new Mullvad package is queued for the next update.

curl https://repository.mullvad.net/rpm/stable/mullvad.repo | sudo tee /etc/yum.repos.d/mullvad.repo
rpm-ostree install mullvad-vpn

Next, we enable the relevant systemd service files.

sudo systemctl enable mullvad-early-boot-blocking.service
sudo systemctl enable mullvad-daemon

A lot of people get annoyed by this, but if you are annoyed by this, why in the world are you installing things so frequently? There’s probably something more productive you could be doing, even if that’s just sitting down to watch a movie.

Additional customization is available in ujust for some specialty applications. For example, DaVinci Resolve inside a Distrobox container, Ollama, and tweaking various settings.

Installing Updates

Here’s one of the best parts about installing updates on Universal Blue. You don’t have to do anything. What’s more is updates are queued and staged automatically.

Normally, on Fedora Silverblue or other Atomic Desktops, you’d need to run a rebase command periodically during Fedora’s annual releases. Additionally, there’s no GUI way of updating, not until systemd supports it.

Something that makes me laugh is Linux users pride themselves on updating. It’s equally frustrating with companies like Apple and Windows, still make it difficult to move to newer versions of Windows or macOS without manual intervention. I’m proud to say that Bluefin updated me to Fedora 41 and I didn’t even know. That’s how it’s done!

The Customization Conundrum

With all of these options, this sounds really great, so now’s the time for the “but.” What if you don’t like something that’s part of the Universal Blue image you installed? What if you try to remove something from the base image? You can, but there’s a catch.

Good Luck Building an Image

The way Universal Blue’s (or Fedora Atomic) images work is this and I cannot stress enough how much Universal Blue has put into the way this works. I’m going to break it down in an ultra-simplified way.

• You put one of the base Universal Blue images, which are a completely barebones installation of Fedora Silverblue or Kinoite, but with all of the hardware support that people want (e.g. NVIDIA). This base image is missing some specific things like VL42 Loopback patches for OBS or specific libraries for applications that are not installed (e.g. libxcrypt).
• You edit a file that basically records all of the changes you are doing. For example, if you don’t want to include GNOME Text Editor, you can run a command when the image is built to remove it.
• Finally, you build your constructed image on your Git server like GitHub, GitLab, or a homelab).
• You configure your server to build the image daily (or however long you need updates).

The reality is desktop Linux development is a niche and being able to remove an application is just as important as installing one and it needs to be done in a way that requires zero interaction with git voodoo magic I still cannot learn to this day.

The fact of the matter is it is objectively easier to enter in one terminal command to remove something rather than attempting to construct your own operating system flavor.

You Removed What?

This is the biggest problem in my mind with not just Universal Blue, but Fedora Atomic as a whole. In other Linux systems, you can just plum remove something if you don’t like it. Removing something you don’t like in Fedora Atomic requires way too much commitment. If you think I’m quick to blame Universal Blue, this problem transcends the project.

For example, some of the hardware enablement is unnecessary for many users. As someone who uses Bluefin on bare metal, I doubt I need the VirtualBox, VMware, HyperV, and KVM tools installed. Similarly, why should I have AMD kernel patches? What if I don’t use VS Code, but want to use Virt-Manager and don’t develop code?

Similarly, removing preinstalled applications is not recommended, because it results in a higher amount of memory being used than it would removing.

This is why there are so many people who complain on the forums and online that Bluefin has too much preinstalled. In fact, I attempted to run the base Universal Blue images and sample Aurora as well. The process is very smooth, as smooth as moving to GNOME to KDE can be anyway. Rebasing the image works great at keeping your system clean.

To rebase on another Fedora Silverblue or Universal Blue image. It’s one quick command away:

For example, if I wanted to rebase on Aurora:

rpm-ostree rebase ostree-image-signed:docker://ghcr.io/ublue-os/aurora:stable

I can also rebase to the base images.

rpm-ostree rebase ostree-image-signed:docker://ghcr.io/ublue-os/silverblue-nvidia:latest

Using the base images leaves a lot to be desired because a lot of the software support Universal Blue installs is unavailable. VL42 loopback for cameras and some libraries are missing. The solution isn’t easy and won’t be anytime soon. It’s an all or nothing situation unless somebody is willing to help build images.

We Need Legacy Methods (For a Bit Longer)

What’s more is project leaders like Adrian Vovk are now stoking the fire of dropping support for all forms of Linux package distribution that isn’t a universal package like a container. To be fair, people like Adrian are actively working in these spaces and deserve every right to make such decisions.

Related video: Adrian’s talk “Carbon OS [sic] + homed” from All Systems Go! 2023

The problem isn’t moving in this direction; it’s inevitable for the Linux desktop to move in this direction and come closer to people who use Linux on the server. The problem is companies who make commercial software for Linux will not be able keep up. It’s taken years for Zoom to support Wayland and programs like TeamViewer are still slow to adopt Wayland support.

For sure there will be growing pains, but when it comes to massively popular commercial software. Mullvad needs to be installed as a native .rpm to make the most out of its built-in killswitch. VeraCrypt is best installed as a .rpm as it needs to be able to mount and format new devices (although applications like Fedora’s Media Writer and GNOME Circle’s Impression disprove this) and would need to be rewritten to accommodate modern standards.

Related: bootc, a framework for seamless Linux system updates and championed by Universal Blue’s contributors, has been adopted by the Linux Foundation. Here’s an announcement video from Red Hat’s Colin Walters.

The Future is Approaching Fast

Despite the criticism of not being able to remove packages, the difficulties of building/maintaining your own image, and some minor learning curve of being slightly different than what most Linux users know, I believe the current system Universal Blue uses is a good combination of staying true to the ideals of the creators. It offers a fantastic stable base and it’s a solid experience.

It’s so solid, it’s now my go-to recommendation for everyone using Linux, provided you can deal with some limitations with specific types of software. I will be working with my own friends and family across the holiday season and beyond to move over in the future.

Right now, the only people who shouldn’t be using Universal Blue are:

• People who live in low storage systems like Chromebooks or netbooks, but it’s something that may not be too far off in the future if atomic systems are changed to accomodate limited space.
• People who want to use snaps. Snaps could be made available in theory, but it’s not an ideal experience as Fedora does not package AppArmor and therefore does not sandbox snaps properly. Right now, Ubuntu and Arch Linux are the best options.
• People with software that isn’t well adapted to the filesystem changes Fedora Atomic does compared to traditional Fedora.

Track Listing

• Streambeats by Harris Heller - Falling Up
• SCENE - Move (Instrumental Version)
• のる (Noru) - Yubiwa
• t12ya - trailing note
• Outro: Khaim - Neon Lamp

Recently, I got to sit down with Jorge Castro, one of the project leads of Universal Blue, its Linux spins Bazzite, Bluefin and Aurora, and its mission to make Linux easier to use for everyone.

Learn More About Universal Blue

• Universal Blue
• Bazzite (Gaming)
• Bluefin (GNOME)
• Aurora (KDE)
• Universal Blue Discourse

Follow Jorge

Jorge has previously worked with Canonical and VMware. Today, he works with the Cloud Native Computing Foundation (CNCF) managing developer/executive relationships and stewarding projects like Kubernetes and deploying servers at scale.

• Mastodon (Hachyderm.io)
• Bluesky
• YouTube

Referenced

• My original question post to Universal Blue’s tinkerer’s guide. Also available via the original GitHub discussion
• Fedora 41’s Release Announcement by Matthew Miller
• Kyle Gospodnetich is the creator of Bazzite and a maintainer of Microsoft’s Linux projects.
• The CNCF’s webpage listing all active members.
• The vague ostree/rpm-ostree documentation page that debunks the inaccurate claims of customization of immutable/cloud native images.
• Gardiner, as in the YouTuber Gardiner Bryant.
• Digital Foundry’s video on Bazzite
• Jorge was stuck in the back of a British bus with Richard Brown, former chairman of openSUSE’s Board and the lead behind openSUSE Aeon (formerly MicroOS).
• Proton Mail Bridge has shipped stale QT libraries for a long time.
• Proton VPN’s plans on taking over the Proton VPN Flatpak (Onion Link)
• Proton VPN has less than 4 people working on their Linux app (Onion Link).
• How snaps are sandboxed and its permission variants. Richard Brown has previously mentioned that snap sandboxing is broken on openSUSE because AppArmor still has not patched Canonical’s customizations (see this video at 7:29). One of the other distros that supports proper snap sandboxing is Arch Linux.
• Popey refers to Alan Pope, the original advocate for snaps.
• Inkscape’s heated discussion to convince upstream to takeover the Flatpak
• Jorge’s discussion on the Universal Blue Discourse about the struggle of convincing Chromium to adopt sandboxing more friendly to Flatpaks
• Add Water, a GUI installer and maintainance program for Rafael Mardojai’s Firefox GNOME Theme
• The Arkenfox user.js and its lead Thorin Oakenpants. One of Oakenpants’ many discussions about the effectiveness of Firefox Containers and Total Cookie Protection.
• Christian Hergert is a maintainer for GNOME Builder and the author of the terminal Ptyxis (called Terminal on Universal Blue). Ptyxis recently became the default terminal of Fedora Workstation.
• Marco Ceppi is one of Canonical’s engineers.
• Ken VanDine is an engineering manager at Canonical for Ubuntu Desktop and the creator of Ubuntu Core Desktop. If there’s a desktop snap package, he probably maintains it.
• Adrian Vovk’s blog post about GNOME OS. Adrian has been part of GNOME’s team for years and the creator of carbonOS.
• szydell’s import of System76’s drivers to Fedora’s Copr.
• Alpaca, a GTK frontend for the ollama, which itself is an interface for llama.cpp.
• Apple’s mediocre sales of iPhones prior to announcing Apple Intelligence.
• The Windows package managers Winget and Chocolatey
• Rufus and its ability to bypass Windows To-Go and Windows 11 requirements.
• Cassidy James Blaede is a partner manager at the Endless OS Foundation. He was previously a UX designer at System76 and a co-founder of elementary OS.
• Timothée Ravier is one of Red Hat’s engineers and a big contributor to KDE, Fedora Atomic Desktops, Fedora CoreOS, and Flatpaks.
• Jorge mentioned Matt from the Linux Cast’s (YouTube and Odysee) video about organizing his dotfiles (YouTube and Odysee) and his upcoming review of Bluefin (YouTube and Odysee)

Errata

• Ultramarine does not have any image based ISOs.
• I misspoke and said the .io domain belonged to Mauritania. It actually belongs to Mauritius.

Track Listing

• Intro: Khaim - Maybe
• Outro: Khaim - Neon Lamp

Bonus Content:

Patrons and YouTube Members get access to the preshow/setup and Jorge showing off his decades of Linux and cloud computing merch.

Donate

I’ve been thinking about some of the ways that you can fix open source. Maybe a bit bigger than you. As your favorite arm chair developer whose only IDE is Neovim, let me tell you my proposal to improve open source work culture, introduce new avenues of communication, and why developers of free applications need to start begging people for money.

Related: The miscommunication and fumbles of the Wayland frog protocols.

The Two Way Street

The first thing is something we can start doing immediately, it’s users need to start recognizing developers. It’s something that’s really easy t o do and it’s get to know the people who make the applications that you use. It doesn’t require a lot of effort and you might learn how some of the projects or programs you use more organizationally.

Video: Hong Jen Yee’s (AKA PCMan) presentation on LXQT from Debconf 18, “LXDE & LXQt - The Classic Desktop Environments After 12 Years”

Stop Othering Developers

The thing that gets overlooked way too often is the names of developers. It’s really easy to say “_____ developer(s)” rather than the names of the people who have worked hard to contribute to the project. It’s a reminder that the blog posts you read and the issues you read about are written by people.

One of my peeves is when people talk about GNOME developers. Don’t get me wrong, I think there’s a lot of problems with GNOME’s development culture, but the net of people within GNOME is too wide. Are we talking about Georges Stavracas, a big contributor to Portals, OBS, and GNOME Calendar? What about Florian Müllner, a major contributor to GNOME’s extension framework or the display manager Mutter?

• Georges’ video about GTK switching from OpenGL to Vulkan (Portuguese with auto-translated subtitles)
• Carlos Garnacho, Florian Müllner, and Georges Stavracas present GNOME Shell’s work at GUADEC 2024

It’s fine to criticize a project in healthy ways, but it’s time to stop referring to work or blog posts by “_____ developers.” With names, you’ll learn real fast that the majority of projects are run by a minority of people actually engaging with the project online or representing a project.

Just because a GitLab or GitHub shows a ton of contributors, a reminder that this is historical contributors. With a lot of individual applications, typically only a few people are actively contributing to it. If you going to criticize a decision, please only discuss it with the people whom said decision concerns.

Communications Means Contributing:

Now that I’ve ragged on users, it’s the developers’ turn. Communication with users and developers is important. Often times, it feels like when you read a lot of developer blogs, they are more focused towards the developers and they are the creators.

Let’s rag on GNOME again. GNOME runs a blog called This Week in GNOME and it’s a great way to catch up on work done by various developers within GNOME’s community. It’s also nice-looking, got great formatting, and completely uniform with the whole libadwaita feel. That’s the good, the bad is when you consider the content of the blog.

For example, from last week’s post about libadwaita updates:

libadwaita got another new widget - AdwWrapBox - similar to GtkBox, but wrapping children when they can’t fit onto the same line. This can be useful for e.g. displaying tag pills

Alice Mikhaylenko, This Week in GNOME #169 Wrapped Boxes

There’s nothing inherently wrong with the content; if anything, it’s useful to know as a (GNOME/GTK) developer. The problem is none of this is change that users would be interested in knowing. Who is the target audience of this blog? Is it developers to show off their work? Visiting the “about” page redirects you to their GitLab README, which is just a bunch of submission rules and the illusion falls apart.

Now I appreciate it because tag pills are pretty neat, but there needs to be clear means and it needs to be through an official channel. As much as I like Nate Graham’s blog and Niccolò Venerandi, it’s frankly strange that KDE developers don’t contribute “promotional” content related to their work.

Oh wait, they have YouTube and Peertube.

• Akademy 2020 - Nate Graham - Visions of the Future
• Daily driving Plasma Mobile and what’s still lacking

This is what’s really important and this is something that’s a lot more tangible to quantify—it’s time to start marrying developer and user stories. If This Week in GNOME is supposed to be the developer announcements and the prominent KDE developers are user-focused stories, there needs to be a clear cut explanation of how the developer changes positively impact the user experience.

Recent news: Fedora’s Council Meeting on the most recent survey and use cases of AI

It shouldn’t be surprising that the users of a free operating system overpower its developers. It’s a tough job, but it probably makes a great story. It just needs to be these organizations telling these stories and putting this content in front of new users, not insiders.

Devs Need To Be YouTubers

Here’s the tough part: asking for money. We can’t just tell empty stories, because there needs to be a call to action. Of course, a story can be used to get more coding work or developers involved, but there needs to be a way in for the people who don’t know how or never worked in it professionally.

Here’s the thing, it’s also a great moment to make developer talks higher quality and more forward facing. Every year, you get great conferences from places like FOSDEM or All Systems Go!

Distantly related: Lennart Pottering’s talk on systemd and TPM

Here’s a great idea, organize some of the developers to do a Jitsi call (we don’t do Zoom around here, they are frauds). You’re going to sit down, livestream every other week, maybe every week. It doesn’t even have to be that long, even just 20 minutes. You chat about the cool new things happening in your project and answer questions in chat. You can be open about it, tell jokes, it’ll be a great time!

All of this might sound weird, but the way you get publicity especially in the eyes of normal people, is to act like a content creator. You can’t just a dev, you also need to be cognizant of your social media presence and speak with the authority of a YouTuber. It gets attention, but more importantly, exposes you to what people think and can draw people to your project by engaging with them,

Great example (though it goes into the unofficial side), Alecaddd’s videos on developing for Mozilla Thunderbird, including Thunderbird’s journey to get rid of technical debt and modernize the code.

FOSS Should Become Donationware

All of this would also help solve the chicken and egg problem of how to fund developers or foundations. You now have work that people know you for and you have a way to engage with said people, therefore, you’ve achieved the peak goal of any content creator: begging for money.

At any moment, open source projects need to start begging their users for money. Of course, you can’t make it too annoying, but you have to guilt trip them. Don’t think of like microtransactions in a mobile game! Think of it more like the banner that appears at the top of the Wayback Machine or Wikipedia.

And that’s the real rub here. Developing software for free, distributing it to people for free, and reproducing it for free is not sustainable. It should be something like a monthly reminder telling you donate. Now I’m not saying there should be a way to toggle it on or off since this is open source software and you should be allowed to do what you want to it.

The content creator angle also helps because it directs people to support the people who make a project that they enjoy a lot. it’s also finding a good way to distribute money to people who do specific work and a reminder to people who build the tools people use every day.

This is not a definitive way to raise money or improve publicity, because there’s always something that needs to be changed, but take this as some suggestions to how we can change the way we, as users, see developers as people who create things. There’s a reason open source is deprived of talent and has no financial model and a good way to change it how developers advertise their products to the public, which in turn generates developmental and financial contribution.

Track Listing

• Streambeats by Harris Heller - Unwind & Recharge
• The saxophone cacophony at 0:25 is Kenji Mori - Alto Form I
• Shimtone - Orbit
• Hitomi Satō (佐藤仁美) - Route 216 (２１６ばんどうろ) from Pokémon Diamond, Pearl, and Platinum
• Shimtone - Heartwarming (ほのぼの)
• Outro: Khaim - Neon Lamp

This is what got me thinking: what are the biggest problems with Linux updates right now? I’m not going to focus on formats or with Ubuntu in particular, because this problem transcends different formats and distributions. All of this is a call for better tooling and programs to make the process of updating easier for everyone, not just those unfamiliar with Linux.

The GUI Lies…

Let me tell you the tale of updating Ubuntu. Ubuntu has a few methods out of the box of updating their distribution. The first and most common one is Ubuntu’s Update Manager, which is capable of updating your Ubuntu packages and between different versions of Ubuntu.

The big benefit of Ubuntu’s Update Manager is it provides a GUI way to manage Ubuntu’s auto-updating and provides a very visible notification prompting users to update.

The problem here isn’t so much what Update Manager does, but rather what it doesn’t do. Inside Linux, there are multiple package formats, so for our purposes, we’ll briefly touch on distribution packages and universal packages like snaps and Flatpaks.

• Distribution packages are the traditional Linux packages and are typically updated on a package manager exclusive to a distribution. Common examples include Ubuntu’s apt, but also Fedora’s DNF, openSUSE’s zypper, and Arch Linux’s pacman.
• Universal packages are distribution agnostic (most of the time). These are snaps, Flatpaks, and AppImages; each of them are different universal package formats that work largely the same across multiple distributions.

There is a major difference with universal packages on Ubuntu and it’s universal packages like Flatpaks are not treated the same as snap packages. If you update through Ubuntu through the Update Manager, your apt and snap packages will be updated, but your Flatpaks won’t.

Ubuntu could easily integrate this, but they haven’t. If you want to update through the GUI, you’d have to use Discover or GNOME Software from the apt repos (not to be confused with the Snap Store) and make sure they have the appropriate packages to update your snaps and Flatpaks.

The “““Intended””” Way

This brings up matter that disappoints most Linux users is the way you’ve been installing your packages is probably wrong. Have you been using the streaming software OBS from your distribution’s repository? You’re doing it wrong because the OBS developers only test it in 2 ways on Linux. Have you tried using KeePassXC on Debian or Ubuntu? You’re doing it wrong because the maintainer went rogue and ignores the project’s wishes.

That might come off as very harsh, but most developers have uber-specific ways of using these applications. It’s really important that we use programs only through official channels because that’s what is tested and that’s the way we will have the least problems.

Returning to OBS, OBS has 2 official methods to install it, anybody know what they are? The answer is Flatpak and the Ubuntu PPA (not the one in the Ubuntu repos, a popular misconception).

• Nobara packages their own OBS, which caused this exchange on the OBS GitHub.
• Someone had problem with the snap of OBS and was turned away because it’s an unofficial package.

This is just scratching the surface; there are programs that provide lots of avenues to install their software. Firefox offers every method underneath the sun to use it: .deb, tar.gz, Flatpak, snap, they do everything. Other projects might not be so lucky because of limited resources. The email provider Tuta only provides an AppImage for example.

What makes this worse is this isn’t even the other programs that you use on your computer that aren’t snaps or Flatpaks. If your application doesn’t have a built in way to update and you aren’t using a snap or Flatpak, you’re out of luck and have to resort to visit the website and download an update manually.

One example is the Linux application firewall Open Snitch. Open Snitch is not available is any repository; instead, you must manually download the Debian or Red Hat package from their GitHub. What’s worse, the application has no mechanism to check for updates. Ironic for a network firewall that’s designed to protect you.

On a completely unrelated note, the creator of Open Snitch evilsocket, wrote about a security vulnerability in the Apple/Linux print server cups recently.

If you need something from another programming package manager, like Python’s pipx, npm, or Rust’s cargo, they all have their own independent repositories, with their own ways to update, and they aren’t tied to most GUI package managers.

Peeling Back the Layer

That’s why over the last couple years, I’ve become super jaded about where I get my packages. After becoming more conscientious of where I download my packages from and the chaos of all of these different package types, what can we do about it? The only thing that we can do is “favor” packages from their official sources first and foremost, especially if that package is a universal format like Flatpaks or snaps.

All you need to do is follow this procedure:

1. Visit the website of the program you want to install. Navigate to the “download” page, just like you would for Windows or Mac, but for Linux.
2. If there is a Flatpak or snap available, prioritize these packages above the others. The main reason is they are sandboxed and get first class updates.
3. If there is no Flatpak or snap available, turn to one of the other methods like the Debian and Red Hat packages. Other times might be when packages try to talk you out of it, like the Brave Browser. This can also include distribution-specific repositories too, so pay close attention.
4. Tarballs and source compilation are a last resort, often because they need to updated manually.

But what if you aren’t running the required distribution as one of the official packages? I use the Signal desktop app and Signal only has one way to use their application–their apt repo. As a Fedora user, I can’t install apt packages… or can I?

This is where Distrobox comes in. Distrobox allows you to install applications independent from the Linux distribution you use, simultaneously integrating it more than a program in a virtual machine. If you need to install a package in another distribution because it’s an official method or it’s better maintained, you can use a container instead.

In the case of Signal, I created an Ubuntu distrobox container and installed Signal inside. This way, I can have a minimal Ubuntu installation that has Signal and I can use Signal the way Signal’s developers intended!

Not Everyone Is a Admin

Except not really if you on KDE anyway. This did open up a can of worms because Docker and podman aren’t able to fully bridge specific actions. When I originally set up Signal, you get asked to verify your account with a captcha. Unfortunately, because Signal is trapped in a container, it can’t see Firefox on a KDE Plasma host system, so I had to develop a workaround.

1. In a Chromium-based browser, navigate to the webpage of Signal’s captcha delivery. If you need to use Firefox, you need enable the custom signalcaptcha URI scheme in the about:config. user_pref("network.protocol-handler.external.signalcaptcha". true);
2. Complete said captcha.
3. You will get a popup prompting you to open in Signal, close it, and copy the link from the button instead. It’s really long and starts with signalcaptcha://signal-hcaptcha....
4. In the container, run signal-desktop followed by the command. In this case, signal is the name of my Distrobox container. distrobox enter signal -- signal-desktop signalcaptcha://signal-hcaptcha....

If you are interested in how browser URI schemes, Mozilla has a quick reference page about this.

The solution isn’t perfect right now for some edge cases, including DaVinci Resolve identifying laptop GPUs or UTF-8 crashes with newsboat. If you need to download something for your development in a container, a container will receive its updates independently. If you are a Distrobox user or use BoxBuddy because you prefer a GUI, you need update containers in addition to your host system.

Related video: Ben Breard and Colin Walters talk this year from All Systems Go: “bootc: Generating an ecosystem around bootable OCI containers”

While Linux may seem daunting in this way, this issue is no different from Windows and Mac where there isn’t way to manage updating programs you have installed, especially since updates aren’t applied evenly either or even through Winget on Windows. It’s some extra steps, but Linux at least provide a way to make managing this possible, where it isn’t as accessible on proprietary operating systems.

The bottom line: your computer, no matter what operating system you use treats you like a developer or sysadmin. Updating software on computers is a massive pain, but until a better solution is posed, we need to evaluate packages based on how the developers want us to. One of the biggest problems of open source software is fragmentation, but a large part of this fragmentation is people making unnecessary versions of programs bearing the same name and deviating from a developer’s wishes in some way.

Track Listing:

• shimetone - citron (シトロン)
• yuhei komatsu - COLOR
• Kamaboko Sachiko (蒲鉾さちこ) - New Year’s Party (迎春の宴)
• call me joseph - still
• Outro: Khaim - Neon Lamp

It’s time for Apple’s iPhone and other device reveals. How many times will they edit out content into spinoff events?

Referenced

• Original Event (YouTube)
• Mark Gurman has an AirPod fall out of his ear in the middle of a press call
• How Joe Biden Engineered Apple’s New AirPods, Matt Stoller
• An intern at Asiana Airlines trolled KTVU about the names of pilots in a crashed plane
• All the prompts extracted from Apple Intelligence, u/devanxd2000

Track Listing

• Song for the post-event discussion is Windows96 - Continuing
• Outro: Khaim - Neon Lamp

Referenced

• Original Event (YouTube)
• Susan Wojcicki, former YouTube CEO and Silicon Valley visionary, dies at 56, Juliana Kim, NPR
• The scene at 1:14 is from Total Recall (1990)
• My video on Microsoft’s controversial (and probably overly demonized) Recall feature
• Trinity College Dublin’s Douglas Leith’s analysis of Android and iOS telemetry
• First 8K Video From Space - NASA’s YouTube
• Pebble’s acquisition announcement
• Google buys out Fitbit
• Making sense of the EU’s fight for user-replaceable smartphone batteries, Jon Porter, The Verge
• Google ‘not truthful,’ tried to ‘subvert’ court process by deleting evidence in monopoly case, judge rules, Ethan Baron, The Mercury News
• Google’s ex-CEO blames working from home for the company’s AI struggles: ‘Google decided that work-life balance was more important than winning’, Orianna Rosa Royle, Fortune
• $5 billion Google lawsuit over ‘Incognito mode’ tracking moves a step closer to trial, Richard Lawler, The Verge
• Eric Schmidt Is Building the Perfect AI War-Fighting Machine, Will Knight, WIRED

Track Listing

• Outro: Khaim - Neon Lamp

Verifying downloads is something that should be ingrained into every computer user. Unfortunately, the process is very complicated and very few services make this easy for people. It’s intimidating to be told to use the terminal, especially if you are on Windows or Mac.

Paid Signatures

What’s more, why bother when a lot of the programs you use are probably verified already? Windows and macOS have a built-in mechanism to identify whether or not a program was created by the manufacturer that claimed to make it. If you use Snaps or Flatpaks on Linux, both implement a checkmark system to show the developer was verified by the Snapcraft and Flathub developers.

Signed applications are necessary to ensure the file wasn’t tampered with on the way from the developer to your computer. If you use a package manager like Winget, Homebrew, or the one in your Linux distribution, this process is also automatic. What’s more on Linux, the vast majority of packages on Linux are not verified. Even within the average distribution repository, most packages are not officially sanctioned by the original developers. This doesn’t mean a application is malware, but it can often introduce more problems.

The problem is signing systems like Apple’s notarization process or Microsoft certificates are costly for developers, requiring at least a couple hundred dollars up front just so the program you made won’t get blocked by the default antivirus.

• Apple’s crazy developer fees
• Microsoft’s explainer about certificates
• Microsoft’s list of code signing certificate providers

Unsigned applications don’t suggest they are malware, but it’s important to pay attention to where you got the program to begin with.

Bypassing Signature Checks on macOS

Like Microsoft, Apple has a robust verification system. Unlike Microsoft, Apple is more proactive at blocking unverified downloads. When you open an application for the first time, Apple will prompt you if you want to open the application.

If you need to open an unsigned application (e.g. LibreOffice, Alacritty, etc): navigate to /Applications and Ctrl + Click the application you want to open. Then select “Open.”

If you are on macOS Sequoia or higher, you will need to go to the Settings, “Privacy & Security” and manually allow an unsigned app.

Manual Verification

Naturally, people aren’t accustomed to verifying their downloads.

A couple years ago, Linux Mint was hacked and the ISO was modified to mine cryptocurrency off the unlucky souls who downloaded it. Thankfully, Mint’s team shut down the attack very quickly, but it goes to show how important it is to verify your downloads.

The attack was easily prevented if users verified their downloads. Unfortunately, verifying downloads is something that doesn’t get enough attention. The hacker of the Linux Mint, Peace, made the bold, but accurate claim:

Who the f**k checks those anyway?

Peace, to ZDNET’s Zack Whittaker February 21, 2016

We’re going to have to go and prove him wrong. It’s not going to be easy and maybe this is something that we need to start developing.

GPG Signatures

One of the most popular ways files are verified is PGP keys. Pretty Good Privacy (PGP) keys are often necessary for verifying other files using a central server for trust. Some projects also require verifying additional files.

PGP was originally only available to the government in the 1970s and PGP was developed to make file and text encryption more accessible to average people. Almost 40 years later, PGP is very unfriendly and is far too complicated to use. Encrypted messaging apps automate this message verifiability and security process, so they fill this void better. Despite its shortcomings, many open source projects and packaging utilities rely on PGP, because nobody has been able to break it.

PGP is typically handled with a command line application called GNU Privacy Guard (gnupg). There are various graphical front-ends:

• Windows: Gpg4win
• macOS: GPG Suite (Mail encryption is paid)
• Linux: Kleopatra

Of course, like most GNU applications, using gnupg or any of its frontends is not particularly straightforward.

Verifying GPG Signatures

I will be using the instructions for Kleopatra and Gpg4win. The instructions are similar for GPG Suite.

First, download the files you wish to verify. This will be your desired file and a signature file with the extension .sig or .asc.

Typically, these files are named something similar. If you download openSUSE Tumbleweed’s ISO and verify the checksums, the files we need here are the signature file openSUSE-Tumbleweed-DVD-x86_64-Current.iso.sha256.asc and file we want to verify openSUSE-Tumbleweed-DVD-x86_64-Current.iso.sha256.

Make note the folder where the files you downloaded are (e.g. Downloads).

1. In your GPG program, navigate to “Decrypt/Verify.”
2. Select the signature file first and the file that needs to be verified.
3. If you are told the certificate is unavailable, select “Search” to download the key from a known key server. Otherwise, skip to #6.
4. Once the key server has found the certificate, click on it and select “Import.”
5. Accept the next dialogue once the certificate was imported.
6. Repeat the process of “Decrypt/Verify” and select the files again.
7. Select “Show Audit Log.” If you see “Good signature from…,” the file has been verified as the authentic file.

Ignore any warnings that tell you the signature cannot be verified. This often confuses people who are trying to verify files when they aren’t trying to encrypt files themselves.

Since PGP keys aren’t designed for humans, you need to move them electronically. But of course humans still need to verify the authenticity of received keys, as accepting an attacker-provided public key can be catastrophic.

PGP addresses this with a hodgepodge of key servers and public key fingerprints. These components respectively provide (untrustworthy) data transfer and a short token that human beings can manually verify. While in theory this is sound, in practice it adds complexity, which is always the enemy of security.

Now you may think this is purely academic. It’s not. It can bite you in the ass.

What’s the matter with PGP? - Matthew D. Green, Johns Hopkins University

Command-Line

gnupg can also be used from a terminal to verify keys. As a GNU utility, it’s best utilized on Linux, macOS through Homebrew, or Windows Subsystem for Linux. It’s also preinstalled in many Linux distributions.

First, verify your file using the signature file first, then the downloaded file.

gpg --verify openSUSE-Tumbleweed-DVD-x86_64-Current.iso.sha256.asc openSUSE-Tumbleweed-DVD-x86_64-Snapshot20240806-Media.iso.sha256

If the certificate is not yet added, we need import it into our GPG keyring. You will get presented with a dialogue similar to this:

gpg: Signature made Tue 06 Aug 2024 09:04:47 AM EDT
gpg:                using RSA key 35A2F86E29B700A4
gpg: Can't check signature: No public key

Next, import the certificate from a remote server. This is the blob of letters and numbers after the key type. In this example, openSUSE uses an RSA key and the key is 35A2F86E29B700A4.

gpg --recv-keys 35A2F86E29B700A4

You should get an output informing you if the signature was imported to your keyring. Rerun the gpg --verify command from earlier. If you see “Good signature from…,” the file has been verified as the authentic file.

Check Out Those Checksums!

Often times, software makers will provide checksums, which are verified using GPG keys. This ensures the files you downloaded aren’t tampered with or corrupt in some way.

Checksums are alphanumeric representations of files or data—every file has one. There are many different algorithms to check files and it’s different for every operating system. For example on Linux, there’s a nice GUI called Collision. There are also command-line options.

An alternative is uploading the file to VirusTotal, but this may be privacy invasive as VirusTotal will receive a copy of your file.

At any point if you need to navigate to a folder or type a file name, you can drag the folder or file into your terminal instead of typing it out.

Popular Algorithms

• SHA1
• SHA256
• SHA512
• MD5

GNU coreutils (Linux)

Linux has the most comprehensive and commonly used hash verification tools by the GNU Project. The commands also have a built-in checker to formatted checksums from a file.

sha256sum openSUSE-Tumbleweed-DVD-x86_64-Snapshot20240806-Media.iso

Running the command will give an output that looks like this:

3b55f6f88c0a64f0e4e2abe19e106c40578ef60a9d97b5be149736e83154b0ce  /var/home/user/bin/mullvad-browser/Browser/Downloads/openSUSE-Tumbleweed-DVD-x86_64-Snapshot20240806-Media.iso

If you have a .sha* file, you can verify the file with the -c command.

sha256sum -c openSUSE-Tumbleweed-DVD-x86_64-Snapshot20240806-Media.iso.sha256

If you were not provided a .sha* file, you can manually verify by opening the file in a text editor or word processor, then manually comparing the hashes.

macOS/BSD: shasum and md5

On Mac, the process is slightly different than Linux, because macOS still maintains BSD tooling. The GNU version from above can be downloaded from Homebrew if you prefer the Linux commands.

Apple briefly discusses SHA checksums in their developer documentation. MD5 is deprecated due to its insecurities.

Open Terminal (or an alternative like iTerm2) and enter the desired commands.

shasum

For SHA checksums, use the shasum command. Below is an example for SHA256 sums.

shasum -a 256 subscribe.pkg

The output will look like this:

baaeeedffc7ef4a4f65ec8015699a5c95db91d131d253f1eb2ebc469557344c2 subscribe.pkg

md5

For MD5 checksums, use the md5 command.

md5 likethevideo.dmg

The output is very different from the Linux version, but it’s functionally the same.

MD5(likethevideo.dmg)= 20665acd5f59a8e22275c78e1490dcc7

Windows

Windows has a PowerShell utility called Get-Filehash, which is a catch-all command for all signatures and algorithms.

Get-Filehash is always following by your file, then the algorithm you wish to use.

Get-FileHash C:\Users\user1\Downloads\Contoso8_1_ENT.iso -Algorithm SHA256

All common algorithms are supported by Windows like SHA and MD5.

Did It Work?

Regardless of operating system, if the file is verified, you should just get an “OK.” Now your file is ready to use!

Now that you know, verify your downloads every time. You’ll keep yourself safe from the nasty things out there. All we need to do is pray for better tooling.

Resources

• Riseup’s tutorial on GPG key management. The guide is outdated, but the format of commands and best practices are still true.
• The Code Book: The Secret History of Codes and Code-breaking by Simon Singh. If you want to read specifically about key exchange, PGP, and quantum computing, it’s chapter 6 and onward.
• Damon Garn’s blog post for Red Hat “An introduction to hashing and checksums in Linux”

Track Listing

• Takashi Waraya (稿屋 隆) - With watching the donkey (ロバでも眺めながら)
• Yu-Gi-Oh! Power of Chaos: Kaiba the Revenge - Card List
• えだまめ88 - chocomint (チョコミント)
• Outro: Khaim - Neon Lamp

Let’s have a frank conversation about only the biggest buzzword in tech right now—AI. More specifically, generative AI, because it’s all the rage right now, everything from the next piece of corporate vaporware to the next thing to ruin a profession of service workers, creatives, and all coding as we know it.

AI has dominated conversation of tech for a long time, but no matter who talks about it, it’s always divisive. You’re either shaking your fist at that AI cloud in the sky or you’re a tech bro praising the almighty robot and praying in the hope of Roko’s Basilisk.

I can’t help, but feel there’s much more nuance to the issue of AI. People will be quick to blame our culture for the extremism, but I think this sphere of tech has a bigger problem: the personification of AI.

Personifying AI removes accountability and responsibility from the entities that create it. Despite claims of valuing safety in generative AI, the larger tech firms and companies will use this to maintain their hegemony.

Today, 1 year into the AI craze, I want to cast vision on what we can do to navigate AI, how we can discuss it intelligently, and why we should advocate for AI that serves people first.

Corporate Control

Let’s start off with the one that looms over everything in generative AI—corporate influence. Every big tech company wants to get their greasy tendrils into generative AI because they believe they can use it to get more money.

Money is an easy thing to blame, but big tech controls much more in AI than we’d like to admit:

OpenAI, one of the largest AI players in the AI industry, has 49% of their for-profit stake owned by Microsoft. This not discounting for Apple’s push for OpenAI by bribing them with exposure.

While perceived to be behind, Google’s no slouch despite what media outlets and public perception is. Google has used the vast amount of data they harvest to power their AI models, including things most of Big Tech can’t achieve. This includes in video generation (Veo), real-time audio/image recognition, and strong contribution to open source AI projects.

The AI Creep

The biggest problem with corporate AI, much like OpenAI’s ChatGPT and Google’s Gemini, is privacy and surveillance. It’s no shocker that every single Big Tech company has struggled with privacy. When Google tells you that they care about your privacy, you know in your heart that privacy and Google go about as well as peanut butter and tuna fish.

The important thing to remember here is surveillance capitalism, where access to your data is sold as a commodity more valuable than the actual money. Even if you don’t willing provide information to or use these tools, your data will be fed into them because all of these companies have a stranglehold on the majority of the internet’s contents that we all use.

AI Won’t Steal Your Job, But Companies Sure Will

hidden=""

An important thing about AI is acknowledging that human rights are valuable, including privacy. There are some tasks that absolutely need to be replaced of AI because these tasks are just unsuitable to be done by human beings. Nobody wants to work in a retail warehouse. Workers are strictly monitored and kept on a strict track to pack and load things to/from a boarding area. Wouldn’t it be great if we had robots do this instead so people could just operate them instead?

Most people would balk at a statement like this, but if companies are just going to fire you and replace you of AI, maybe you shouldn’t have been working with that kind of job to begin with. You might be better at working someplace else if you’re just going to be abused in the workplace when your employer is just going to replace you with an artificial intelligence unit.

In a different universe, your job would have been replaced with something else because that company clearly thinks your job is worthless. Great example is Google’s major software development layoff (No Paywall) this year before Google I/O. It’s no different than any other kind of “-ism” in the workplace.

This is the final goalpost of artificial intelligence and the growing trend of artificial general intelligence (or the dreaded AGIs). Companies prioritize money, certain types of work, and building the “everything” machine. Sound familiar? A machine that does everything is in effect a disposable human being. Even when said machine is a glorified mimicry writer, raising money towards this reality will advantage corporations in power and disadvantage those with little.

It’s important that we acknowledge that some people have certain jobs because of their privilege or background. The problem is not LLMs; LLMs are merely tools and the cat is out of the bag at this point. It’s now about what we are going to do protect people caught in the crossfire.

Generative AI is not the end of civilization. We can’t judge it as intelligence, we judge as software. Right now, generative AI is a part of that idealistic fantasy corporations want to sell.

All the Reach, No Way to Leave (Enshittification)

hidden=""

Being subject to the whims of advertisers means these new AI platforms will face the same twisted market incentives that allowed Big Tech to gain the position of oligarchs these companies hold today.

The other problem is lock-in. Many companies safeguard the data of their models carefully and refuse to answer any questions about it.

Even the former interim CEO/now CTO of OpenAI, Mira Murati, refuses to answer to Joanna Stern of The Wall Street Journal.

STERN: What data was used to train Sora?

MURATI: We used publicly available data and licensed data.

STERN: So, videos on YouTube.

MURATI: I’m actually not sure about that.

Joanna Stern and Mira Murati, “OpenAI Made Me Crazy Videos—Then the CTO Answered (Most of) My Questions” 10:36

You can’t control many models in web-based services. Big tech knows that the open model is the most successful. A leaked internal document at Google warned that smaller, more manageable, and free AI tools would become the norm in computing.

Accountability & Accessibility

In order for real safety mechanisms to be put into place, the process would need to involve real people, politicians, and the rest of the world. The proprietary nature of most mainstream generative AI programs means everyone who isn’t part of these companies is locked out of making it safer.

To prevent this, generative AI should be interoperable and democratized. It should be made available to everyone and allow its users to whatever they want with it, the same way we would use a hammer. Because of harm that can be done, the same real world consequences and protections need to be put into AI as well.

When there are no safeguards in place, AI will become more regulated by governments, which is a good thing. What’s not a good thing is when said regulation removes agency and power from people.

As much as flack as they get, Facebook has been at the forefront of pushing people to adopt open source solutions to AI. While Google has their Gemma models, their Gemini models by contrast are closed source. Artificial intelligence needs to be widely available for everyone

Free Expression in AI

No matter where you fall on the political spectrum, we’ve seen the disastrous results of legal processes that threaten our freedoms, whether it’s copyright law or allowing big tech to self-regulate. If current trends continue, generative AI will only perpetuate what’s happening in the real world in the digital one.

People need these tools because they can often empower someone who lacks certain abilities to invent or achieve something they wouldn’t otherwise.

People who remix music gets hit the hardest by copyright. On YouTube, playing more than 8 seconds of audio is enough to get your video demonetized. YouTube doesn’t do this because they want to, but they are beholden to the laws of the land, including copyright.

Remixing music is a very complex area to address, but if done right, a remix can make a certain song or multiple songs into a song nobody expected or has ever heard before.

There needs to be protections in our own legal system that protects things like Fair Use or fair dealing because people who remix music don’t get rich. They’re normal people like you and me. And when they get hurt, we do too.

I Cheat… Because I’m Smart!

When I was younger, I considered myself a fairly good student, except in one area: math. All the way from middle school to college, I never got anything higher than a D on a math test. When I was in my college calculus, I intentionally bought the teacher’s edition of the book, just so I could copy the answers and barely pass the class.

Today, I’m not surprised when people use generative AI to write their essays or do their homework. Schools are just broken and disrespectfully ask their students to learn things they may never use in real life. If I were a student today, you bet I would be asking something like Microsoft’s Phi-3 to solve my algebra homework or calculus proofs.

Abilities Are Personal.

But hang on, is this advocating for cheating? Yes, I advocate for cheating, but I ask you: if you’re going to use AI in schoolwork, you better be smart about it.

It’s no coincidence that AI may have unintentionally made writing better. Lots of organizations from colleges to video game companies have been caught or accused of using generative AI to write things.

When I cheat by having AI do algebra, that’s not something mathematicians need to accomplish their work, it’s just labor. Mathematicians still need to come up with systems to identify patterns and craft new new theories or ideas. AI cannot do that effectively and it’s a lie that big tech continues to sell.

Writing and art on the other hand is different because it’s inherently personal. Coding and math are not personal; it’s just a bunch of numbers and letters. This is the real difference that people need to accept.

Your Work and AI Isn’t

I’m expecting some angry license-enslaved programmers to lose their minds, so let me clarify this a bit. A mindset too many people allow themselves to get stuck in is their work is important and it is.

An easy trap people get stuck in is valuing their work over their skill. If you’re going to let yourself be defined by something like your coding work or your art, you should instead pride yourself on the fact your mind is better at these things than most other people.

This doesn’t excuse you in copying work from a generative AI. Generative AI, given enough data, just repeats the corpus of information it’s been fed in an intelligible way. If you’re going to write a paper purely using generative AI, you’ll get caught real fast.

On the other hand, researching a topic can be very painful for some people. Imagine feeding something into an AI summmarizer instead. It might help someone better understand what they are reading or point the reader to key points. AI is a tool and it’s no different from how people would use SparkNotes or CliffNotes.

We don’t value art because of the intricacies of a paint brush. We don’t gush over the verbs in an author’s writing. We value art, writing, or coding because of the skill of an individual or a group of people.

Abuse Is Inevitable

Let’s speak into a fear that needs to be said: abuse of AI systems. Everything from AI-generated porn, presidential deep fakes, and theft of all “publicly available data” from every big company and budding AI startup.

The Threat to Free Expression

Let’s return to writing again, specifically to journalism. Here we see how an industry is adapting or in some cases, merely perpetuating what was always happening. Here’s some examples:

• Reputable outlets like 404 Media have been forced to paywall or login wall their content so AI can’t scrap it.
• Bad outlets like MSN, USA Today’s parent company Gannett, and CNET completely lost all integrity by abusing their employees and replacing journalists with AI.
• There’s also some rich irony when Forbes, an outlet that summarizes other outlets, is upset that a startup company like Perplexity is summarizing their summaries of actual news sources.

News outlets with lots of reach or big parent companies like The New York Times and Condé Nast (No Paywall) (owner of The New Yorker, Vogue, Wired) now want a piece of the AI money pie. In the case of Wired, articles like “Perplexity Is a Bullshit Machine” are written to get people on their side.

The dangerous side of cases from The New York Times and Condé Nast is the rammifications on the aforementioned freedom of expression and abuses our broken copyright system. Even if The New York Times or Condé Nast were to win their lawsuits, they prove that the copyright system is too easily abused because anybody who remotely reports information from another new outlet, is a violation of copyright.

Vilification in Vain

News reporting, even if it’s a summary of another news outlet, is protected under Fair Use. Equivalent laws like fair dealing exist in Canada, Australia, and the United Kingdom. Other countries are more gray like China and Japan.

Learn more about what qualifies as Fair Use from Stanford University’s Copyright and Fair Use Center

What’s more, if the Times and Condé Nast have their way, they aren’t really solving a problem. They have only joined OpenAI, Perplexity, or the newest AI boogeyman of the week in weakening journalism. Big outlets will be able to afford this protection, but smaller outlets and independent journalists will not.

Demonizing generative AI will only hurt everyone and innovation. What we need to aim for is democratizing generative AI. When we have interoperable, open source AI, everybody wins.

On “Public” Data

It’s worth pointing out that web scraping should be allowed and no Wired, a robots.txt file is not a sufficient means to block robots nor should they be obligated to listen to it. The Wayback Machine doesn’t listen to robots.txt on military/government webpages for preservation purposes.

People deserve the right to do what they want to publicly available information. It’s overreaching regulation like the Computer Fraud and Abuse Act that threatened web scraping in the past.

That being said, you’re not going to get my data. In my position as a creator who uses a platform that gives all my data to Google (they use my videos for training AI per the terms of service) and writes on a public website, I block all artificial intelligence bots from scraping my content. The only way the behavior of these companies ends is if you cut off the source of their data. It means discovering open source alternatives that won’t harvest your information for neural networks or line their pockets.

Closing

The bottom line is your skills are personal. Generative AI is not and nor is your work, whether it’s creative or technical. If we lose sight of this, we lose our freedoms and the little guy is hurt.

We can’t stop the abuse that Facebook, OpenAI, Apple, Google, and countless others have committed. Instead, we need to make use of these tools, specifically generative AI that’s open-source, interoperable, and respects human dignity.

If people don’t learn to adopt AI, it will fall by the wayside for normal people and become controlled by corporate interest. We’ve seen what happens the failure of open-source software in the automotive industry, virtual reality headsets, and creative software. If there isn’t enough manpower to work on the free, private, interoperable generative AI, it will fall by the wayside and remain inferior to its closed ecosystem counterparts.

Everyone needs open source AI today and I am an AI believer. Unfortunately, our laws have a long way to go and favor the powerful. I just might not use it very much because it’s still just a glorified echo machine.

Resources:

• The TESCREAL bundle: Eugenics and the promise of utopia through artificial general intelligence Paper
• Nettrice Gaskins on the EFF’s How to Fix the Internet: AI on the Artist’s Palette
• AI and the Evolution of Social Media
• On the Dangers of Stochastic Parrots: Can Language Models Be Too Big? 🦜
• Mark Zuckerberg’s blog post: Open Source AI Is the Path Forward
• Emily Bender and Alex Hanna’s Mystery AI Hype Theater 3000

Referenced

• The clip at 0:36 is from the Simpsons episode “The Old Man and the Key”
• The clip at 0:40 is from THX 1138 (1971).
• Emily Bender’s presentation “On the dangers of stochastic parrots：Can language models be too big？🦜
• Timnit Gebru’s presentation on TESCREAL at SaTML 2023
• Wolfram Alpha’s Problem Generator
• We Replaced Our Tech Journalism Website With AI from 404 Media’s YouTube channel.
• Cloudflare’s blog post about managing AI bots

Track Listing

• zukisuzuki BGM - Everyday
• zukisuzuki BGM - Simple
• alaki paca - refreshing breeze
• Lukrembo - Green Symphony
• Outro: Khaim - Neon Lamp

A common selling point of Linux is hardware support, especially for computers with lower configurations or older computers. Today, I want to bring a different opinion today: Linux can absolutely extend the use of older hardware, but by no means will it save it. I have a few lower end and older computers: the HP Compaq 8000 and the ASUS E403NA. I want to use each computer as test cases and demonstrations, so the next time you attempt to “revive” a computer, you set your expectations appropriately.

(Lack of) Security Guarantees

The first thing to get out of the way is security updates. Whether you’re using a computer from 14 years ago or a computer from the current generation, it’s important to understand security updates. For example, a while back I reviewed the experience of using Linux on a 2017 MacBook Air and as the sun sets for macOS Monterey, Linux is a major step up than using macOS Monterey, which has pretty much hit its end of life and as Apple abandons Intel for their Apple Silicon. That’s a good reason to consider using Linux on an older machine.

That’s where we need to talk about the ugly truths with end of life hardware. While Apple makes it easier to gauge hardware releases and security updates, on Windows or Linux machines, this can be more difficult. For example, the HP Compaq first came out in 2009 and was made available only to business customers (it even has Intel’s Core certification). The final firmware update for the Compaq was shipped in 2013. Now one shady thing both HP and Apple do is they never tell you that you are running a device with firmware with zero security patches. Apple is even worse in this regard because there’s no indication macOS won’t get updates until they stop.

Your hardware needs to be updated frequently, especially when there are vulnerabilities against physical hardware. One example was earlier this year, QuarksLabs found a serious flaw in TPM 2.0, so if you use an older version of TPM (you should), you would have missed the numerous security updates related to TPM since then. Not just TPM, but attacks like LogoFAIL exist as well.

It’s important to remember that if you use computer for sensitive operations that require addition security, like banking for example, take extreme caution with using hardware that won’t get security updates. If your device is no longer receiving security updates, installing Linux can help as a “badness reduction” measure, but it won’t fix the fact that you no longer get any hardware updates. It reduces the harm from the operating system level, but it won’t solve some crippling hardware flaws.

Limitations

One of the major selling points of Linux is its low performance. There are some desktop environments or window managers on Linux that can run on incredibly low-end hardware. For example, I have the ASUS E403NA—a laptop with less than 4 GB of RAM and with one of the classic 2017 Intel Celeron. It’s really important to acknowledge that the weaker the computer, the more it will limit your options to do specific things. I have to run the Sway window manager, because running most desktop environments lead to really slow performance.

Okay, it’s not that bad. On the HP Compaq, GNOME performs generally pretty well. While loading times themselves are slow, GNOME is actually fairly capable on 4 GB of RAM, it’s just older hard drives. It’s also very capable at general web browsing and even watching videos.

Software Support

One of the major problems with the HP Compaq in modern day is its ability to play contemporary video games or run OpenGL programs. I couldn’t get multiple modern video games to run, because most games I tried spit out OpenGL or DirectX errors.

• The Grim Fandango Remastered encounters errors because it requires OpenGL version 3.3 or higher.
• The Core 2 Duo only supports up to OpenGL 2.1 as indicated if you run Minetest, which runs at an average of 20 FPS.
• Despite meeting every minimum requirement except the GPU, Rebel Galaxy fails to launch at all.
• ABZÛ and Cuphead won’t run because the Core 2 Duo doesn’t support DirectX 11.

Now I did get some games to run, the best was Oddworld: Abe’s Oddysee, which was still unsuccessful at playing any of the rendered videos, featuring the good ol’ 90s scan lines. Aside from this, the game seems to be completely playable despite its downsides.

To push the hardware a little more, I also tried running the original Psychonauts. While not encountering any initial installation issues. the game practically ran at the rate of a slideshow and was unplayable.

What all of this shows is older hardware cannot keep up with the pace of software. You can’get in on the latest AI craze. You can’t do proper programming because compiling programs takes literal hours. That doesn’t mean it’s incapable, but there are serious limitation with what you can or can’t do.

Legacy Cables

The other problem is legacy cables. If older computers like the HP Compaq, you are effectively forced into specific display cables. For example, I usually use a lot of HDMI cables. But with the HP Compaq, the only cables that are supported are VGA and DisplayPort cables.

Now, I just so happen to have a pair of VGA cables lying around after years and years of using them. But for older computers, especially when you start getting into the early 2000s, maybe the 90s, you might not exactly have a FireWire cable lying around for that PowerMac G3 of yours.

The “Community” Doesn’t Know or Care

My favorite part about aging hardware (and open source software in general) is a lot of people will tell you there’s a community out there that develops a whole manner of firmware in case you’re having trouble. Indeed, if it’s very common firmware like ThinkPads or Microsoft Surfaces, hardware that’s actively used, people will care a lot about it. But when it comes to end of life hardware, this so called “community” is very unsympathetic and will not help you because the companies that abandoned the software to begin with are very unsympathetic about it.

Last year, openSUSE, Fedora, and Ubuntu have all announced initiatives to advance the x86 compilation of their packages to the next level from v2 to v3. Unfortunately, there have been people who continue to outcry these deprecation initiatives, but openSUSE’s polls show very few people understand these architectural differences, including me by the way.

If these changes and how these developers responding is an indication of anything, it shows that developers like those at Fedora, Canonical, and SUSE all want to move faster and older hardware support hinders progress and eats up developer time. I can’t imagine a single developer who would volunteer to discuss these issues when they would rather spend it programming. 32-bit hardware was dropped on many distributions for the same reason. As much as I would like us to be able to use these computers in the future, there’s a real human cost to the people who have to keep the 32-bit or even the PowerPC and it can’t go on forever. Think about it: if you are using a computer which no longer gets security updates or manufacturer supports, obviously with extenuating circumstances (economy, social change, etc), there’s very few reasons to use hardware that won’t be supported. If you’re sick of hardware that won’t be supported, maybe it’s time to support hardware makers that give their products a long shelf life.

B… But the Environment…

My favorite excuse is “using an older machine will save the environment.” Or the classic " you can breathe new life into your old computer." I hate to be the bearer of bad news, but in the case of HP Compaq, I would argue that continued use of older computers isn’t just bad for the environment, it’s actively worse compared to other alternatives.

While the Compaq might be lacking in gaming capabilities, it’s still really good at word processing, general web browsing, or some basic office work in something like LibreOffice. The problem isn’t so much in what it can do, but rather, what other devices you might or could own can do. We live in a day and age where smart phones have become very integrated into society. If all you can do is run a web browser, you are better off using your phone, a device that doesn’t require nearly as much space or power.So many people in today’s day and age don’t own computers, it wouldn’t be crime to tell someone to just their phone. Most modern smart phones do some things worse like tinkering and gaming, but when it comes to doing what most people actually do.

Takeaways

Now considering you made it this far and you haven’t left an angry comment in the video, the important thing here is presenting guidelines that we can use to understand how we can use technology better. We need our devices to receive updates and when they aren’t it means it’s time to migrate to newer devices that will. Sure, Linux has options that can save older hardware, but the slow decline of software that will work and the limits set purely because of old hardware. Maintaining old hardware has a cost: it’s a cost for the developers who have to keep it functional, on you because parts might no longer be available, and the real environmental cost when modern products might be a better alternative.

At the end of the day, everyone’s situation is different and it’s all about what works for you. I’m not going to hunt you down because you still have Debian computers running on PowerPC. It’s about making smart decisions about how we can use these tools the best.

Track Listing

• Hitomi Satō (佐藤仁美) - Poffins (ポフィン) from Pokémon Diamond, Pearl, and Platinum
• Sumochi (すもち) - Toy-dance (おもちゃのダンス)
• zukisuzuki BGM - Culture
• TECHNOTRAIN - Blue Soda
• Outro: Khaim - Neon Lamp

Do you have external storage like USB drives or portable hard drives? Unfortunately with external storage like USB drives or portable hard drives, your data is totally unprotected and can be accessed by anybody.

What would you do if you lost that device? Some devices come with software you could use, but most of these demand too much trust or might not work on Mac or Linux. Many of these programs are also upsold to you on top of the device you bought.

If you want assurance that you can password protect a device, VeraCrypt is the way to go. VeraCrypt is one of the most reliable ways to guarantee the ability not only encrypt devices, but seamlessly transfer that device’s data to other operating systems.

VeraCrypt’s Website

History

VeraCrypt is a rewritten version of a program called TrueCrypt. Initially for Windows, TrueCrypt was exclusively for Windows users and provided a substitution for Microsoft’s Bitlocker full-disk encryption.

The TrueCrypt developers were anonymous, but seemed genuine in their goals and gave the source code to anyone (we’ll get back to that one later).

But one day, during the height of the Snowden leaks and NSA paranoia, the TrueCrypt website was replaced with big red text demanding their users immediately stop using and uninstall TrueCrypt from their computers.

Enter VeraCrypt, a full rewrite of TrueCrypt. The process was a large undertaking and it was because the source code’s license was very problematic to develop with and to root out the alleged issues.

• The TrueCrypt license does not legally absolve the developers or distributors.
• An audit from Johns Hopkins University in 2015 revealed TrueCrypt is vulnerable to key extraction from live memory. This means if someone gains access to a computer with TrueCrypt turned on, data from volumes could be extracted.
• Another audit by QuarksLabs was completed in October 2016.
• TrueCrypt was for Windows only, although a Linux version was in the works. VeraCrypt is cross platform rewrite for Windows, Mac, and Linux.

The restrictions and lack of legal protection are the reasons most Linux distributions do not package VeraCrypt.

Why Not VeraCrypt?

The first thing you will need to consider is whether VeraCrypt is the right decision for you or not. VeraCrypt is best geared for cross platform file encryption on physical hardware.

Lack of Platform Diversity

If you need to access a file across different devices, for example, Windows and Linux or Linux and Mac, VeraCrypt is good for you.

If you share an encrypted device with somebody who doesn’t use the operating system you use, VeraCrypt will help maintain the encryption of your data while being available across operating systems.

VeraCrypt isn’t good if you only use one operating system or if only you use it. Windows, Mac, and Linux all offer much better integrated solutions (Bitlocker To Go, encrypted APFS, and LUKS respectively) at the cost of platform lock in.

No Official Mobile Clients

VeraCrypt has no official mobile apps. Despite having a page on their website, it is horribly out of date and none of the programs listed are officially by the VeraCrypt team.

A better alternative is Cryptomator. Unlike VeraCrypt, Cryptomator has an official, paid mobile app.

Do not use any mobile app for VeraCrypt. You risk the compromise or loss of data if you do so.

Not Cloud Friendly

Since mobile isn’t supported, this is where end-to-end encrypted cloud storage serves a better purpose. Cloud servers can easily sync to mobile devices more easily while still retaining full encryption at rest. I use Proton Drive personally.

VeraCrypt isn’t a good fit if you use cloud storage. You have to upload a large file with all of your encrypted belongings every time you sync. If that file is 16 GB, you need upload 16 GB each time.

Not to sound like a shill, Cryptomator stores your data is many different encrypted blobs. This way, it’s easier to sync only what gets changed will be synced properly to cloud storage.

I made a video on Cryptomator 2 years ago (Odysee Link).

Installing VeraCrypt

Because of TrueCrypt’s legacy, VeraCrypt is first and foremost a Windows program. You download the installer, verify it, and run it. On Mac and Linux, things get a bit more complicated.

Mac

On Mac, in addition to downloading the installer, you must download macFUSE so macOS can mount external volumes properly.

Linux

On Linux, VeraCrypt comes officially in 3 packages, a Debian/Ubuntu .deb, a Fedora/CentOS/openSUSE .rpm, and a generic tarball installer.

There’s also a third party package in the Arch Linux extra repository, but it’s not officially maintained by the VeraCrypt developers. The reason Arch allows packaging VeraCrypt is because their philosophy doesn’t discriminate against the TrueCrypt license, unlike the vast majority of Linux distributions.

Generic Archive

Unpack the generic archive and run the GUI x64 installer in the terminal.

Fedora Atomic Desktops

If you use Fedora atomic desktops or Universal Blue, you can layer the .rpm with rpm-ostree. Since VeraCrypt is mounting drives, it requires access to your host system and cannot be installed with Distrobox.

Usage

After VeraCrypt is installed, you can choose to use either the GUI or the command line. I’ll focus more on the Windows GUI, since there is more options, but will include the relevant terminal commands to do the same things on Mac and Linux.

Much of this tutorial comes from the VeraCrypt Beginner’s Guide, including the screenshots.

Unfortunately, VeraCrypt’s website looks like it was made at least 10 years ago and could be rewritten to make this information more accessible. There is also little documentation on the command-line options.

Creating a Volume:

sudo veracrypt -t -c

After installing VeraCrypt, click on “Create Volume” to get started. Then you will be presented with 3 options:

• Create an encrypted file container: This creates a digital file that will encrypt your data. This is the default option.
• Encrypt a non-system partition/drive: If you need to encrypt portable storage, select this option.
• Encrypt a non-system partition/drive: (Windows only) VeraCrypt is capable of operating as a substitute to Bitlocker. However, with the system requirements of Windows 11, this is not recommended.

Encrypting your Windows installation is not recommended. It is easier and less hassle to use Bitlocker or follow a guide to enable it for free on Windows Home

• Using VeraCrypt has a major downside of going through various hoops to enable Secure Boot and signing the VeraCrypt bootloader.
• Sometimes Windows Update will delete the VeraCrypt bootloader and you will need to use the VeraCrypt Rescue Disk to unlock your system and reinstall the bootloader.

Hidden Volumes:

Volume type:
 1) Normal
 2) Hidden
Select [1]: 1

A standard or normal VeraCrypt container is a file that houses all of your data. A hidden file creates another section within that file that can be opened with a second passphrase.

Despite what the command-line menu says, it’s much more intuitive to use the GUI to create a hidden volume. Using the command line requires you to create a normal VeraCrypt volume with no filesystem, then modify it after the fact.

Hidden volumes can also store decoy files. In the event you are forced to reveal the contents of the VeraCrypt container, these files can be used to placate or mislead people.

Hidden volumes require a lot of maintanance. Your operating system has the potential to reveal the presence of a hidden volume through things like file caching and “recent files” menus.

If you chose to use a hidden volume, especially if you regularly store files inside it, you need to have the discipline to update the files inside the outer volume regularly as well.

Your decoy files should be regularly updated to keep up the illusion they are valuable. Examples include financial information, journals, or photos.

If you aren’t prepared for this kind of maintenance, it is for extreme threat models. Most people shouldn’t have to resort to this and it reduces your overall storage for valuable files.

Using a hidden volume by default could result in data loss unless specific mounting options are checked. By default, your hidden volume files will be deleted to free up space for the outer volume, so give the illusion it is a normal container. Better safe than sorry!

Volume Location

Enter the location where you want to store the file. If you use the command-line, this must be an absolute path.

Enter volume path: /home/user/Documents/test.hc

Encryption Algorithms

VeraCrypt comes with various standard encryption algorithms. Most people should just stick with the default settings.

Encryption Algorithm:
 1) AES
 2) Serpent
 3) Twofish
 4) Camellia
 5) Kuznyechik
 6) AES(Twofish)
 7) AES(Twofish(Serpent))
 8) Camellia(Kuznyechik)
 9) Camellia(Serpent)
 10) Kuznyechik(AES)
 11) Kuznyechik(Serpent(Camellia))
 12) Kuznyechik(Twofish)
 13) Serpent(AES)
 14) Serpent(Twofish(AES))
 15) Twofish(Serpent)
Select [1]: 1

Hash algorithm:
 1) SHA-512
 2) Whirlpool
 3) BLAKE2s-256
 4) SHA-256
 5) Streebog
Select [1]: 1

A warning for the command-line, the order is the swapped between the encryption algorithms and the volume size. Consistency!

Volume Size

Specify how big you want your volume to be. If you are using a hidden volume, you will need to allocate space for the decoy files in addition to your hidden files.

Enter volume size (sizeK/size[M]/sizeG.sizeT/max): 1M

As another knock on inconsistency, you will be prompted to pick your volume format here.

Volume Password

Enter a strong passphrase to protect your volume.

PIM

Personal Iterations Multiplier (PIM) is a value that will run an algorithm for multiple iterations. For extreme threat models, volumes will mount slower, but the more the algorithm is run, the more secure your data is.

Normal users can leave this at its default setting.

Keyfiles

In addition to a password, keyfiles can be added as another file required to unlock your volume in addition to a password.

You can add file paths to any file you want or have VeraCrypt generate a keyfile for you.

Enter keyfile path [none]: /var/home/user/like.txt
Enter keyfile path [none]: /var/home/user/subscribe.txt
Enter keyfile path [finish]:

It’s imperative you backup and store your keyfiles in a safe place. If you cannot access them, you will lose access to the data within a VeraCrypt volume.

By default, no keyfiles are used.

Volume Format

Filesystem:
 1) None
 2) FAT
 3) Linux Ext2
 4) Linux Ext3
 5) Linux Ext4
 6) NTFS
 7) exFAT
Select [2]:

Formatting your container dictates where your container can be shared or what kind of files can be stored inside. In general, using these filesystems outside of VeraCrypt is the same.

• Ext: One of the oldest file formats on Linux. Do not pick the other options, just pick Ext4. Can only be opened on Linux.
• FAT: A filesystem universally supported across Windows, Mac, and Linux. Maximum of 4 GB per file.
• Mac OS Extended (APFS): The macOS filesystem. It can store files larger than 4 GB, but is only supported on macOS. Some Linux distributions like Kali Linux come with a driver called apfs-fuse to read it, but Windows cannot open it.
• NTFS: The Windows filesystem. It can store files larger than 4 GB and decent support on Linux as well. However, macOS doesn’t behave well and often will not let you write files to it.
• exFAT: Yet another Windows filesystem. It can store files larger than 4 GB, but plays better with macOS. Works across Windows, Mac, and Linux.
• BTRFS: A newer Linux only file format with special repair functions.
• None: This option is only available in the command-line and used if you use hidden volumes. This will prompt you to create a hidden volume. The rest of the space will become the outer, decoy volume.

Finalizing Your Volume

Entropy

Once you have made it here, it’s time to collect some random noise. This further protects your VeraCrypt volume.

• In the GUI, you will be prompted to shake the mouse as randomly as possible within the window.
• In the command-line, you will be prompted to type 320 random characters on your keyboard, then hit Enter when you are done. If you still have characters remaining, you will be prompted to continue typing.

Click “Format” and then your volume will be created to specification.

Access Your VeraCrypt Volumes

Now that you have created your first volume, let’s open it.

Unlocking

GUI

Select a drive letter (Windows) or a number (macOS/Linux), then click “Mount.” Then a password prompt will appear. Enter all information relevant to your container.

If you stuck with the default settings, they are the defaults here too. VeraCrypt will auto-detect which format your container is.

Command Line

To unlock a VeraCrypt volume, here are some sample commands:

# File
sudo veracrypt -t --mount /home/user/hitthebell.hc

# External Device (Linux, match letters)
sudo veracrypt -t --mount /dev/sda

After either option, you will be prompted to use your administrative password on macOS and Linux. On Windows, VeraCrypt is able to bypass UAC for admin users.

Once your volume has been unlocked, it can be accessed the same way you access a USB drive. Files can be interacted with in real time.

Dismounting

Similar to thumb drives, VeraCrypt has a procedure that needs to be followed to remove disks.

To dismount a VeraCrypt volume, select the volume you want to remove, click “Dismount” in the menu and enter an admin password.

sudo veracrypt -t -d /dev/sda

If you need to dismount multiple volumes, click “Dismount all”

sudo veracrypt -t -d

Updating VeraCrypt

VeraCrypt doesn’t have a mechanism to auto-update. Newer versions of VeraCrypt often fix issues or serious security vulnerabilities.

The only way to see if there is an update is to subscribe to the VeraCrypt GitHub releases. You can track VeraCrypt releases using an RSS feed, where you will repeat the installation process again once you are notified of a new release.

To follow VeraCrypt’s updates, add the following to your RSS feed reader:

https://github.com/veracrypt/veracrypt/releases.atom

Referenced:

• YouTube to insert server-side ads to break skipping sponsors and adblocking.
• The footage from the Snowden leaks is from Citizenfour (2014).
• “Come with me if you want to live” is from Terminator 2: Judgment Day (1991).
• xkcd 538: Security
• The clip shown at 29:18 is from Keijo!!!!!!!! Episode 2

Track Listing

• Kei Morimoto - Utopia
• The music for the sponsor segment is “Blizzard in DC” from the game Arctic Thunder. Heavily edited to remove the interposed America bits.
• yuhei komatsu - Bump!
• crepe (くれっぷ) - Fairy Lullaby (妖精の子守歌)
• crepe (くれっぷ) - Fairy Gift (妖精の贈り歌)
• yuhei komatsu - Scattered Sakura (桜が散る時)
• Outro: Khaim - Neon Lamp

Time for the the annual Craig Federighi show, featuring the newest versions of Apple software. Now with invasive, shoehorned AI to boot!

Follow The Linux Cast

• Website
• YouTube (@TheLinuxCast)
• Podcast
• Mastodon (Fosstodon)

Bonus Content

Paid supporters get access to the full event discussion.

Takeaways

• Vision Pro gains some new quality of life fixes to sell its empty existence.
• In a change 17 years too late, the iPhone allows users to move icons wherever they want and color their icons similar to Android’s Material You.
• The Control Center experience is overhauled, adding more pages and widget support.
• The iOS 18 Beta is very buggy…
• Apps can be locked and password protected. It’s unclear how this works.
• A new permission to limit the networks apps can detect was added.
• macOS Sequoia exists.
• The Mail app curbs the endless notification spam and organizes all email into categories, similar to Gmail or Outlook.
• Apple Pay now works over NFC, but is gated to newer iPhones with NFC support and copies Google Pay.
• Apple TVs now adjust dialogue and action volume to separate audio tracks, allowing Apple studios to be more lazy with their sound editing once everybody knows about this feature.
• Apple TV copies Amazon Prime Video and now shows who plays which character in a popup.
• On a video call, you can now draw on your screen and share it to relay help to your poor friends and family.
• iPad gets the Calculator app, 14 years too late.
• Apple Notes now learns off your handwriting, solves math problems, and generates AI images.
• Your iPhone now gets a VNC server that can be accessed from a Mac with the same Apple ID.
• Shareplay gains the ability to sync newer file formats like videos or images.
• macOS gets window snapping, at least 15 years after Windows and Linux.
• Reader Mode on Safari now adjusts the page to fit elements of the page better. Too bad Firefox is a better browser.
• Photos now gains a Magic Eraser in everything but name.
• Who wanted AI organized slideshows of photos? Nobody?
• Apple now integrates ChatGPT and its onboard NPU for various meaningless things across Siri, Mail, iWork, and other Apple programs.
• ChatGPT is segmented into the free version for everyone that’s “private” and the not so private paid OpenAI subscription.
• Apple won’t invade your privacy to train off your data. They promised…

Referenced

• Original Event (YouTube)
• While Microsoft has not announced they gave up, the moneypit of VR headsets caused headaches and nausea for the US military with no discernible benefit.
• The most private and secure way to use Android: GrapheneOS
• The late Queen of England made the mistake of wearing a plain, green dress to a press conference.
• The footage on the Queen at 8:04 is from the live concert DVD of 5-toubun no Hanayome (五等分の花嫁, or The Quintessential Quintuplets). The woman singing is the voice actress for Itsuki, Minase Inori, singing トクベツなひと ～Lesson Five～ (don’t know what it is in English, sorry).
• The scene shown at 8:07 is from Boku no Kokoro no Yaiba Yatsu (僕の心のヤバイやつ or The Dangers in My Heart) Episode 2
• Learn how parents stalk their children on iPhones with FindMy and Family Sharing.
• The quote “That way people know you have one.” comes from The Onion’s video “Apple Introduces Revolutionary New Laptop With No Keyboard” at 1:48
• OpenAI’s demo of GPT-4o and also used the prompt of making up a bedtime story.
• Block Apple-Extended from visting your website; Apple uses it to train off your data.
• Everything Bing Chat got wrong in its first demo, including the recommedation of a gay bar on a visit to Mexico City.
• The application firewall Little Snitch, which is capable of blocking stock Apple applications and processes.
• The line “[I] am the captain now” comes from the movie Captain Phillips (2013)
• In “Why Big Tech Won’t Give You Pepe Emotes,” the anime girl with a bikini is Marin from Sono Bique Doll wa Koi wo Suru (その着せ替え人形は恋をする or My Dress Up Darling) Episode 2.
• In “Why Big Tech Won’t Give You Pepe Emotes,” the documentary mentioned is Feels Good Man (2020). I made a mistake; it’s not on Netflix.
• In “Why Big Tech Won’t Give You Pepe Emotes,” the artist of Pepe, Matt Furie, started various court cases to DMCA claim hateful uses of his work.

Track Listing

• The song for the Craig Federighi strip show is the Chemical Brothers - The Weight
• The song for Craig Federighi’s stunt double doing parkour is NOISY - ALLIGATOR.
• Song for the post-event discussion is Jane & The Boy - Starry Eyed (Instrumental)
• Outro: Khaim - Neon Lamp

Did you know Microsoft Build happened? It’s one of the biggest days for Microsoft every year, including announcing the new features of Windows like the new Windows Recall. Unfortunately for Microsoft, their PR team was quite up to snuff and has been greeted with hostility about Recall since the moment of its inception.

People who know me know I’m far from the biggest fan of Microsoft. As a company, Microsoft is rotten to its core and has few redeeming qualities. When I was reading the news and listening to opinions last week, I was very disappointed in new outlets and online influencers at spreading the narrative Recall is a privacy disaster (which to be fair, it probably will be in the future).

From the Microsoft Build keynotes, Microsoft showcasing a rigged Minecraft game and a gamer AI chatbot.

In addition to making a video and hopping on the bandwagon of recent news, I waited and did some reading about Microsoft documentation. Recall does a lot of things that will negatively impact your Windows computer, but let’s also be realistic about what those things are, so we don’t spread any panic, moral or otherwise.

What is Windows Recall?

At Microsoft Build this year, Microsoft announced Recall, a system powered by the artificial intelligence processors in the Qualcomm Snapdragon X computers, dubbed Copilot+ PCs. Recall is powered by a new API system in Windows called Windows Copilot Runtime, which empowers other non-Windows applications to take advantage of the newfound power and features of the Snapdragon X chips.

Inside the Snapdragon chips are what’s called language models, which give the Windows Copilot Runtime to caption dialogue, translate it, or run other types of local, onboard processing. Recall is also not as intelligent of a system as Microsoft’s engineers would have you believe. In order to make use of the on-board AI of a Snapdragon X chip and Windows Copilot Runtime, Recall needs to take screenshots of your screen every 5 seconds.

Ensuing/Ensured Outrage

Over the last month, many people decried the feature, but we encounter the first problem with the presentation with Recall and the Windows Copilot Runtime in general—it’s Microsoft’s inability to communicate. Not just any woman, Joanna Stern from The Wall Street Journal got to interview the CEO of Microsoft and the answer only instilled panic in people because it was poorly worded.

After watching the paywalled interview, The Wall Street Journal should have interviewed a lower level engineer or a different PR rep for Microsoft, because Satya did an awful job at giving Stern a straight answer to any of the questions she asked. The free interview also warps the conversation in 2 cuts and hides some of the information Satya said.

STERN: There could be this reaction from some people that this is pretty creepy. Microsoft is taking screenshots of everything I do.

NADELLA: Yeah, I mean, that’s why that it can only do it on the edge, right? …So this is, you have to put two things together. This is my computer, this is my Recall, and it’s all being done locally, right? …So that’s the promise. So, that’s one of the reasons why Recall works as a magical thing, because I can trust it that it is on my computer.

Joanna Stern & Satya Nadella, Microsoft vs. Apple: Satya Nadella Says AI-Focused Copilot+ PCs Beat Macs | WSJ (the free version) 4:16

How does Windows Recall work?

What’s interesting here in this interview is the distinction between offline language models versus large, cloud-based language models, like Windows Copilot or ChatGPT. While machine vision AI models are not something new, the dedication of neural processing units (NPUs) like what we see in the Snapdragon are going to become commonplace because of Microsoft’s insistence to their hardware makers.

Since Windows Recall is a very simplistic system. But it does prompt the question—does it violate user privacy? First, we need to put what Microsoft tells us about Recall under a microscope. As there is requirements and compliance for businesses, in light of potential privacy concerns, Microsoft documents the process.

Unfortunately, the most useful is scattered across 5 pages: Microsoft Support, the Microsoft Learn page about Copilot, the Microsoft Learn page about Windows Copilot Runtime, and the landing page for Copilot+ PCs. This is all the information for app developers and IT admins, but it’s arranged in multiple places.

About Windows Recall:

Microsoft fails to communicate anything clearly if there’s no place to consolidate this information.

• Recall Overview | Microsoft Learn
• Consumer Information (i.e. the Windows support site)
• Copilot FAQ
• Manage Recall for Windows clients - Windows Client Management | Microsoft Learn
• Microsoft Copilot Runtime Overview | Microsoft Learn

The App/Browser Bottleneck

The first thing to return to is the Windows Copilot Runtime. In order for the search to be the AI enhanced search like Microsoft shows in their demos, app makers need to write their applications with these features in mind. If an application is not supported, Windows Copilot will capture this data and it cannot be automatically filtered out.

As of time of writing, it’s not clear what non-Microsoft applications that don’t support Windows Copilot Runtime. It appears they will be indiscriminately captured and collected because of the section in Microsoft Learn about browser support, so let’s try to read between the lines here.

The mainstream browsers for Windows: Edge, Chrome, Firefox, and Opera all support the Windows Copilot Runtime and already filter out private browsing, DRM-protected content, or user-specified websites. The only time that private browsing will be collected is when the user explicitly presses Win + j to manually take a Recall snapshot or if a browser is not supported.

Opting Out

Since we know how browsers work and what makes Recall’s search to be effective, what can we, as users or businesses, do about Recall? How can we turn it off?

To configure Recall, in the Settings app, navigate to Privacy & security → Recall & snapshots → uncheck Save snapshots.

To configure Recall’s storage of screenshots, in the Settings app, navigate to Privacy & security → Recall & snapshots → Storage → Maximum storage for snapshots limit. There is a table of the storage minimum requirement for Recall on Microsoft Learn.

To delete Recall snapshots, in the Settings app, navigate to Privacy & security → Recall & snapshots → Delete snapshots from a specific timeframe or Delete all snapshots.

The most comprehensive way is to use Windows Pro or higher, where you get access to Group Policy Editor. There is likely an undocumented registry key for Windows Home users.

In Group Policy, navigate to User Configuration > Administrative Templates > Windows Components > WindowsAI > Turn off saving snapshots for Windows

“Justified” Outrage

An important thing I want to touch on is what I call “justified” outrage. It’s fine to be angry about something our oppressive corporate overlords do, but if you’re going to pick something, it better be something with demonstrable, substantial evidence and based in reality and technical feat.

The point being—Windows Recall cannot be tested right now and we should reserve judgement until it can be. There’s a common myth that proprietary software cannot be analyzed, but that’s far from true. It’s harder, but it’s not impossible.

Most importantly, let’s critically analyze why you should reserve your judgement about Recall, but also what can you be angry about now. To be clear and given Microsoft’s track record, there is a high likelihood that Recall will be used by invade your privacy, but this will need to be subject to experimentation.

The NPU Requirement

Recall requires a Snapdragon X processor. Additionally, hardware makers AMD and Intel have promised to release Copilot+ PCs in the future. The key thing here is none of these devices are in the hands of journalists or consumers (as of time of writing). Since nobody has any of these computers handy, you can’t do any of the testing.

The annoyance introduced by Recall is Microsoft’s requirements for it that screws over people who have computers capable of AI operations. I have a Nvidia 4060 in a gaming laptop. I can already run AI that runs speech inference or large language models like Google’s Gemma or Facebook’s Llama 3.

According to Microsoft’s arbitrary system requirements, my computer, fully capable of AI programs, cannot run Recall. I can only guess that it’s because they want to sell me more computers…

• a NPU (Qualcomm Snapdragon X, Intel, AMD)
• a minimum of 256 GB of storage
• 16 GB of RAM
• 8 processor cores

Recall’s “Allocated Storage”

While Recall allows you to turn it off, Recall will perpetually eat up at least 10% of drive. There’s a full table in Microsoft’s documentation about how much storage is taken up by Recall.

• If you have storage higher than 1 TB, 150 GB will eaten up out of the box.
• This is in addition to the 27-28 GB part of the base Windows 11 installation.
• The amount cannot be customized beyond the set amounts Microsoft prescribes.
• All future snapshots will stop when Recall is disabled or if the C:/ has 25 GB or less space.
• Snapshots will only commence if 50 GB is available.
• Since snapshots are stored in the temporary files, all data is deleted upon resetting Windows or installing an alternate operating system.

Peering Deeper In the Crystal Ball

Recall is a PR nightmare. Microsoft is vague about actual information people are looking for and distrust for Microsoft is at an all time high as a result. Privacy will be a concern for some, but Windows itself and Microsoft have greater problems that will eventually ruin the good parts of Recall.

On the Build Day 2 Keynote, Microsoft showed an ad for Lumen. For a brief moment within the ad, a Windows desktop is shown, but Google Chrome is blurred out in the taskbar. Microsoft traditionally has tried to make switching to alternative browsers like Google Chrome more difficult.

• Windows has a nasty habit of resetting your settings to default settings after updates. Such a feature could be enabled again after an update.
• Recall is enabled by default, according to The Verge’s Tom Warren. Microsoft claims it is opt-in. We need to wait and see which one.
• While Windows may process and store your Recall data offline, there’s nothing to stop Microsoft from running not-so-private telemetry on it after the fact. This will need to be subject to experimentation.
• Microsoft has a problem with enshittifying Windows by adding advertisements or promoting their own products. Recall has the potential to be next.
• Storing this data brings up the possibility that law enforcement will start requesting it, hackers will steal it, or people will sabotage it.
• The snapshots are not synced to the cloud. Yet.
• What is the power draw of the NPU accelerated tasks like Recall? It’s probably terrible.

As someone who has a deep distrust of Microsoft, I don’t recommend anybody use Recall. The greater problem is how the “choice” of using Recall or not is handled by Windows. This outrage over the last month is distraction from real questions people should be asking and where Microsoft has been light on answers.

We need to wait until Recall becomes generally available so it can be tested and prove/dispel rumor. The next time you read the news, hold off on sounding the alarm. Think before you act and as always, just buy a Mac or install Linux already.

Referenced:

• Microsoft Build 2024 Monday Keynote: Introducing Copilot+ PCs (Journalists only)
• Microsoft Build 2024 Tuesday Keynote
• (Disinformation Warning) The origin of Roko’s Basilisk
• What is Windows 11 ‘AI Explorer’? Everything you need to know about Microsoft’s upcoming defining AI PC feature - Zac Bowdin It’s important to note this information came out before the announcement and Bowdin says the leakers were insistent the data was stored locally.
• Scott Hanselman’s (VP at Microsoft) TikTok about the local processing of Recall
• Windows 10: CNIL publicly serves formal notice to Microsoft Corporation to comply with the French Data Protection Act within three months (Archive)
• Microsoft Windows 10 Home and Pro investigation by the Autoriteit Persoonsgegevens (Dutch DPA), August 2017
• Windows Weekly 884 and Paul Thurrott’s angry rant about Recall sensationalism at 33:57
• The Neuralink livestream featuring the first patient Noland Arbaugh
• Neuralink’s silent blog post about the setbacks of Arbaugh’s surgery

Bonus Content

Track Listing

• KK - ordinary landscape (いつもの風景)
• Kurippu (くれっぷ) - Skip of the Beginning (始まりのスキップ)
• Moppy Sound (もっぴーさうんど) - Escort
• Sharou (しゃろう) - Weekend Kyoto Reality Escape (週末京都現実逃避)
• yuhei komatsu - Holiday
• Outro: Khaim - Neon Lamp

Google returns with a wild music concert, the spooky implications of new AI programs, and the destruction of the human spirit!

Follow Rogue Ren

• Twitch
• YouTube
• Mastodon (vt.social)
• Bluesky

Takeways

• Google’s wacky guest musician for the preshow: Marc Rebillet
• Google announces an enhanced version of Google Lens and Gemini, capable of visual recognition, doxxing people, and spying through phones and glasses alike.
• Google announces Veo, a AI service designed to generate videos based on prompts. It’s not ready yet
• Google unveils a new system for detecting/watermarking AI generated content called SynthID. Unfortunately, the nefarious will reverse engineer what was added and remove it from generated content.
• Google Search now has a horribly inaccurate AI summarization field.
• PaliGemma, a new open-source machine vision model is announced. It’s not ready yet
• Android 15 exists…
• The Google Phone app gains the ability to intercept scam messages. Good for the unaware, but opens the floodgates to serious privacy ramifications. The service is opt-in.
• Gemma 2 is announced. It’s not ready yet
• Gemini becomes enhanced with Gems, a way to create personalized AIs for specific tasks or limited data sets. Only available for paying Gemini users and it’s not ready yet
• YouTube videos are now polluted with AI questionnaires.

Referenced

• Preshow, feat. Marc Rebillet (edited)
• Original Event (edited)
• Apple in Talks to License Google Gemini for iPhone, iOS 18 Generative AI Tools - Bloomberg
• Google Search Really Has Gotten Worse, Researchers Find | 404 Media (Archive.org)
• Is Google Getting Worse? A Longitudinal Investigation of SEO Spam in Search Engines
• Taylor Swift nude deepfake goes viral on X, despite platform rules
• OpenAI’s Sora landing page
• Marques Brownlee’s Sora hot take, which is identical to what Winward said.
• Meredith Whittaker’s Twitter hot take on Pixel scam detection
• .dev domains, formerly owned by Google
• Squarespace Enters Definitive Agreement to Acquire Google Domains Assets
• Anonymous poop gifting site hacked, customers exposed

Track Listing

• Post event discussion: Khaim - SSS (Remix)
• Outro: Khaim - Neon Lamp

Bonus Content:

Apple continues the trend of short, rushed events, showcasing the post-PC world with iPads, the crippled future of Macs, and quaking in fear of Qualcomm’s newest announcements! Will the refreshed iPads be any better?

Follow Rogue Ren

• Twitch
• YouTube
• Mastodon (vt.social)
• Blue Sky

Takeaways

• New iPad Air with M2 chip (2 generations old at this point).
• iPad Pro is the first to get the M4 chip, signalling Apple’s move to TSMC’s new hardware and an increased focus on the iPad as a device.
• The M4 chip features near identical performance to the M3, due to regulations about US regulation against Chinese manufacturing.
• Logic Pro and Final Cut received major updates in a V2, copying Affinity’s branding.
• New Apple Pencil introduces Barrel Roll, to fold your stroke as you draw it. That is, if you don’t fall for the fact it’s an arbitrary limitation.
• Procreate doubles down on their iPad only approach.
• The event is likely a response to the announcement of Qualcomm’s X series chips, which threatens Apple.
• John Ternus was given lots of screen time and rumored to be Tim Cook’s successor.

Referenced

• Original Event (YouTube)
• Apple Apologizes for iPad Pro Ad, Scraps Plan to Air It on TV - Bloomberg
• Apple Is Lobbying Against Right to Repair Six Months After Supporting Right to Repair (Archive)
• Apple doesn’t actually recycle your stuff
• Former Apple Executive Says Company Blundered by Firing Him After TikTok Video - WSJ (Bloomberg)
• The TikTok that got Tony Blevins fired
• iOS, The Future Of macOS, Freedom, Security And Privacy In An Increasingly Hostile Global Environment by iosecure
• Apple’s silent announcement of the 13-in M3 MacBooks

Track Listing

• Song that plays for “8 seconds later” is Rude Buster from Delta Rune Chapter 1
• Song for the post-event discussion is Khaim - Until the Sunrise
• Outro: Khaim - Neon Lamp

We’re going to learn about some of the more obscure features in Firefox, my personal browser of choice. These are features are exclusive to Firefox and you’re not going to find anything like them in most other browsers. If you download Firefox right now, you can use some cool things to get around the annoying things you might encounter online.

The Right to Right Click

Did you know there are some websites that take away your ability to right-click? Some websites like Discord and Google Drive abuse this and even override your context menu altogether! Okay, for those, it’s not that bad, because some websites just want to give you a cool context menu. However, some websites (for example, Squarespace websites) might abuse this to prevent you from copying text or downloading images. Don’t think about using Shift + F10 either, because websites block that one too.

Firefox provides an easy way to bypass this, where you can always get your ability to right-click using Shift + Right-Click. This will always give you access to your ability to right-click, even if websites try to prevent you from doing so. I learned this by accident years ago and no matter where I search, this appears to be undocumented. The next time a website blocks you from copying text or right-clicking, make them regret it.

Mastering Picture-in-Picture

One of the standout features of Firefox is Picture-in-Picture. Any video, on any website, DRM-protected or not, can be popped out into a floating window where you can watch it in the background. It’s super useful if you are trying to follow a tutorial or multi-task.

The real benefit of Picture-in-Picture isn’t just it’s background playing; Picture-in-Picture allows you to gain more control over a website that might try to take that control from you or have functionality not available in their player.

The most common workaround I found was live streams on news websites. Many news websites use a different third party player system and Picture-in-Picture works in all of them. One example is TikTok. First off, TikTok requires you to use Firefox with minimal configuration, so don’t think you can use the Mullvad Browser or Arkenfox (both Resist Fingerprinting and without) to get out of it. What’s more, using the Picture-in-Picture player unlocks controls when TikTok seems to inconsistently apply to videos like the player bar. Giving you the ability to fast forward, but adds in the feature of moving forward and back 5 seconds, even if the player bar is unlocked.

Another workaround is Twitch. Twitch injects ads into the livestreams of your favorite streamers, including streamers who aren’t even running ad breaks. But you’ll notice at the top right corner, you can still watch the stream and Firefox will still offer you the Picture-in-Picture button. It’s an inconvenience, but it’s back to business as usual.

Advanced about:config: Picture-in-Picture Settings

The most obscure way I took use of this was our HR training. Every year, our HR department starts having us take boring, canned training videos, hosted by one of the big business training solutions. Now what’s most interesting is many of these services will block you from fast-forwarding videos and you are forced to sit there.

Since I normally use Microsoft Edge on my work computer (and the site blocked Chromium’s Picture-in-Picture player), I wanted to see what the site would do with Firefox and I noticed that the Picture-in-Picture button only appeared with longer videos. Activating Picture-in-Picture also presented me with a warning telling me that Picture-in-Picture was “not recommended.”

According to Mozilla’s documentation, the default settings do not show Picture-in-Picture for videos shorter than 45 seconds. The “not recommended” warning was because the training site blocks Picture-in-Picture, but Firefox will not fully block you from doing so. That way, you always have full control over the content you watch.

To lift the 45 second limit, navigate to Firefox’s about:config by typing it in the URL bar. Given you made it this far, click “Accept the Risk and Continue.” Type the following into the search bar and set the following values either manually in about:config or in your Firefox user.js:

user_pref("media.videocontrols.picture-in-picture.video-toggle.always-show", true);
user_pref("media.videocontrols.picture-in-picture.respect-disablePictureInPicture", false);

This allows you to always be presented with the Picture-in-Picture button, despite what the website’s developers demand and regardless of length. Using this hack, I effectively skipped the entire HR training because the player checks if you finished watching the video, but not if you watched all the way through.

Note: This will show the Picture-In-Picture button on everything. You can skip this if this annoys you.

Closing

While the right-click freedom and the Picture-in-Picture player are pretty cool, Firefox is losing market share drastically and estimates hover at less than 3% across desktop and mobile. The reason I may have gotten away with skipping the HR videos is because developers don’t program their websites with Firefox in mind anymore. They just use Google’s Lighthouse and call it a day.

Related: Mozilla’s Platform Tilt page about various measures Microsoft, Google, and Apple do to make it harder from users changing default settings.

When you critically examine Firefox, features like the universal right-click bypass and Picture-In-Picture are why I promote Firefox so hard. These are features are only in Firefox, but it solves some of the slimy problems out there in the wild web. I hope they help make your experience online a little better.

Featured Creators:

• Deep Tom Cruise on TikTok
• Nate from The New Oil on TikTok (also on YouTube, Odysee, PeerTube, and his podcast)
• Rogue Ren on Twitch (also on YouTube)

Track Listing:

• KK - Certain Everyday Life (とある日常)
• gooset - Earth
• yuhei komatsu - Late Night Call (夜更けの呼び出し)
• Khaim - Neon Lamp (Remastered)

Did you hear about that really bad Linux vulnerability? It’s the compression software liblzma or by the better shorthand xz and the code was backdoored. Now when most people hear backdoor, most of the time it’s just bozos on the internet abusing the term; this time, it’s not a drill. Also, remember how I said it was a Linux vulnerability? It’s actually much worse than that. If you are a BSD or use other Unix-like tools on macOS or Windows, this matters for you too. I’ll do a quick recap of the situation, but I’m not interested in telling you the news. Instead, let’s the discuss the impact this has on you, the end user, and what the open source community can learn from this situation and respond effectively.

What Happened?

Everybody compresses their files. It could be a .zip file or it could be done by your operating system or a website you visit so you don’t use as much bandwidth. Even watching videos on YouTube or Peertube are compressed videos. To compress things, programmers rely on compression algorithms, which bulk analyze files and remove information to save on space. If you extract a file, that space becomes filled up again. File compression plays an important role in saving you data and memory.

In the case of xz, a developer at Microsoft, Andres Freund, found that liblzma, the core compression library in many popular programs, was manipulated by the xz maintainer Jia Tan to steal security keys to login to servers. The vulnerability was only found after ssh, the protocol commonly used to login to remote computers, was taking merely milliseconds longer to connect. This attack is not normal for open source and speaks of a sophisticated actor with in-depth knowledge of the inner workings of xz and its potential weaknesses.

There’s more to this story, but I will be returning to pull details as they become relevant.

• Official response from lead maintainer Lasse Collin
• What we know about the xz Utils backdoor that almost infected the world
• An infographic created by Thomas Roccia

Am I Affected?

Now most journalists panicked and ran with this story, but let’s not downplay how bad this is. Unless you maintain a server that is connected to the public internet and even if you do, this is largely irrelevant to you. Most of the open source vendors responded promptly on Friday and stopped the backdoored library from getting very far. If you are a “normal” end user or you just run a home lab, you are probably safe from the xz disaster. If you do have a server, most servers run older libraries than the ultra newest libraries that had the backdoor. Even if your system had the most updated backdoored xz, you’d still need to have a distro that downloaded the releases page of the GitHub. That’s a lot of ifs and if you are a normal user, keep calm and download the latest update from your package manager.

• Alpine Linux: Backdoor found in xz package source
• Arch Linux
• Debian CVE-2024-3094 concerning a backdoor exploit in XZ Utils
• Fedora 40 and Rawhide: CVE-2024-3094: Urgent alert for Fedora Linux 40 and Rawhide users
• Gentoo discussion
• Homebrew for macOS
• Kali Linux: All about the xz-utils backdoor
• openSUSE addresses supply chain attack against xz compression library
• Red Hat: CVE-2024-3094
• systemd changes libsystemd to block liblzma
• Ubuntu 24.04 Delay LTS Xz/liblzma security update

Technological, Social, and Cultural Issues

But even after you download your updates, we still have arguably a complicated and bigger problem remaining—what do we do if something like this happens again? What’s worse, what other vulnerabilities have been using the same tactics as the xz backdoor? What are developers doing to detect them? The unfortunate reality is this will not be the last time this happens. You bet after the attention over the last couple days that everyone has been watching this. There’s no clean solutions, but let’s take look at what’s been done and what’s being done.

The Technological Solution: Reproducible Builds

A technological solution we can turn to is reforming the build process. Extensive testing with the infected library showed that fake white spaces Unicode lookalikes were used to falsify commit history and making various obfuscated files to deliver the final blow. White spaces will require some extra code in testing tools and we’ve also seen programs like Google’s extension store adopt policies against using obfuscated code.

Something that many Linux distros have been striving for is reproducible builds. The backdoor relied on someone downloading the archives from the releases page, not the source code, so when developers like Freund comes along to troubleshoot, contributors can verify the source code matches the final product of libraries or binaries. For years, distros like Debian and NixOS have championed reproducible builds because it builds a great degree of trust between all parts of software delivery.

If you are willing to pitch in, Linux vendors could always use help in making sure their software is reproducible.

• Who is involved? — reproducible-builds.org
• Stretching out for trustworthy reproducible builds - creating bit by bit identical binaries - DebConf 2015

Intelligence agencies…

Mike Perry, “Reproducible Builds Moving Beyond Single Points of Failure for Software Distribution” 5:07

The Social Solution: Combating Project Leeching and Burnout

So we’ve addressed real name policies and things developers can do prevent these kind of vulnerabilities, but we need to talk about cultural reform. Open source has a big problem and it’s a human one. The lead maintainer of xz, Lasse Collin, has been doing so tirelessly for years. Unfortunately, it was only him working on xz for a long time. There were other contributors, but none of them did as much work by Collins, who was very open about his own mental health issues. Except if you see what prompted this response, which was two of the puppet accounts run by the perpetrators and almost like a heist movie, 3 days later, Jia Tan joins as a developer. There’s multiple layers to this, so let’s break this down.

Related: Evan Boeh’s breakdown of the exchanges of the puppet accounts

I think the most important thing here is some basic operational security. It’s tough to be a big target on the internet and being a developer falls into that camp. Everybody will get on your case and blame you for every tiny issue about and stuff that’s not even related to your software. But mention of Colin’s mental health issues was taken advantage of by people who intended to do ill. As a warning, do not tell the internet about your mental health, especially with the risk somebody will try to use it to exploit your overworked state of mind.

Related: Mr. Robot S1, E5

The Cultural Solution: Leadership and Vision

But on mental health, we also need to talk about the state of open source development and the consumerist culture in FOSS. Maintainers are accustomed to people visiting their repos to have people ask about new features or fix a bug or two. Unfortunately, some people are… not very nice to put it mildly. And it’s not just xz, but tons of other projects like the Android app store F-Droid deal with this as well as an attempted SQL backdoor.

In fact, this whole xz backdoor only started because of the sock puppet accounts started with really aggressive language to make Collin feel like he wasn’t doing enough.

The issue here is a communication one and there’s no easy fix, so let me provide two of my internet armchair opinions. Projects need to curb toxic behavior like this. Notice nobody stepped in to quash this kind of behavior against Collin. Open source projects aren’t the only things on the internet with these issues, but it’s high time to start addressing this. I’ll let you be the judge of how. People are the biggest weaknesses of hacking, not just the code.

No matter how big or small, your project should have a clear vision in mind from the get-go. For xz, these “complaints” could be easily quashed by simply declaring the project feature complete. There also needs to be a defined pipeline for users to give back to a project, either financially or through maintenance like fixing bugs or packaging. Getting there requires a vision that leads successful communities that can tackle complex problems: technological, social, or cultural. It needs to be a vision that inspires people to say “I want to be a part of that” and building relationships that make everyone better.

Relevant: Zack Weinberg’s Mastodon post on reform in FOSS

Closing

At risk of going too long, I think it’s better to close out with an ask: there’s three solutions for communities to consider, the matter here is picking the right one. This whole situation isn’t so much about the security as much as it is a wake up call for proper community development and solid technological policy to prevent incidents like the xz backdoor. You can read all the news you want about liblzma, but if we don’t evaluate our own practices, we’ll be doomed to repeat the same mistakes again.

Track Listing

• KK - Ordinary Landscape (いつもの風景)
• gooset - Bittersweet
• gooset - SUNNY
• Fukagawa - Green Harmony
• Song that plays over the Mr. Robot clip is 1.4_3-billharper.mp3
• Lukrembo - Store
• Outro: Khaim - Neon Lamp

Microsoft kicks off their year with their Surface tablets, but this time for business! What better way to celebrate than featuring presenters held hostage and completely redundant information about Windows?

Takeways

• Recap of various AI features in Windows from previous events. No new information on Windows/Microsoft offerings.
• Production quality is at an all time low, including grainy camera quality with the chrome-keyed background looking more realistic than the presenters
• Surface Book Pro 10 and Surface Laptop 6 use Intel Ultra and now has NFC, but that’s about it. Rumors of a potentially better Qualcomm version for consumers swirl.
• Laptops might look good, but they’re for businesses only. Because Microsoft said so, that’s why.

Referenced

• A New Era of Work - Microsoft
• Susan Bradley’s guide to disable Copilot
• Group Policy edit to block Copilot - Microsoft Learn
• Samsung Bans Staff’s AI Use After Spotting ChatGPT Data Leak
• Big Buck Bunny (2008) by the Blender Foundation
• Origin of +1 (505) 842-5662: James McGill’s phone number from Better Call Saul
• Origin of +1 (530) 270-9105: The Onion: Missing Teen’s Friends Go On TV To Plead For Her Release, Gossip About Ugly Classmates
• Microsoft has a new Windows and Surface chief
• Amazon Is Poised to Hire Departing Microsoft Product Chief
• Rebind Windows hotkeys with Keyboard Manager in PowerToys

Today, I’m here to talk about my mother. My mom has also been looking to downsize the amount of technology in her life. My mom daily drives an iPhone and has for a long time, but has no concern for the Apple ecosystem. My dad still handles most of the tax collecting duties and my mom has also completely dropped using a computer altogether and only uses her iPhone. After all, most things are done in a web browser just fine.

But as my parents starting to get up there in the years and their senses are start to get weaker. My mom in particular has wanted a device with a screen larger than her iPhone and initially suggested an iPad. Not wanting her to fall deeper into the Apple ecosystem, I pushed her to get Google’s first generation Pixel Tablet. You have the ability to use a tablet fully free of the Google ecosystem through GrapheneOS and a mobile device with more software longevity than an iPad. Google has had a rough reputation with Android tablet support, but have leapt into action to try to catch up to iPads. So going in, I’m going to be focusing on the Android Tablet experience for a “normal” user–my mom.

I do a lot of paranoid things with my own devices, but the priority is for my mom to what she needs done done; open source and respect for her privacy are secondary priorities. Don’t get too excited about a hardware review because there isn’t a whole lot to say.

As a reminder, I receive nothing from Google except your ad revenue (if you watch the video on YouTube). The tablet was bought at a Best Buy with my parents’ retirement fund.

Hardware

The Pixel Tablet comes in a large box with the “charging speaker dock,” some manuals, and the tablet itself. In terms of hardware, the Pixel Tablet uses and shares similarities to Samsung’s Galaxy Tab. A difference is the Pixel Tablet uses the Exynos chip, which Samsung appears to be returning to with their phones.

If wasn’t clear by the video footage, the Pixel Tablet isn’t very visible in bright lighting conditions. The display is quite capable, but not ideal. It works great in dark environments like during the evening, but leaves a bit to be desired during the day.

On the charging speaker dock, it’s an interesting idea, but the speakers are kind of middling. There is also no charging cable included, so you will need to provide your own. When charging the tablet, the tablet comes with dots which allows you to magnetically attach it to the dock. The magnets are pretty sensitive, so you have to make sure the dots are properly aligned or you risk the tablet falling. She also purchased a synthetic leather Fintie case from Amazon.

In terms of hardware, the Pixel Tablet is pretty unremarkable, but not overtly cheap. The price comes in at $500, frequently discounted 1 year in. In some ways, the Pixel Tablet provides a worse app experience than an iPad, but outperforms an iPad in offering more freedom and features Apple refuses to give users.

GrapheneOS

The very first thing that I did was install GrapheneOS. On this tablet. However, one thing I want to make obvious is my mom is not a technical user–far from it actually. I chose to use GrapheneOS because of the security features, but also the “extended” support cycle. Since moving away from Qualcomm, Google has extended their hardware to 3 years of feature updates (or Pixel Feature Drops) and 5 years of security updates. After June 2028, the Pixel OS will be out of support and ROMs like GrapheneOS and CalyxOS will be the top picks. GrapheneOS is the winner for me because of their frequent updates and the constant innovation of features to making Android better, including assisting Google and the Android community in detecting serious vulnerabilities and bugs.

There are some post installation steps you can do, which I never touched on in my original GrapheneOS video. I want to cover some of GrapheneOS’s extra apps and features.

Following the esoteric guide on GrapheneOS’s website (seriously, this thing is way too technical for normal people) and used my Pixel 7 Pro as the installation device. I jacked in with a USB-C cable and pressed all the buttons the installer told me to.

If you don’t have another Android device, you will need to use one of the supported operating systems, download the Android debugging bridge from Google’s website or from a supported Linux distro’s repos, and the Chromium browser from their list. Then you enter what is basically a cheat code to unlock the bootloader and click 3 buttons.

The installation took about 20 minutes, but at the end, the Google was ripped out and GrapheneOS was in. Afterwards, you follow more post-installation steps.

The GrapheneOS App Store

GrapheneOS comes with an app store for independently updating their secure Camera, PDF Viewer, the default Vanadium browser, and the Auditor.

Separate from the stock apps, GrapheneOS includes downloads for various Google products compatible with GrapheneOS: Android Auto, Markup, and the Play Store. Typically, Google’s apps get much more visibility into your device and could potentially use this to collect more information about you.

GrapheneOS levels the playing field by forcing these apps to be installed and treated as normal apps you might download from another app store. They don’t get the special access, but are still able to do what most people expect them to do.

Google Play Store

Unlike other Android ROMs, GrapheneOS provides a fully functional copy of the Google Play Store. This is the standard of way of getting apps on Android, but also necessary for specific services. For example, when you use apps that receive notifications, most apps call for the Google services because it’s more battery efficient.

• To download the Play Store, you need to download all of the pre-requisite libraries. At the end, you should only get the Play Store available. The Play Store and the Google services are required if you wish to use Android Auto.
• Some apps require Google services in order to function properly. Others will have features missing, like passkey support or specific banking apps. Great resources for seeing app performance are Techlore’s Plexus, which documents various apps with(out) Google services and PrivSec’s list of working banking apps.
• There are some apps like Tuta or Signal, which do not use Google’s services and provide a redundant service instead for privacy reasons.

Usage

Using an Android tablet like the Pixel Tablet is pretty similar to running an Android phone, but there are some differences. My mom also has very different uses than most of the target audience of something like GrapheneOS–she needs to use all of the spyware apps in her life.

User Profiles

A feature Android possesses is user profiles. User profiles allow Android users to have a separate profile where they can store data or install things separate from their main profiles. User profiles are similar to users on computers.

On most Android ROMs, you are limited to 4, but GrapheneOS bumps this limit up to 32 and makes various enhancements to these profiles, including a secure “end session” feature, which shuts down all running apps.

While not typically seen as a business device, using a profile is much more valuable when a tablet is a family device. Suppose my dad wants to use the Pixel Tablet. He can create a user profile for himself to install apps just for him, completely separate from my mom. My mom is also given the “owner” account, which allows her to retain full control of the Pixel Tablet. What if you have a child who want to hop in on the latest mobile game? You can install the game in a separate profile so the game doesn’t get access to all my personal app data.

To Google or Not?

My mom has very specific needs and uses her tablet only for using streaming services and social media apps. This already encompasses a wide variety of apps like YouTube, Netflix, and Amazon Prime.

As a result, I linked her Google account to the Tablet and we got the Play Store up and running. YouTube requires Google services to function, plus my mom was just going to sign in anyway.

I said earlier that GrapheneOS locks these apps down more, but they are still very much functional. This includes spying on you, so with higher threat models, Google Services will still capture your notifications. Google account information is also kept if you choose to login, so it would be prudent to disable your advertising ID.

Disable your advertising ID (GrapheneOS)

hidden=""

In the Settings app, navigate to Apps > Sandboxed Google Play > Google Settings > Ads > Delete advertising ID

Android Tablet Support Exists…

When I set up the Pixel Tablet last year, my mom and I came across our biggest hurdle–incompatible apps. The long and short is despite the budding interest in Android tablets, not every app will work with Android tablets properly, if even at all.

Fixing the Aspect Ratio

Similar to iPads, some apps like Reddit are limited to a phone-like window to preserve the app’s intended aspect ratio. If you are bothered by this, Android 14+ allows you to stretch these apps to match your tablet’s screen ratio. It’s pretty seamless.

Early Woes with Signal

Thankfully, I have convinced a good portion of my family to adopt the secure messaging app Signal. However, when we first got the Pixel Tablet, there was a major issue: Signal would not work on Android tablets at all. Today, Signal works flawlessly on Android tablets, but this was not always the case.

With Signal in particular, there was a workaround I found that worked. I installed Molly using their F-Droid mirror. Molly is a fork of Signal Android client that implements some anti-forensic features not present in Signal. For a long time, Molly was the only way to use Signal’s service on an Android tablet.

Molly is generally a day behind Signal with updates (which is pretty reasonable) and I personally prefer the main Signal app as using Molly requires you trust their developers in addition to Signal’s. Molly is also great if you need to access more than one Signal account on a single Android profile.

While Signal works today, I feel it is too much friction to get my mom to switch away from Molly.

AirPods on Android

As an Apple refugee, my mom has 2nd generation AirPods as her headphones of choice. However, as Apple products, controlling them without an Apple device is difficult. I discovered a project by Frederico Dossena (the creator of LibreSpeed) called OpenPods. It lets you control your AirPods, gives connection notifications, and monitor their battery life of both ears.

OpenPods must be downloaded from F-Droid as they were mysteriously banned from the Play Store.

Viki & Vanadium

In the United States, there’s been a surge in people seeking to stream Korean dramas and my mom is no exception. The most popular app to watch K-dramas is an app called Viki. However, Viki is incompatible with Android tablets and they still refuse to make a compatible app.

The solution was actually fairly simple–using a web browser. Using a web browser is not only possible, but we can also create a home screen shortcut so it can be used similar to an app. However using a web browser opens up the can of worms that is browser choice.

GrapheneOS’s default browser, Vanadium, supports Google’s Widevine DRM. GrapheneOS also takes your connection to Google’s DRM and puts it through a proxy to limit what Google can collect about you.

The one disappointment with Vanadium doesn’t support blocking static or cosmetic ads and I really do not want my mom clicking on malicious ads. Instead, my mom uses Brave. I know there are some who swear by Vanadium, but Vanadium has weaker fingerprinting protection and content blocking. Brave is the only other browser endorsed by GrapheneOS and my second choice anyway.

I’d be open to exploring NextDNS in the future, but have not had adequate time to test whether the free plan would work with my mom or not. If it doesn’t, I would have to pay and have her piggyback off my plan.

Gboard

I installed Gboard, the stock Google keyboard and the keyboard for the Pixel Tablet’s stock ROM. I disabled the internet connection for the app to limit Google’s data collection. As much as I like GrapheneOS, the AOSP keyboard is borderline unusable. Since my mom uses Google services anyway, I figured it would be a better experience.

Misc

• There’s a phone app in GrapheneOS’s Tablet ROM. The Pixel Tablet can’t use eSIMs or a SIM card, so I don’t know why this is here.
• I enabled button navigation opposed to gesture navigation. My mom has a strong preference for buttons.
• I disabled all touch/tap sounds. My mom is so angry whenever my dad types on his phone.
• Adaptive brightness can sometimes be very aggressive.

Should you buy?

After 5 months with the Pixel Tablet, my mom has been very satisfied with its performance and rarely commented on the differences of GrapheneOS. It very much is the stripped down Android experience for the vast majority of people, but they will need help setting it up, whether it’s a custom ROM like GrapheneOS or because of lack of app support.

Setting up a custom Android ROM is not overly difficult, but if you don’t have that knowledge, it can difficult. While GrapheneOS has made lots of great changes to make the installation experience pretty painless, it could stand to hold the less technical user’s hand a little bit. Most people will see the wall of text on that installation page and lose their minds. In my mind, unless you set up GrapheneOS or CalyxOS, the Pixel Tablet isn’t worth your time.

There’s also the issue of identifying problematic apps because Android tablets have been treated like third-class citizens for years. The Android tablet app experience leaves a bit to be desired, complicated more by the “fragmentation” of the Android ecosystem. If you won’t install a custom ROM or you have apps you know will not work, you’d probably be better off with the tried and true iPad.

I think that if you are willing to learn and follow that ultra-technical guide on GrapheneOS’s website, the Pixel Tablet is the best choice for you for a tablet device that respects your privacy, freedom, and ownership of the device. This, combined with user profiles, proper split-screen, and freedom to use alternate app stores are all amazing reasons to consider a Pixel Tablet. It would also be cool to see if Google keeps making tablets and what the next generation has in store.

Summary

🚫 Not recommended, due to poor Android tablet compatibility and Google discontinuing future prospects for this form factor (but will continue device security updates until 2028). Installing GrapheneOS is necessary to last beyond end of life, but not encouraged.

Pros

• Allows installation of a custom OS (GrapheneOS)
• Best choice for Android tablets in terms of updates (5 years of support), legacy support on custom ROMs
• Tablet experience offers things Apple will not: calculator, split screen, user profiles, third party app stores
• Good performance
• Great as media or emulation device

Cons

• Comes with privacy invasive stock OS
• Android tablet experience (while functional for most) leaves a bit to be desired
• Screen does not perform well in bright conditions
• No headphone jack
• Forces you to buy a gimmick speaker dock with a proprietary cable and does not include a USB-C charger

Track Listing

• kinono - Peaceful Days (平穏な日々)
• Sharou (しゃろう) - 10°C
• KK - Oya oya (おやおや)
• Takashi Waraya (稿屋 隆) - Cats (カッツェ)
• Outro: Khaim - Neon Lamp

A while back, I did a review of System76’s Darter Pro 9. Overall, I thought it was a pretty well-built machine with some minor flaws to critique. But what I didn’t mention was in August last year, I purchased System76 Adder Workstation 3. This massive thing is a gaming machine and shines as a mobile desktop PC.

My experience with the Adder is a similar experience to my unboxing of the Darter Pro and yes, they also gave me a Pop!_OS t-shirt in addition to the other merch inside. This is all nice and all, but living with this computer has me conflicted at the end. Overall, I think if you are able to accept that this is basically a portable desktop you can plant somewhere. It now handles all of my daily driving needs and I recommend it, only if you can stomach a few caveats. So let’s dive in.

I was not sponsored by System76 to make this review (will likely be more evident later). I paid for this computer with my own money.

My Configuration

The Adder is billed as a customizable gaming laptop. One of the major selling points to buy a System76 computer is the hardware is fully user upgradable and repairable. I chose pay extra for 32 GB of DDR5 RAM (default 16 GB), a 1 TB M.2 storage (default was 500 GB), and upgraded to a Nvidia RTX 4060 Max-Q (instead of the RTX 4050 Max-Q). It also comes with 13th Gen Intel Raptor Lake-S i9 Mobile with 8 performance cores and 16 efficiency cores. The new Adder Workstation 4 uses 14th Gen Intel CPUs instead, but will continue to use the Nvidia 40 series and other memory.

For ports, the Adder comes with 2 USB-C 3 ports, 1 Ethernet port, a Thunderbolt port, a HDMI port, a Kensington lock, a micro-SD card slot, a headphone jack, a microphone jack, 1 USB-A 3 port, and 1 USB-A 2 port. Overall, the vast majority of people will have enough ports to fit their needs, save for the glaring flaw of a USB 2 port. Thankfully, future models of Adder have also discontinued the trend of the USB 2 ports.

The screen is a 1080p, 144 Hz 15 in (38.1 cm) display and is more than sufficient in bright/outdoor conditions. The keyboard has a RGB back light and the brightness of the screen is sufficient for outdoor use or in sunny places. Like the Darter Pro, the Adder smudges quite a bit with your fingerprints, but doesn’t seem to be nearly as bad despite being the same material. You also get Bluetooth (which I never use), a webcam/microphone, and Wi-Fi 6E.

I think the most compelling thing about the Adder for end users is the computer’s customization. You can add a ton of RAM, it has lots of space for extra storage, and the ability to swap out parts is great. Compared to other gaming computers with the same price point, the fact you have the capability of replacing parts while remaining very price competitive is praiseworthy.

On price, with all of my upgrades to RAM (up to 64 GB, I did 32 instead of the default 16), storage, and the 4060, the full price was around $1863. It’s a steep price compared to its competition, but if you are willing to foot the effort or pay extra, you can get a machine with a better CPU and more storage/RAM. The compromises are a 1080p display, the sub-par webcam/microphone, and the dreaded USB-2 port (again, going away in the next version).

Why (Now, In This Economy, Support System76)?

The biggest question I want to clear up right now is “the why,”

System76 as a Company

On one hand, I want to support a company that makes a Linux laptop. System76 has contributed a lot to developing desktop Linux, has made some impact on the Linux app ecosystem, and will continue to so as they launch the Cosmic desktop environment. They offer a computer that’s fully upgradable and repairable. But on the other, the space is far too competitive and I wonder if I should have even bothered. This whole thing also causes me to question why System76 chose to roll their own firmware, desktop environment, and optimizations.

The thing is in the United States, a lot is riding on System76. The only other major Linux-focused laptop manufacturer in the US, Purism, is too busy shipping laptops with old hardware and refusing to refund people over unfinished Linux phones. International Linux laptop manufacturers who give back to development, like TUXEDO and Star Labs, are out of reach for anybody not in Europe or the UK (both charge hundreds of dollars in import fees, but it’s not their fault. Blame customs.).

Support My Needs!

The reason I chose to buy a computer now is I have very specific needs that only a gaming laptop (or a MacBook Pro, but who’s going to waste money on that?) is going to accomplish.

Mobile Content Creation

The first problem is I’m a content creator. First off, it means every other week of my life is consumed with recording slop videos for all of you on a regular basis. Previously, I never owned a good laptop this good. My workflow was always my desktop first in my home office and conducting personal work outside of the home was always done on my phone. I’m an advocate for desktops purely for control and customization.

However, there’s a problem—content creation. My phone and pathetic netbook ASUS laptop can’t edit videos effectively. This situation was so bad for me last year, I rushed out a video because I knew I was going away on vacation for a week and wouldn’t have time to or access to my desktop. One of the main reasons I bought this machine was because I need to have a portable editing machine and way to give the illusion of normal YouTube activities, even if I travel.

My Aging Desktop

The other reason is my aging desktop from 2016. My desktop is chock full of hardware no longer seeing security or feature updates. It has an Nvidia 1080 TI. a Intel i7 7700 Kaby Lake CPU, a 32 GB of DDR4 RAM. Nvidia won’t abandon the 10 series GPUs at least for another 2 years, but Intel is slowly killing off support for most CPUs made around the same time as my i7. Worse, ASUS has not given my motherboard an update since 2018. Avoid ASUS like the plague.

For these reasons, I chose to get a new laptop and I bring all of this up because of my previous hardware, I knew no matter how System76’s computer turned out, it would be a net improvement over my desktop. It’s a mobile workstation I can take places, has 7 years of improvements, and fully capable of handling my video editing and content creation needs. I will likely consider another computer one day, given Microsoft’s looming threats of an even more aggressive AI release of Windows. When whatever Windows 12 (if it’s even going to be called that) comes out, I will make a decision about upgrading, but in the mean time, chose to settle with the Adder Pro. Right now, my desktop has become my streaming/recording computer.

Merch

The included merch and stickers are identical to the Darter Pro 9 review. The Pop!_OS shirt I got is limited edition.

They also gave me a [Pop!_OS] t-shirt for free for some reason, which is far from one of the worst things I’ve worn in my life… The computer comes provided with a little welcome card, telling you to “unleash your potential” and a quick little message about where to get help online. They also gave a cardboard standout character named Melvin, which okay… but this is a questionable inclusion. Cardboard is easy damaged and I think Melvin here is going to be staying in his little frame. They also give various branded System76/Pop!_OS stickers, which used to be just individual, now they are 2 sheets together.

Using the Adder Workstation

First, I uninstalled Pop!_OS and rebuilt my Fedora setup using my scripts. Once again, I am firm believer in rolling release distributions and Pop!_OS is not. Despite replacing Pop!_OS, I have not seen any hardware failure or anything of the sort. If you are not a fan of Fedora, you can install Arch, NixOS, or whatever you want. If you use Arch, Fedora, or NixOS, each has community maintained packages for System76’s firmware controls and tools.

If you uninstall Pop!_OS or remove the default partition with Pop!_OS’s recovery image, there is a prompt in the BIOS that is hard-coded to this recovery image. However, removing the partition is inconsequential and makes this feature useless.

GNOME & KDE

When I first installed Fedora 39, the first interesting quirk was GNOME would never boot properly and only showed a black screen. As a result, I spent the first 3 months using KDE Plasma 5.27. I installed the proprietary Nvidia drivers and used the Wayland version. KDE was an interesting experience:

• KDE handles display scaling better than GNOME does.
• KDE has fixed their file manager portal from bugging out. Portals also work way better now.
• Screen sharing will occasionally cause apps like Signal to crash. Some updates to Signal would fix it, but others broke it again.
• Using Nvidia with KDE and Wayland will lock your frame rate to whatever your lowest frame rate of your monitors is. I use a 60 Hz monitor from 2009 in addition to the built-in display, so it immediately locked the frame rate at 60 FPS. I have no non-Nvidia devices to replicate this issue.
• Nvidia causes a lot of interference with adding new monitors. Not directly a KDE problem as much as it is a Nvidia problem.

These problems eventually caused me to go back to GNOME, but they were admittedly minor. GNOME did magically start working, so I have no idea what happened to GNOME during Fedora 39 launch—it’s been stable since. GNOME overall handled screen-sharing, high frame rates, Nvidia problems, and the keyboard backlight better. An unusual aspect of the RGB is when using the keys, the lights are limited to a minimum 20%, but in GNOME’s keyboard backlight menu, you are able to control this more tightly.

Peripherals

The keyboard of the Adder has very little flex and feels great to use. Unlike the Darter Pro, the function keys are more traditionally aligned, support most standard laptop BIOS features like volume, brightness, etc, and controlling the RGB lights. There is also a BIOS webcam switch, but the webcam switch only disables the webcam, not the microphone, despite both being the same module. You’re probably going to want to keep it off because it’s 720p and performs horribly.

The laptop has a fine hinge and is able to be opened with one hand. The computer weighs around 5 lbs (2.25 kg), so this thing is fairly heavy, but that’s normal for most gaming PCs in this category. The touchpad is also slightly off center, but I was never bothered by this personally. The speakers lack the range for bass, but they will get the job done.

Fan Noise

The biggest problem with the Adder (and most gaming machines like these) is fan noise. Even mildly hardware accelerated activities like playing a YouTube video will cause the fans to occasionally rev up. If you are performing a more complex task, like gaming, using OBS, or video editing, it can be louder and much more distracting. Because of the close proximity of the built-in microphone, your Discord calls over your competitive video games will likely be drowned out by fan noise unless you use an external microphone.

Heat

If you use the Adder as a standard laptop, the Adder accumulates heat like nobody’s business. This is really problematic if you use the laptop on your lap and you can really feel that heat. It also shows because the cooling vents are on the bottom of the laptop, so be prepared for a blast of warm air on your thighs. It’s not that bad and you won’t feel this way when the laptop is on a desk, but you will feel that perpetual heat.

Battery Life

An important thing I want to discuss is battery life. Linux on laptops has an abysmal reputation with battery life. However, I have never seen anything like the battery drain in the Adder. Without any tweaks to Fedora and using the default systemd power profiles, the battery life is around 4 hours. I figured installing System76’s power management tools would help, but it actually made the battery worse, dropping it to 2 hours. I know graphics cards suck down battery like no one’s business, but this was something else entirely.

But when I started reading reviews for other similar computers, I found that many reviewers were complaining about the same issues with other high-end gaming laptops: ASUS, Razer, Alienware, and Lenovo, all using Windows 11. I can only surmise that this ridiculous battery drain is because of Nvidia, whose drivers are already really problematic on Linux. However. I was able to increase the 4 hour battery life using tlp and disabling the default power profiles. This bumped the battery up to 6-7 hours, which I will definitely take. I will also comment this soured my experience with System76’s power management tools, especially when tlp felt like a better way to optimize and save on battery.

sudo dnf in tlp tlp-rdw -y
sudo systemctl mask power-profiles-daemon.service
sudo systemctl mask systemd-rfkill.service
sudo systemctl mask systemd-rfkill.socket

I also tested disabling the Nvidia GPU using both System76’s tools and envycontrol, both of which did not increase the battery life significantly. I’m more than willing to chalk this one up to user error.

System76’s Firmware Shortcomings

I’ve talked about it before, but I really want to emphasize the benefits of System76 is its firmware. The fact that they support coreboot is commendable. However, System76’s firmware is one of the most problematic things about these computers. In my previous review, I mentioned System76 disables Secure Boot by default, actively discourages their users from using it, and cannot password protect their BIOS.

The first thing I want to discuss is desktop firmware security. Windows is making strides in pushing their user base to adopt TPM as a secure element and verified boot with secured-core PCs. I understand most users are resistant to TPM because of how heavy-handed Microsoft is with this, but the harsh reality is Linux is really bad at protecting the integrity of your boot processes. The good news is Linux developers like Lennart Pottering and openSUSE’s Richard Brown are in agreement and are moving systemd and openSUSE Aeon respectively to adopt TPM by default as well.

Related: Matthew Garrett’s talk to the Linux Security Summit in 2023 about TPM-based security on Linux.

System76 needs to be held accountable because when they assemble your device, they have configure your hardware in specific ways. One of the things that I believe is hurting System76 is the neutering of the Intel Management Engine. I’m going to tread carefully here, because the Management Engine is not documented well, but the Intel Management Engine is important to use core security features Intel and Microsoft are using as the building blocks to make your experience as an end user more secure. Intel Boot Guard requires the Intel Management Engine to run and is part of the criteria Linux hardware security certification.

A long video about the finer details and writing an exploit for the Intel ME by Peter Bosch

The reasoning System76 gives for disabling the Management Engine is it’s proprietary garbage that “provides many extraneous features that are generally not usable or useful to our users.” I have changed my mind on this matter and now condemn System76’s team for this shallow thinking. Secured-core PCs and Intel Boot Guard are both features that are critical to the future of desktop computing. What’s more frustrating is the documentation of TianoCore supports using Intel Boot Guard, which System76 doesn’t need to foot any extra effort in implementing it. In fact, it’s probably more effort to neuter the Management Engine.

I know this might seem minor (it probably is), but some of the most reputable laptop manufacturers like Dell (owner of Alienware) and Lenovo make respectable gaming machines that meet these security certifications and standards; System76 does not. While the Management Engine is proprietary trash that has the potential to get hacked, everything in your computer has the potential to get hacked. We need to encourage our Linux manufacturers to support strong security standards just like their Windows counterparts. We also can’t let paranoia against proprietary microcode like the Management Engine (that’s barely a threat to 99% of the population) sacrifice our security and device future-proofing in the process.

I have retroactively changed the Darter Pro review to reflect this decision. Like I said in that video, I don’t think most people will care, but I do and believe secure defaults are paramount to reviewing a device. There is also a page on System76’s site about reverting to the proprietary firmware, which requires disabling Secure Boot and probably TPM. Then the Intel ME can renabled, but there are still issues with developer controls with Intel microcode.

Performance

On something lighter, let’s talk about performance metrics. The Adder is more than capable of basic tasks for web browsing, development, and watching videos. I’ve also discussed DaVinci Resolve’s performance on discrete GPUs, where you must natively install Resolve rather than using a container. The Adder now handles my video editing, light AI processing, and basic C compilation.

I decided to push this thing for gaming performance. This thing can easily run the vast majority of games, but chose some of the toughest games in my library: Cyberpunk 2077, the Witcher 3: Complete Edition, and Control. In all 3 games, the Adder is able to hold at least 50-100 FPS on maxed settings without ray-tracing. Introducing ray-tracing is where things get more interesting. As a gaming laptop, the Adder hits a CPU bottleneck in most games, but is more than capable of handling any AAA game at max settings, provided you don’t use ray-tracing or other specialty features.

• With Cyberpunk 2077, performance is all over the place with DLSS on quality mode. The frame rate goes between 54 and 70 fps. It’s noticeably worse with indoor areas as there’s a lot more scrutiny with detail. Certain locations like Megabuilding H10 (the starting apartment) are well optimized, others are not. Ray-tracing and DLSS are usable, but path tracing and DLSS frame generation are not.
• In the Witcher 3: Complete Edition, I ran the DirectX 11 version with ray-tracing and a similar result. Using the DirectX 12 version, both with and without ray-tracing will crash upon opening the “world map” in the menu. However, the DirectX 11 version will get a solid 120 fps on maxed settings.
• In Control, ray-tracing can easily cut down to about 70 FPS (down from 110), but was noticeably less taxing on the GPU than in CDPR’s games.

Final Thoughts

After spending 8 months daily driving the Adder, I have very mixed feelings. This computer has a few problems, but these problems may be beyond the control of System76. What makes it more complicated is this computer serves a different purpose to other laptops. The amount of customization is commendable and make it far more compelling for people with more niche use cases. However, I ask before you buy this:

• Do you want a computer that you are able to add tons of RAM and storage to? Do you value the right to repair? If so, System76 blows their competition out of the water.
• Do you like System76 as a company? Do you want to support the Cosmic desktop environment or their assistance with developing desktop Linux? If so, you can fund them by buying their laptops.
• Do you value privacy/security? If so, do not buy from System76 as most Windows OEMs have a more secure experience (albeit sometimes a worse Linux experience). Privacy is mostly the same, even if you don’t have open firmware.
• Are you a content creator who does a lot of video editing? Are you someone who likes to game, but frequently travels? Are you getting in on the AI hype train? These are the people who will make the best use of this machine. However, you might be better off buying another device.

My final verdict on System76 after the last year is if you value a repairable and insanely upgradable computer, they will have you covered in spades. If you have no interest in the nitty gritty of repair and upgrades, perhaps you are giving a recommendation to someone who isn’t a techie, steer clear of System76. “Normal” people who use System76’s machines miss out of serious security benefits and spend extra money on the ability to upgrade, which most will unfortunately not exercise.

I like this computer minus its battery life and security problems. I am the target audience as a content creator, but the laptop space is competitive. You are likely able to get a similar device from a competing laptop maker for less, sacrificing upgrade paths. In fact, you could probably go to your local Micro Center or whatever and purchase something like a Legion Pro or Alienware for a similar experience. It’s doubly hard for System76 to compete with the big players who don’t need to consider the Linux angle.

At this time, I only recommend buying this machine if you are an enthusiast or someone who wants to support the software work of System76. Unless you make use of those upgrade options, you’re probably better off spending your money elsewhere.

Summary

🚫 Not recommended, unless you intend to support System76 and Pop!_OS.

Pros

• Good performance (content creation, gaming, general use)
• User serviceable and repairable
• 144 Hz display (1080p, but works great on GNOME/KDE Wayland)
• Allows higher RAM and storage than most competitors when purchasing
• Coreboot and TianoCore firmware

Cons

• 30 day refund includes the days it took for your computer to ship to you
• Collects fingerprints, but not as noticeable as the Darter Pro 9
• Battery life is terrible (around 4 hours, but usually less, doubled if you set up tlp)
• Bad webcam/microphone
• 1 USB-2 port (The Adder Workstation 4 will replace it with a USB-A 3 port)
• Really loud
• Can get hot to use with extended use and lots of things running
• Hardware security is much weaker than popular laptop manufacturers (insecure BIOS, no Intel Boot Guard because of neutered ME, and fails various HSM levels)

Other

• Charger is heavy
• Lots of merchandise in addition to computer (t-shirt is limited edition)
• I didn’t test Windows. It’s very likely I will use my other M.2 slot for this or to test distros.
• There are only 2 RAM slots. If you wish to upgrade the RAM, you will need to purchase 32 GB sticks to upgrade.
• Parts claim warranty is void if removed, but System76 does not care.
• F4 key is blank and 1 key apart from the other volume keys.

References:

• Screen specs footage is from Boku no Kokoro no Yabai Yatsu (The Dangers in My Heart) Episode 2
• Some scenes from Tenet (2020)
• Video in the light testing is SHINee’s LUCKY STAR
• Various videos from System76’s YouTube channel

Track Listing

• KK - Sunday afternoon (日曜の午後)
• h - Saturday morning
• gooset - SOLDIER
• h - rain & rainbow
• h - wet day
• yuhei komatsu - Another Face
• Outro: Khaim - Neon Lamp

Windows is notorious for having the worst update system in the world. It’s unstable, breaks all the time, and it’s slow as hell. You made it through the awful install/setup process and dodged creating a Microsoft account. If you want to use Windows effectively, you need to know what it takes to survive Windows Update. Let’s dive into the Windows Update schedule, how to download your updates, and how you can avoid any problems along the way.

Patch Tuesday

Windows Update is how you update your computer and firmware. For something simple for most Linux and Mac users, Microsoft makes their update process incredibly confusing and painful for their users. It’s already a meme that Windows Update forcefully turns off people’s computers to install updates.

Windows Update is notorious for being slow and causing lots of problems: ranging from broken partitions, fundamentally flawed protocols, and worst of all, dereferenced files that looked like data loss in addition to these great anti-features.

Microsoft has a schedule of releasing the security update, split into a 4-5 letter cycle for each week of the month (A, B, C, D, and sometimes E). This naming scheme how Microsoft organizes their updates and we can use this lettered cycle to plan around a game plan to deal with Patch Tuesday.

Microsoft describes their process in their Microsoft Learn documentation and on the Tech Community blog.

One of the core tenets of maintaining Windows is Patch Tuesday, although Microsoft would prefer you refer to this as “Update Tuesday,” but that isn’t a marketing term–it’s a derogatory term given to it by the IT community. The 2nd Tuesday of every month (Week B) is a nightmare day for IT admins, as Microsoft, Adobe, and Intel all orchestrate their updates on this day, hence Patch Tuesday. In years past, Microsoft would deliver updates erratically and through “service packs,” which often led to extreme distrust and breakage or people not downloading their updates at all.

Of course, Microsoft isn’t transparent about this at all, plus they might watch my video and change their mind because it’s too predictable right now! The communication for this is scattered across blogs, X (formerly Twitter), forums, and documentation and there’s no good way to get a real answer about this.

After First Install

Before we formulate a game plan with how Windows Update works, let’s start with a fresh Windows 11 install. You’ll want to go into Windows Update and just download as many updates as you possibly can. Often times, when you first purchase your computer, the computer haven’t turned it on and is likely running an older version of Windows. If you recently reinstalled Windows, there’s a number of updates since that version of Windows was released.

As an obligatory warning, when you do this, Microsoft will instantly make you a guinea pig to test their updates and enroll you in beta-testing updates for the rest of Windows. In fact, Week D, the 4th Tuesday of the month is when Microsoft delivers feature updates to Microsoft’s other products like Office 365 and .NET.

To configure non-Windows Microsoft product updates, in the Settings app, navigate to Windows Update → Advanced Options → Receive updates for other Microsoft Products

While that happens, go to the Microsoft Store and update all of the Store apps. All of the stock applications in Windows are installed through the Microsoft Store and the easiest way to update them is to visit the Microsoft Store and verify that all of them are fully updated. Windows’s stock apps are updated independently of Windows Update, so it’s important you come back and check for updates often. This really tedious and takes at least an hour, but it’s worth it to get the security updates you need and making sure all of your Store apps are up to date.

To update your apps from the Microsoft Store or Winget, in the Microsoft Store, navigate to Library → Get Updates

When you’re done with both your Windows Updates and Microsoft Store updates, hit restart and pray your computer turns on again.

Update Frequency

Despite its problems, Windows Update does impact the reliability and bottom line of Microsoft and the Windows team has made some minor, but respectable improvements to the process by making the updates smaller in size and preventing common forms of installation corruption.

Microsoft self-reports issues and describes Windows feature updates on the Windows Release Health page.

This is the tough decision: Windows is the only way for you to download security updates, sometimes for actively exploited attacks in the wild, but is constantly plagued with buggy, broken updates, beta-tested breakages, and Microsoft anti-features. What’s the most optimal way to update Windows while keeping up effectively with Patch Tuesday and keeping our devices updated?

The Vicious Cycle

Automatic updates are crucial to keeping your device updated. Utilize the fact that the Windows team rolls out updates in stages and you’re not going to be immediately hit with an update at once. We also can’t sit idly by and let Microsoft wreak havoc on our devices. Therefore, let’s take appropriate measures to handle Windows Updates and the schedule I use when I deal with Patch Tuesday, starting from Patch Tuesday itself.

Week A

Hunker down and block Windows Update. It’s always prudent to block Windows Update and if an update is really bad, Microsoft will block it from getting to your computer. Delaying updating is a more reasonable approach to disabling Windows Updates altogether. Be prepared to back up any data to offline or cloud-based storage. If an update goes wrong, you can always restore from a backup.

To delay Windows Update, in the Settings app, navigate to Windows Update → Pause Updates

Week B

Microsoft issues the newest Windows Update. Be on the lookout for news websites that talk about Microsoft and report immediate problems related to Patch Tuesday. I typically view Brian Krebs and Susan Bradley’s comments from Ask Woody. While both Krebs and Bradley reiterate information directly from Microsoft, they save you the work of wading through the mess that is Microsoft’s Update Catalog. They both offer different perspectives too.

• Krebs focuses on the security-related issues and often links the original work submitted to Microsoft. If you see any vulnerabilities, especially for popular programs that you use, his monthly warning is your nudge to update.
• Bradley takes the slow and steady approach and is very vocal about the instability of Windows. If she’s still squawking, that’s your cue to wait on Windows Updates. She usually separates recommendations for both home and business users. In my personal opinion, she’s a little too cautious, but generally she helps strike a healthy balance for home users.
• Microsoft will often block problematic updates from being installed and will not let you get them, even if you smash that update button. However, if their engineers (or AI) decide that the update is “safe,” they will forcefully install it unless you have delayed Windows Update. You will get a prompt in the system tray or the Start menu.

No matter where you get your update information from, it’s important to use your own judgment. Krebs, Bradley, nor I can answer if updating is right. Microsoft will help a little bit if they block an update, but more often than not will force it upon you. It’s important to develop an awareness and the discernment to accept a Windows Update or delay it longer.

Week C

If you see people complaining online about how Windows Update broke something, there’s a big button to delay Windows Update for a week and sit Week B out. If you get through Week C with no complaining, it’s probably safe to accept that Update button.

Week D (and E)

Microsoft releases non-security updates for their other software, like Microsoft Office or .NET. Pick these up while can, unless you’re a crank like me. Otherwise, use this time to catch up on updates if you’re behind on Patch Tuesday.

Week A (Again)

Patch Tuesday is next week and another month has come and gone. Even if people are still complaining, download your updates now for security reasons, else you might be forced to update during the next Patch Tuesday, then you have 2 Patch Tuesdays worth of trouble.

The Cycle Goes On

Remember, by the next Patch Tuesday, you have downloaded all security/cumulative updates, then the vicious cycle will repeat, you’ll be doing this forever. Or you could just ditch Windows altogether…

The Annual Windows Update

Every year, Microsoft issues a new version of Windows and has obligations to their commercial customers to alert them of changes. Thankfully, this has gone down from twice a year, but it’s not exactly an improvement with how long these updates take and useless features introduced. What’s more, these version numbers are largely invisible to end users, especially when disparate versions of Windows 11 all look the same.

To find your Windows release, non-Windows Microsoft product updates, in the Settings app, navigate to System → About → Windows specifications → Version

Microsoft provides information about Windows 11’s support cycle in their Learn documentation. Upgrading works seamlessly between versions as long as your version of Windows is currently supported and between major Windows releases (e.g. 10, 11, etc).

If you rarely use Windows or you haven’t updated in a while, you could get into a situation where you are using an unsupported version of Windows. In this scenario, Windows Update will not give you security updates and we need to upgrade to the most recent stable build of Windows. For example, if you are running 21H2, consulting Microsoft’s documentation shows 21H2 lost support in October 2023.

If you get stuck on an unsupported version of Windows, you can attempt to upgrade using the Windows Installation Assistant. This will get you hooked up with the latest version of Windows 11 (provided you meet the hardware requirements). Using the Windows Installation will allow you to keep all of your data and install the latest version of Windows on your device.

Alternatively, you can download a Windows ISO and burn it to a USB stick using Rufus or creating a new Windows Installation Media. Once you boot into the Windows USB, you can upgrade in-place and preserve your data.

Uninstalling an Update

Let’s say you install the latest Windows update, but it’s a little sluggish. People are complaining online that their system got slower, but you installed the bad update! You can uninstall the offending update from Windows.

To uninstall a Windows update, identify the current name of the update. Microsoft uses the Knowledge Base (KB) to document individual changes to Windows. After your brain turns to mush scrolling down their massive list, look for the KB number that might be the offending update.

Let’s return to our fictional scenario. I’ve read a news article and found out that the offending update is KB1234567.

In the Settings app, navigate to System → Windows Update → Update history → Uninstall updates

The legacy Control Panel will open and list all of the updates you can uninstall. From here, select the offending update, right-click, and Uninstall. Windows will prompt you to reboot afterwards similar to normal Windows Updates. Afterwards, delay updates so the offending update is not installed.

If you still encounter problems, well that’s Windows for you. Good luck next month!

Track Listing

• yuhei komatsu - Cry Baby
• gooset - SUNNY
• h - Saturday morning
• yuhei komatsu - Pop out
• yuhei komatsu - Twilight Sunset (黄昏Sunset)
• Outro: Khaim - Neon Lamp

The video and blog post contains references to: homophobia, transphobia, politics, and religion. It also contains links to articles, messages, and videos containing offensive language, especially to those who are Christian or in the LGBTQ+ community.

“Tranofin is gonna expose you soon?”

Switched to Linux, “Budgie Going Wayland Only?” 40:57

Let me introduce you to Tom Murosky, a Linux content creator with multiple channels, the most popular being Switched to Linux. He’s been on YouTube for years, uncontested in his misinformation about open source, hate of queer individuals, and misrepresenting Christians—until today.

Murosky only cares about injecting his political views into all of his content and has attempted (unsuccessfully) various ways to take down my content, including through Proton, YouTube flagging, and attempting to leverage his influence to rally creators by his side. His community is blatantly transphobic, homophobic, and adheres to extremist right-wing content and Christian nationalism. There is no negotiating with this man.

Shout out to Niccolò Venerandi, who helped give much of this video direction and organization and to TechHut for describing his experience.

A special thanks to my Christian friends who have helped a great deal in the theological aspects, the resources, as well as physical Bibles and commentaries. Check out Preston Sprinkle’s Theology in the Raw for information about how churches respond to queer communities. He has the Murosky Stamp of Approval™ after all!

Who is Tom Murosky?

I’m going to be taking a deep dive into a content creator you might have seen floating around–and a Linux one at that. You probably heard about him, his name is Thomas Murosky, better known as his channels across the internet:

• Switched to Linux
• Our Walk In Christ
• Tux Traveler
• Writing Done Right
• Home Cooking Hacks
• Western Mountain Web Design

Okay, that’s lot of channels…

I’ve spent a long time diving into Murosky because I was very curious. Now, I wish I didn’t. I can confidently say that Switched to Linux is one of the worst content creators I have ever watched for a long time and I won’t sit by anymore and let him destroy people’s impressions of the Linux community.

Make no mistake. Murosky is a threat to how the Linux community is perceived. He spreads misinformation and paranoia about technologies people use on a regular basis and clearly lacks basic journalistic and reading skills. He tries to shepherd people into his political agenda at every turn and has no respect for minorities, especially if you are in the queer community.

Now these are serious accusations, but don’t worry, he documents all of this publicly across his YouTube, Odysee, and Rumble channels. Given he is a content creator and people will accuse me of attempting to start drama, I will not be monetizing this video. Instead, all proceeds of this video will be donated (more below).

I released an early draft of this video because I believe the initial response is when someone shows their true colors. As expected, Murosky is currently unrepentant, but his community’s response to me has been revealing about the kind of people Murosky attracts.

Even though I announced it in the document, it’s telling how much effort Murosky and his cronies took to read the document.

Guess they aren’t making enough ad revenue doing tech videos now they have to lower themselves to being tabloid trash.

CCJ1998, Switched to Linux, “Budgie Going Wayland Only (Live)” 46:30

Guess I better take my kids out to dinner with my YouTube blood money!

Since someone accused me of benefiting from this, I will instead point out that because I have subscribers who watch his channel. In fact, the same shills tattled about my content to Father Murosky’s Matrix, which contains some of the most vile things I have seen in a long time on a public chat. Because of Murosky’s cronies and his reach, I will be hurt in terms of engagement given how loyal they are to him. Everything I say is for the betterment of the community–I have nothing to gain from this.

I’m going to be focusing primarily on Murosky’s primary channel, Switched to Linux. At first, it gives a great sense of authority and great SEO, type in “how to switch to Linux” and you’ll find his channel. You would be fooled watching his channel trailer that he’s there to help people practically learn how to use Linux. It’s not that he doesn’t do that, because to give him credit, he will occasionally cut out the nonsense and get right to the point.

Ignorance is a Bubble

In terms of structure, Tom releases a video every day, alternating across his channels, but Switched to Linux will get most of the uploads. Since he provides a fresh supply of daily uploads every day, I will mostly be focusing on content he has made in the last year, that way he’s not misrepresented and you get an accurate showcase of what his videos are like.

But the daily upload schedule may contribute to the one of the worst things about his videos: inaccuracies and the need for him to produce constant content.

Losing the Primaries

The first thing I want to make clear about Tom’s videos is if you watch enough of them, you can tell from the sources that he pulls from are secondary sources. This isn’t always the case, but he pulls from many, let’s say less than reputable, news websites. You know, the run of the mill website that hires broke college dropouts to vomit out content.

For example, in this clip of him reading the news, he references a Tech Radar article, which just parrots information from a report by Trellix. In the same livestream, he uses 9to5Linux, AlternativeTo, OMG Ubuntu as primary sources even though they rip off copy content from other Linux contributor blogs and the like.

Some might call this is a nitpick, but with research, it’s important to locate the original content or media. Unlike most other forms of journalism, tech journalism is widely available and you can often cross compare the original content against the people who just summarize it. It shows you went the extra mile to read an “unbiased” take without any middle men.

In the case of the Tech Radar article, Tech Radar links the original Trellix report. Now Murosky could have easily showed this, but he didn’t, probably because he isn’t reading the article enough. It shows a blatant degree of unprofessionalism in research. He doesn’t take the effort to show the primary source, even if it’s linked directly in the article. You get the sense as he read the article before turning the camera on, yet couldn’t be bothered to locate the primary source.

Terrible Tech Takes

This lack of primary sources leads to another symptom in his presentation and content: outright misinformation and misrepresenting the current state of tech.

Wayland Woes

For example, Murosky believes Wayland is not ready, which is a (bad) opinion he’s entitled to have, but the evidence he uses is the legendary outdated “Wayland breaks everything” GitHub gist.

In this article, he [probonopd] writes “Think twice before abandoning Xorg. Wayland breaks everything!” And this is true, because as I mentioned, there’s one particular major industry that does have a lot of problems and that is video content creation.

Switched to Linux, “Wayland Woes” 9:58

I wouldn’t defend Wayland as perfect right now, but even he highlights are things you can do on Wayland. I’m a content creator, I’m using Wayland just fine! I’m not the only one: Brodie Robertson and Nick from the Linux Experiment both use Wayland. Murosky has no excuse when some content creators way bigger than me use Wayland. If you’re going to pick sources, make sure you pick valid, up to date, resources to back up your claims.

You see, I am recording this on SimpleScreenRecorder, which does not work on a Wayland at all.

Switched to Linux, “Wayland Woes” 10:16

With SimpleScreenRecorder, you could try out a different program that offers the same feature set. What about Kooha? That works great on Wayland! Then why complain if screen-sharing on Wayland doesn’t work? Just find an alternative if the original application will never be updated.

…but [on Tails] there was no competent screen recorder. Wayland. That’s why—Wayland. OBS project: Wayland is unsupported this time back in 2020, broken.

Switched to Linux, “Wayland Woes” 17:11

Now we must be living on different planets, because I have tried OBS on GNOME, KDE, and Sway with Wayland in 2023 and 2024. I can record video just fine. Are you using a hack package from a distro? Maybe you should consider using the Flatpak Tom! It’s the official package!

As icing on this crap cake is he cites a Quora post as the smoking gun evidence that Wayland isn’t ready. He didn’t link it in the description, but I found it. Why do I, the viewer, need to cite his sources and fact check misinformation that comes out of Murosky’s mouth?

ONLYOFFICE Isn’t “““Ready”””

Before someone accuses me of being a Wayland shill, don’t think I’m cherry picking videos. It’s not just lack of citations or factual claims, it’s completely misunderstanding what projects intend to do. A while ago, he made a video about ONLYOFFICE and complained that ONLYOFFICE doesn’t support his precious OpenDocument files.

I’m not evaluating the spreadsheets, I’m not evaluating the presentation features, there’s a lot of things it’s doing right, but as far as interpreting the OpenDocument format, we can’t separate, separate page margins, we can’t separate page styles and templates that I know of. We can’t even open a .ODT document properly formatted, which by the way we can’t open in a variety of other office suites and preserve the custom settings, we can’t seem to do that here, it doesn’t interpret the ODT file format well.

Switched to Linux, “Is OnlyOffice Ready for Prime Time” 15:29

The way Murosky presents this sounds grim and makes ONLYOFFICE look bad, that is, until you consider ONLYOFFICE never guarantees compatibility with OpenDocument files like his book’s .odt. It was designed to retain compatibility with Microsoft’s format first because of its use on the cloud. When you use Google Docs or LibreOffice, the compatibility of Microsoft’s documents isn’t totally 100%. It’s a program with totally different goals opposed to something like Collabora or LibreOffice.

That may have changed, I’ve not used Microsoft Office in a long, long time at this point.

Switched to Linux, “Is OnlyOffice Ready for Prime Time” 15:24

But Murosky is so out of touch that he released this video with poor research and never apologizes for mischaracterizing it. In fact, you’ll notice he converted his .odt file into a .docx as if that would help prove his point. We all know OpenDocument files are messed up, even when you save them in Microsoft’s format. It’s almost like he has no idea what he’s talking about!

He Gave A Normie Friend Arch (EndeavourOS)

In a video earlier this year, he set up a media server for someone who wasn’t particularly technically savvy. But guess what: he set them up with EndeavourOS.

I had a friend that we converted one of their computers to Linux and they use it for a media server and such and for a while, they were doing the GUI updates through EndeavourOS, which weren’t actually doing anything, but they didn’t know it wasn’t doing anything… Endeavour needed to do a manual override on one of the updates and your average person doesn’t know how to do that.

Switched to Linux, “Is 2024 the YEAR of the Linux Desktop?” 7:24

Anyone who has even a cursory understanding of Arch Linux knows you do not give people who don’t know what they are doing an Arch Linux machine of any kind. Not Endeavour, not Arco, ArchLabs, and especially not Garuda and Manjaro. Yeah, Tom totally understands the plight of normal people, guys. Better learn that Arch Linux Wiki or you’re going to be at his mercy! What’s worse is media servers work great on Ubuntu. Maybe that would have been a better place to start…

Ignorance and If I Could…

This leads into the first sin of Tom. If he isn’t taking time to learn any of the programs he uses properly, how can he be trusted when he says he did any research into something?

• He misses basic facts about software he reviews.
• He doesn’t take the time to learn minor things about how things like documentation and software versioning works.
• He doesn’t report any issues and assumes developers will watch his crappy videos.
• If he’s wrong, he won’t edit, reupload, or delete videos. He won’t correct himself in the comments either.

If he isn’t going to play the open source game, it’s no wonder nobody listens to him. The worst part is all of this that disgusts me the most is this is mindset comes from living in a bubble and out of ignorance.

I’m not a computer hobbyist that wants to see what I can get working in my spare time. I actually don’t have much spare time. I’m a person that wants to use open source software, open source operating systems to get my real work done. That’s kind of what my limits are.

Switched to Linux, “Open Chat - Remember Your Backups, Check Your Accounts…” 14:25

This mentality angers me because I am a normal person with a normal job, yet I have the time to learn all these complex open source things. There are a ton of other channels of people doing the same thing and they don’t have to resort to outright raging and complaining when something doesn’t go their way.

What’s more, he has time to livestream, edit, and perform “research,” and you’re telling me you don’t have time? If you commit the time to learning enough, do it right. Don’t make videos complaining about software if you didn’t take the time to learn about it and provide a fair evaluation.

The Weekly “““News””” Roundup

So right now it looks as though YouTube is trying to take my channel out simply because I, maybe I am conservative or whatever reason, even though I generally keep politics to a minimum, I think we’re done with that. I think we’re done keeping politics to a minimum. I think I’m going to jump up there. I’m going to say how it is. If you’re a stupid, libtarded, moronic fool who thinks that slaughtering infants in the womb is an appropriate thing, I’m going to tell you you’re stupid and you’re a murderer from this whole society of insanity. This is insane. So if they want to try and take me down for, because of conservative thought, when I am really trying not to be conservative at all.

Switched to Linux, “Into the Gulag Again” 8:36

Normally, I’d end the video there. Some technical mistakes here and there, not many people watch his videos, what’s the big deal? Let’s get to the highlighted product of the Murosky mentality: the Weekly News Roundup.

Every Friday, Murosky sits down to read his secondary source news articles in a talk show format. Now that we’ve established the articles he picks are mostly weak sauce, he will complain about news totally divorced from Linux or even news not related to technology at all. He has prioritized his news show above everything else. It used to be so bad that he used to dedicate 3 videos of his daily uploads to solely “news” content. Don’t worry guys, it’s now a livestream over an hour every week!

Now you come to a channel “Switched to Linux” and he just gave you a bait and switch! Forget learning about the values, importance, or current events about Linux or open-source software. After you’ve fallen for the good SEO of his channel, what happens next is he starts dumping all of his awful views on politics and the news. In fact, even during all of his live streams, his Patreon streams, and prerecorded videos, he will slip up and devolve into complaining about politics. Murosky’s channel was always pushing politics since the early years. He used to spill his unrelated philosophy hot takes to people too in outdoor walks, way before the Luke Smith did.

“Stop making things political!” He says, making everything political.

The 2020 Pandemic did a lot of things, but what it did was make Murosky’s behavior worse. It became very obvious that Tom is an anti-vaxxer and since the pandemic has been very vocal against wearing masks and receiving the COVID-19 vaccine.

• One of the GIMP betas included artwork of Wilbur wearing a mask and Murosky goes ballistic
• One of Murosky’s COVID misinformation videos still up on YouTube.
• GitHub is “woke” plus more misinformation about masking. Also he tries to get the ad revenue mark by reading comments.

Irregardless of how you feel about the subject matter, I think it should be pretty clear that Murosky has no respect for his audience when it comes to separation of concern. It’s clear he understands that people who expect a certain type of content go to a specific channel for it (why else does he have 6 YouTube channels?!). But this is something else entirely and often when he reads these stories, his behavior becomes overwhelmed by his emotions and more erratic.

The CDC Strikes Back

I am not a medical professional. If you require life saving treatment or vaccinations, please consult your doctor, not me, nor Murosky.

One of his most prolific incidents was when YouTube gave Murosky a strike. Now to be fair, he has gotten strikes for other videos like say a certain home media software (Kodi) or ways Linux Mint lets people watch TV (Hypnotix), those were totally dumb and YouTube was making stupid YouTube decisions. What I’m about to cover is what I believe one of the biggest blunders of his channel.

In this famous video now banned from YouTube, he reviews a chart of deaths reported to the CDC’s Vaccine Adverse Effect Reporting System (VAERS). He got a strike because pointed out that the rise in deaths of VAERS in 2021-2022 meant you shouldn’t get vaccinated.

And of course to defend his terrible beliefs after taking his Linux-using viewers for a ride, he claims he’s a former biochem teacher.

I am more qualified to talk about the science than I am about the Linux by the way. If you guys jumped on who don’t know this channel, I have a doctorate in Integrated Biological Sciences.

Switched to Linux, “Vaccine Passports are Coming to the USA” 9:44

I tried looking into his history to find out why he left Bucknell University and University of Wyoming, which got me curious because he’s very slippery about it on his boomer websites if you try looking into it:

• Western Mountain Web Design’s about page is inaccurate and still claims Murosky is at Penn State.
• The only website that mentions he went to Bucknell and University of Wyoming is Our Walk in Christ’s website.
• Switched to Linux and Think Life Media lack “about” pages.
• Tom Murosky on Rate My Professors
• An anti-social justice Bible protest signed by Murosky from his time at Penn State.
• A doctorate thesis by Murosky from Penn State

I bring this up because as someone who was never a biochem teacher for a college, I can say with confidence Tom’s reaction proves his ignorance and why he only sees what he wants to believe.

The very page on the CDC website, which Murosky claims YouTube gave him a strike over despite it being a CDC website shows he doesn’t know how to read a chart. If you just skim the page, you see the rise in deaths in 2021, which Tom links to the COVID-19 vaccines. Unless you read the small print that is, which is included in the video showing the deaths in the chart were not necessarily caused by the vaccine, it’s just what’s reported.

There’s a classic saying in science “correlation does not imply causation” and coming to the conclusion Murosky did is just that. You can have all the fancy biology or chemistry degrees in the world, I don’t care if he has them or not. Murosky has the worst data comprehension skills and is blinded by his political bias. I didn’t need a biochem degree to read small print under a graph Tom! What a great model for how people perceive Linux users!

Then he segues into a sponsor. Totally sponsor friendly content! Just get vaccinated, this shouldn’t even be up for debate or part of discussion with a Linux channel. Don’t involve yourself into explicit political content when your main content is expected to be anything but.

About the VAERS Index

• VAERS | Vaccine Safety | CDC
• VAERS - Guide to Interpreting VAERS Data | CDC
• Posts continue to misrepresent VAERS COVID-19 vaccine data | AP News

The Hate Machine

Let’s dive into the most problematic part of Tom’s channels—the continued demonization and disrespect of queer communities or individuals. While he has not been open about this is on YouTube, he is much more vocal about this on his other platforms: Odysee, Rumble and Bitchute and his Matrix.

Believe it or not, some of that hatred has slipped through the cracks to YouTube. The first was the split of elementary OS (that also may or may not be reaction content to a similar Bryan Lunduke article). One thing Murosky constantly brings up is the fact that Danielle Foré, the current owner, is a trans woman who “reached her final form as a gay trans atheist commie.” It’s rich when he has to spend the rest of the video to lay out reasons why he doesn’t care. If you don’t care, you wouldn’t have bothered to tell anybody.

At first, it’s puzzling why Murosky continues to bring this up, for example, he does again at the beginning of another video about elementary. Then it becomes clear why Murosky mentions this all the time: he’s only interested in the politics. Nowhere in this post is Danielle’s status as a trans woman brought up anywhere in the posts, yet continues to bring up her original coming out Tweet. He totally doesn’t care that Danielle is trans guys, he just has to spend the entire rest of the video justifying it with outright hypocrisy, complaining about the Atlantic, and reading the Tweet’s replies to get to ad revenue mark.

So regardless of the person’s political ideology or who they like to go to bed with, it doesn’t really matter. It doesn’t and it shouldn’t matter to you either.

Switched to Linux, “Elementary OS Is In Trouble” 9:24

The ensuing Matrix chat also baited Murosky to deadname Foré. Checkmate.

Official response from Danielle

It becomes more clear when we get into the worst video I have ever seen from a Linux content creator. Murosky made a video about people complaining about openSUSE’s subreddit, where if you hover over the home screen during Pride Month 2023, it changed the SUSE gecko to the colors mirroring a rainbow flag.

Normal people would see this and move on with their lives, but not Murosky. Uncharacteristically, he uploads a secret video to Odysee, Bitchute, and Rumble telling his audience to boycott openSUSE. I say a “secret video,” because this video was never cross-posted anywhere else or mentioned on any social network. Not on X (Formerly Twitter), Mastodon, not even his Gab, a social network for literal hate groups.

Did you know it’s impossible to find things on new Twitter, Murosky enlisted his followers to dig up the Tweet just to prove me wrong. That’s it, my career is ruined guys!

The video entails Murosky playing read aloud with a Bryan Lunduke post, which Lunduke himself is reading from a page on the SUSE mailing list. There are a chain of people furious that someone dared to color a gecko in rainbow colors and the openSUSE devs are playing damage control. One of the SUSE board members, Atilla Pinter, suggests that the people complaining could make some cute Christmas or Kwanza-themed gecko artwork. If they don’t want to contribute and are just there to complain, the developers tell them that they will be “cut off like the rotten flesh they are.” The dissenters start getting angry before the SUSE developers, rightly, tell these hateful whack-jobs using burner accounts to take a hike since they are only interested in stirring up trouble rather than contributing.

Of course, Murosky loses his mind:

If you are using openSUSE, you should delete it now and go tell them you’re you are a hateful, abusive, excluding, intolerant community and I am going to leave you… [openSUSE is] pushing politics—that’s not inclusive. That’s exclusive because you’re telling me that if somebody does not like those particular politics they are excluded.

Switched to Linux, “OpenSUSE Hates Half the World” 16:01

And he repeatedly says he doesn’t care, but I don’t buy that. If he didn’t care, he wouldn’t be making a video of this at all. The fact is Murosky intentionally omitted this video from his YouTube and his alt social media platforms is telling. He knew how moderation boards would respond to the kind of content in this video. He knows that this behavior is perceived as exclusive and hateful. Because it is.

This behavior should not be tolerated by anybody is any community. Free and open source software is all about users and communities having the freedom to do what they want with their software. But along come people like Murosky and his community. They’re crass, insensitive people who tell them their existence and way of life is invalid. They complain that free and open source software is getting too “political” by all the “woke SJWs.”

I got some news that shouldn’t surprise anyone—free software was always political. Something will always be political to someone. Any time someone says “keep politics out” is a code word for “I don’t like what you believe and you don’t deserve the ability to express your identity.” The irony with these statements is somebody whining about someone’s “politics” is completely contradictory to the goal of free and open source software. It’s someone’s right to operate their project however they want and complaining like this is like suggesting their freedoms should be taken away. If you discriminate against someone for something that deserves to be protected, like their race, orientation, religion, status, or age, you will only get discrimination in return. There’s this thing you might have heard about a child, it’s called respect, so give it out to everyone.

The Matrix

Part of the reason I released my script early was I knew Murosky would respond with his emotions and nitpicks rather than address any of my core arguments. What I didn’t anticipate is a large number of people who spoke out in that post are Murosky supporters, whose names can be cross referenced with the Matrix and in his videos’ comments. Since YouTube doesn’t have a good way to follow/monitor community posts, lots of his supporters jumped on my throat either in that post and on his Matrix’s general discussion.

Since the original release of the video, Murosky has locked the Matrix to registered Matrix users only and his supporters have rushed to delete comments. Links remain for archival purposes.

• They intentionally tried to demean me by misspelling my name. One of Murosky’s patrons and moderators, Yvon (or TehAnKorage on YouTube), referred to me as “Tryptophan” for example.
• Even more disheartening, I learned that one of my first Mastodon followers Unkle Bonehead called me “Tooltarfin”. He also lowkey tried to suggest I was Windows user and pedophile for being a Vtuber. I only use Linux buddy and I think I know what kind of anime you watch. 😉
• They made fun of me for having cisgender pronouns. I thought to be accepted in these hate groups you need “normal” pronouns. Plus no one really sees me and they don’t get people asking questions all the time.
• But if you list your pronouns, all of sudden, you’re part of the alt-left. Move over Anita Sarkesian! Trafotin’s here to complain about appealing to the Murosky fantasy!
• Dan Kelly, who has made various appearances on Murosky’s Patron streams and the Big Daddy Linux show back in the day, comments “This guy sounds like a kid, does not appear to show his face, and makes videos that are more suited for TikTok.” For your information Dan, TikTok was way after my time and my YouTube Shorts are quite barren at the moment.
• His mod Solbu referred to the queer community with the derogatory term “the alphabet mafia.” I’m sorry, what about Google? That’s the real Alphabet mafia there!
• What’s a great way to get gay Christians convert in 2024? Tell them they are going to hell! I can see more souls getting to heaven already! /s
• They insulted one of my commenters and referred to them as a t****** commie.

Unrelated footage of Solbu in a DistroTube Supporter Stream

Most telling of all, very few of these messages address the core arguments of my post. In fact, on Sunday, Feb 4th, 2024, Murosky published a photo containing the notes for the video. In those notes, he still fails to address a single criticism I had of him. I “forced a response,” but I’ll return to that later.

For the Bible Tells Me So

Among complaints in the Matrix, one of the complaints they had was my critique of the Bible. If you’d like the play that game Tom and gang, I’d be more than happy to. Some might question why I would even bother discussing the Christian reaction to theology at all.

I don’t believe it’s enough to call someone a bigot and move on. You may dismiss me as a member of left propaganda machine, but I don’t dismiss people’s views. I believe there’s a ton of nuance and whether you agree with it or not, I will be objective about this as possible. Murosky won’t, so I will. It goes both ways, we need to learn from each other.

As a whole, our society is much more nicer to minorities than it has ever been, but there’s still a long way to go. Queer people have liberties other people have taken away from them because of their beliefs. However, an important part about inclusiveness in discourse is making sure the majority isn’t uncomfortable in the wrong ways, because their voices matter too. Minority voices are important, but it’s also critical to protect majority groups from hatred too.

A point that I will defend Lunduke and Murosky on (shocking I know) is their criticism of a comment from Pinter. I don’t want to send hate his way, but this is lesson all developers in what not to say:

However, last I checked for example Christianity wasn’t facing much oppression in the world, and didn’t require much (if any) support.

Atilla Pinter, May 23, 2023

This comment is a pain point with both Murosky and Lunduke for good reason.

• There is a growing feeling among those in organized religion, especially in Christianity, being religious is becoming a minority.
• Not everyone lives in a Western or South American country. Christians outside of the West may face persecution. In Muslim majority countries, Christians are more likely face discrimination and physical threats.
• Countries that oppose religious freedoms like Egypt, Myanmar, and China impose restrictions on their Christians or make it difficult for them to practice their faith.
• Making comments like this about any belief, not just Christians, is bad. “Last I checked, LGBT+ people weren’t facing oppression” sounds plain wrong. Blanket statements will get us nowhere.

The Christian non-profit Open Doors documents the most dangerous countries to be a Christian today.

Incendiary comments like these will just make conflict between these people and maintainers worse. Murosky intentionally disrespects queer people because of his alleged “Christian” responsibilities and that’s what I believe is the root of the concern and problems. After pouring over theology books, getting a basic understanding of what was covered the Bible passages, I’ve come to the conclusion Murosky’s views of Christianity doesn’t reflect the Bible and are actively harmful to Christian representation.

The reason I’m going to the trouble is Murosky has 6 other YouTube channels, one of which is his “Christian” channel, Our Walk in Christ. In fact, just like his Linux channel, he chooses titles to instill negativity and almost feels like fear-mongering. He spends more time ranting about current events than he does actually reading the Bible or facilitating Christian discourse on camera.

The pastor might glean some information, and upon finding he’s a homosexual, a good pastor’s not going to say, “Get out of here, you f**!” He’s not going to do that. That would be wrong!

Our Walk in Christ, “Blessing to Same Sex Couples？ ｜ Daily Walk 343” 5:20

How do real Christians respond to LGBT+ people/issues then?

I get so tired of people throwing around the word “biblical” or the phrase “The Bible says…” when what they really mean is “I believe this and I believe that, and I’m going to rubber stamp my assumptions with the word biblical to show that my beliefs are correct. And if you disagree, you’re a heretic.”

I was sitting next to a Christian on an airplane and the topic of homosexuality came up. “The Bible is very clear,” he said. “Homosexuality is a sin.”

“Which passages?” I inquired.

“Huh?”

“Which passages are very clear?” I repeated.

“Well…you know…the Bible is clear!!”

I didn’t know why he kept raising his voice, as if a louder “it’s CLEAR!” would somehow cause verses to pop out of his mouth. After I kept pressing, he admitted that he couldn’t name one. He knew his view was correct; indeed, it was biblical—“the Bible is veryclear”—yet he didn’t know where, or why, or how, or how often the Bible mentions, let alone prohibits, same-sex relations.

I never want to be that guy on the plane. I never want my assumptions to be codified with an empty and lazy use of the word “biblical.”

But even if we do know what the Bible says and where it says it, we still need to do the hard work of interpreting the Bible in its own ancient context and applying it to a culture 2,000 years removed from that context.

The debate is not about what the Bible says. The debate is about what it means.

Every gay person I know has read Leviticus 18, Romans 1, and the other homosexuality passages. They’ve been beaten over the head with these texts so many times that they could never forget their words. This is why it’s belittling and naïve when people simply quote these passages as if no one’s ever heard them before. w

We’ve got to go beyond mere quotation and move to interpretation.

Preston Sprinkle “5 Bad Reasons for Believing that Homosexuality Is a Sin”

Now before I continue, please understand I’m grossly oversimplifying a lot of this and there’s a ton of nuance to the discussion, both from queer Christians and heterosexual/non-affirming Christians (Christians who do not endorse queer practices). I decided to ask some of my Christian friends for resources about how Christians respond to the queer community (because if I don’t narrow it, we will be here forever). Most of what I say is from the book Living in a Gray World, A Christian Teen’s Guide to Understanding Homosexuality by Preston Sprinkle, but I think he provides an interesting perspective.

As a note, I was not sponsored, contacted by Sprinkle, nor paid money for this book. Instead, I’ll state I borrowed it from a “library” and Sprinkle’s book contains passages from the book of Genesis.

So, yeah, far before that guy’s ever heard of Preston Sprinkle, I’ve known who Preston Sprinkle is.

Switched to Linux, TTOR “The TTOR Show S4E6: SwitchedToLinux Discusses Trafotin Live!” 1:52:01

The first thing that will become apparent about Sprinkle is he does not believe the beliefs of the LGBT+ community are compatible with Christian belief. In fact, Sprinkle goes as far to say maybe the gap between Christians and the queer community has grown wider because of the hate (intentional or otherwise) from people who have pushed them away from the Church. The dominant view is homosexual attraction is not a sin, but acting on those feelings (porn, marriage, dating, etc) is. The primary reason is according to Sprinkle, is the inability to procreate and alternate relationships are unable to recouncile 2 different sexes. However, queer Christians offer a unique perspective on sexuality that straight relationships don’t have, even when some choose to marry someone of the opposite sex or remain single. Sprinkle has a weekly podcast where he interviews lots of queer Christians and how pastors handle inclusivity. Listening to their discussions is a really great way to hear someone else’s story.

On trans representation in the Church, the practice of transitioning is generally dissuaded, but many churches have adopted different approaches to including transgender people who have already transitioned into their congregations. Some examples is offering family style bathrooms, referring to people by their preferred pronouns and names, or permitting someone who’s trans to serve in a church community. In many ways, the sense I get out of it is the “what’s done is done, we only care about you now” kind of deal. A true Christian would never force someone to detransition, they meet everyone where they are.

You cease being attacted to the same sex… There are many evidences of conversion therapy being effective.

Switched to Linux, TTOR “The TTOR Show S4E6: SwitchedToLinux Discusses Trafotin Live!” 1:50:31

Most people will likely hear Sprinkle’s rejection of homosexual relations and compare it to Murosky’s hateful tirades, but Sprinkle and Murosky couldn’t be more different. This aspect is important because the love the Bible demands out of Christians to everyone, irregardless of walk of life. For people who are Christian, just because people respect someone, it doesn’t mean they approve of their practices.

The way I would explain it is this: I don’t use Windows, but that doesn’t excuse me if I go around belittling Windows users or telling them that they’re losers for allowing Microsoft to slurp up all their data (some people don’t have a choice). The same is true for members and allies of the queer community. I try my best to refer to be people by their preferred pronouns and accepting them, no matter where they are because it’s treating them kindly and it’s the right thing to do. And this mentality is true of Christians; they may not approve of the practice(s), but they will try their best to show the same kind of love and respect. Showing someone love and respect isn’t about approving of their practices, it’s showing someone you’re listening.

What about the Bible?

I can summarize some books and run my mouth, that wouldn’t be enough. Instead, I want to actually read the Bible. What does the Bible say about queer identities? What does it say about how Christians are called to love others?

The answer is not very interesting—there’s nothing. The Bible never addresses modern issues with gender identity or sexual orientation at all. People will point to popular verses in Leviticus, Sodom and Gomorrah, or Romans, but none of these are truly applicable.

There’s also many more factors and unknowns that prevent anybody from knowing and anyone who claims to know (Murosky in this case) is wrong or is trying to deceive people. Scientists believe it is genetic (less likely, but a real possibility), the nature/nurture aspect of growing up, but undeniably deeply important to someone’s sense of self, even within gender norms. Telling someone that they are “confused” or they need conversion therapy is rejecting the sociological aspect of gender identity.

• Genesis discusses God creating male and female and many people will use this to justify outcasting queer people. However, from a Christian perspective, the Fall (when man and woman first sinned) means that there’s many more factors and questions that need to be asked. By the result of the original sin, gender dysphoria is a result. Genesis never seeks to addresses the question of identity or orientation.
• Leviticus is not applicable because there are over 600 different laws within Jewish Law, some of which Jewish people do not practice to this day. Things like “clothes of only one type of fabric” or “offering burnt sacrifices” of doves or sheep is not widely practiced. Laws like these were never about what they were telling people to do, but rather consider why they do them.
• Sodom and Gomorrah’s sin was never specified as homosexuality or anything beyond “wickedness.” People make this argument because as Lot and his family are leaving Sodom, some of the city’s men approach them and threaten to rape him and his daughters. In this case, rape is the sin as these men were far more likely to be “straight” given the culture. Rape was/is means someone who seeks to cause harm dominates someone, no matter their gender or sexuality.
• Another commonly cited verse is Romans 1, where the Apostle Paul references the sin of men and women of “shameful lusts” with each other. Once again, this passage does not address queer relationships in the contemporary stance. What Paul is referring to is common sexual practices becoming a form of idolatry, which is also applicable to heterosexual relationships.

The most popular Bible, at least in terms of print and sales in the English-speaking world, is the New International Version (NIV). There are many types of Bibles and to my understanding, translation is largely the same. Unfortunately, Murosky also has a narrow viewpoint within his little bubble and believes the only Bible you can read is the ones he chooses of course! What’s his reason?

the use of gender accurate language. [Murosky turns into the Munch painting]

Our Walk In Christ, “The Legacy Standard Bible (John MacArthur)” 7:33

Here we go again…

And I got a really harsh news for you guys. Jesus was a white man. Maybe that’s why [liberals hate] white men, you know? Because He was a Jew. And Jewish people, while they have slightly darker complexion, they are by no means as dark as an African person, as dark as a typical Native American. They are not even as dark necessarily as a typical, you know, Mexican.

Our Walk In Christ, “Christians in the World | Daily Walk 345” 1:12

Since Murosky lacks basic research and reading comprehension skills, we’re going to ignore him and dive into the Bible ourselves with the NIV.

28 One of the teachers of the law came and heard them debating. Noticing that Jesus had given them a good answer, he asked him, “Of all the commandments, which is the most important?”

29 “The most important one,” answered Jesus, “is this: ‘Hear, O Israel: The Lord our God, the Lord is one. 30 Love the Lord your God with all your heart and with all your soul and with all your mind and with all your strength.’ 31 The second is this: ‘Love your neighbor as yourself.’ There is no commandment greater than these.”

Mark 12:28-31 (NIV)

Love here doesn’t refer to sexual/romantic love, but unconditional, beneficent love required of Christians. This also a quote from Jewish Law.

There’s not much difference in the Legacy Standard Bible (LSB) Murosky endorses either.

28 And when one of the scribes came and heard them arguing, he recognized that He had answered them well and asked Him, “What commandment is the foremost of all?” 29 Jesus answered, “The foremost is, ‘Hear, O Israel! The Lord our God is one Lord; 30 and you shall love the Lord your God with all your heart, and with all your soul, and with all your mind, and with all your strength.’ 31 The second is this, ‘You shall love your neighbor as yourself.’ There is no other commandment greater than these.”

Mark 12:28-31 (LSB)

I don’t think you need to be an expert in English to understand this. That’s right, the most important command in the Bible is to love God and love your neighbor as yourself (there’s a nuance in the original Hebrew that allows Jesus to lump these together). And when He says the greatest, that includes laws like rejecting homosexuality. That’s right.

If you read the Bible, Jesus says you have to respect and love people first and telling someone their very way of being is offensive and invalid doesn’t seem like a way to spread love to me. You don’t have to agree with what everyone says, I certainly don’t. Be kind. But you could say I didn’t read the Bible because I’m just a small time tech creator. A friend of mine pointed me to this passage, another example of the kind of love Jesus is looking for:

12 My command is this: Love each other as I have loved you. 13 Greater love has no one than this: to lay down one’s life for one’s friends.

John 15:12-13 (NIV)

Jesus says here loving someone isn’t your beliefs. It isn’t your sexuality or gender identity. It’s making sacrifices to be the best friend you possibly can. That means respecting anyone, regardless of their beliefs. That means we respect people by referring to them by their preferred pronouns. That means inviting people into a community that includes them. That means I shouldn’t even have to resort to going down this rabbit hole so it doesn’t look like I’m attacking him for his religious beliefs.

Can I get an amen in the comments?

Resources to Learn More About Christianity:

• Read the Bible for free online, but get bombarded by book ads
• AndBible, an Android Bible reader, available on the Play Store and F-Droid. Limited to copyright-free translations (NASB, NKJV, etc)
• Living in a Gray World, A Christian Teen’s Guide to Understanding Homosexuality by Preston Sprinkle
• Preston Sprinkle on YouTube
• Guiding Families of LGBT+ Loved Ones by Bill Henson
• Be Diligent and Be Alive by Warren Wiersbe
• The NIV, KJV, MSG, and LSB Bibles

The Villain Backstory

Murosky doesn’t accurately present technology very well. He lacks basic reading comprehension and research skills. He’s a bigot who doesn’t understand the Bible. But it’s all far worse than that: he’s been through a rough childhood. It might sound like I’m making this up, but there’s actual evidence: Murosky’s self-published books.

Now given everything I said about Murosky, I don’t recommend purchasing his books and I didn’t buy them either. But remember that ONLYOFFICE video? The document Murosky covers is his book Half My Life: How Jesus Conquered My Soul and if slow down the video, you too get a free book preview of the first 70 or so pages, courtesy of Murosky himself.

The basic gist is this (the timeline might be messed up):

• Tom grew up with his brother, his mom, and his biological dad in the Lake Erie area.
• Murosky’s biological father was abusive and abused his mother.
• Murosky’s mother eventually decided to run away with him and his brother and they stay with a family friend and complete their move to Meadville, Pennsylvania.
• His mother meets a man named Michael who pays for their move to Nevada, and the Murosky family decides to leave again, and they move away to Reno, Nevada.
• Murosky repeatedly describes his childhood and sixth grade years as lonely with many of his childhood friends moving away or being “teased incessantly to no end.”
• Murosky converted to his perverted version of Christianity around age 20.
• Murosky would have entered grad school at Penn State later, given he submitted at least 1 of his doctorate papers in 2007.
• Murosky signs the anti-social justice pledge.
• Murosky starts at Bucknell University during this time and leaves in 2009 to start at University of Wyoming.
• In 2010, Murosky starts Think Life Media and Western Mountain Web Design as a means of self-employment.
• Around this time, Murosky starts publishing his sci-fi and Christian books under Our Walk In Christ LLC and Amazon’s Kindle Direct Publishing.
• Murosky moves to Pennsylvania again some time between then and starts Switched to Linux in early 2016.
• Murosky fully moves to a van and leaves Pennsylvania in 2021.

One of the reasons I think Murosky moved to a van is he’s a lonely guy who’s had to bounce from place to place. It’s a life he’s used to, but it’s also an incredibly sad existence. There’s nothing wrong with living in a van; it’s a common past time for retired folk across America and can genuinely bring freedom and happiness. Becoming a legal nomad and RV life is also one of the few ways to achieve maximum privacy in the United States. But becoming a nomad has only increased Murosky’s insensitivity as he interacts with less people. Seeing how unstable Murosky is the moment something political happens, it can’t be healthy. There’s nothing wrong with a nomadic lifestyle, but Murosky’s van life has only made him more insular to the sensitivities of others.

If anything, I think his channel has really good search engine optimization, but he hasn’t evolved past the hurt in life. He doesn’t take the time to learn new things. He can’t even get facts about his own religion right. Anybody with this kind of trauma in their life and the inability to feel settled down deserves some sympathy. That being said, it’s clear from early videos in Switched to Linux that Murosky will not change. His channel format is mostly the same it was 7 years ago, heck, the intro of his videos is exactly the same! His channel has so much potential, but it’s held back because of Murosky’s brokenness as a human being.

Just because Murosky had a traumatic childhood doesn’t excuse the amount of misinformation and disrespect he lets circulate through the internet. He knows his behavior is hateful and it’s time to learn what the real world is like Tom and we’re going to pull you back in. You’re not being suppressed because of views, people are genuinely and naturally put off by your unhealthy behavior.

Murosky’s Online Career Needs to End

I’ve covered a lot of topics today, but what can we do about it? The easiest thing you can do is stop watching his videos and unsubscribe if you are. Report the hate content in his videos that slips through the cracks on YouTube. Start spreading the word and let everyone know that this man is ruining the Linux community, and he needs to be stopped. Look up “how to switch to linux” on YouTube, he’s the first result. We need to turn this around.

The Credits Are Fake

I own that there are names in my list that are not accurate as I have not updated my credits in a while… I just want to pass along that three more vids have the old credits then I am removing all the credits going forward after that.

Switched to Linux

I mentioned in the first draft of this post that other content creators are involved. I actually watch videos all the way through, including Patreon title crawls. I always want to see how I can improve my own content. However, with Murosky, it’s different. I was watching the title crawl to see exactly who supports his channel and I can explain some of it.

Many of the people I mentioned in the first draft of the document revealed a possibility I never considered. Murosky has failed to update his supporter credits at all. Perhaps the worst thing of all was TechHut, yes that TechHut, was giving to Murosky at one point, but stopped. Murosky has been featured on TechHut’s videos before and TechHut has signal boosted his videos in the past.

But what are the consequences? Since Murosky never updated his credits, TechHut’s name appeared on Tom’s awful videos and TechHut is not currently paying him! Once again, Murosky has been caught with his pants down in the poor production quality of his videos. But this is worse than that. Murosky’s failure to update the credits means anyone whose name appeared on the credits who wasn’t paying him is now effectively grounds for libel for “supporting” Murosky’s hate content!

The Aftermath

Let’s talk about how Tom handled the paper draft. He rallied his community to “conduct research” on me, attempting to email Brodie Robertson and TechHut is nice touch. It’s almost like he’s trying to leverage those internet points have to take down an opinion—an opinion that shatters the ivory tower of self-righteousness he built.

One of the points Murosky is sure to bring up is that I’m just a bully. I made a “hitpiece” on DistroTube after all, a point he tries to justify to his Matrix people! When you consider how his community responds to criticism and his behavior of this situation, that sounds more like something a bully would do. A bully who can’t take any advice, hates the queer community, and knows his only weapon is arousing emotion, especially to the politically motivated.

You don’t scare me Tom. You can’t blame me for all of your problems.

• Come back when you actually learn how to conduct research.
• Get some professional help, take a break from YouTube, and go fix your life.
• Get a community of people who will hold you accountable for the crap you pull, not one that hates, blindly obeys, and you can whale for money.
• Apologize to the queer community for making them feel unsafe, spreading hate, and dismissing their voices.
• Apologize to Christians for misrepresenting them with your Christian nationalist agenda and turning people away from their faith.

But you don’t seem willing to apologize. I’ve read the Matrix group. I’ve listened to your angry bursts of rage. You’ve revealed your true colors and so has your community. You’re just that lonely kid who never grew up, the butt of jokes, and a bully filled with hurt. If you don’t change, that’s who you’ll be forever.

When you’re ready to apologize Tom, I will be the first to welcome you back. I’ll be watching and waiting, whether it’s tomorrow or 5 years from now. I expect everyone else to do the same as long as we can get the stage we all get along together. I’m angry, but I’m also saddened and disappointed that this has been allowed to fester for so long.

New Death Threats & His Mastodon

In this video at 9:52, Murosky falsely asserts that Danielle is the only one working on elementary OS, when all he had to do was go to the GitHub and see all the volunteers. He also falsely claims that there were disagreements between Danielle and Cassidy James Blaede, who left because of his responsibilities with Endless.

Following this video, his followers sent death threats to the elementary team. While I have not seen the names or proof, the timing of the threats and Murosky’s video cannot be a coincidence.

No matter what Murosky will tell you, celebrate the fact he not only got his Mastodon banned, according to moderators, he failed to make a backup of his followers and data. He accused the Fosstodon staff of banning him over a livestream, but this document tells you the real reasons he got banned. Hilariously, he claimed on a livestream that he would think about moving to Disroot’s Pleroma instance, a socialist collective. What amazing research when he doubled down to defend Lunduke for harassing others in the same livestream.

Donations:

Out of respect for the queer community and Christians in my audience, I will try to keep the donation neutral as possible. As a result, all monetization and funds will be sent to the Electronic Frontier Foundation. They’re a group of lawyers in the United States who continuously fight corporate/governmental overreach of technology and for your digital rights. They are a cause I believe in and I don’t hesitate to say no matter your station in life, you should support their work, it’s the least we can do.

Donate to the EFF

If you donate personally, you can also earn members cards, stickers, and merch. I will continue to update all of you on my donations this month.

Cut Content: Christian Nationalism

I originally planned a section on Christian nationalism and how it links to Murosky’s politics and religion. I left my notes and some resources below if anyone is interested.

• Christian nationalism and his consumerist view of Christianity. It’s clear he only reads the Bible and tries to force it to fit his political beliefs.
• Murosky’s views are very much oppose minorities, such as non-white ethnicities, the queer community, refugees, etc
• Murosky’s beliefs form a persecution complex
• The lack of correction/redaction may point to toxic masculinity
• Loyalty to conservative politics/figures (Ben Shapiro, Tucker Carlson, etc) despite anti-Biblical practices. Other iterations might be the same for liberal Christians who contradict general Orthodox beleifs about the Bible truths (e.g. abortion), but this has yet to be researched.
• Christian nationalism is about as Biblical and Christian as Christian science
• Taking Back America For God by Andrew Whitehead and Samuel Perry
• The Rise and Fall of Mars Hill, a podcast about how Christian nationalism and toxic masculinity destroyed a megachurch in Seattle.

Samsung fully surrenders to Google’s iron grip on Android, announcing AI features to steal your data, allowing Google to run a long ad, a silent return to the Exynos chipset, cringe content creator cameos, and a ring they don’t know what to do with.

Bonus Content

Takeaways

• Samsung can in real time translate your voice to 1/17 different languages, but it’s unclear how well this works outside a simulated demo. It also requires a Samsung account and an internet connection.
• Samsung can now translate your RCS/SMS messages, but it requires an internet connection, a Samsung account/phone, and your privacy violated.
• The Samsung Notes app now allows you to use AI to pretend you have better handwriting and organize your bad notes into bullet points. Just give Samsung your data in exchange.
• Samsung now provides 7 years of updates, because they ditched Qualcomm and returned to developing the Exynos chip with Google.
• Samsung now implements Google’s proprietary Quick Share, now fully integrated in the Windows Photos app. RIP Apple and Linux users.
• Google Assistant now gains the ability to circle objects and search them using the power of AI, Google Lens, and data harvesting.
• Samsung Photos now uses AI tools similar to Google Photos, except there’s a watermark in the bottom left corner so you know it was tampered with by an AI. Until you crop it out and strip out the added metadata that is…
• Samsung copies Apple, implementing (probably fake) titanium into their phones.
• Samsung unveils plans for a smart ring, but has nothing to show for it despite the hype.

Samsung Event

Note: This is a “replay,” which is Samsung-speak for “We edited out the glaring livestream mistakes in YouTube Studio, which is only available to creators with 2M+ subscribers. I watch only the unedited recording with no subtitles.

Referenced

• Edward Bernays’ Crystallizing Public Opinion
• Shadi from Yu-Gi-Oh! First Series, Episode 5
• OpenAI warns copyright crackdown could doom ChatGPT, James Titcomb and James Warrington, the Telegraph
• Samsung’s Knox is fundamentally broken - Tel Aviv University
• Samsung bricks your cameras if you unlock the bootloader
• IDOLiSH7 LIVE in 2019, song is Negai wa Shine On The Sea (願いはShine On The Sea), performed by TRIGGER
• Taylor Swift Using Facial Recognition Technology at Concerts, Steve Knopper | Rolling Stones Magazine
• ARXIV: Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions
• WikiMedia Commons’ high quality scans of various works of art from Musée du Louvre (French)
• The song that plays for the video view count and Pokimane is Toy Boy by Cyndi Seui
• File:Interframe motion interpolation.webm - Wikipedia
• Samsung’s god awful privacy policy makes Apple’s look heavenly
• The Dragonslayer Armor boss from Dark Souls III
• The YouTube channel DogPack404, consisting of MrBeast employees decrying his brutal working conditions.

A unique thing that desktop environments on Linux get is extensions. And they aren’t limited to the latest AI product being shoved down your throat (hi Windows)! The most popular desktop environments like GNOME and KDE offer extensions, but not all is as okay in extension land as you might think.

I want to unpack some of the extensions that I really like and the situation involving desktop extensions is more precarious than most people know.

Polonium (KDE)

Have you ever wanted to do window tiling? You know, where your windows automatically arrange themselves, some would say dynamically? Well, there used to be this thing called Bismuth, which would automagically rearrange your windows just like a tiling window manager.

Except people are reporting bugs, especially on newer versions of Plasma and the developer is stepping down. I made video about this situation last year and quite a bit (hasn’t) changed since then. Bismuth is still up on GitHub, but despite development basically grinding to a halt. The long story short is Bismuth relies on the KWin’s APIs from Plasma 5.26 and is incompatible with Plasma 5.27 and the upcoming Plasma 6. The maintainer also had some personal issues and stepped away because he didn’t have enough time. Let this serve as a reminder that most developers are not on company time or payroll. They are normal people who have to commit their free time and talent, often for little to no gain.

The result was a fork of Bismuth called Polonium (you know, as in the radioactive metal, because Bismuth is a metal?). Polonium targets KWin’s new APIs and supports the same dynamic window tiling that Bismuth did. I encountered a few KWin crashes when I was using it, but I’m more willing to chalk that up to Nvidia being a pain since they can’t be replicated reliably. Polonium is pretty cool in that it’s Wayland-focused and building on the age old work of Bismuth.

However, this is where the plot thickens. Recently, the lead developer of Polonium, zeroxoneafour, has said the current codebase for Polonium is unsustainable. This is due in large part that the original KWin APIs from KDE 5.27’s early days and growing incompatible with the constant development of KDE.

Since Polonium is from mid-2023, it has since accrued technical debt as KWin begins to clear up and on the eve of Plasma 6. What needs to happen now is that development of KWin continues to refine and make sure the protocols that Polonium uses to work stabilize in Plasma 6. It’s a complicated situation, but the basic gist is Polonium is playing catch-up with the large, ongoing changes in the upcoming Plasma 6. zeroxoneafour has also said the only solution to fix Polonium’s technical debt is to completely rewrite it from the ground up, which the current beta version out now is a proof of concept. If you want to help them and you have experience with TypeScript, you can go visit their GitHub.

GNOME Extensions

Unfortunately, picking GNOME as a platform hasn’t been smooth sailing. The long story short is the GNOME developers have been making a lot of changes to their windowing compositor Mutter and its components. The most important change is moving away from GNOME JavaScript (or GJS). There’s a bit to unpack here.

1. GJS is a variant of JavaScript similar to TypeScript. But for developers coming in to work with GTK, it’s not totally the same. The primary reason this was changed to make the toolkit easier to adopt or get into.
2. GJS is different, but not too different. Someone could easily script or program a way to update older extensions to replace GJS with standard JavaScript.
3. That means that extension makers need to maintain 2 versions of their extensions. Wait, what?

People online are complaining about the fact that GNOME’s extension developers have to maintain extensions in GJS from GNOME 44 and below, and extensions in standard JavaScript for GNOME 45 and above. You’ll hear complaints about how GNOME is an unstable platform that constantly breaks every yearly release and then some.

I want to highlight a problem that I think most people avoid or don’t think about: it’s most software projects don’t have a PR team. Most people didn’t see this in a fancy press statement or in a dazzling video by GNOME’s YouTube channel. They saw this in a blog post, written by an engineer, for contributors. In fact, most people probably heard about it from their favorite content creator reading the news, an online forum like Reddit or Lemmy, or one of the Linux content mill news websites.

The general feeling that people get is the lack of communication, because there is a genuine lack of communication–a communication team. But people continue to treat an open source product as they would a financed proprietary product. GNOME is not and while there are developers who are paid to work on it, it’s nowhere near the level of Windows or macOS. To be fair too, I’m not saying this excuses the poor communication. Even if unintentional, it doesn’t matter how you intended something to come off, what matters is how people perceive it.

The Teetering Tower

But we also need to be realistic about what extensions are. GNOME Extensions and extensions in KDE are not built with specific functionality in mind, nor are there convenient APIs for them to use. There’s no one framework or stable thing to build around and this sounds crazy, but it’s similar to extensions in your browser.

Chrome and Firefox have a stable framework for their extensions, but like KDE, the APIs are constantly being poked and probed by their developers and the W3 to see what people use and what isn’t. Browser extensions are rather constructed around a bunch of frameworks to do things in real time and limit the extent of what they can do for performance and security reasons.

The same is true with extensions in GNOME and KDE. Your extensions need the ability to specific things in real time. For example, I use Caffeine on GNOME, which prevents my computer from falling asleep when I do specific things like play full screen videos or games. But think about what goes into this: the extension needs to be able to read GNOME’s APIs to know that there is a full-screen window or specific application open on your device. All of this needs to be done in such a way that it doesn’t hinder the performance either because people will complain if an extension slows down their system!

GNOME Forge

But what does this look like? I have been bombarded with comments about how I got window tiling in GNOME. It’s an extension called [ you some manual tiling like you’d get in i3 or Sway. But like Bismuth and Polonium, Forge is not immune to this cycle.

Earlier last year, Jose Maranan, the lead maintainer of Forge announced he’s no longer able to keep working on the project. And this has affected the project because a lot of the Forge developers are trying to pick up the slack with Jose helping them and figuring out GNOME 45 porting and some annoying bugs like why the UI will suddenly become English for non-English GNOME users or the extension breaking on touchscreens.

In my observation on GNOME 45, the toggle menu is totally absent in the GUI, but can still be accessed through Matthew Jakeman’s Extension Manager. However, I’m not a power user of Forge. I just have 2 windows open at a time and mostly adhere to vanilla GNOME. If GNOME implements its tiling, I’d probably switch to that immediately.

Closing Thoughts

But while most of these problems are here, I feel it’s also important to acknowledge that GNOME and KDE have zero obligations to extension developers. They can’t just stop developing their desktop environments because a couple extensions aren’t just right. It’s the same reason Firefox and Chrome break extensions frequently because they constantly touch their APIs.

Here’s the part where I tell you I’m going to flip flop to another software, but not this time. I’m too much of a technological polyglot to settle anything properly anyway. I will solemnly accept it and will continue to advocate for the assistance of extension maintainers. It’s a thankless task and you’ll find that a lot of the people in these repos are just users like you and me. I don’t have the time to properly learn JavaScript and GNOME/KWin APIs, but I can use my platform to at least highlight where help is needed the most and why you should lend a helping hand to your extension maintainers.

My Favorite Desktop Extensions

• Polonium for dynamic window tiling on KDE
• Forge for tiling windows on GNOME. Given how I use GNOME, it says me the extra key presses of manually tiling windows.
• Caffeine to disable sleep/lock for a set time or for specific applications.
• Dash to Panel to add a clone of the vanilla GNOME panel to my other display purely so I can pretend to check the time.
• AppIndicator and KStatusNotifierItem Support for legacy system tray icons. I prefer GNOME’s “background apps” menu, but it’s unfinished as of time of writing.

Referenced

• Siri will be announced to have generative AI capabilities in WWDC 2024 (Korean)

9to5Linux is a content mill

I can’t say with definitive proof that the reference to plagiarism by 9to5Linux, but at most, it’s just cheap rewording of an official Asahi Linux blog post with little to add except the link to give them more clicks about Arch Linux ARM.

At a minimum, 9to5Linux is a worthless content mill and you should just learn how to use an RSS feed.

• Fedora Asahi Remix - Asahi Linux
• 9to5Linux’s copy

A question I see often is “how do you edit your videos?” The answer is I use DaVinci Resolve. While a lot of programs that I promote are open-source programs that can be freely inspected, distributed, and modified. However, I have tried all open-source video editors and all of them have disappointed me. Instead, I settled on DaVinci Resolve, one of the most popular free (as in cost) video editors. It’s been growing in popularity since Adobe continues to push their users to the brink with subscription prices and AI chicanery. While it might not be as featured filled as Premiere, Resolve gets the job done over and beyond most of its competition and one of the few commercial companies that supports Linux.

However, just because DaVinci Resolve supports Linux, that doesn’t mean it’s all smooth sailing. I don’t think it’s a secret that most of Black Magic’s employees all use Macs, because who in their right mind would use Windows? At least in my experience, I’ve noticed that when it works, Resolve outperforms and is generally smoother on Linux than on Windows, although I would chalk that up to 2 things:

• The Mac version is easier to port to Linux as since macOS is also Unix-like.
• Black Magic uses Linux as the backend for database servers, managing their products, or embedded systems.

And I am all about paying for a good product. If you use a product, whether it’s your favorite open-source project or a proprietary product, if you like a product, give them money and show your support. This especially goes for desktop Linux users since meeting one in real life is like finding a unicorn. If you pay for a product and you like how it works, you show your support and that the thing they offer is worth continuing.

But emphasis on “works.” Because if you scour the internet looking into Resolve, people complain about not getting it to work. Windows and Linux in particular are hard targets because of the diverse types of hardware out there. On Linux especially, it’s an uphill battle and I want to walkthrough some of these issues, some solutions, and debunking some claims online about how DaVinci Resolve functions on Linux right now.

Codec Complications

Resolve paywalls specific video codecs, or video format compatibility, from working. Some codecs like AAC audio, the standard for audio in MP4 files, don’t work at all! It might be easy to point the finger at Black Magic Design for crippling Linux users, but reality is they aren’t the enemy.

Did you know the popular video codec for MP4 and QuickTime files, H.264 is run by the MPEG LA, or as I call them, the scummy patent squatting body that monopolizes video on your computers and phones. Google, Microsoft, and Apple pay the MPEG LA truckloads of money every year (and you’d only know this by reading the Microsoft or Apple EULA, who doesn’t?).

Nobody likes them, especially the companies that pay them and it’s gotten so bad they’re trying to promote their own alternative: the AV1 codec to finally put an end to the H.264 reign of terror. Resolve only paywalls it because the license of H.264 requires the operating system pays money. No way would your distribution give into petty extortion like this.

Converting Media

Resolve blocks specific codecs from working for Linux users or paywalls them. For example, there’s a massive spreadsheet in their support manual describing all of the codecs that don’t work.

However, this means that using Resolve will require you to convert your existing “incompatible” media. You can use tools like ffmpeg and HandBrake to convert video or audio into the desired outputs.

If you don’t know what codec your file uses, VLC or MPV allow you to view the codec (Ctrl + j in VLC or i in mpv)

I typically do Nvidia NVENC H.264 for hardware acceleration, but if you don’t pay and especially if you want to support the future, use AV1. For audio, you need to use PCM wav.

Below are some sample commands.

Resolve Free

ffmpeg -i "incompatible.mp4" -vcodec libaom-av1 -acodec pcm_s16le "compatible.mkv"

Resolve Studio

ffmpeg -i "incompatible.mp4" -vcodec copy -acodec pcm_s16le "compatible.mov"

My Resolve Scripts

On my GitLab, I have 2 Resolve scripts:

1. First, run davinci-resolve-distrobox-1.sh. This installs all the dependencies and prompts you to download Resolve.
2. Second, run davinci-resolve-distrobox-2.sh. This fixes the prepacked libraries and integrates it into your system through Distrobox.

GitLab scripts

Distro(box) of Choice

Resolve is very picky about what distro you run it on. Officially, Rocky Linux is recommended, but very few people run Rocky Linux on desktop Linux. Instead, you can run Distrobox, a utility that lets you run applications in a Podman/Docker container.

• No matter what flavor of Linux, you can run a container where Resolve thinks it’s installed in the distro of your choosing.
• Distrobox gives the container full access to your home folder and can integrate installed programs as GUI or command line shortcuts.
• Since Resolve recommends Rocky Linux, we should use Fedora because it is more updated and has better hardware support.
• Since Resolve is running in a container, updates to the container are independent of your host system (the one you run your containers on). This way, Resolve runs in a stable environment without impacting other programs you use.

Lacking Libraries

Resolve requires specific applications and libraries in order to correctly run the installer and Resolve itself.

• The installer requires FUSE and various other libraries for the installation process. This is because the installer is a glorified AppImage.
• You need PulseAudio, the XDG libraries, and X11. Resolve will work in XWayland, but your window decorations will be invisible.
• RPMFusion is needed to run all the video codecs.
• You will need to download the desired version of Resolve from Black Magic’s website. If you use the free version, you can submit bogus information and get the download link. If you use the Studio version, you can click the “Download only” link. You also need the required libraries for your respective graphics card.
• If you use Nvidia, you need to download akmods-nvidia and xorg-x11-nvidia-cuda. In a container, the installation might fail, but don’t worry if it does. Your Distrobox container needs to be built with the --nvidia flag.
• If you use AMD, you need to use rocm-opengl. You might also need to install the Nvidia driver too.
• Intel Arc is untested.

After Resolve is installed, Resolve’s codecs are outdated and Resolve will fail to launch. First, copy the codecs from the RPMFusion folder and put them in Resolve’s folder.

sudo cp /lib64/libglib-2.0.so.0* /opt/resolve/libs

Pulling Old Fedora Libraries

Resolve’s codecs are still so old that even Fedora is leaving them in the dust. You need to download an archive of older Fedora 38 libraries, unpack the archive, and copy them into Resolve’s folder as well. Even if you use a newer version like Fedora 39, the 38 libraries still work.

Since this video, the link has been officially removed from the Fedora repositories. I saved a copy on the Wayback Machine

sudo dnf install cpio -y
wget https://web.archive.org/web/20231220041143if_/https://dl.fedoraproject.org/pub/fedora/linux/releases/38/Everything/x86_64/os/Packages/g/gdk-pixbuf2-2.42.10-2.fc38.x86_64.rpm
rpm2cpio ./gdk-pixbuf2-2.42.10-2.fc38.x86_64.rpm | cpio -idmv
sudo cp -r usr/lib64/* /opt/resolve/libs
rm -r usr
rm gdk-pixbuf2-2.42.10-2.fc38.x86_64.rpm

Reverse Engineering Resolve’s DRM

If you are a free user, this section is not relevant to you.

If you harden your Linux network settings, you will encounter problems ensuring your Resolve installation stays registered. If you use a randomized MAC address, Resolve needs to know your real MAC address, probably to check your vendor OUI.

TL;DR: Resolve is quite sound privacy-wise, but relies on you using a static MAC address if you use Studio.

There are 2 types of license: the dongle or internet activated code. When you first open Studio, you will be prompted to enter in your code or insert your dongle. I use an internet code, but many others have tested the dongle.

Privacy-wise, DaVinci Resolve collects no telemetry and attempts to keep network calls to a minimum. The only time Resolve phones home is when you enter in your license code and to check for updates. Resolve then generates a certificate in its /opt/resolve folder that attests that you are using a device with a specific vendor identifier. Otherwise, it will ask you enter your code again if you reboot your device or restart NetworkManager.

If you use my NetworkManager configuration /etc/NetworkManager/conf.d/00-macrandomize, comment out the following:

#wifi.cloned-mac-address=random
#ethernet.cloned-mac-address=random

There’s also conjecture on fat-tire’s Resolve container that DaVinci might use the Linux machine-id to identify uniqueness. While this is possible in theory, machine-id has no impact on Resolve’s DRM. Linux machine-id is just generated when you first install your OS, but this can be deleted or modified. For example, I use the Kicksecure machine-id, since they make it so all of their users use the same Linux machine-id. I replicated this with Studio and my license was retained.

echo "b08dfa6083e7567a1921a715000001fb" | sudo tee /etc/machine-id

Discrete GPU Troubles

Using Distrobox with discrete GPUs doesn’t work. I have no idea why. Still works fine on Desktops.

Misc Problems

• All window decorations are invisible in Wayland. They are visible in X11.
• The file picker doesn’t use portals. It’s their own machination.
• If you are an AMD user, you cannot export video as H.264.
• If you make changes to the Nvidia driver and Resolve fails to boot on Wayland claiming “make sure all displays are unplugged from your integrated GPU,” run Resolve in X11 once, then it will open again in XWayland.

Donate

This was the culmination of months of experimentation. If you like the work I do, please consider donating money.

Donate

Referenced:

• Adobe Says Significant Costs, Penalties May Arise Out of FTC Investigation - Denny Jacob, WSJ
• Official SEC Form 8-K against Adobe for subscriptions and acquisition of Figma
• Michael Horn’s video about DaVinci Resolve and Distrobox from YouTube and Odysee
• The AV1 Codec - Tim Terriberry, Mozilla Research - Linux Conf AU 2019
• The NetworkManager.conf documentation
• Fortinet’s explainer of vendor OUIs

Did you know:

The GNOME developers do not care how you pronounce GNOME. However, if I do not use “the hard G GNOME (/ɡəˈnoʊm),” there’s a chance it will create a headache for me to format subtitles later.

Intro

Have you ever tried using the GNOME Desktop Environment? It’s the default of Ubuntu, Fedora, and many more. But how many people really use GNOME? Lots of Linux distributions don’t use GNOME the way its developers intended (more on that later). They make all sorts of modifications, making it look like Windows (Nobara). Or they add extra applications on top of it (Pop!_OS or Ubuntu). Instead, I want to take a deep dive into examining the default GNOME experience and why the default GNOME experience provides one of the most optimal desktop workflows.

The GNOME Way

GNOME is built using what they call the Human Interface Guidelines (HIG). The HIG provide the basis to the why and how GNOME functions.

• truly follows the Unix way: simple apps inside a simple ecosystem. Minimalist by default.
• Removing complicated or confusing features based on how maintainable something is. It’s done to ease developer burden and a better OOBE.
• The prioritization of accessibility. All features are accessible as equally as possible. You can use a mouse, keyboard, or touchscreen and you can do almost everything.

In Practice

• adjustable windows for those with small displays
• Generic application names. Names are also carefully chosen so applications don’t conflict across different localizations and have double meaning.
• Priority support for common desktop hardware (yes, even NVIDIA)
• Same keys as Windows (mostly), perfected workflow from macOS, and a mash of features from tiling window managers.

The GNOME Workflow

There is no one workflow nor is it defined by the GNOME foundation. However, there’s an implied way GNOME’s developers hint about how you to use it.

• Super key opens an “exposé” view to see all of the open windows, similar to macOS. You can also access it by clicking/tapping the workspace dots.
• Typing in after opening the dash allows you to search applications, then searching your files and GNOME integrated applications.
• Navigation is done using mouse, touch, or the arrow keys.

The common hiccups are things that other direction environments do differently.

• Maximize is accomplished via keybind or dragging a window up.
• Minimizing windows is not necessary because of the Activities menu. It also encourages the minimalist nature: if you don’t need something open, close it. If you want to leave it open, send it to another workspace.
• Keyboard window switching is done in two ways to give equal access to the open windows of your focused application and which application you want to focus on. Alt + Tab to change your focused application and Alt + ~ to change windows of your focused application. This way, compared to traditional window managers, you always have access to all of your windows without a confusing menu.
• The window switching is dependant on what keyboard you use. The key is always whatever is above your Tab key. For example, on German keyboards, it’s Alt + +. Thanks to @kuhluhOG on YouTube for telling me about this.

Workspaces

Of all graphical desktop environments, GNOME’S virtual desktops are much more user facing and accessible than Windows, Mac, or other desktop environments.

Workspaces via GUI keybinds are limited to 4, but this can been increased using gsettings, GNOME’s equivalent to Windows’ Registry Editor. However, this becomes redundant once you embrace one of GNOME’s killer features—dynamic workspaces. Rather than having a set number, workspaces are added based on need them.

You also always know where you are using the newly added workspaces dots. Like most tiling window managers, and unlike Windows or macOS, you get a glance of which workspace you are on, similar to the pages on phone home screens.

Don’t use Okta. Wait, you want to know more? How about the utter mishandling of user information and complete disregard for transparency?

Even funnier, it was revealed that the September/October breach was actually much more serious than was originally believed and leaked everyone’s information. All while I was editing this video.

How to Protect Yourself from Okta:

Okta requires a phone number, the email your IT admin associated with your account, or in certain configurations, downloading the app as the only option. So you don’t want to give them a phone number or download the app because of their awful practices and your value for privacy, what can you do?

• Using a work VOIP number: If your employer provides a voice over IP (VOIP) phone number, you can use that as a second factor. This is my current strategy.
• Using a “burner” phone number: If you own more than one phone number, you can dedicate another phone number to protect your personal phone number.
• Using a separate Android profile: If you use Android, you can create a separate profile for your work apps and download the Okta app. It’s not totally anonymous, but using the QR code for their 6 digits, it doesn’t require internet access.
• Using Android-x86 in a virtual machine or spare device: You can sideload the Okta Verify app and sign in to your email in the virtual machine to receive a magic link. When the app is installed, you can click the link and bind the virtual machine’s app to Okta’s push notification system.
• The old phone: If you have a spare old smart phone, you can download the app there.
• Using a third party emulator: There are many commercial Android emulators, like GenyMotion or Bluestacks.

Side notes:

• The Okta app works without Google Play Services, but you will not receive notifications.
• Okta’s push verification requires internet access, but their proprietary 6 digit codes works without internet access. It is not Google’s standard, so you can’t use a conventional TOTP app.
• I tried Waydroid, but the orientation and functionality of the Okta app within it is questionable at best.
• It would be worth looking into Google’s Android Studio and trying to run it there.

Alternatives to Okta

• Aegis
• Bitwarden
• Ente
• Passkeys, a universal standard by the FIDO alliance (ironically funded by Okta)

Referenced

• Lapsus$ found a spreadsheet of accounts as they breached Okta, documents show | TechCrunch, Zack Whittaker
• New Lapsus$ Hack Documents Make Okta’s Response Look More Bizarre | WIRED
• Teen Suspected by Cyber Researchers of Being Lapsus$ Mastermind - Bloomberg
• Frequently Asked Questions Regarding the January 2022 Compromise | Okta
• Okta’s disgusting pricing page
• Okta Support System incident and 1Password
• How Cloudflare mitigated yet another Okta compromise
• Okta’s Latest Security Breach Is Haunted by the Ghost of Incidents Past | WIRED
• ArsTechnica’s Dan Goodin’s woes with Okta’s PR team
• Various compiled critiques by WIRED’s Lily Hay Newman
• Hackers Stole Access Tokens from Okta’s Support Unit – Krebs on Security
• Okta: Breach Affected All Customer Support Users – Krebs on Security

Firefox is one of the longest living browsers still with us today (good riddance Internet Explorer) and is arguably the most customizable browser when comes to protecting your privacy. I have made lots of videos about Firefox, but lots has changed to Firefox since then and I want to take my time to take a step back to review the basics, update some of the configuration files I have, and why I still use Firefox as my daily browser.

Browser Battles

The undisputed point is Firefox is Mozilla has always been at odds with the current browser at the time (Netscape in the old days and now Chromium). Firefox has also become the heart of many important open source projects: Thunderbird, the Tor Browser, Web Assembly, and nss.

Mozilla has diverged from many other browser makers because of their nonprofit status and has been more proactively for the end user than many other web browsers.

• It’s easier to switch your default search engine in Firefox and access multiple search engines in the address bar.
• It’s easier to change it to the default browser on Windows 11.
• Firefox has one of, if not the most, robust screenshooting utilities in a web browser, full stop.
• Also has a built-in color picker and my favorite developer mode.
• Firefox has also been faster to accept hardware acceleration on Linux and macOS than Chromium has. For example, Firefox’s initial Apple Silicon support was much better than Chromium’s, as they got the secret sauce directly from Apple. Similarly, Wayland support on Linux is much stronger than Chromium.
• Firefox also offers Total Cookie Protection, blocking websites from viewing your other websites by further isolating the cookie jar.

Mozilla has also been much more forgiving in regards to the dreaded C-word, and you know, the C-word that blocks things on websites. That’s right, I’m talking about cont—Containers to compartmentalize multiple logins and data. Want to stay logged into work and personal accounts at the same time? Firefox Containers have you covered!

Unlike Chromium, Mozilla has been much more of ManifestV2, soon to be replaced by ManifestV3. To be fair, ManifestV3 is absolutely a security win: browser extensions will be much more limited in what they can do. This comes at the drawback of traditional content blockers not being as good as they used to be die to rule limits of 500,000, far too low for most common content blockers.

Mozilla’s response to this has been to continue support for ManifestV3, especially because of the number 1 most downloaded extension on Firefox that starts with the letter U. The bottom line is this: Chromium is largely maintained by companies that rely on surveillance capitalism and have incentive to neuter content blockers. Firefox doesn’t and is able to users this choice.

Unfortunately, most people fall victim to the tyranny of the default. The decline of Firefox has been obvious for multiple reasons.

• Firefox has little mobile market share. By default, phone users are presented Google Chrome on Android and Safari on iPhone. Even if you do install it, it’s a crippled browser. It’s also more insecure, but that’s a topic for another day.
• Most browsers are based on Chromium, which is for the most part largely controlled by Google. Lack of browser competition among giants is harmful for users in the long run.

That also doesn’t even account for Firefox has some cheap imitators. I would advise you stay away from most of them. A lot of them struggle to receive updates in a timely manner.

Installing Firefox

Installing Firefox is about what you’d expect: visit your software store or Mozilla’s FTP server to get it and avoid the unique identifier planted in the installer. If you are on Mac, consider using homebrew.

Special Note for Windows Users

An important thing to note is Windows users are going to need to take some extra steps:

1. While you can download Firefox from the Microsoft Store (not winget), this version doesn’t include various hacks to automatically set Firefox as your default browser when you ask it to. This is because Microsoft hates your freedom, plain and simple. The primary benefit of using the Microsoft Store is to get UWA apps, which Mozilla isn’t anyway.
2. Firefox installs a scheduled task to constantly check if Firefox is your default web browser. Mozilla, it’s none of your beeswax what I use as my default browser. Go into Task Scheduler and delete it.

Profile Manager

Now you have Firefox and we’re going to configure it, right? Hold your horses there sport! We’re going configure profiles. While not as easy to use or as forward facing as Chromium, Firefox supports profiles to separate different identities and configurations of Firefox. I’m going to cover some in a future video, but it’s all about ensuring we only use one browser that we know works in various different ways.

First, you have to run a Firefox command, then we can append an argument to open the profile selector by default. This varies based on operating system. In the video, I cover Linux and Windows, but the principal is the same on macOS as it is on Linux.

Windows

C:\Program Files\Mozilla Firefox\firefox.exe -p

macOS

Make sure you open Firefox normally first to bypass Gatekeeper prompts. Then you can create an alias with the following:

/Applications/Firefox.app/Contents/MacOS/firefox -p

Linux

If you are on Linux, consider using the snap package on Ubuntu or the Flatpak if you don’t use Ubuntu.

• Snap/Flatpak: Both the snap and Flatpak are maintained by Mozilla’s developers. The snap and Flatpak are also sandboxed, so you can configure permissions using Snap Store or Flatseal.
• Your distro’s native package: While behind on updates, native packages can offer stronger sandboxing than what Flatpak provides.

You’ll need to make a decision:

Native

Pros

• Stronger security
• Can include special fixes for your distro

Cons

• Slower to deliver security updates and bug fixes
• Might not even be available at all due to licensing conflicts

Snap/Flatpak

Pros

• Universal package
• Officially maintained by Mozilla, no middlemen
• Fast updates and bugfixes

Cons

• (Flatpak only, snap untested) Weaker sandboxing and isolation
• (Snap only) Requires AppArmor for proper isolation

# Native/snap
firefox -p
# Flatpak
flatpak run org.mozilla.firefox -p

Uncheck the box Use the selected profile without asking at startup, now every time you launch Firefox as such, you will be presented with a menu to choose which profile you want. The first profile you create is called default-release, but you can rename it or create a different one.

Stock Firefox

Out of the box, Firefox isn’t all that great. The search engine is a bit invasive and has sponsored links. Pocket is lurking around at the top. Mozilla collects telemetry which they never cite as helpful. Rather than fix this right now, I might get some hate for this, but there’s an argument to not configure Firefox at all. Configuring Firefox in extreme ways can cause websites to be much more suspicious of you. You must be doing something wrong if you used the about:config, obviously!

Keeping a stock Firefox with no configuration is great for a browser where your anonymity isn’t as important. Services like banks and critical work or business functions are great examples of this. You could get on your high horse and say that you are doing your duty by configuring it, but I would argue it’s not worth the hassle when these services probably know you by your real name anyway, so it’s not a big deal.

Configuring Firefox the Easy Way

Firefox has a lot of configurability, especially when configuring Firefox offers a lot benefits protecting your privacy, security, and the occasional weird Mozilla feature. If you’re looking to configure Firefox, but don’t want to have to deal with the fuss of a user.js file, this is the place for you!

Why bother?

Firefox has a lot of settings and these are the only ones that most people have access to! If you haven’t already, I strongly recommend setting up custom profiles if you haven’t already. I maintain at least 4 Firefox profiles at once, each of them serving a different purpose. I typically name this profile “PrivacyFox,” because we’re going to configure Firefox to a minimal degree. Scripts like Arkenfox turn off a lot of features and while features that break websites are marked, many others indirectly cause websites to break.

And even if you’re an advanced user and use privacy-hardened Firefox with a custom user.js and fancy userChrome.css, you still need to be aware of the GUI settings because scripts like Arkenfox won’t configure these for you most of the time. They often leave the GUI settings open for users to configure it themselves.

The benefit is you can customize Firefox to resemble the behavior you want and you can choose how you want Firefox to look. Unlike most other browsers, Firefox truly lets you claim it as your own, and no, it won’t break upon updates unlike Vivaldi!

We’re going roll through all of the default Firefox settings and give a quick rundown of each one.

Home

You can toggle your homepage by changing it something else. And for the last time Josiah, I’m not making your homepage Google if you can just type in the search bar to use Google!

Popular options include:

• DuckDuckGo
• Startpage
• Brave Search
• Google
• Bing
• Yandex
• Baidu

Search

The search settings are where you can configure Firefox’s search engine. I would be remiss not to tell you that Firefox gets paid millions of dollars by Google to be the default search engine. There have even been rumored talks of a bidding war with whether or not Bing would replace Google as the default. If you have preference for a different search engine here, you can change it here.

Alternatively, if your search engine is not listed, you can visit your favorite search engine and right-click on the Address Bar, then click to add it to these options.

• Disable “Provide search suggestions”

Firefox will also proactively search with autocomplete enabled by default. This means that anything you type into your Address Bar will be sent to your search engine provider. I recommend turning this off.

Privacy & Security

• Select “Strict” Enhanced Tracking Protection

Firefox offers Enhanced Tracking Protection (ETP) against common threats on the web. It will not protect you from everything, but it’s designed not to negatively impact your browsing at all, even on Strict.

Navigate to “Address Bar,”

• Disable “Suggestions from the web”
• Disable “Suggestions from sponsors”

In America, us Firefox users are pestered with sponsored links in the autocomplete. Just turn them off.

• Navigate to “Cookies and Site Data” and select “Delete cookies and site data when Firefox is closed”

Cookies are used to track things across the web like login sessions and cached information. However, most websites abuse this and use this as a mechanism to track you.

[Advertisers] capture the “cookies” that your computer automatically deposits into your Web browser, creating an indelible of every site you visit and every page you view, then use that information to send you personalized advertisements… “Cookies are used by virtually all commercial websites for various purposes, including advertising, keeping users signed in and customizing content… Bad as it was to be stalked by shoes…”

Martin Lindstrom, Brandwashed

But naturally this leads to a question: how do you stay logged into accounts you always use and you want the convenience of staying signed in?

• Under “Manage exceptions,” you can add an exception by typing in the site, and selecting “Allow”
• Visit the site you want to save your credentials for, then press Ctrl+i (⌘+i on Mac) Navigate to “Permissions” -> “Set cookies” -> “Allow”

HTTPS-Only Mode

Back in the old days, websites thought it was a good idea to use unencrypted websites, which allow your ISP to snoop on what you do. Most of these things have been eradicated from the Internet today, but for those who couldn’t figure out how to do it, you want to be presented with a full-screen warning to protect your privacy.

• Enable “HTTPS-Only Mode in all windows”
• You can also “Manage Exceptions”

DNS over HTTPS

DNS over HTTPS (DoH) is one of the newest web standards for secure DNS connections, which translate your URLs like “trafotin.com” into the corresponding servers on the internet and IP addresses.

DoH changes the DNS paradigm by using HTTPS packets to call the websites you want to visit. By using DoH, in junction with encrypted DNS, your internet service provider can still see sites you visit, but they aren’t allowed to tamper with any of the content, because yes, they have done this before.

I previously enabled the US default of Cloudflare’s DoH server as the default, but I’m taking a step back and letting you guys decide what you want. I think Cloudflare is a great default and the other, NextDNS, is also very handy. Other providers like Quad9 offer their own servers.

Enable Secure DNS using:

Lastly, Firefox now has the ability to force all traffic through DoH, which is really cool. In Chromium and previously in Firefox, DoH would be the default, but if websites rejected it, it would just fall back to normal DNS.

• Select “Increased Protection” or “Max Protection” for DoH.

If you select “Max Protection,” if you can’t connect to your DoH provider or if the connection is routed back, you will get a full screen warning.

If you are interested in learning more about DNS, I recommend a talk from Jim Nitterauer about compliance and protecting your privacy with DNS.

Telemetry

• Disable “Allow Firefox to send technical and interaction data to Mozilla”
• Disable “Allow Firefox to install and run studies”
• Disable “Allow Firefox to send backlogged crash reports on your behalf”

While Firefox is fairly respectful of your rights, one of the things I am the most suspicious of is their telemetry collection. The telemetry being opt-in isn’t a crime, but they don’t make it clear whether this information is useful or not, nor is it published anywhere publicly. It also doesn’t help that Mozilla places ads everywhere.

Even if you believe Mozilla is in the right, I’m a paranoid weirdo who would turn it off anyway. If you use an account, Mozilla collects more information about you and ties it to your Firefox account, so you might have more reason to turn it off given Firefox accounts demand an email.

Customizing Firefox

Firefox allows users to customize the UI to their liking. For example, if don’t like the “wide” address bar, you can remove the spaces. If you’re a front-end dev, you can add the developer tools to the toolbar. If you want to add back the extension icons to your taskbar, you can pin them near the puzzle piece icon. Be creative and make Firefox your own. You can make it look like Chrome, old school Firefox/Opera, or Safari.

• Right-click on the top bar or window decorations and select “Customize Toolbar”

New Tab

Firefox also allows users to customize the New Tab page, including using a custom website as one. Still, with the vanilla New Tab page, there are things to be done.

• Right-click and unpin all preinstalled shortcuts. These are all sponsored links for companies who paid to be here.
• Gear -> # rows here
• Gear -> Sponsored Shortcuts -> Disabled
• Gear -> Pocket

Mullvad Browser

You could configure Firefox by going through the settings, but the easy way to get a privacy-hardened Firefox is using the Mullvad Browser. Since my very first video with Arkenfox, this has been what I consider the most radical change to Firefox forks. Ordinarily, I never recommend Firefox forks because most of them have trouble updating in a timely manner or don’t have a good enough reason to exist.

The Problem With Firefox Forks

The problem with most Firefox forks is you need to not only trust Mozilla, you need to trust the other people who are touching the fork, and trust that they will keep it up to date. With something as important and unfortunately resource heavy like a web browser, you need to ensure you get updates promptly and most smaller browser forks aren’t able to do this well.

Why the Mullvad Browser?

The exception has been the Mullvad Browser. Mullvad Browser doesn’t use the normal Firefox, but the Extended Support Release or ESR of Firefox. It’s much slower to adopt features, but the core security and engine of Mullvad Browser is the same.

In fact, Mullvad Browser was developed in conjunction with the foremost popular fork of Firefox, the Tor Browser. The Tor Browser has worked with Mozilla for years to fine tune Firefox against the invasive practice of surveillance capitalism and protecting your anonymity on the internet. Mullvad Browser inherits all of the Tor Browser’s work and it basically the Tor Browser, just no dark web functionality.

Well if you can’t connect to the dark web, what’s the point? Because Mullvad Browser is perfectly privacy-hardened by default and has all the extensions you might need in it, you don’t even need to pay for a Mullvad subscription to use it; you can use it as is. Everyone who uses Mullvad Browser is now lumped into the same pool of people and if you use a VPN (commercial, self-hosted, etc), you are now part of the same army of people using this browser.

Limitations to the Mullvad Browser

There are some caveats where you might want to avoid Mullvad Browser:

• You can’t use some newer features of Firefox. Previously this included screenshots, but also things like AI integration and vertical tabs. This is because Mullvad is based on Firefox’s extended support release (ESR).
• You can’t save logins. All data is deleted upon closing Mullvad Browser. You run this in Private Browsing/Incognito mode all the time.
• You are stuck with the extensions they give you and you shouldn’t configure them beyond their default values. In order to blend in, everyone needs to have the same uBlock Origin settings and the same NoScript settings.
• There are what some would consider bloat features like the Mullvad extension or the Mullvad Leta search engine, especially if you don’t use/like Mullvad.
• Some websites might not work correctly, because of the Tor Browser configurations. You can’t watch DRM-protected content for example or some website elements might not work.
• There’s also the pain point of the Mullvad Browser is pretty young and not as many people use it.

The Easy Way Out

And that’s why I’m recommending it. I’m selfishly recommending it because it is the easiest way to get privacy-hardened Firefox and you can join me in the sea of people using it. It’s the newest kid on the block, so we need to make this pool of people bigger and more normies use it.

Takeaways:

• Apple’s first evening event, conflicting with American football.
• M3 features smarter GPU utilization, no doubt because of Apple’s hand in both macOS and the chips.
• Performance of the M3 is dubious given how they skirted around giving real numbers.
• The M3 series also now includes hardware decoding of AV1, but not encoding.
• Ridiculous claims about how Macs are used in science.
• First Space “not even black” Black Apple Silicon Mac. Includes a special anti-fingerprint seal, but fingerprints will still show. Ask the reviewers.
• Please stop using Intel Macs. Apple said so.
• The 24-in iMac receives a M3 refresh.
• Event was announced with less than a week’s notice and likely to undercut Qualcomm’s latest announcements and inflate Q4 earnings.

Referenced

• Apple’s “Scary Fast” Event, YouTube
• Behind the scenes at Scary Fast: Apple’s keynote event shot on iPhone and edited on Mac
• Yuzu, the Nintendo Switch emulator, not to be confused with Yuzu Hiragi
• Use widgets on your Mac desktop - Apple Support
• iOS, The Future Of macOS, Freedom, Security And Privacy In An Increasingly Hostile Global Environment
• Nvidia to make Arm-based PC chips in major new challenge to Intel | Reuters

Qualcomm has announced their new Oryon CPUs, boasting ARM speeds faster than Apple and Intel’s x86. They didn’t provide any concrete proof that is does, but it exists. Supposedly.

Takeaways

• The whole event was filmed using a phone and it looks terrible.
• There was a ton of “yes-men” Snapdragon Insiders in the front row being obnoxious.
• Qualcomm is making a big push with their partners: Microsoft, Samsung, Xiaomi, Lenovo, Facebook, HP, and more.
• Qualcomm doubles down on on-device AI. Why wouldn’t they? AI boom, Windows 12, and more.
• Qualcomm announced the Snapdragon X Elite (Oryon) CPUs, boasting a large performance boost over competing Apple/Intel hardware. You’ll just have to wait until next year and take their word for it because there was no demos, a bunch of fake graphs, and not even a glimpse of it on real hardware doing real person things.
• Qualcomm is vying for Microsoft’s attention in particular. Only (prerecorded) sit down interview with Christiano was with Satya Nadella.
• The Windows on ARM (WOA) exclusivity deals ends with Qualcomm next year. If the Oryon CPUs fail, it’s going to be disastrous for Qualcomm and good for upcoming competitors like Microsoft, NVIDIA, and AMD.
• Pavan Davuluri from Microsoft showed up to beg developers to use NPUs.
• Sound technology… yay.
• Snapdragon Seamless links USB (?) connected devices together, as long as they can run a Snapdragon processor. Only showed Windows and Android. It might also use Wi-Fi or Bluetooth, but no elaboration on how this technically works.

Referenced:

• Snapdragon Summit 2023: Keynote Livestream (YouTube)
• Snapdragon Summit 2023: Announcements

Remember the last time I made a video on Android? It was over a year ago (and on Airguard)! Now that changes. I have right here a Google Pixel 7 Pro, which I pawned off a relative. I mean, if it were me, I would have waited for the Pixel 8! But this is something I’ve been excited for: an Android operating system that truly puts your rights first and foremost. This has now become my daily driver phone and I have never been more exicted for a Phone since my LG VX-5400! Buckle up guys, Android ROM flashing time!

What is GrapheneOS?

GrapheneOS is a custom Android ROM, but what does that actually mean? Android ROMs are the same as when you choose to run operating systems on your computer. Few Android phones grant you the ability to install custom operating systems and many manufacturers refuse to provide you such a freedom or will hamper your efforts to run custom Android ROMs.

But why would someone choose to do this? It really comes down to control or functionality. Since many manufacturers maker it difficult, they are effectively taking away your freedom to do or run exactly what you want on your device. It’s important because compared to Apple for example, at least you are given the choice (on certain phones) to do what you want.

That being said, there are risks and I can’t go without mentioning them. In the past, installing a custom Android ROM could result in bricking your phone, but times have changed. As long as you choose to run a reputable Android ROM, the chances of you bricking your phone are telegraphed to you. As long as you play it safe and stick to big name ROMs, it’s hard to mess up.

Custom ROM Insecurity

While I am all about encouraging software freedom and running what you want on you device, I want to warn you against rooting your device. Rooting usually gives you as the end user the same ability to run dangerous command that could your damage your system. “But Trafotin, I made it this far and I haven’t gotten in trouble yet!” Rooting your phone has dangerous consequences especially if you are downloading files outside of the Google Play Store. Sure you can do you get your whiz-bang battery enhancing apps, but newer innovations prove using an unrooted device is great. You can install an Android ROM and not be constantly using your phone with administrative privileges. It’s a bad practice for computers and it’s just as much a bad practice for phones.

The GrapheneOS Solution

This is why I am firm proponent of GrapheneOS. GrapheneOS is a custom Android ROM, designed to not compromise on user security while still respecting your rights. It’s the most robust custom Android ROM, but that polish comes at a cost. GrapheneOS can only be installed on Google devices. Google makes the best smart phones when it comes to keeping your phone up to date and not flooding your phone with crapware that other Android manufacturers throw in. Inevitably, people will fear Google kills off their phone line, but I am doubtful that this will happen. The state of manufacturers providing timely security updates on Android is so bad Google is willing to go into debt and force their OEMs to do the same. Sure Google is one of the Big Tech companies, but they recognize they are responsible for the biggest phone operating system in the world.

And I know the irony of using a Google phone to get more privacy, but Google’s phones are legitimately the easiest phones to install custom Android ROMs on and they have been for years. The entry level devices, like the Pixel 7a and the Pixel Tablet are less than $500 and pretty affordable.

Installing GrapheneOS

So you’re sold on using a custom Android ROM and you have a nice fresh Google phone. I’m doing this with a Pixel 7 Pro, but all of Google’s newest product line is compatible with GrapheneOS. I normally recommend buying a phone on sale, but I got a $200 discount for 4 years of updates and I wanted a model with an actually decent camera because anyone who has seen videos filmed with my iPad are atrocious. But how do we install GrapheneOS?

The following entails a guide on how to install GrapheneOS. The project has been in some drama because their former head developer didn’t like publishing guides, even if you supply the same or more depth instructions than on their website.

Prerequisites

I’m not going to get into detail, but the first step is to

• a Google device that is carrier unlocked
• use a computer from one of their supported operating systems to reduce as much error as possible. This can be a computer or even another Android phone.
• use a Chromium-based browser from the list
• connect your Google device with a USB cable and trust the device you plug it into

If you do the computer method, you need to make sure to have the Android SDK tools. I used a spare computer with Ubuntu and Brave and the instructions are pretty reliable with Linux and Windows, but pretty vague overall. If I had criticize the installation process, there could be a little pulldown menu with some extras instructions.

OEM Unlocking

But that’s the hard part, let’s do something more fun–OEM unlocking. This is one of the coveted features of Android phones that allow custom ROMs. But how do we configure this?

• Go to Settings→About→Build number then smash that button until you become a developer.
• Go to Settings→System→Developer options→OEM unlocking enabled.

You might also need to connect to Wi-Fi at least once.

Rebooting

After you enabled OEM unlocking, you need to turn off the Google device. In my case, it’s the sleep button and the volume up button at the same time. This took me more attempts than I would like to admit.

When you turn on the device, then hold the volume down button while the phone turns on and you get a spooky tiny text menu. This means we are in business for the hardest step of all…

Doing the Deed

• Go to your nice Chrome browser and click the button to identify your Google device and unlock the bootloader.
• Click the button to download the corresponding release for your device.
• Click the button to wipe Google off your device. Do not touch your device or unplug it while it is working. It will reboot multiple times and you know when you succeed when the Google logo shows up, only for the GrapheneOS logo to jumpcut in front of it just like having in movies.

You still see a hash appear as your phone boots up and compare this with the hash on GrapheneOS’s website. This ensures you’re running an official GrapheneOS image.

Zuckerberg is back with some new AI chicanery! Cheaper VR headsets, glasses souped up with their AI assistant, and the desperation for his products to be loved by literally anyone.

Takeaways

• All Facebook products are now equipped with an AI assistant powered by ChatGPT and with the likeness of celebrities. They will weirdly react as you read your prompt.
• Posts and DMs can now be composed by AI. Just in case you thought the latest post from grandpa was real.
• Instagram now has AI picture filters.
• The Meta Quest is now more affordable. It’ll still spy on you of course.
• You get to play your 2008 looking games on your Quest, but that’s about it. Since the games must designed with the Quest in mind, it’s likely it will stagnate.
• Partnering with Ray-Ban, Facebook has engineered camera glasses and no doubt will humiliate streamers, let creepers creep, and grant Facebook the ability to data harvest your vision.
• Llama and other Facebook products received improvements stolen from other open-source learning models.

Referenced:

• Elon Musk “promises” to fight Zuckerberg
• Facebook helped instituionalize violence against a religious minority in Myanmar
• Christopher Wylie, the Cambridge Analytica whistleblower, is interviewed by UK Parliament
• Frances Haugen accuses Facebook of prioritizing incendiary posts for profit
• A picture of Zuck with his third daughter
• Zuck with his other 2 kids and Priscilla
• Zuck tries to spin privacy into his companies and fails horribly, F8 2019 Keynote
• Meta Connect 2023 Keynote

Just when you thought Windows couldn’t get any worse, order from on high decrees that they add AI to literally everything. They just couldn’t add it to the title.

Takeways

• Microsoft now includes a spying Copilot in Windows. You’re welcome.
• Bing Chat can now be fed images and mathematical data.
• Panos Panay left/kicked out of Microsoft. Other poor presenters need to pick up on his slack.
• AI is now inserted into many Microsoft things: Office, Teams, Edge, Clipchamp, and Outlook
• The Surface Laptop and Surface Studio exist. Now with NPUs.

Referenced

• Original video
• Russian journalist hacked by Russian government with Pegasus spyware
• Panos Panay is super pumped to be at this event!
• Just kidding, he quit
• Panos Panay to replace Amazon’s David Limp
• MSN recommends the best place to grab a meal in Ottawa: the Ottawa Food Bank
• Neuralink causes irrepairable harm to monkeys in secret memo
• Microsoft’s market share in devices is bad
• Amazon limits daily KDP publishes because of AI garbage

Apple announces their new watches, now with poorer production quality than ever, as a well as the new iPhone 15 and 15 Pro. Will the USB-C be worth it or is there a catch?

Takeaways

• Apple fails to justify buying a new watch. Only an extra 12 hours of battery and finger pinching.
• Cringe commercial featuring Octavia Spencer as “Mother Nature”
• Jeff is back, inserted in more shoddily than before: cuts, poor audio transitions, and continuity mistakes.
• Apple cares about the planet, except until 2030 that is…
• The iPhone was forced to have USB-C to comply with European Union laws.
• The iPhone 15 now has a glass back. Good for repairability, but a way of shaming people who repair their stuff or use third party repair services.
• The iPhone 15 still runs with reduced USB capacity. You want it? Buy a Pro for another $200+
• The iPhone 15 Pro is made out of titanium. Kind of?
• The iPhone 15 Pro replaces the silence button you forgot you had with an Action Button. It can be configured to be stock applications or Siri Shortcuts.
• No one makes mobile games on Apple’s App Store and likes it, no matter what Apple says.

Referenced:

• Apple contractors caught listening to your Siri conversations
• Octavia Spencer voicing support for the Hollywood strikes

November 2025 Update

Orignal Review

In a rare turn of events, I get to review a device I got a week to tinker with—the System76 Darter Pro 9. Using the System76 Darter Pro has been one of the most interesting experiences in using a laptop that just feels different from most other laptops I have ever used before. The System76 experience feels open, fresh, and comparable to other contemporaries from Dell and Lenovo.

Now before you get excited, this computer is not mine. This device belongs to a family member in need of a new computer. System76 didn’t pay for this review and while I didn’t pay for this myself, I was spending someone else’s money. I took a stab in the dark to see what the experience was like. The Darter Pro has not disappointed in bringing what I feel like is one of the best ways to use Linux on a computer, to a point where I am now sold on the concept of a computer constructed with Linux first.

Hardware

The Darter Pro came in a cardboard box, which seemed like an upgrade if you see videos of the same box last year, because now it has a handle! Not only that, the laptop comes in padded foam and with a plastic paper cover. All in all, you are getting computer similar to other flagship computers from companies like Dell and Lenovo, but with a bit of a Linuxy twist.

But you don’t want to hear me regurgitate hardware, let’s get into specifics. You can buy the laptop from System76’s website and I was able to get a $50 discount. The computer cost around $1163 plus shipping and handling. They also gave me a t-shirt for free for some reason, which is far from one of the worst things I’ve worn in my life. I can’t say I’m the biggest fan of Pop!_OS, but I will be wearing this t-shirt for the rest of this review.

The computer comes provided with a little welcome card, telling you to “unleash your potential” and a quick little message about where to get help online. They also gave a cardboard standout character named Melvin, which okay… but this is a questionable inclusion. Cardboard is easy damaged and I think Melvin here is going to be staying in his little frame. Funnily enough, they also give various branded System76/Pop!_OS stickers, which used to be just individual, now they are 2 sheets together.

Also on the left side, you have an HDMI port and a USB-3 slot. On the right, you get a headphone jack, micro-SD card slot, USB-2 slot, the power button and its corresponding LEDs, an Ethernet port, and a Kensington lock.

The computer also has a barrel jack charger, which I am most certainly docking points for. You have USB-C and Thunderbolt ports, please for the love of all things holy, just replace the barrel charger with a USB-C port. Nobody would be complaining.

Upgrades

I did apply some customization. Under normal circumstances, I typically give my family members the advice if they need to do things, just use your phone, it’s easier. However, this particular family member has a home business and has been operating with a Fedora XFCE on a ThinkPad straight from the Windows 8 era with 4 GB of RAM. So going the full 10 year gap of computing basically gave me the liberty to do anything, because at this point, anything would be an improvement!

Given how long upgrading was in the past, this is what influenced what I chose to do in picking the configuration. I selected 16 GB of DDR5 RAM and a 1 TB NVMe. I’ve been worried about the growing memory requirements to do basic things in a web browser, but also leaving the door open in the future in case something drastic happens to software in the future.

While the stock configuration of the Darter Pro was 250 GB, but I pushed for the 1 TB upgrade. Microsoft has been famous for offering the 1 TB backup in OneDrive and I chose that much to leave enough breathing room to store not just business documents and media to come, but family photos and home videos from decades past.

Firmware

One of the major things I want to start off with is discussing firmware. System76 isn’t one of the only manufacturers to be using Coreboot; Star Labs, Tuxedo, Chrome Books all use it. But one of the things that makes System76 is unique is their own custom BIOS with Coreboot and I have some mixed feelings about it.

On one hand, the BIOS are fully open-source and can be upgraded for free using System76’s firmware tool. This means that you can actually get guaranteed motherboard updates, which compared to some Windows OEMs is a breath of fresh air. System76 also disables the Intel Management Engine, well okay, they don’t completely disable it, but it’s heavily neutered to a point where it can only do what it needs to. I consider Coreboot the more important part of the equation here than shooting the Intel Management Engine. It’s more of a priority to keep up with updates and firmware issues than a proprietary system typically only abused in targeted attacks.

Now for the bad news. While I enjoy the fact that the firmware is open-source and given a long life, I need to be brutal about how the firmware operates as of today. The System76 firmware has Secure Boot disabled by default, which is my mind is a massive L because Pop!_OS is an Ubuntu-based distribution, which should support Secure Boot out of the box. Furthermore, if you read their documentation about some of their other computers, they claim using Secure Boot is “not recommended.” System76 stop this. Ubuntu fully supports Secure Boot and we need to be pushing people to use Secure Boot because it’s part of what makes a secure system.

But the plot thickens. You can turn on Secure Boot after a quick reboot, but one of the things that really irked me was you can’t password protect the BIOS. Now someone did open an issue on their GitHub and in their defense when it comes to protecting user data, full-disk encryption will get the job done. But it’s shocking that for firmware that touted as open, maybe it’s a little too open. You don’t want the local house maid plugging/booting arbitrary USB devices!

Windows 11

Speaking of other weird subcategories, let’s talk about Windows 11. Hang on a second, wasn’t this a video about System76 and how they can run Linux? Well one of the unique things about the Darter Pro 9 and the other System76 machines in their generation is the ability to run Windows 11 with no major modifications. Of course, you do need to have Secure Boot enabled, then you can boot into Windows 11 just fine, well not without some problems.

For one, I noticed the touchpad would not function at all in the installer. I had to get an external mouse to click through buttons, because yes, Window requires a mouse to use their installer, unlike Linux. On top of that, the touchpad still didn’t work when I first booted into Windows. I ran Windows Update, then the touchpad starts working, but it would randomly stop working. Turns out it’s a Microsoft problem with Intel touchpad drivers. I don’t blame System76 or Intel for this, go blame Microsoft, for ruining fun in people’s lives!

If you use a laptop and need to dual boot Linux and Windows, I would strongly advise at this time avoiding System76. I believe with other major Windows OEMs like Lenovo, Dell, or MSI, you could get a better experience dual-booting at the cost of maybe a slightly worse Linux experience.

System76’s Power Management

The Darter Pro comes with Pop!_OS or Ubuntu, whichever you choose when you buy your computer. I didn’t care about these options here, because I think we can all make the assumption that System76 tests Pop!_OS on their hardware, but let’s test a real distribution. No offense to System76, but I want to use a rolling release distribution and something that actually supports Secure Boot, but what are our options?

There’s a support article that provides tutorials to hook up various Linux distributions that are officially supported by their developers:

• Arch Linux (AUR)
• Fedora (Copr)
• NixOS

Of the given distributions here, I believe that Fedora is the best option here, which is what my family member was using anyway, Fedora XFCE to be more specific. At the time I provided Fedora XFCE because it was a full desktop experience for a low performance environment.

But now that they now have a capable computer, I believe it’s time for something close to what they know, but adopt future trends and increased security. I selected Fedora KDE, because of its similarities to Windows and XFCE. But not only that, KDE supports Wayland, where XFCE still does not.

As a side note, System76 has a graphics switcher, but the Darter Pro doesn’t come with a graphics card, only integrated 13th gen Intel graphics. Under these circumstances too, they claim the graphics switching might not even work on other distros. On top of that, you need to build the GNOME extension from source if you want a graphical version (GNOME only) and not everyone would want to do this.

Experience

So what is using the Darter Pro like? First off, as an accessibility note, you can open the laptop with one hand, but it does require a little bit of force. It does feel better opening it with 2. The frame isn’t weak and feels generally solid, so opening the laptop isn’t too easy, but not difficult.

The touchpad feels pretty good. It’s not Apple levels of polish, but it certainly gets the job done and all gestures is something like KDE or GNOME are identified correctly. The one major downside about the frame isn’t just the frame, it’s the magnesium-aluminum chassis. This thing smudges really easily. In fact, after the first couple hours of use, fingerprints and smeared skin began to become more visible as time as gone on. This is probably the most negative thing I have to say about this laptop and it might be less noticeable if they want to keep using this material, but chose to make it more on the silver side, similar to what Dell or HP do with their computers.

The computer feels about 3 pounds. I didn’t weigh it, but I would say it’s around 3 lbs (1.3 kgs for my overseas neighbors). And this is with the heaviest build, because my family member requested the largest screen possible in a workstation computer. The Darter Pro has a 15.6 in (<40 cm), 60 Hz LCD display and this wide display was the largest one they offered.

The keyboard isn’t horribly loud and still shows flex, but it’s no different than most other laptops. It’s not flimsy and feels pretty solid. You do get the Super key, always a plus. I do want to comment that the function keys are in different locations than where most people expect them and they are no media keys.

The microphone out of the box, needs to be set really low. I set it to about 28% and felt it wasn’t blowing out my ears; it’s nothing to write home about. The webcam is also nothing special, but it’s 720p still, which is disappointing, but it will get the job done.

The speakers are okay, but don’t seem to handle bass particularly well. It’s able to convey the scene properly and gets you 80% there. The color settings on the display are also pretty good and nothing feels out of place. The screen also is anti-glare and did a great job at diffusing ambient light or bright areas.

I did stress test this thing a little bit. The battery life is approximately 9ish hours and I did deplete the battery to about 30% and did a estimation, so maybe not the most optimal test.

Now just to burden this thing as much as I possibly could, I wanted to pick a current generation game, but something that could still support the computer with integrated graphics. The Darter Pro comes with 13th-gen Intel and I ran the Witcher 3: Complete Edition (the DirectX 11 version) with the low settings. The framerates are similar to what you’d experience on a Nintendo Switch and at worst, the frame rate would dip to the 16-20 FPS area, namely in the city areas like Novigrad and the opening cutscene with the Wild Hunt. I’ll give the Darter Pro a pass here because clearly this wasn’t meant for gaming, but to be a workstation computer.

Final Thoughts

System76 is a new experience and I only had a few days to play with one and power through some of the things I wanted to see about experiencing one for myself. The firmware definitely needs some work and there are some defaults that need to be changed, but overall the Darter Pro provides a fantastic workstation experience. If you are a writer, a developer, or a general computer developer, you would enjoy using it. The software experience, provided you don’t use Windows and use one of their supported distros is a joy to use. I would recommend this computer is you are diehard dedicated to the open firmware experience and want to support a company that is pushing the experience. Just maybe invest that money into magnesium-aluminum that doesn’t smudge so bad.

Summary

(Updated November 3rd, 2025) 🚫 Not recommended, unless you intend to support System76 and Pop!_OS.

Pros

• Powerful performance
• Reasonably priced with configuration choices
• Great 16:9 matte display
• User serviceable and repairable
• Fully open-source firmware

Cons

• Very easy to smudge/collects fingerprints
• 30 day refund includes the days it took for your computer to ship to you
• Below average webcam, microphone is average
• Windows is less viable due to touchpad driver issues
• 1 USB-2 port (seriously, we should be past these by now)
• Open-source BIOS is missing a lot of features other BIOS have
• Secure Boot does not work out of the box and is actively discouraged by System76
• (Updated March 9th, 2024) Disabled Intel Management Engine
• (Updated November 3rd, 2025) Provided battery lasted less than 2 years

Other

• Pop!_OS, Fedora, NixOS, and Arch are community supported
• Lots of merchandise in addition to computer (t-shirt is limited edition)
• No USB-C charger
• Fn keys are not in the places they are traditionally on other computers

Track Listing (Partial)

• t12ya - Under Moonlight (月灯の下)

Case 1: Windows 10

Windows telemetry can’t be turned off and you only get 2 options: Full and Basic. No matter which version of Windows you use, the GUI won’t give you a way to deal with this. You can use Group Policy Editor of course, but in order for you to get access to the real Group Policy Editor, you need Windows 11 Pro or higher and pay through the nose to get.

Telemetry collected in both cases appears to be useful, but it’s ruined by the ethical quandary. Users are never given the proper means to consent except that big Terms of Service box when they bought their Mac or PC and clicked “I Agree.” Arguably, Windows’s telemetry is worse because Windows’s team continues to smear their name by ripping out existing features and the overreliance on siphoning user information. All of this compounded by the fact that Microsoft sells off your information to advertisers in their Bing network and has been doing so since the Sinofsky era of Windows.

But wait! Even if you use Windows Pro, you still can’t turn off the telemetry! The only way to avoid it is to:

• get a Windows Education/Enterprise license
• In order to get the license, you need to contact a Microsoft sales rep and give Microsoft business-relevant/mostly accurate information.
• Then you need to pay for volume licensing or a subscription fee for its activation, which also might involve hosting a Azure AD server.
• Then you can turn off the telemetry.
• Screw Microsoft and just use anything else except ChromeOS.

Case 2: Opting Out & VS Code

But let’s say a program that lets you turn off the telemetry, what do you do? You could of course trust them, but we need operate with “distrust, but verify.” Let’s take one of my favorite examples: VS Code. If I haven’t already, I hope I’ve drilled into your skull that Microsoft is one of the most evil and privacy invasive companies on the planet, so because Microsoft is evil, that must mean VS Code is evil!

Indeed, at a glance when you review the documentation for VS Code, VS Code is subject to Microsoft’s privacy policy, the same legalese privacy policy that allows Microsoft to market off your information. But there’s a few important differences between VS Code and Windows: VS Code includes a toggle for users to turn off telemetry collection. Unlike Windows, this toggle fully disables VS Code’s telemetry.

There’s no way you could know that…

Now, the keen-eyed keyboard warriors are going to pounce on this and say “Aha! But there’s no way you can actually know that!” But there is, dear commenter, and it’s the GitHub page, you know, where they publish most of the source code, including the code for the telemetry bits! “But the backend for VS Code’s extensions are proprietary!” If you don’t want VS Code to track your extensions, simple, don’t use VS Code. You can go crawl over to VS Codium, but it isn’t going to change Microsoft gets to monitor the VS Code Marketplace and all the silly AI extensions you install.

The other reason VS Code wouldn’t help is also obvious: you don’t trust the telemetry being turned off when you uncheck the box? Consider that VS Code is the IDE of choice for developers, some of whom have to be savvy enough to read the source code, and would type an angry message on Twitter and Mastodon that VS Code was spying on everyone even if the box was unchecked? Come on, use your noggin. Who knew that if you used an online service, you have to trust they won’t do anything bad?

Case 3: The Preceding Reputation

Let’s talk about the most spicy one: Ubuntu. Ubuntu has garnered a long history of being called spyware by the famous Richard Stallman (sucking his toe) and the Electronic Frontier Foundation because of the Amazon search integration into their operating system. However, Ubuntu suffers from not what they are actually doing, but they dragged their reputation was dragged through the mud for years. Ubuntu removed the Amazon searching, but continued to include an Amazon icon that would redirect people with a referral link, just like if you were to visit the description of my video and click on a link. The problem is because the Amazon incident with search queries, people held that against them.

This reputation also may have further damaged another part of Ubuntu, the introduction of operating system telemetry in Ubuntu 18.04. Now we get into the realm of what telemetry is harmful and what’s benign. Canonical’s developers have always been open about what information about what will be collected. In practice, Canonical collecting this telemetry is purely to improve Ubuntu and some fairly common settings that can’t really be used to identify people as it’s largely impersonal.

When poor Will Cooke announced this on the mailing list, people piled in complain online and how Ubuntu was continuing down a dark path, even though the data is pretty harmless. Why? Because Ubuntu 18.04 continued to package the Amazon icon and the baggage of the Amazon incident. Even though it’s pretty clear how to disable it by unchecking a box. Once again, because Ubuntu is open-source, we can verify unchecking the box does as it claims.

Playing Devil’s Advocate

But let’s wrap this up. I spoke in an entire video defending telemetry and trying to understand it, but what about the normal person? What about someone who wants to protect their privacy? If you want to help the developer and you feel that you are helping them by providing telemetry, then by all means provide them that data; it’s your prerogative.

On the other hand, you are an extremist when it comes to privacy. We’ve seen studies about how easily information can be deanonymized and it helps that the information is impersonal, but I want all the help I can get and that includes turning it all off.

And by the way, if you need to resort to using Little Snitch or Portmaster to clam up telemetry if you’re given no opt-out, maybe you should consider using something else.

Hey guys, it’s Trafotin. Everywhere across the internet, people brag about the choice of Linux, and while not too complicated, Linux actually has less choice if your someone who cares about your decisions and I’m going to unpack why in my TED talk just shy of 20 minutes.

B… BUT MY CHOICE!

People like to think their computer is in all about choice and go ahead and crucify me, choice is actually very limited and I say this as someone with a channel who needs to recommend things to others. Linux just so happens to be the desktop OS that offers the most choices, but I would argue that most of them are “fake choices” at best or serious pitfalls at worst. Let’s back that up with an example, like say, your desktop environment or window manager.

Linux has lots of desktop environments: GNOME, KDE, XFCE, Mate, Cinnamon, LXQT, and LXDE. If you’re a window manager user, there’s plenty for you too: i3, awesomewm, Sway, xmonad, bspwm, and so much more! But what if you drill down to what matters: you want a system that’s comfortable to use, secure, and efficient at getting things done.

But let’s take security for example and this “choice” starts to break down. In order to promote the “secure” Linux desktop, we need to be using Wayland. Wayland is the next generation of display management on Linux and is more secure than the legacy window system X11. So how many of what I just showed support Wayland? The answer is only 3 of them: GNOME, KDE, and Sway. It’s a hard truth and that shows there’s actually less choice because most of these desktop environments and window managers are stuck in the past.

I’m not saying it’s easy; if it was easy, people would have moved already. But some Linux users practically worship their desktop environment and it’s just gross! Look, anything that can watch movies and communicate with my friends is like gold to me. The mentality I have is one of a digital nomad; if you use something and that something isn’t keeping up with either your needs or industry/security standards, then you have to move on to something better in life. The harsh truth is most desktop environments and window managers can’t keep up with the fast pace of development, either due to lack of developers, funding, or leadership. GNOME and KDE prove you can move fast because they both have lots of developers, funding, and solid leadership. That doesn’t mean you can’t go slow, because Sway helps build up wlroots for all the Wayland users who want window managers. And it can’t mean you go too fast either, because that’s why not many people willingly package Hyprland.

Gotta Go Fast

But it gets worse. Not only do your desktop environment or your window manager matter when it comes to speed, but your packages and everything you install does too, all the way down to your operating system. That’s why I recommend to stick to rolling releases. A rolling release means you’ll always get the latest and most up to date software with their newest features.

Fedora is cutting edge of Linux desktop users and has been dead-set on revolutionizing the Linux desktop as we know it. Many things critical to Linux, Flatpak, Wayland, image-based distributions like Fedora Silverblue, and Pipewire are just some of many. Fedora has been what I have stayed with for years because of its push for innovation in the desktop space and strong defaults.

Using Fedora is why I have been a long time advocate for rolling release distributions. Fedora adopts these new technologies faster, which means your system becomes not only more usable for you, but also more secure. I daily drove Debian for years and let me tell you: having outdated, crusty packages like GNOME 3.22, which at the time had a severe memory leak that went unpatched for years), just felt wrong. No offense to Debian, it’s a joy to work with in the cloud, but for desktop usage? No thanks.

Not only that, it does a disservice to the people who work so hard to create their software, only to find out there are weirdos in the wild using ancient versions, which they don’t maintain anymore. It’s about getting close we can to what is actually given to users. We’re seeing Canonical drop support for Firefox or cups and Red Hat with LibreOffice, but supporting the Firefox or LibreOffice’s snap/Flatpak means you are getting an experience curated by Firefox and LibreOffice’s devs. It’s only better for everyone.

And I know that there’s serious distrust over “but installing feature updates will break my computer!” Guys, this fallacy was created by Microsoft because they have beta-tested updates on their users since Windows 7. Features are not bad! Features fix problems and make your life better. If you are seriously concerned about stability, check out something like Fedora Silverblue, Kinoite, or Sericea. You don’t like an update, you can always roll back if you encounter a problem AND experience the awesome new features!

What are you going to do… use Windows or Mac?

The other thing I want to seriously stress Linux is not some silver bullet. Using Linux takes away one choice and it’s a choice I’m sure is going to piss the old people who watch me off—it’s using proprietary software.

Let me speak for experience as someone who does quasi-professional video editing, photo editing, and design work. I use the Adobe products pretty regularly and I’m familiar with the Affinity suite and let me tell you, unless it was Inkscape, using the other open-source solution felt like I was handicapping myself. GIMP’s supposed “stable” version is actually more unstable than the beta and Kdenlive can’t even show you something on a screen accurately (especially with proxy clips).

But the plot thickens, because using DaVinci Resolve Studio on Linux (yes, the paid one), you’re limited in what codecs you can use because of the stupid American legal system. And don’t get me started on getting proprietary solutions like it on Linux! You might not like proprietary software (trust me I don’t either), but when it’s an action I know for a fact can be done more efficiently somewhere else, I’m going to do it there.

And this forces you to surrender to Windows and macOS again. You’re a creative type like me and you find the behavior of Microsoft worsening every day—go use macOS if it means you doing what you need to and be aware of the privacy invasion and the trap of the Apple ecosystem. You want to play Destiny 2 or Roblox without being penalized or banned or you’re an aspiring game dev? Windows is there too.

Takeaways

In the end, it’s all about what works for you. And that’s what most important after all. If you can use your computer as a tool, that’s great! But only as tool. Temper your expectations and acknowledge what you can/cannot do, but always leave the door open to learn and don’t get attached to this stuff. It’s just a bunch of text buzzing around in a computer.

What’s Happening?

Activision is one of the largest video game companies in the world and makers of some of the most popular games in the world, like Call of Duty, Candy Crush, and Diablo. But nothing has been going good for Activision. Reviews for their recent games have been middling and many accounts of a culture harassment instigated by the senior leadership. Activision is imploding and everyone knows it.

Enter white knight Microsoft. January 18th, 2022, Microsoft announced they would purchase Activision for 69 billion dollars (nice). Even more fascinating is reactions from gamers and famous streamers has been glowing with the idea of Xbox getting more games. Of course, Microsoft’s Xbox division has been busy securing various deals and promises of exclusivity with Nvidia, Boosteroid, and various other game studios. Of course, they’ve promised these deals will last as long as a decade and allow autonomy to their partners, but I’ll get back to this.

But we need to ask ourselves: why is Microsoft willing to spend seemingly bottomless sums of money to acquire video game companies? The answer is Microsoft has been a distant third in console gaming and even more disconnected from the coveted revenue source of mobile gaming. From the outside looking in, acquiring Activision would instantly give them a large portfolio of established brands and further their goal of boosting their Xbox platform and an entry point into mobile gaming.

FTC, CMA, WTF?

Unfortunately, the press conference was not televised and was transcribed by third party account and new sources.

If you thought gamers capitulating to Microsoft’s decision was crazy, many other countries have also allowed the merger. Except the biggest resistance comes from the United Kingdom’s Competition and Markets Authority (CMA) and the Federal Trade Commission (FTC) here in the United States.

Over the last week, the FTC’s private court case has surfaced a treasure trove of documents, emails, and corporate posturing exposing the truth behind the whole thing (some of which Sony didn’t even redact properly). Sony, the creator of PlayStation and biggest critic to such an acquisition, has loudly protested with the fear Microsoft will sabotage the PlayStation versions despite Microsoft promising a decade-long, non-exclusivity agreement.

What does this mean for us?

Of course, the news stops right here and this is where the palm reading and dream interpretations begin! We’re still waiting on a decision and by the time you see this, the US courts may already be done. But what these US courts won’t see is the long-lasting consequences (if they even understood what they were even presiding over that is)!

Let’s face it: Microsoft is going to get what they want.

Too many public people and governments are in favor of this and it will go through. The only thing we can hope for is this used to create some regulation against the harms and fears both Microsoft and Sony levy against each other. Microsoft hates exclusivity because Sony has been milking it as a tactic for years. Sony hates the prospect of Microsoft taking away games from the walled garden they created.

How do we solve this? Ban contractual exclusivity and sabotage of non-exclusive products in gaming. This will alleviate fears from both sides and end what essentially is petty political posturing over PlayStation and Xbox exclusives. In fact, it’s clear Microsoft doesn’t even care, because they wouldn’t have offered such an option for no exclusivity in the first place.

But Think of the Gamers?

The other reason is this court case showcases how ill-prepared the federal court and the FTC was dealing with this whole debacle. The Biden administration here in the US have vowed to crackdown on Big Tech and in the current laws as they are, Microsoft knows they will win, because they write endless papers to the Wall Street Journal and popular influencers basically saying:

We lost the worst generation to lose in the Xbox One generation, where everybody built their digital library of games.

Phil Spencer, Phil Spencer Interview: Redfall Reviews, Activision Deal - Kinda Funny Xcast Ep. 137 | 37:14

Acquiring Activision Blizzard would enable Microsoft to compete against [Sony, Apple, Google] through innovation that would benefit consumers. While modern consumers can stream videos or music on multiple devices on low-cost subscription plans, many games can often only be individually purchased and downloaded onto one device. Microsoft wants to change that by offering consumers the option to subscribe to a cloud gaming service that lets them stream a variety of games on multiple devices for one reasonable fee. It would also benefit developers by allowing them to reach a much broader audience.

Brad Smith, Microsoft’s Activision-Blizzard Acquisition Is Good for Gamers (Without paywall)

The @CMAgovUK’s Senior Director of Merger Reviews–who used to work for #Sony’s law firm–will speak now at a @CompetitionLaws (@Concurrences) event on “Merger Remedies in a Post-Brexit Context”: https://events.concurrences.com/en/evenement/merger-remedies-in-a-post-brexit-context

Another speaker has current Sony/Google ties.

🧵1/3

— Florian Mueller (@FOSSpatents) May 25, 2023

And news that one of the directors of the CMA used to be a Sony lawyer no doubt helps Microsoft’s narrative, but just icing on the cake.

Activision is a new Microsoft monopoly strategy

Microsoft may lag behind its competitors in the gaming space, but that doesn’t mean they aren’t in others. In the landscape of gaming, consolidation was guaranteed. The greater concern is what this means for the other, non-gaming industries Microsoft has real market share in.

While Amazon dominates the cloud space, Google and Microsoft have been fighting tooth and nail for the silver medal. While both Google and Microsoft have been ramping up their AI spaces, this is where Microsoft hopes to get out of Activision—expanding their cloud offering, which is why in reading accounts of the trial, Sony is so afraid of Microsoft’s cloud platform (Sony’s own game streaming is by Microsoft after all).

In review of Microsoft’s cloud revenue, Microsoft makes $34B in cloud revenue every year and in all estimates, this beats out Google’s $26B, while still being a very distant foe to Amazon. But this follows a pattern of behavior from Microsoft—being a content #2 while your larger rivals eat regulation and each other. And Microsoft may have come to view their position as a distant third behind Sony and Nintendo the same way.

Of course, there’s nothing to stop Microsoft when they’ve amassed the largest cloud offering after the fact, right?

The Win For Windows

One thing that people aren’t talking about is game development in light of Activision and you might ask what will change. The reality is (and I’m sure many game devs in the comments will back me up) most game developers just use Windows, a Microsoft-owned platform that dominates a large portion of desktop/developer market share. No sane person uses macOS (God help you Linux) for game development.

But subject to this dichotomy is Sony, whose devs will no doubt be using Windows and porting their games to Windows once their exclusivity ends. PC gaming is also the dark horse of this whole trial and while it may be limited to a small, vocal minority, it’s largely a Microsoft-controlled platform to boost their influence in the world. Microsoft and Google constantly fight over the enterprise world and this deal would only benefit Microsoft in getting more people to use Windows.

Pulling the Rug (10 Years Later)

Microsoft has promised that these platforms and games will be available to outsiders and Sony for years to come, but all you need to do is ask yourself the question: what happens in 2034 when these deals are up? Of course, this is the biggest stretch, but consider this:

• The CEOs of Xbox (or equivalent because Microsoft changed the name multiple times) have never lasted very long. If Phil Spencer’s successor comes along, what if they don’t share the same views or if Microsoft takes a different position? Then you will really will be dealing with having your platform’s games taken away unless meaningful regulation is passed to block it.
• Inevitably, someone is going to bring up “embrace, extend, and extinguish,” but this fails to capture Microsoft’s “content to be second” strategy. I understand to the old timers out there it’s a concern, but I would be more concerned that Microsoft’s strategy is going to become the going practice for the rest of Big Tech.

Outro

But alas, there’s nothing you and I can do about it. Popular opinion is on Microsoft’s side and gamers only want what’s good in the moment. So I need to lay this to rest.

Have you enabled Secure Boot on your computer? I sure have, but what is it and why it’s so important to the fabric of computing today? Why is Windows 11 pushing Secure Boot so hard? Is it a way for Microsoft to block off third party operating systems? Did someone on a forum or Discord tell you to turn it off? All of this and more as we learn together why UEFI Secure Boot should be required for everyone!

What is UEFI?

Desktop computing is exposed to constant threats in the wild and one of the worst things that could be compromised is your boot process. For something like your phone or your laptop with critical information, we want that stuff locked down tight to prevent bad guys from getting in.

In a brief (ultra-simplified) explainer, any computerized has 3 major layers:

1. Your hardware, like the device you use.
2. Your BIOS, which operates as a single point of trust to handle things like peripherals.
3. Your operating system, like Windows, macOS, or Linux, where you make changes to your computer.

While booting up a computer started off simple in the early days, it has become more complex. Previous older iterations were things like the Extensible Firmware Interfaces (EFI), which is a miniature operating system that vastly increased this capability. EFI adds that ugly interface you have hidden away that controls things like your power management, virtualization, and what not.

UEFI “unifies” the complexity of EFI, but also makes UEFI the “trusted” version of EFI. You rely on your firmware to know if your computer is properly booting and not doing something sketchy in the process. UEFI is another chip attached to your motherboard that adds cryptographic authentication your devices are running and initialized properly. We need UEFI because many corporations view UEFI as the continuation and future of EFI.

What is Secure Boot?

The added cryptographic verification presented a new frontier for device makers. Personal computing devices like your computer or your phone contain lucrative information for attackers, so the big operating system vendors invest into protecting the sanctity of your system.

This started with the Platform Initialization standard. This generates a key, typically from your motherboard’s manufacturer, which attests the firmware on your motherboard is indeed valid and has not been tampered with (there’s protections for timestamping changes, so modifications, to prevent rollbacks, and replay attacks).

Secure Boot uses UEFI’s keys and ties it to pre-baked keys from your manufacturer to add an extra layer of security against malware exploiting this boot process (it’s similar to the prebuilt keys in your browser). This validates that the operating system you boot up is precisely the intended target and there’s no malicious code burrowed in as your device boots up. There’s also a keystore with forbidden keys, where if a key can no longer be used to verify boot images, it’s added to a blacklist so they won’t ever work again.

Exploitable Firmware Interfaces

This isn’t hypothetical, because state-sponsored attacks and limited attacks in the wild take advantage of people who haven’t caught up yet despite the years that have gone on. The Chinese research company Qihoo 360 reported on (in Chinese) UEFI rootkits using the backwards compatibility modules for EFI in ASUS’s computers.

Most recently, the Russian firm Kaspersky found a rootkit yet another vulnerability targeting this backwards compatbility, once again in ASUS and Gigabyte motherboards. If you thought ASUS shorting their BIOS or Gigabyte getting their firmware backdoored, that isn’t even the worst of it!

Microsoft Vs Corporate Linux

These sophisticated attacks are nothing compared to the history tied into the way Secure Boot was presented to the public. The dreaded operating system Windows 8, under the iron fist of Steven Sinofsky, began to require “Microsoft-compliant” UEFI Secure Boot. In the classic, poorly worded style of Microsft communication from the madman, Sinofsky added just a little clause to these requirements:

In the screenshot below you will notice that we designed the firmware to allow the customer to disable secure boot. However, doing so comes at your own risk. OEMs are free to choose how to enable this support and can further customize the parameters as described above in an effort to deliver unique value propositions to their customers.

This last line got major Linux manufacturers seriously concerned because history has shown OEMs often cut corners to ship firmware and what if the ability to boot something other than Windows was taken away?

Papers from Red Hat and Canonical describe how the ability to write and add keys needed to be included into the Microsoft requirements so OEM keys. In the original Build blog post, Sinofsky does mention this at the beginning, contradicting the quote that got everyone so worried:

Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components… Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows

This quote provides probably the “intended” (whatever that means to you) meaning to users, “you can turn off Secure Boot, but you do so at your risk.” If you examine these carefully, you’ll see Red Hat and Canonical’s engineers don’t reject the UEFI or Secure Boot standard, but it needed to be done in an inclusive way to allow Linux users, on the server or desktop, to get Secure Boot.

Secure Your Boots Now!

To this day in comments, in places like Reddit, Discord, or 4chan, I continue to hear is using Secure Boot doesn’t work if you don’t use Windows. And while that might have been true at one point, it hasn’t been true for over a decade. I can guarantee that the vast majority of Linux users disabled Secure Boot because a guide online told them to. For example, I caught this “guide” from some guys on the Garuda Linux team telling their users to disable Secure Boot, which just borders on irresponsible because it can be done!

Not just this behavior, but also the fact Garuda automatically trusts and rebuilds some goofy fork of the AUR is reason alone you should just stay away from them.

It’s even more ironic the 2 most popular desktop Linux distributions, Fedora and Ubuntu (and their derivatives like Mint and ublue for example), have never been subject to this. Red Hat and Canonical have to cough up a one-time $99 fee to access the 3rd party Microsoft key, which ensures their users get full access to Secure Boot. This third party shim key Fedora pays for is used by the USB tool Ventoy to ensure Windows 11 and other compatible Linux distros can use Secure Boot out of the box (with a nifty guide!).

But Secure Boot on Linux breaks if you use the proprietary drivers like NVIDIA proprietary driver. In Fedora, Fedora includes Akmods, a startup script that rebuilds your packages on boot. Akmods allows you to generate your own key using openssl and sign the Linux kernel, thus allowing NVIDIA’s driver through Secure Boot correctly.

I wrote 2 little scripts based on a guide from the folks at Fedora’s RPMFusion that allows you to sign the kernel, so you too can get Secure Boot with the NVIDIA driver on Fedora. Once you enroll your keys, you reboot and can toggle some settings using mokutil to configure Secure Boot properly, by continuing with your keys. There are other methods for openSUSE’s installer and Arch Linux, but I’m not familiar enough with them.

I’m going to leave it there because instead of making strawman arguments claiming Secure Boot will lock people out, we need to accept the new standards because UEFI and Secure Boot are realities you need to wake up to. I didn’t even get into the part where Windows and Linux are just broken compared to Macs or mobile devices! So leave a like on this video. Leave a like on this video if you hated the Windows 8 era!

Verified Boot and TPM-verified boot

Desktop computing security is fundamentally broken compared to the strength of verified boot on Android and Apple devices. The advent of technologies like Intel Bootguard and Microsoft’s Pluton prove that the silver-lining of Windows 11 is PC verified boot has gotten easier than ever. However, there’s the issue of certificate verification. There’s are bypasses that require enabling third party UEFI certificates, like the ones Fedora and Ubuntu use, on Lenovo computers, but Linux now supports Secured Core computers without the need for such measures. If you use a distribution that isn’t a rolling release with an updated Linux 6.3 kernel or higher, you won’t get access to stuff like Pluton.

It’s Apple’s big day and they have a lot to prove! Can they hold their dominance in personal computing or will they succumb to the failed promises of virt… augmented reality?

TRAFOTIN: Hi everybody, today we’re going to be watching Microsoft Build. By Microsoft Build, I mean one of the most boring events of our lifetime.

WINWARD: I mean, it’s better than staring at a wall.

TRAFOTIN: Wait, is he, is like his remote? Like, do you see like it has like a big red button on it? Wait, it’s literally like the nuclear launch codes. He’s gonna set off the nuclear launch codes and he presses that button.

WINWARD: That’s the AI kill switch that they were talking about.

RAJESH: When you’re creating a document, whether–

TRAFOTIN: You could hear a pin drop in the room.

WINWARD: I know! It’s so bad.

TRAFOTIN: This is awful. Oh, by the way, what makes this even worse is that before they even started airing, they uploaded a blog post yesterday. with all of this!

ARCHANA: I’m going to show you how the Copilot is grounded in your company’s data, thereby helping you work more efficiently.

TRAFOTIN: I’ll show it how it’s grounded in your data, meaning we’re feeding all of your data to it.

These people look so enthused. They must be so happy.

WINWARD: I mean, I guess it would probably behoove us to pay attention because this is how all of business is going to communicate in the next like year.

TRAFOTIN: What do you mean, we don’t need to pay attention. We just tell Copilot to answer all of the questions.

WINWARD: Yes, Copilot, just do the stuff for me. I don’t even need to tell you anymore. Just do the things for me.

TRAFOTIN: Oh, Copilot, while you’re at it, can you spin up those Microsoft awful metaverse avatars and then have them speak in a text-to-speech voice in a Teams call for me? Thanks.

Wait, what is that wallpaper in the background? That’s not one of the stock Windows 11 wallpapers.

WINWARD: It’s blue, it’s blue is what it is. It’s probably AI generated.

TRAFOTIN: No, not that one. Like when they show the Teams window, there’s a background and that background isn’t one of the stock Windows 11 wallpapers. It’s a different like thing.

WINWARD: Windows 12 confirmed.

TRAFOTIN: Mm. You heard it here first, folks. That’s probably proof Windows 12 is coming.

Infraction X Aim To Head - Falling

I can’t believe I’m saying this, but I wish Panos would show up.

(Winward laughs in lack of Panos)

This is insufferable.

YINA: Back to you, Rajesh.

RAJESH: Thank you, Yina. That was awesome.

(audience applauding)

TRAFOTIN: Thank you, Yina. That was awesome.

(laughs in corporate depression)

He looks like he’s got the stuffing beat out of him!

Did they like throw her on stage? Like, didn’t like not tell her what’s going on?

WINWARD: I feel like, I think what she is is she’s really nervous, which I feel bad for because I’ve definitely been in front of a group of people and feel really, really nervous. But I can’t tell if she’s really nervous or if she just like drank a lot of coffee beforehand.

WAMWITHA: …for a presentation to Relecloud. Thank you.

TRAFOTIN: Whoa, what was that? Whoa, what?

WINWARD: I think she’s really tired and probably just needed to sit down.

I actually don’t know. Have there actually been rumors about Windows 12?

TRAFOTIN: Yes, they are very real. Basically, there are rumors circulating among some of the top Windows leakers and journalists that the next release of Windows is going to come at the end of this year or next year. And it’s going, which is probably at the end of this year because they want to release it in 2024. And that’s mirrors, Windows 11, which they had an awful event for in 2021. And then it comes out in 2022, right? To match the timeline, right?

WINWARD: And then, yeah.

TRAFOTIN: And then when it comes out, they’re going to have all, it’s going to be the AI release. But the AI release has all sorts of special AI features. And what they’re going to do is they’re going to require that you have a processor with an NPU, which is only newer hardware, which doesn’t even exist yet.

Cringe, cringe. They don’t even have legs! Oh my gosh! Don’t remind me of this!

WINWARD: The metaverse, the metaverse!

RAJESH: Let me invite Panos to the stage.

WINWARD: Yay…

TRAFOTIN: Yes! Yes! Panos! Panos! Yes! Whoa, he actually smiled impossible.

PANOS: I love it.

TRAFOTIN: I love it.

PANOS: I love it when people get pumped about Windows, You a little bit pumped about Windows?

(laughing in Panos’s pumpedness)

TRAFOTIN: Panos stop!

WINWARD: Self-aware!

He just has so much of a better stage presence.

TRAFOTIN: No, he doesn’t. This is Panos we’re talking about here. He’s got to tell a story about his family. Watch, just watch.

WINWARD: He still has a better stage presence.

PANOS: …incredible time to be of a developer.

TRAFOTIN: I mean, he looks like he’s got a burst in the tears at any moment like Panos always does, but…

PANOS: Now we’ve talked a lot about AI. You’ve heard a lot about it.

WINWARD: Yes, I’ve heard arguably too much about it.

That is a pretty cool wallpaper.

TRAFOTIN: Yes, but where… this is what I mean.

It’s like, this is clearly made for something. And what if that something is Windows 12?

WINWARD: What if they announce Windows 12 at the end of this? Is that even a possibility?

TRAFOTIN: No, there’s no way. They’re going to announce Windows 12 at the end of this. They’re gonna do it from the holiday season. But I mean, they probably learned their lesson with Windows 11 because this is about the time they announced Windows 11 and that was a train wreck.

WINIWARD: Yes, but when has Microsoft ever learned from their mistakes?

PANOS: I’m not supposed to do on stage and ask a question. You never do this in a keynote, just so you know. When you ask a question, if people don’t answer it,

TRAFOTIN: Oh no…

PANOS: it’s a terrible moment, so just stick with me.

(Panos clears throat to get more pumped)

TRAFOTIN: Cringe.

PANOS: So true, don’t do it. You always lose your audience, but let me just say,

I told, I saw you, I’m like, oh right, you were born in the internet, I got it.

TRAFOTIN: Panos, stop, stop it. Panos, just stop. Oh my gosh.

(Winward laughs in bad Panos stories)

Panos, I don’t care about your personal understanding of the internet when you were like 20 years younger. I literally don’t care. Just get to the point, Panos. Are you gonna tell me a story about your daughters?

PANOS: So hard to get on, I used this thing called Gopher.

(Winward imitates a buzzer)

TRAFOTIN: You hear that you nerds? He mentioned Gopher! Oh, he’s so relatable.

(laughs in Panos’s pretend geekdom)

PANOS: I remember the first few days at work. Don’t get me wrong, I did a little bit of work, but I also remember being on the internet.

(audience and Winward laugh)

TRAFOTIN: We all know what you were doing on the internet, Panos. It’s okay.

WINWARD: He said on the internet, then people laughed, and it’s like, hmm.

PANOS: It was, it’s indescribable.

TRAFOTIN: Dude, it’s just a computer. No one cares.

WINWARD: It’s not just a computer. Actually, no, what’s a computer?

(Winward laughs in 2017 iPad ads)

TRAFOTIN: Stop it, stop it, get out of here. I’m gonna take your iPad and break it over your head.

PANOS: In a couple of weeks, I read the entire internet for sure. I’ve just, I read the whole ESPN catalog. There’s no doubt about it. I mean, I read everything.

You might not know where to start.

TRAFOTIN: What are those shoes?

WINWARD: Oh, I was just remarking. The toe is so square!

TRAFOTIN: Is he wearing like…

PANOS: We’re not gonna talk in great depth of it today. Shilpa will hit some of it, get in there, read the blog.

(Trafotin pounds table in Microsoft blue balls)

TRAFOTIN: Microsoft, talk about it today. What? No, no.

WINWARD: They’re gonna make you, they’re saving it for October.

TRAFOTIN: They’re saving it for Ignite. So at Microsoft Ignite this year, they can announce Windows 12.

PANOS: I’m gonna come down here. I have to share with you.

TRAFOTIN: No, he’s walking off stage, yes! Yes! That’s the Panos I know. Panos come back, we can’t light you.

(laughing in the darkness of the crowd)

WINWARD: So what do we do? Just stay seated at one guy’s camera.

TRAFOTIN: Is he really getting close to me?

(laughing in Steve Jobs copycat)

WINWARD: All the guys are like so bored, so bored, so bored. Have to focus, have to pretend to pay attention.

PANOS: This has a platform, a funnel for all those plugins that you can bring forward. The two days of plugin-palooza that you got.

(Trafotin laughs in alliteration)

WINWARD: Plugin-palooza, pumped plugin-palooza. Panos has to stop with the P words.

TRAFOTIN: Plugin-palooza, what?

(applause)

TRAFOTIN: The guy just looking at the camera.

WINWARD: I like how they keep like sliding in Ubuntu.

(audience applauds)

SHILPA: I am so glad you’re glad! The team’s gonna be thrilled. This is awesome. Now you heard Panos briefly talk about this earlier

TRAFOTIN: She brushed over that so quickly though, like being able to like open RAR and 7-Zip archives directly in Explorer, sign me up.

WINWARD: That is pretty good. I mean, everyone already has either WinRAR or 7-Zip already installed on their machine, so. I miss having my notes in my widgets and my calculator folding on top of my desktop.

TRAFOTIN: The best feature that Microsoft could introduce to the widgets is turn them off.

(Winward laughs in widget goodness)

SHILPA: We’re introducing a new feature called AI Generated Review Summary.

TRAFOTIN: But what if the AI generates a bad review?

WINWARD: Well, they have an answer to that. There’s always a little disclaimer down at the bottom that says sometimes the AI will generate mis–

TRAFOTIN: Oh, that Australian politician, he molested a child! This description might be wrong.

See, he’s looking up too. What if instead of looking up at the teleprompter, there’s a sniper like in the ceiling pointing a gun at him? Is it prerecorded like the last couple of demos?

WINWARD: She’s just gonna take a tour. It’s definitely not prerecorded.

TRAFOTIN: Meaning click a button on a PowerPoint?

WINWARD: No, it’s definitely not prerecorded.

TRAFOTIN: That prompt is not very good.

PAVAN: Okay.

(laughing in bad DALL-E) WINWARD: Wow!

TRAFOTIN: That looks so bad.

CASSIE: That’s right, but we can do better than that.

PAVAN: Boom! 2 seconds, fantastic.

WINWARD: Wow. Such wow!

TRAFOTIN: That was also bad. That’s atrocious.

WINWARD: I mean, they could have chosen a better–

TRAFOTIN: This is the best you have to offer Microsoft?

WINWARD: They could have chosen better prompts.

PAVAN: And Panos is gonna come back here to tell us what this opportunity looks like.

TRAFOTIN: No…

PAVAN: Thank you very much.

(audience applauding)

Sorry! That was Stevie.

(laughing in lack of planning)

TRAFOTIN: He said the wrong name.

WINWARD: I’m not Panos.

STEVIE: I gotta admit, I’m actually feeling a little vulnerable. You see last year I had a bunch of really cool demos to lean on. This year, Panos handed me a blank piece of paper.

WINWARD: Yeah, he was the guy who played the guitar and he scolded Panos for trying to, trying to demonstrate the noise canceling.

TRAFOTIN: Look at that teleprompter, whoa. Did you see that teleprompter?

WINWARD: I guess that’s what they’ve been looking up at.

TRAFOTIN: Wait until the teleprompter says, let me tell you a story about my family.

(laughing Panos’s personal tales)

STEVIE: I’d like to bring Panos back on stage to help us close it out.

(audience applauding)

PANOS: Stay here, stay with me.

WINWARD: Stay with me.

TRAFOTIN: That was the most awkward hug in the world.

(audience applauds)

WINWARD: Yay.

Wow, that’s a lot of displays.

TRAFOTIN: They went over. You see that yellow thing? They went over.

WINWARD: Is that what that’s saying?

TRAFOTIN: Yeah, they went over.

WINWARD: Yay, it’s over.

TRAFOTIN: Wow, Microsoft.

WINWARD: Ooh, pretty colors. Wow!

TRAFOTIN: All right, basically this event was atrocious. Can’t say a single positive thing about it. What was your favorite part about the event?

WINWARD: I’m literally trying to think back to it and I actually am having trouble.

(laughing in Microsoft suffering)

TRAFOTIN: Let me, all right, I’ll speak for you, okay? I think your favorite part about the event was being able to open RAR and 7-zip files in File Explorer.

WINWARD: I mean, yeah, I guess that’s good. Finally, having a native way of doing that, rather than having to go download a third-party app, that’s pretty good. Privacy was already dead, but it’s even more dead than it already was. Like privacy is dead and now we’re just desecrating the grave of privacy. It’s even more dead than it already previously was. It’s so bad. It is like everything that you do on your computer now not only is going to be collected with telemetry, now all of this telemetry gets to be analyzed by an AI that then reports back all of the things that you’re doing.

TRAFOTIN: You just can’t make Windows private in Windows, like in Windows 10 or Windows 11 or the future Windows 12. You just won’t. It’s impossible.

WINWARD: Okay, so here’s my cynical view. If you’re right, which I think you are, that Windows 12 is going to require either a GPU or a NPU in order to run Windows 12. One of the functions of that GPU or NPU is going to be running an AI model in the background that always runs and you can’t turn off. And that AI, one of its jobs, is going to be to collect telemetry about what you do and then summarize it and send it back to Microsoft.

TRAFOTIN: I agree with you, but I think you’re wrong about one thing.

WINWARD: What?

TRAFOTIN: Not being able to turn it off.

WINWARD: What you think that you will be able to turn off?

TRAFOTIN: Because Windows is so fundamentally broken and old that people will find a way.

WINWARD: I think people will find a way to do it, but I don’t think that there will be a functional way to turn it off.

TRAFOTIN: Not in the GUI.

WINWARD: I think it’s the same as making a new install of Windows without a Microsoft account. You can do it, but the computer is going to scream at you the whole time and it’s going to aggressively try to get you to have a Microsoft account. You’re going to be able to turn off the AI and all of the AI features, but the computer is going to insist constantly that you use the AI features.

TRAFOTIN: Sounds like a certain fruit-based company, what they’re doing of their account system, huh?

WINWARD: I mean, Apple is not as bad as the way that Windows does it.

TRAFOTIN: They’re getting worse.

WINWARD: They are getting worse, it is true.

TRAFOTIN: Speaking of Apple, that is the next time you want to catch one of these when we’ll see you. So, but until then, why don’t you go leave a like on this video? Leave a like on this video if you liked it when Panos walked into the uncaring sea of people. Thank you for watching. We will catch you later. We’ll probably see ya first week of June when Apple humiliates themselves by releasing a pair of ski goggles with cartoon characters.

Khaim - Neon Lamp

Commentary

TRAFOTIN: Hi everybody, today we’re going to be doing Google. By Google, I mean the most lovely company in the world. Of course we have the bingo card. Life wouldn’t be complete without the bingo card. Because that’s why we’re here.

How many plants do you think Google put in the audience to clap like simps?

WINWARD: Maybe they paid their staff per clap. So it’s like, you know, like a dollar per clap or something. So if you clap more or louder, then they use AI to figure out how much extra to pay you.

SUNDAR: We have an opportunity to make AI even more helpful.

TRAFOTIN: Let’s just check that AI box now while we’re here, right?

WINWARD: Okay, yup, AI.

TRAFOTIN: Yeah.

SUNDAR : Short responses you could select with just one click.

TRAFOTIN: The ultimate way to show someone you don’t care about their email.

(Winward laughs in fake email)

WINWARD: Okay, that’s significantly better already than what Apple can do.

SUNDAR: The photo feels a bit dark, so you can improve the lighting.

TRAFOTIN That was a bit dark, all right! That was a black screen! Something must have gone wrong in the thing in there.

No one cares about code names, Google.

WINWARD: I like the fun animal names.

TRAFOTIN: Yeah, do you like lakes in the United States?

WINWARD: No.

TRAFOTIN: Exactly, so we’ll tell that to Intel.

WINWARD: Neato.

(Sundar gets interrupted by applause)

TRAFOTIN: Presenter gets interrupted?

SUNDAR: That’s the opportunity we have with Bard.

TRAFOTIN: Bard? Bard?

WINWARD Yep, that’s Bard.

TRAFOTIN: Why is she wearing a pea coat?

WINWARD: I don’t know.

TRAFOTIN: Is it cold? There’s no way, it’s California. It’s like May.

SISSIE: …in a secure and private way.

TRAFOTIN: We care so much about your privacy.

WINWARD: Yup.

SISSIE: So if you’re looking to have some fun with your fur babies, you might upload…

TRAFOTIN: Fur babies? That sounds like someone at a furry convention would say.

WINWARD: It sounds like Shannon Morse.

TRAFOTIN: What did Shannon Morse do?

WINWARD: That’s one of the segments, the Hak5 podcasts.

SHANNON: …especially my Golden Smores and their fur babies; we got a new one this week!

WINWARD: Or Hak5 YouTube channel.

TRAFOTIN: I don’t watch Hak5.

WINWARD: Well, you should watch at least the–

TRAFOTIN: Be lucky I even know who she is.

WINWARD: And I already see where it could be marketed. What they could do is they could train, if you pay them money, they could train the model to suggest some places more than other places.

TRAFOTIN: (shushing) They only tell that to advertisers.

(WINWARD laughs)

TRAFOTIN: She’s wearing a sweater too!

WINWARD: Maybe it’s cold?

TRAFOTIN: Oh sure, California’s cold. in May!

WINWARD: Global warming!

APARNA: That this role needs saving you…

TRAFOTIN: “Responsibility make take…” Why did the screen go black, what? What was that?

APARNA: Just as weird, but it works for me.

TRAFOTIN: That doesn’t work for me. This looks atrocious.

APARNA: You can have endless fun with this, with no limits on chessiness or creativity.

TRAFOTIN: Cringe. Cringe! That was presenter cringe right there. I’m checking the presenter cringe box. That was–

WINWARD: Now we can prompt the AI to tell us what to tell us.

APARNA: What if AI could proactively offer you prompts?

(laughs in shoehorned AI feature)

TRAFOTIN: Look at my totally not prerecorded demo.

WINWARD: Well, I mean, they told us it’s not prerecorded and I trust them and I have no reason to believe otherwise.

TRAFOTIN: If you wanted ChatGPT to write your essay for you… I mean, Google Bard to write your essay for you!

WINWARD: They’re literally showcasing how you can have–

TRAFOTIN: How to cheat in school.

(crosstalk)

WINWARD: Like students, be aware, you could use this to cheat on your exams! Look, we’re doing it live!

TRAFOTIN: But wait, I think you’re something, because this is probably something even more dastardly, because it gets the kids hooked early while they’re young. So then they do it later.

WINWARD: Can we just like all universally agree that we just hate each other and don’t want to talk and just stop pretending to have this sort of, have frivolous conversations?

TRAFOTIN: We can’t go about frivolous meetings. What about the business world that needs to have them?

WINWARD: You know, the thing is, this isn’t even parasocial relationships. This is PARAparasocial relationships.

TRAFOTIN: Because they put AI in everything else, but they will never put AI results in Google search.

WINWARD: Well, I mean, they can’t do that now, because if they do that now, then they’re just copying ChatGPT.

TRAFOTIN: What? And this whole thing wasn’t?

WINWARD: Well, I mean, they like to pretend.

TRAFOTIN: See? See?

WINWARD: Oh, well I guess they are just shamelessly copying now.

TRAFOTIN: Look, she’s wearing a sweater too.

WINWARD: Apparently it’s cold. It’s like 60 something.

(baby crying)

CATHY: They’re here clearly labeled and…

WINWARD: Ooh, sponsored!

TRAFOTIN: Basically bragging about advertising. I love it.

WINWARD: They literally bragged. They literally said sponsored and highlighted it.

TRAFOTIN: Announcing product way too early? I don’t know anything that is. That’s announcing a product way too early.

WINWARD: Do you get the feeling that this is going to be like 2 events? Like the first event is an AI event that they had to kind of like tack on to the front of a different event, which was their normal event.

TRAFOTIN: And the second one’s the one that the stuff people actually care about.

WINWARD: But the second event is what we would normally expect it to be, which is like releasing things like phones and stuff. But the first event was basically an emergency call to respond to ChatGPT.

TRAFOTIN: The way she looked at the camera implies, so she’s like, I’m going to kill you (in Minecraft).

(applause)

SUNDAR: Is a hot dog a sandwich? I think it’s more like a taco because the bread goes around it.

WINWARD: It’s more like a taco!

(audience laughs, Trafotin cringes)

SUNDAR: From the expert viewpoint of a vegetarian.

TRAFOTIN: Sundar that was so bad! What was that? That was so cringe. Oh my gosh. Sundar, why?!

THOMAS: Vertex AI.

WINWARD: Unintentional camera shake? Well, that was definitely…

TRAFOTIN: I didn’t see it.

WINWARD: That was definitely unintentional camera shake.

TRAFOTIN: My brain was dead. I’ll trust you. Let’s check it.

WINWARD: That was like crazy.

TRAFOTIN: I believe it.

JARRETT: …test and learn and have the courage to fail fast where we need to.

TRAFOTIN: Fail fast. My favorite phrase. It’s like Mark Zuckerberg’s stupid phrase, “move fast and break things,” is everything wrong with the tech industry today.

ZARGAHI: Vertex’s APIs opens a lot of doors.

TRAFOTIN: Imagine the screen cut out there and it’s just her butt .

(Winward laughs in cropping)

Is it bad that’s what I think of??

THOMAS: …for code completion and generation.

TRAFOTIN: I had a heart attack for a second. I would have gotten a strike if it was the other one. Oh my gosh.

WINWARD: If it was what?

TRAFOTIN: The other one.

WINWARD: Oh, that one.

TRAFOTIN: We can’t talk about that one on YouTube. We get in trouble.

WINWARD: Google, you mentioned it, okay? So before anything, you were the ones who talked about it.

TRAFOTIN: What the heck is with all these palms?

WINWARD: Palm is their GPT equivalent.

TRAFOTIN: When are they gonna release sweaty palms?

(Winward laughs in Lose Yourself)

So maybe you are right. Maybe this was just like tacked on at the beginning.

WINWARD: Like two events.

TRAFOTIN: To appease investors.

WINWARD: Google sorely needed to have an AI event of some variety.

TRAFOTIN: They did. They had one of Prahakar in Paris. That was incredibly rushed and no one watched.

WINWARD: Okay. But they needed to have a real event showcasing,

TRAFOTIN: Dude, let’s be honest. More people watched Microsoft’s crummy event with Yusef Mehdi than watch Google’s event.

WINWARD: As I said before, the problem that Google had is they were caught off guard when OpenAI released ChatGPT and then Microsoft bought it and integrated it into–

TRAFOTIN: They didn’t buy it. They just own 49% stake of the company.

WINWARD: And what they should have done is they should have just not released anything and then released a better model when they actually had it.

TRAFOTIN: That smile was like a smile of pain.

TRAFOTIN: We train all of our data using your information.

WINWARD: Remember guys, your information is our information.

TRAFOTIN: Our information comrade.

(laughs in USSR national anthem)

Oh, I think they’re addressing your criticism. Except not really, because this is Google we’re talking about here. but it will largely not matter.

JAMES: The only way to be truly bold in the long term –is that tension with…

WINWARD: Wait, was that a cut?

TRAFOTIN: Yeah, what was that cut? What was that?

WINWARD: Did they cut something?

TRAFOTIN: Who knew you give people access to an image generation thing? The very first thing they type in was a picture showing the moon landing was staged.

WINWARD: Well, that’s not the first thing people type in, but it’s probably the second thing people type in.

TRAFOTIN: You mean the first thing that people are gonna type in is por–I mean, politics.

WINWARD: Yes, politics. Yes, that’s the P word, the politics. They just like, and you know, by the way, still…

(Trafotin laughs in technical issues)

TRAFOTIN: The screen went out again!

WINWARD: Did you know with ChatGPT, you still can’t change your email address?

(Trafotin laughs in user autonomy)

There’s no way to do it. And like, they even have a statement about it. They have like a frequently asked questions and one of them is like, how do I change my email? And the response is you can’t.

TRAFOTIN: ChatGPT is released to the public, beta, broken, early, and berating journalists telling them that they’ve been a good ChatGPT.

(Winward laughs in Sydney references) But like a Bard, it’s like, sure, it gets things wrong, but at least they’re doing it responsibly, right guys?

WINWARD: At least it’s not proposing to you.

(laughing at AI hallucinations)

JAMES: Building AI– Building…

(Trafotin laughs in lack of stage presence)

WINWARD: That’s, that’s, uh…

TRAFOTIN: Wake me up, Android, wake me up, time for real stuff.

WINWARD: Oh boy!

TRAFOTIN: Look, people are looking more awake already.

WINWARD: And look at those bezels. Does that count as bezels?

TRAFOTIN: Ugly bezels?

WINWARD: Ugly bezels.

TRAFOTIN: I think that’s ugly bezels. And this is that open standard they’ve been working on with Apple.

WINWARD: Yeah, Apple came out with it 2 years ago or more at this point, I think.

TRAFOTIN: I did a video on this, on the German app that does this, but the fact that it’s built into Android now might remove the usefulness for it. I would rather have this than use an app.

WINWARD: Yeah, I’d rather have a first party app.

SAMEER: We hope every mobile operating system… gets the message…

(Winward laughs in standards)

…and adopts RCS!

TRAFOTIN: They said this last time! They said this last time!

(Winward continues to laughs in standards)

Oh my gosh.

SAMEER: …so we can all hang out in the group chat together, no matter what device we’re using.

WINWARD: No, you green chatters!

(Trafotin laughs in green bubbles)

I would never besmirch myself with talking to you!

DAVE: I find this unusually satisfying and…

TRAFOTIN: That’s really cringe.

WINWARD: Some coder at Google spent way, way too much on this.

TRAFOTIN: I wonder where they got this idea from.

DAVE: I really like this photo of my daughter, so let me select that.

WINWARD: I have no idea, I don’t know. This does not remind me of anyone else at all.

TRAFOTIN: Oh no.

WINWARD: With AI! And this reinforces the thing that I said before about it seeming like 2 events that were smushed into 1 because this seems like padding. And they do not need padding at this point.

TRAFOTIN: 9to5Google, really? They’re not exactly respected.

WINWARD: Well that first one that they had–

TRAFOTIN: Marques Brownlee! (cringes in hidden review disclosure) I knew he would end up in here!

RICK: Google is the fastest growing OEM in our markets.

TRAFOTIN: Whose markets?

WINWARD: Our markets.

(laughs in communism)

RICK: One of our more popular products is the Pixel A series, which delivers incredible–

TRAFOTIN: Oh really? Mm-hmm.

RICK: Thank you! I’m glad you like it!

WINWARD: Wait, why? What? There’s an inside joke here that we’re not getting on stage.

RICK: …with the gorgeous new Pixel 7a.

WINWARD: And now we check the box.

TRAFOTIN: But does it have a headphone jack? I need to know. Probably not, ‘cause no one complained about it last time. Actually, that’s not true. Not enough people complained about it last time.

RICK: …including a 72% bigger main camera sensor.

TRAFOTIN: Look, it’s bigger.

WINWARD (as Rick): Clap, clap, damn you!

(laughs in Osterloh patented cringe)

TRAFOTIN: Rick, thank you for your glorious faces!

WINWARD (as Rick): Clap I command it!

RICK: Starting at $499.

(audience applauding)

WINWARD: Mm, okay, that’s pretty good.

ROSE: …charging speaker dock.

Woo! (claps) TRAFOTIN: Why would–

(audience applauding)

Why is she clapping? What?

WINWARD: Where would I use that? Where would I use it?

TRAFOTIN: Because you’re an incel, if you buy a tablet, you’re an incel.

WINWRD: Okay, but am I going to like sit down in front of my “fablet” to like play video games?

TRAFOTIN: Imagine how slow it’s gonna be too. Give me the USB-C cable any day of the week.

WINWARD: Yeah, same.

TRAFOTIN (laughs in ring stand): What is that??

WINWARD: So you know those little rings that they have on the back of the phone? In order to like help you hold it, it’s like that, but bigger. (Winward laughs in weird design)

TRAFOTIN: Oh my gosh…

WINWARD: Isn’t that nice? Isn’t that nice having legal requirements to be able to charge your freaking device?

TRAFOTIN: No, I don’t know what that’s like. I live in America, not Europe.

WINWARD: Well, I mean, it will be. I mean, I guess that theoretically, we could get American models that use…

TRAFOTIN: Celebrity cameo?

RICK: Tablets aren’t the only large screen device we wanna show you today.

WINWARD: Didn’t this one get leaked as well? Have we heard anything new?

TRAFOTIN: No, Google self-reported!

(Winward laughs in Among Us)

They put it on Twitter, like last week.

WINWARD: So they just like stopped trying to have like the guise of it being a leak and just decided to announce it themselves.

TRAFOTIN: Like what you said, this is a repeat from earlier. So this is just them repeating something that we’ve seen already because they didn’t plan to have that section at the beginning.

WINWARD: Yep.

TRAFOTIN: Is it over? We’re at the 2 hour mark.

WINWARD (weakly): No… Oh yeah! We definitely can check the 2 hour box.

SUNDAR: So on behalf of all of us at Google,

TRAFOTIN: There it is! See?

WINWARD: Y’all can go home now. Nothing more to see.

TRAFOTIN: No bingo? All right, Google, you didn’t get bingo. As per my rules, you don’t get bingo? 0/10. This is… They didn’t show the tracking device. They didn’t show glasses or whatever or the others.

WINWARD: It’s ‘cause they spent the whole time on AI.

TRAFOTIN: They spent way too much time on AI.

WINWARD: The entire thing was AI. Like quite literally, it was two hours long and they spent probably an hour and 20 minutes or more on nothing but AI.

TRAFOTIN: All right, so despite all the AI, what was your favorite part about the event?

(Winward exhales like Osterloh-Sensei)

(laughs in mental exhaustion)

WINWARD: I don’t even know! I mean, honestly, like all of the AI stuff is interesting but it doesn’t really have practical application right now until we can come out and actually, until it comes out and we can actually like use it. And so… Like for much of it, my eyes just kind of like glaze over and I’m not entirely sure. It’s like, okay, yeah, you know, this is kind of cool, I guess.

TRAFOTIN: My favorite part of the event was when Sameer is on stage and he’s just bashing Apple and everyone who’s a simp in the crowd is cheering.

WINWARD: Yes, I enjoyed that. I enjoyed bashing on Apple for not supporting RCS.

TRAFOTIN: It was like for a good amount of time too. It wasn’t an insignificant amount of time.

WINWARD: It wasn’t even like slipped in there, like, you know, a little jab. It was like, he said Apple without saying Apple and everyone knew.

TRAFOTIN: But he uses the same wording like he used last time and the time before that. And another other guy used it and the time before this. So it’s like, okay. All right, so wanna hear my recommendations, okay? You wanna go use any of these things? The only thing you should use here is the 7A. I’m sure it’ll be fine. That’s all I got. Another Google I/O has come and gone.

WINWARD: What’s your score?

TRAFOTIN: 0/10; they didn’t get bingo.

WINWARD: Leave a like if you want AI to help you replace being a human, to send text messages for you.

TRAFOTIN: In RCS of course.

WINWARD: Yes, in RCS.

TRAFOTIN Thank you for watching. I will catch you guys later. I will see you without any AI.

WINWARD: Bye.

Khaim - Neon Lamp

Patrons/YouTube Members

If you pledge on Patreon or become a YouTube Member, you get bonus access to our full commentary track and early bingo card access, which you get to watch alongside with us the week of the event.

It’s time to learn about Flatpak and why you need to use it. Flatpak is the way to go and is going to revolutionize Linux, whether you want to or not, especially since it’s the easiest way to get things that you want. I’m going to be going over what Flatpaks even are, how to use it, and how to control what your Flatpaks do.

What are Flatpaks?

Flatpaks are sandboxed apps using bubblewrap, designed to universally work across many Linux operating systems, but specifically on desktop. Flatpak acts as a front-end for bubblewrap, which has really complex command-line arguments, and as an easy way to install packages independent of the operating system you use (a Debian user and an Arch user install the same packages together in harmony).

Since apps are sandboxed, Flatpak downloads dependencies and libraries independently, so your programs work the everywhere. Gaming on Linux is one desktop activity that greatly suffers from this, whether you’re running SteamOS, Ubuntu, Arch, you and developers will experience the agony of inconsistent results, when they could be universal. Flatpak also simulates architecture, so you can still run all your 32 bit libraries, ARM programs, or x86 games and graphics using Flatpak.

Linux Can’t Sandbox

On desktop Linux, applications are given access to daemons or allowed to access all files on your system. Ideally, your operating system shouldn’t be allow this to happen, but this is a very real problem Flatpak wants to solve, especially as Apple and Google have figured out how to do this already (with Android, ChromeOS, and iOS, MacOS has sandboxing too, but it’s opt-in for developers, so tyranny of the default).

The technology Flatpak is built to provide an answer to both of these problems. Flatpak is also integrated in major Linux app stores like GNOME Software, Discover, and pamac. Flatpak also provides a container folder which separates your data from your raw home folder, keeping your system and all the data inside organized.

Wayland Only

To take full advantage of Flatpak, you need to be using the Wayland display server. While you can use Flatpak on X11, it can’t properly sandbox applications using X11 only because X11 does not provide any GUI isolation whatsoever and will work against your security. After all, in order to future-proof our stuff, we need to use Wayland to get that sweet fractional scaling and HDR support (coming soon™).

Why Not Snaps or AppImages?

Since Linux has no sandboxing at all, you NEED to be using something that provides sandboxing. Almost every Linux distro will not do this for you.

AppImages

AppImages, another universal format that while nifty, still won’t do for you, especially since you are just trusting random packages on the internet, rather than a centralized store. This also results in the same user behavior that happens on Windows (and MacOS to a good degree) and we shouldn’t go back to.

AppImages also pack duplicate versions of programs. If you install Electron apps like the private messenger Session and the note-taking app Standard Notes, you now have duplicate copies of Electron, which eats up more space.

There are people who argue Flatpaks also duplicate on multiple different versions of libraries, but this is greatly mitigated by compression, which AppImages don’t allow for. That way, you aren’t downloading the full package.

It has also come out the main dev of AppImages is a dunce who refuses to use Wayland and to update the FUSE module to work with modern systems.

Snaps

Canonical’s snap packages also seek to solve the same issues Flatpak does, but it’s mired with problems.

• Many people don’t like Ubuntu pushing snaps or packaging Chromium/Firefox as a snap (even though Debian’s maintainers are way too taxed to properly maintain Chromium fast enough).
• Many people don’t like the concept of snap’s backend being proprietary (in my opinion this is silly because even if it was open-source, there would be no way to verify if Canonical were actually using the open-source code or not).
• Snaps auto-update and don’t allow users to disable it except through experimental settings.
• Snaps’ sandboxing doesn’t apply to legacy apps (“classic snaps”) and requires AppArmor. The sandboxing is worthless if you use SELinux or systems without mandatory access controls.
• Many people, including me, also hate that Canonical logs everything you install, which assigns a unique ID to on installation and for Canonical to do who knows what with. Anonymized statistics will always eventually be deanonymized, so it’s only a matter of time, even if it’s something like the flavor of Linux you use, the branches you enable, or the timezone you reside in. There’s no way to opt out either.

No doubt people will pick something to hate, but for me, inescapable telemetry and lack of SELinux is reason enough to give snaps a wide berth, unless you are locked into an application that absolutely needs it.

Flatpaks Are Better

Flatpak doesn’t collect any telemetry, lets you add/host your own repositories, also doesn’t require root, so it’s more secure for you to use and more convenient for desktop users who want to download their favorite applications. Flatpaks also provide a powerful permissions access system, which controls exactly what programs are allowed to access.

Flatpak may be imperfect, but some sandboxing is better than none at all.

The Cons

• Many people cite flatkill.org, which at the time, presented valid points. Unfortunately, that site hasn’t been updated in years and some of what was said then is no longer true now. However, Flatpak is still irrevocably broken because of the fact it’s built more to be a container than an application sandbox. As a result, this makes it really easy to bypass, but the devs are working on a solution.
• Flatpak’s poor security realistically could be fixed in the future through apps makers their sandboxes based on a standard (say, XDG portals) by coding their apps to distrust certain permissions by default. In fact, Whonix’s devs are working on a sandboxed app launcher and Chromium has stronger native sandboxing than Flatpak.
• Flatpak relies on every application operating off of the same libraries. This can result in dependencies not updating while some programs play catch up. Flatpak’s developers appear to be aware of this and developed an internal tool for making sure their package manifests are up to date.
• Wine and 32-bit dependent gaming needs a lot of work. While some programs like Heroic work flawlessly, I’ve seen problems with Lutris where some games will not install where they installed on the native package.
• Flatpak strongarms people into Pipewire. While there are still some edgecase holdouts, we need to be moving towards more secure defaults rather clinging futilely to PulseAudio. In fact, when I was testing Pipewire when it first came out years ago, I had far less issues in its beta state than PulseAudio.
• Some developers do not support Flatpak altogether. I had mentioned Session in the last video, but the Flatpak is not official. Many other programs fall into this category, so it’s vital you analyze the build manifest. As of the time of recording, the beta Flatpak site gives direct link to the manifest and with a teeny bit of know-how, it’s pretty easy to figure out what’s going on. Flatpak now has a pretty simple and robust verification system to mitigate this, but anything without a checkmark should be suspect.

Using Flatpaks

Forget about all this technical jargon! I’ve talked about why you need Flatpaks, some “drawbacks,” but let’s put this practice.

How to Setup & Use

First, add the Flathub remote. This gives you access to the main Flathub store.

flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

Using flatpaks is also easy! Flatpak uses the same syntax as apt and dnf:

• update to update the repositories
• upgrade to run software upgrades
• install to install
• remove to uninstall
• search to search applications in your Flatpak remotes
• uninstall --unused to remove unused dependencies.

What/where should I download?

Now that we have access to Flathub, this pretty much is the whole kitchen sink to download anything we want. Of course, I do want to address a common thing I’ve read from other people online or seen in other content creators is people is something like this (first to last):

1. Distro package
2. Flatpak
3. AppImage
4. Third party repo (AUR, PPA, etc)
5. Snap
6. Tarball/provided by developer
7. Compile from source

This has been the way most people have seen packaging on Linux for a long time, but instead, I want to encourage all of us to look at this differently:

1. Flatpak
2. Snap (if you use Ubuntu)
3. Distro package
4. Tarball/provided by developer
5. Third party repo
6. Snap (non-Ubuntu)
7. AppImage
8. Compile from source

Flatpak, especially for graphical applications, needs to be your top priority as to where you download a package. Flatpak is far more flexible than many of its distro counterparts and is much robust at providing a secure window to a program without much tradeoff.

The other reason the vast majority of sandbox systems on Linux are unsufficient compared to Flatpak. Only Snap comes close, but Snaps come close and are definitely more suited for command-line programs, but if you don’t use AppArmor, the protections that Snap provides are useless. The sandboxing of Snaps is also very flawed in that the experience is only really geared for Ubuntu as you need a completely separate patch from Canonical for AppArmor to achieve acceptable sandboxing.

The Time to Say No

The other issue people need to look at is the landscape of apps in Flatpak, but consider whether or not you should use them. Here’s some of what find valid reasons to use a Flatpak:

• The application is old and never received an update to match upstream. For example, one of the packages I could never recommend to anyone in Flathub is a really old copy of Adobe Reader for 32-bit Ubuntu 12.04. While this application is an amazing achievement at demonstrating the fact Flatpak can run multiple architectures, I could never recommend running it because of Adobe abandoning the project and many unfixed security holes remain.
• Unverified applications. On the topic of unofficial applications, Flathub implements a pretty simple and reliable verification system. Basically, this means you can trust any application with a blue verified checkmark. But what happens with apps that aren’t verified? In these scenarios, you should view the “build manifest,” so you can verify what’s happening. Chances are because of new vetting processes odds of these being malicious are highly unlikely, but be cautious and read the code. If you can’t read the code, how many other people submit issues and star the manifest on GitHub? Do your best here, but odds are you will be fine.

Manage Your Permissions With Flatseal

However, if you use Flatpak, I would strongly recommend double-checking your permissions using Flatseal. Flatpak is way too permissive by default, especially it allows most programs access to whatever they ask for on install silently.

There are plenty of easy ways to use graphical programs to tweak your Flatpak permissions like Flatseal. Flatseal is a program that generates “override” files that change what programs are allowed to do on your system, stored in ~/.local/share/flatpak/overrides. If you use KDE, KDE has a built-in frontend identitical to Flatseal.

These permissions might be confusing and overwhelming, but I’m going to try my best simplify how they work:

• Network: Does GNOME Calculator or LibreOffice really need the internet, especially when Flatpak manages their updates? Audacity and Musescore adding telemetry? Let’s kill the internet for the apps that don’t need it. Most applications typically only enable it because they need it for their internal updating.
• Interprocess Communications (IPC): Allows program to read other processes and resources on your host machine. “Is not necessarily required” unless you use X11, but you shouldn’t be using X11.
• socket=pulseaudio: PulseAudio is a common vector for attack on desktops, since it grants access to your microphones if it’s being used by another application. Applications that don’t need to play audio (e.g. LibreOffice and ONLYOFFICE for example), should have this revoked.
• filesystem=: make sure you want your program to choose what folders it can access. Look out for global accesses and selectively pick folders to add using “Other files” in Flatseal.
• device=all: Don’t want an app accessing PCI and USB devices, like your webcam? Limit this, but it is needed if you use security keys, webcams, microphones, etc.
• Fallback to X11: As X11 is a legacy technology, we should avoid it like the plague. Older applications like Chromium/Electron-based applications, Krita, and Minetest still need it, but applications like OBS, LibreOffice, KeePassXC don’t because they support Wayland natively; just experiment with what works.
• talk-name=org.freedesktop.secrets: D‑Bus access to secrets stored on your keychain, like say, your GNOME Keyring or KDE Wallet data. This is needed for Chromium/Electron-based apps.

Takeaway

But what’s the point of this discussion? Why are you even covering this? Because you need to use Flatpak because secure solutions need to be easy otherwise people aren’t going to use them. Flatpak truly makes it easy and brings the Linux desktop one step forward to being that much greater.

I’m going to go out on a limb here and strongly recommend you install as many of your applications as Flatpaks. In fact, go uninstall your applications that have Flatpak versions, move your config folders to the Flatpak sandbox, and embrace the future as we wait for the next best thing.

More Resources:

• Setting up Flathub on various distros
• Flatkill (2019-2020) discusses how the default permissions set by Flatpak need to be more strict.
• Response to flatkill.org, TheEvilSkeleton’s rebuttal for Flathub not addressing security advisories.
• Flatpak gives complete access to /proc and /sys by madaidan
• Flatpak Command-Line Overrides, by the official documentation
• rusty-snake’s Flatpak overrides
• tommytran732’s flatpak overrides
• How does Flatpak handle security?

Hey everyone, anyone who has watched this channel for any period knows I’m big fan of Windows and all their great personalities:

• We have the walking Tim Allen clone, Yusuf Medhi, who’s survived almost 3 decades of Microsoft turnover and now resorts to shilling AI products.
• We have the lawyer, now appointed eternal president, Brad Smith, the guard dog of Microsoft from its political and anti-monopoly adversaries.
• We have Satya Nadella, our lovely new CEO, and every time he opens his mouth it sounds like something written by an AI construct.
• Of course, we couldn’t forget the family man of failure, Panos Costa Panay (not to be confused for his brother Panos Andreas Panay), who brags about the achievements of his loved ones in awkwardly rehearsed Microsoft keynotes!

I rattle off all of these experienced Microsoft veterans because all of them are disgusting individuals who have run Windows as a product into the ground and sold you out for a quick buck! Windows was already on a downward trend at Microsoft as their enterprise products began to take off and how Windows 8 almost bankrupted Microsoft as a company.

The Degradation of Windows

Of course, desperate times call for desperate measures with Microsoft resorting their classic behavior whenever things go wrong–run a product into the ground and don’t communicate anything clearly. And what better way to do this by dragging your privacy through the mud?

The seeds were planted into Windows 8 with the shilling of various Microsoft products, now with full-blown ads strewn across the Windows interface! Windows for years is a privacy invasion which took everything to a whole new level, featuring great things like:

• logging all of your keystrokes
• paywalling basic features that ruin your privacy and security to Windows Pro or higher
• harvesting all of your data (and trying to trick you into keeping it that way)
• bundling in other Microsoft products like Teams and OneDrive to harvest more information and outpace its competitors.
• removing the ability to have local accounts in Windows 11, therefore forcing normies to log into a Microsoft account to collect more data.
• conspiring with Amazon for their app store and allowing both of them to collect your Android data
• forcing people to use Microsoft Edge and making it difficult to switch defaults
• Changing the settings to remove telemetry, except through Group Policy, is useless. In fact, it’s so bad they changed their defaults after numerous governments and organizations complained

And I could go on for at least an hour, but you get the idea. At this point, Microsoft makes a more compelling case for the year of the Linux desktop than actual Linux users! But I could whine and moan all day, but I have better things to do with my time and so do you–you’re not just going to sit there and let Microsoft pull these shenanigans on you!

Picking a Windows Version

Let’s start with the high level stuff and unfortunately, this is where the options for some of you are going to get really limited: Windows Home is not a viable means to use your computer, because you lose a lot of control over your system. Bitlocker is paywalled, you’re forced to use a Microsoft account, and you don’t have access to Group Policy Editor (I know you could hack it on in Home, but even that’s limited).

And yes, I’m going to backtrack on something I said on a video 2 years ago about bypassing Windows 11’s system requirements. I’m no long okay with this for multiple reasons:

• Your computer could secretly be cut off from Redmond because they have watermark shaming people for bypassing it to begin with, meaning they can identify people who rebel.
• Windows isn’t going to get any slower. Windows 11 came out in 2021 to one of the most awkward presentations ever and while Microsoft doesn’t want to admit it, the new “rolling release” nature of Windows’s “Moments” and rumors of Windows manufacturing their own line of neural processing units (NPUS) and their current trend of doubling down on AI point to an immutable/container-based Windows 12, the removal of the Registry, and the future requirement of a NPU in 2024.
• Buying a new machine will get you Windows 11 and Windows 10 won’t be around for much longer. It’s time to get on the Windows 11 bandwagon and accept the future. Windows 11 has Virtualization-Based Security (VBS), Secure Boot, and enhanced TPM integration with newer CPUs (Intel Bootguard and Pluton).

Licensing

Now we get into the complexities of Windows licensing.

• Windows Home is by far the worst one. Microsoft believes in paywalling features like Bitlocker, your security, and Group Policy Editor, your privacy. Yes, there are ways to turn these features back on with Powershell and tweaks, but it’s by far a nerfed experience.
• Windows Pro, Education, and Enterprise are the way to go. You get the full experience. With Education and Enterprise, you need to request a quote from Microsoft and apply with personal information. Use Education/Enterprise if by some miracle you get a computer with it (e.g. my workplace uses Windows 11 Enterprise), purchase a (new) computer with these versions in mind, or use a motherboard without an OEM key.

Do not buy keys from resellers. There are circles on many third party marketplaces that rip people off over this and it’s rampant. Cut out the middleman and buy it directly through Microsoft. Better yet, in-person with cash at a Micro Center, Best Buy, or local store.

And if the concern is money, Windows Pro can be used unlicensed for free with little drawback! You just can’t set your wallpaper through a GUI and get a glaring watermark.

I got a complaint in a previous video that installing Windows 11 in KVM gave them the watermark when they used the generic key to get Windows for free. As I always say, when you see this watermark, you’ll be proud you didn’t pay for Windows and saved $100+

Windows 10/11 Pro

VK7JG-NPHTM-C97JM-9MPGT-3V66T

Windows 10/11 Home

While I don’t use Windows Home, I have had to use this key to bail out friends and family.

YTMG3-N6DKC-DKB77-7M9GH-8HVX7

On Modified ISOs, AtlasOS, Debloating, Piracy…

This also goes without saying, stay away from modified Windows ISOs, like Tiny11 or pirated ISOs. With something as critical as your operating system, especially a consumer focused operating system like Windows, you want to stay in the default security model where possible.

We’re not going to do reckless things like disabling Microsoft Defender or blocking Windows updates. As much I get annoyed by these programs, there’s no way to completely turn off the privacy invasion.

In fact, while I was editing this video, Linus Tech Tips recommended this new abomination called AtlasOS (formerly Windows Ameliorated Edition or AME), where they tear apart Windows 10 21H2 and use a playbook to rip the supposed “bloat” out of it. It’s an absolute travesty and Linus Tech Tips and his team should be ashamed of themselves for making such an ill-formed opinion to millions of people:

I’ve said that Linus himself isn’t the brightest tool in the shed, but seriously, his apology over this video is frankly pathetic. Projects like this should be avoided like the plague because they actively harm the security of their users. Without security, you lose all privacy and usability guarantees. 💀

Getting the ISO

Now you go to Microsoft’s website to download Windows 11 (or the Media Creation Tool on Windows), but when I went to go download it over a VPN, it blocked me claiming:

Error: We are unable to complete your request at this time. Some users, entities and locations are banned from using this service. For this reason, leveraging anonymous or location hiding technologies when connecting to this service is not generally allowed. If you believe that you encountered this problem in error, please try again. If the problem persists you may contact Microsoft Support — Contact Us page for assistance. Refer to message code 715-123130 and cbbb416b-6b25-495d-85c2-51ee50d3779c.

So if you value Microsoft not getting your IP address, my recommendation is take a laptop or tablet and download the ISO at your local coffee shop. Heck, go to your local Apple Store just to spite them! But I was prepared for this day: I hoarded a copy of Windows 11 22H1 for myself and I will just use this to install Windows from now on. Once you get your ISO, hide it away somewhere so you can use it when you need it; you never know if you or a loved one needs to use Windows.

Installation

Installing Windows isn’t horribly difficult, but there’s a ton of down time while you wait for it to install. There’s also the newly found pain of Windows of getting an offline account. Since we should care about our privacy, we’re going to be using an offline account and we need to plug up Microsoft siphoning more information and tying it to an online, aggregated identity.

By the time, YOU, future you, is watching this, Microsoft may have patched out everything I’m saying. I’m presenting the situation as of May 2023.

• Windows Pro and up, select “Sign-in Options” -> “Offline account”
• Windows Home users, disconnect yourself from the internet. If you are prompted to connect via Wi-Fi, just click “Back” or pressing a dedicated Airplane Mode button.
• If you enter in a random username/password, they won’t check and then let you set up a local account.
• If these don’t work, on the Microsoft account screen, enter in a Microsoft email address that has been banned from Microsoft. I have a few banned Microsoft accounts I use, but the most famous was from Steve Parker at Neowin, where you use the email address no@thankyou.com and a fake password. Microsoft will tell you something went wrong and then let you create a local account.

(If you’re curious about this email, this email was created by someone at Citi Bank and it’s related to their rewards program.)

After you survived the account creation process, uncheck every box you see, say no to everything they offer to do, and wait 10 million years for Windows to get set up.

Post Install

Next thing I do is go to Windows Update and just download as many updates as I possibly can. While that happens, go to the Microsoft Store and update all of the Store apps. It’s really tedious and takes at least an hour, but it’s worth it to get the security updates you need.

Even if you do what you can to change your privacy settings, Microsoft will undermine your choice and change settings during Patch Tuesday, which you should be installing automatically and applying. If you’re worried about Windows Update failing, wait it out a week. If you didn’t hear any squawking from journalists, smash that update button and get your updates.

Package Managers

The next things I try out is the package managers. Linux created central stores to download things and yet Microsoft only got started in the Windows 8 era, where it languished for years, until Microsoft redid it recently.

Winget

Windows now has its own package manager, but it’s not enabled by default. We’re going to enable winget, so we can use winget from Windows Terminal. While winget is nice since all UWP apps through Microsoft are sandboxed, it does come with some limitations.

1. Not everything most people need is going to be in here, specifically things like graphics drivers that require their own installation or update modules.
2. Anything in winget is subject to Microsoft’s arbitration. While you can download browsers like Brave and Firefox here, Firefox outside of the Microsoft Store comes with a hack to set it automatically as your default for all file extensions. Microsoft will refuse to let them be the default through the Store, unlike their manually installed counterparts.
3. Despite promising openness, the Microsoft Store has some very poorly communicated terms from Microsoft and their developers. While they quickly backpedalled, it’s safe to say you have to trust Microsoft to use their store.
4. Pre-2021 games and software bought through a Microsoft/Xbox account have UWP DRM. This DRM makes these games unplayable as Microsoft’s DRM specifically ties it to your version of Windows. This way, should the game crackers crack one version of the game, the crack won’t work on a newer version of Windows. DRM is one of the worst things about the Microsoft Store.

We have a product for people who aren’t able to get connectivity, it’s called Xbox 360.

Don Mattrick, former CEO of Xbox on DRM | 1:53

I started researching someone who had a quick answer to my problem and you’ll get plenty I covered before: Canva, Adobe Express, and Microsoft Designer. But I just want a simple prefabricated post background and I don’t want to interact with all of these subscription, always online (watching and listening) services to do this!

But turns out the answer I was looking for was one of such evil online services. Yes, more evil than Adobe! More evil than Microsoft–Facebook.

Facebook lets you add a background to your post, but what they are really doing is taking the text of your post and overlaying it on top of an image. And when I saw that, that’s when I knew this is what I wanted. The problem is using such a feature requires a Facebook account, where you use your real name(not your native or “chosen” name), an email, a (non-VOIP/Google Voice) phone number, and a picture of you holding your passport or driver’s license because “the future is private.”

I know that we don’t exactly have the strongest reputation on privacy right now, to put it lightly.

Mark Zuckerburg, Facebook F8 2019 Day 1 Keynote | 5:13

I decided to accomplish this by writing this as a shell script. There’s no need for a dedicated program or low level languages here, so why reinvent the wheel? The game plan is this:

• have a library of stock images or preset media
• Feed image into sdtin for ImageMagick.
• use ImageMagick to generate the specified text I want
• Overlay text on top of the stock image

Convert Image to Specification

First, social media platforms have image specifications. This is where it’s important we convert our image to get the aspect ratio correct. Many social media platforms often specify your images are at least 1080p and preferably square, but why? On mobile devices, which is where most users actually view images, images that are 16:9 or 19:10 are acceptable, but they get cut off because of the screen sizes of phones. As a result, post photos on social media uses a 1:1 aspect ratio.

(For example, movies like the Dark Knight have its action scenes shot in IMAX, which closer fits 16:9, but TV shows like Homecoming have its flashback scenes shot in 1:1.)

So let’s break down some of what we can do with ImageMagick. ImageMagick is a command-line tool for manipulating images. Now before you think you’ve never used ImageMagick before, odds are you have in a different way. If you use or visited a WordPress website (which is 25% of the internet btw), WordPress features integrations for resizing its images with ImageMagick.

Note for Windows users, you need to append magick.exe to the beginning of all of these commands and make sure ImageMagick is in your Powershell path. You could also use WSL.

I downloaded the Deepin wallpapers, which they use photos from Unsplash, a royalty free image sharing site. I also wrote a command to size down each photo to meet the 1:1 aspect ratio.

In ImageMagick, this is a simple “resize” command, then cropping off the edges:

convert "$1" -gravity center -crop 2000x2000:0:0 -resize 1080x1080 fbbkg_background.jpg

This preps the user’s image to meet those 1080x1080 standards, cropping the sides, and maintains the center of the image. I’ll also admit this is fulfill my needs. This script will look weird if you use an image smaller than 1080p, but you shouldn’t be uploading blurry photos to social media…

Generating Text in ImageMagick

Next, we’re going to be generating some text. While ImageMagick has many ways to generate text, many of them often do not support text wrapping, because if you don’t the text is going to trail off the image.

convert -background transparent -font Source-Sans-3-Bold -size 490x480 -fill white -strokewidth 2 -stroke black caption:"Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magnam aliquam quaerat voluptatem."

• -background transparent The text needs a transparent background before it’s layered on the background image.
• -gravity center This ensures the text is centered in the image.
• -font Source-Sans-3-Bold I use Adobe Source Sans 3 when I do hard subtitles in my YouTube Shorts, but you can pick a different font using identify -list font then change this to whatever font you want, under “Font: your font.”
• -size 480x480 This is the size of the image with the generated text. Ideally, it needs to be smaller than 1080x1080 and sit right in the center of the image.
• -fill white The text itself will be white as white is more visible in most scenarios. ImageMagick has lots of different preset colors and you will need to consult their documentation’s list.
• -strokewidth 2 The text itself will be given a 2 px outline.
• -stroke black The text outline is black #000000.
• caption: your caption The text we’re putting into the image.
• at the end at the name of your image. I’m using PNG as the file extension, but you could also use WEBP. This won’t work on image formats that don’t support transparency like JPG and GIF.

Overlaying the Images

Now we have 2 images: the text and the background. Let’s overlay them using the composite command.

fbbkg_name="$1"
composite -gravity center text_fbbkg.png "$1" "${fbbkg_name%.*}-fb.jpg"

Apple is a company with big goals and ambitions: they are the largest smart phone marketshare in the United States, they have been dumping money into AR headsets and electric cars people might not want, and to kill off the right to repair! That’s right everyone, we’re going to be doing the unthinkable–reviving an old 2015 Macbook Air and installing Linux. Apple may have abandoned it, but I won’t, at least my friend won’t!

8 Years Later

First things, some background. The 2015 Macbook Air was released at the beginning of 2015 and came with El Capitan.

(Ah yes, the day Epic Games bragged about Fortnite on Apple computers…)

There’s also multiple physical issues from over the years:

• The down arrow key is missing, but the key works fine.
• The hinge for the screen has also seen some wear and tear as the years have gone on.
• There used to be layers of masking tape on this thing left by their previous “IT guru” who left warnings in all caps saying things like “DO NOT UNPLUG” or whatever. I removed them all for the purposes of this video and they know not to unplug it.

The battery is also bulging out of the case so hard, the casing is also damaged. I’m actually going to have to get those proprietary Apple screwdrivers to remove the case and unplug the battery, because this battery is a fire hazard waiting to happen!

Even though this is a laptop, the battery is thoroughly damaged beyond repair and this thing will need to be plugged in at all times anyway, so removing the battery isn’t that much on an issue. My friend treats this more like a desktop anyway.

This particular laptop I have has received as many software updates as possible and runs Monterey and this is the last version of macOS this poor thing can run. In fact, this computer is on death row. Apple is going to kill off Monterey any day now, especially since Monterey is 2 releases behind Ventura.

Let’s Install Linux

It’s time to leave MacOS behind and install Linux!

Difficulties

Installing Linux isn’t without its problems. First, the very fact that this is Apple hardware makes this an uphill battle. We’re going to be fighting with the firmware. Apple is killing off all support for this device and we will lose access to the ability to reinstall MacOS over Wi-Fi to unsigned versions of MacOS. I tested this on this computer when it was running Sierra.

Apple hardware is also very finicky. Apple uses largely Broadcom chipsets for Wi-Fi and cameras, but they’re custom cards. Thankfully, Broadcom’s drivers are much more usable than they used to be, but it depends highly on what distro and how up to date it is. The webcam does not work at all on Linux, but shockingly, the microphone functions fine. This is because Apple uses a customized Broadcom chip and FaceTime is that sacred.

Cutting Up the Apple

Now you might think you could reinstall the Recovery OS, but you can’t, since it’s tied to the drive. You also can’t boot using Apple’s weird EFI boot thing because it uses an incompatible filesystem (and yes, I’m aware you could build a kernel patch, but poor friend isn’t going to keep up with this if it breaks). This is why all security bets are off, because our access is going to be cut off if the disk is wiped or corrupted, so we need to disable those necessary and now pesky Apple features.

The first thing we need to do is boot into Recovery on MacOS.

System Integrity Protection

You can access the Recovery OS by doing ⌘ + r when you hear the boot chime. From here, we need to disable System Integrity Protection (SIP). Since our god Apple has forsaken us, disabling SIP is necessary to minimize interference from Apple on what Linux is doing.

In Recovery, click on Utilities, then Terminal. Then run csrutil disable.

Firmware Password

We need to also disable the firmware password. There’s not going to be a way to configure the firmware password without MacOS. The firmware password also hampers the boot process, especially with non-Apple bootloaders. As my friend is victim to default settings, they did not set a firmware password.

In Recovery, click on Utilities, then Startup Security Utility. Then follow the prompts to disable your firmware password.

Use MacOS to create a copy

As a failsafe, you can create a MacOS boot drive using a USB drive with previous versions of MacOS. I have a Monterey USB in the bag in case I mess up somewhere or need to reinstall MacOS.

Apple has a nifty guide on precisely which command you need for which OS.

Which Distro?

Now we come to a conundrum: what distro to install? Here’s what I tested:

• Fedora: Broadcom Wi-Fi is very spotty and putting the computer to sleep doesn’t work. The Fedora 37 installer also fails and will not proceed. This is unacceptable and apparently has been going for since the launch of Fedora 37. No way I’m telling my friend to write a custom grub entry.
• openSUSE Tumbleweed will install correctly and the Broadcom drivers function great. The problem is closing the lid will cause the computer to perpetually show a black screen. This is also not good, but still better than Fedora.
• Arch: This probably works, but no way I’m giving Arch to my normie friend. I hear Manjaro runs fine, which instead of using that dumpster fire, use Arch instead.
• Debian: Sleeping doesn’t work and proprietary Broadcom Wi-Fi drivers will not reconnect after an hour when I tried it a few years ago. It’s not very usable.

None of my favorite distros work for what I need! But you don’t want to hear what doesn’t work! What does?

Ubuntu

I know this might come as a shock despite how hard I found the best was Ubuntu. The installer correctly identified all the drivers and while I haven’t tested the new Ubuntu installer based on Flutter, if the Ubiquiti works this well, I’m sure it’s pretty good with the Flutter one. Ubuntu seemingly has a lot of polish around the Mac and everything except the webcam works great.

Prep Your USB

While this week might be Ubuntu release day, I’m going to be installing the LTS, not interim release 23.04. Since we’re stuck using a stable distribution, it’s better anyway as we are in the Canonical ecosystem.

As a preface before going in, you might bust out that Ventoy USB with all your favorite Linux distros in it, The problem is Ventoy is fundamentally incompatible with Apple firmware, so you can’t use it to boot into anything, even with SIP disabled and no firmware password. You’re going to have to boot through USB on this one.

Also, I didn’t go down the rabbit hole of alternative bootloaders, like rEFInd, Clover, and OpenCore. If you do choose a custom bootloader, do it before you blow macOS away. I’m also not talking about some custom patches.

Make My Mac Normie Proof

• Disable Ubuntu telemetry
• Configure update-manager, apt, and snap to auto-update everything
• A lot of people don’t like Snaps, but I want to strongly recommend against removing it. Although Snaps have many problems, Snaps are still superior to using unsecured native packages. The Ubuntu Software Store is also the hub where you control all of your Snap permissions, so you want to keep that too.
• As an addition, I dropped in the GNOME Software. GNOME Software defaults to Flatpak and I would like to push my friend in this direction. It also supports installing apt and Snap packages.
• I installed the Brave Browser and configured it to a basic level.
• I installed ONLYOFFICE and VLC to play videos and open office documents.
• AppArmor

Reddit. Specifically, r/linuxmasterrace.

Now before I show anything, I don’t want this to specifically be about r/linuxmasterrace nor do I think everyone on this Reddit is toxic. Frankly, I don’t endorse bullying in any form or fashion. Don’t insult someone because of their appearance or something they can’t control. Don’t go after anyone you see in this video going forward or give them grief. Be constructive, don’t be a jerk.

Being an influencer™ means you have to develop thick skin against blatant hate speech online, but also you need to have the humility to admit where your wrong. Is it weird that I’m bragging about having humility?

I first stumbled across this post because of Google Alerts. I use Google Alerts to monitor various Google searches about me and this Reddit post was the first that popped up. I read the comment from /u/andzlatin that recommended my channel, because I used Ctrl + F to search the page and not read the rest of it. It was interesting to say the least, I don’t consider myself better or “mightier than thou,” but thank you u/andzlatin!

But then I scrolled back up to the top to read it and I became more disturbed the more I read the thread.

This is the post in question by u/nihil_live entitled “Distrotube”:

Now before I go any further, I want to take this as an analysis of a small subset of people who watch Linux on YouTube (let’s be honest that’s what Reddit it). I want to admit even if you consider me a paragon of all things good, I am/or will be equally guilty here. I want to take this as a time to an understanding between people.

I’m going to paraphrase these comments, because I believe there’s some truth to them. But I also want to say, by the middle of the thread, comments were starting to get really aggressive. I understand if you disagree about how someone conducts themselves online, but some of the comments seemed a bit much.

I want this to be a safe space to voice an opinion in a public manner and I want to pay respect to DistroTube. If you like his content, great, I enjoy some of his videos too. But I am afraid of the impact his channel has on Linux YouTube as a whole and judging from the Reddit thread, I might not be the only one.

I genuinely want to thank him and his channel for this because I think it taught me an important lessons and helped many other channels grow. He’s made some great videos about some command line utilities I think about of you would really appreciate.

5 years ago, I watched DistroTube when he had less than 1K subscribers. I remember watching his videos and they were fine for what they were I guess. I also watched him grow over the years, like upgrading his webcam, losing his job to do YouTube full time, and renting out his office space.

A lot can happen in 5 years, but I think I can provide some friendly critique and discussion. In fact, after I made my video about Bismuth’s development halt, DistroTube makes a video repeating my points, but comes to a totally different conclusion. It’s time to take these things into account (see what I did there?)

Off the Cuff

Some of DistroTube’s videos strike me as him doing things off the cuff. He fumbles around menus and there are videos which he clearly goes in blind to look at things rather than trying to learn it off camera. The irony is, he promotes and most of the time, does a good job at teaching people things. Why not reshoot the video if you were wrong about something? Why not learn something before you start recording?

The cited video from a Reddit commenter was him testing Manjaro’s Sway spin and claiming Sway and Wayland wasn’t ready and were “beta quality” software.

The issue he experienced was a peak Manjaro developer moment where THEY are responsible for these errors, not Sway and Wayland. An tiger can’t change its stripes, right Manjaro?

Back in the day, just talking with a cheap webcam was understandable, but now with your job essentially at stake and you’re making enough to live off of it, I have to really question whether his videos could be something more if just a little more preparation and writing went into it, and I consider myself able to criticize this because I used to be the same way.

Earlier in the channel’s history, even until a few months ago, I did everything without any major preparation. I didn’t write a script to follow, but I did know what I wanted to talk about and I did test the program independently.

But when you make crazy mistakes like what DistroTube did with InstantOS with 100K subscribers, it’s absolutely demoralizing to these developers. Couldn’t you learn it off camera?

I started writing last year and I feel like it’s done nothing like wonders for the channel. My engagement is up and I feel like videos are at a much higher bar than they were before. It also got me making subtitles for videos and thanks to the power of AI, I can now feed my voice to an algorithm and use a Vim macro to generate an article for me (after some manual review)!

Now I work full time, go out with friends for drinks, and am able to do this kooky YouTube/Odysee thing at the level I can, if I can make the time to write a script (even if I lose sleep doing so), learn the software I cover properly, then I think other content creators can afford to do so too, including DistroTube.

Things Have Changed

In fact, this all ties into my next criticism. If you analyze DistroTube’s content, no you don’t need to ask ChatGPT, you don’t need to have fancy software, just watch some of his latest videos and compare them to some of his oldest videos. It’s his content and structure hasn’t changed at their core.

DistroTube’s prerecorded videos can be divided into the following:

• Distro reviews where he does blind reviews of various Linux distros
• Sit down videos where he gives commentary/answers questions
• Software reviews, where he highlights a particular program

There’s nothing inherently wrong with DistroTube’s content format, because I don’t think they need to change; his userbase seems happy. The issue is his views on specific topics in Linux need to change. The most significant is Wayland is beta software goes beyond that video in a livestream where he claimed “if Wayland was ready, people wouldn’t have to be convinced.”

So I’m going to keep working, working with Xorg until Wayland actually works. Or until Xorg becomes horribly broken… it’s still working. It’s still being maintained. Xorg’s been with us for 40 years. If Wayland worked, people would be using it. The fact that so few people are using Wayland should tell you it’s not quite ready. And when it’s ready, you’ll know when Debian stable ships Wayland by default. That’s when it’s ready.

DistroTube, My GitLab Has Issues, So Let’s Clear Them! - DT LIVE | 8:58

Except Wayland is the default of Debian. If you click through the installer, GNOME with Wayland is the default. In fact, it has since 2019.

Some of this knowledge used to be true. Less than 3 years ago, Wayland was barely usable (especially if you use NVIDIA). I remember when Flatpaks were broken and took up gigabytes of space. But there’s signs that DistroTube may not understand or keep up with the underlying technology. I’m not going to pretend I do either, but I can firmly say DistroTube is objectively wrong with Wayland.

Let’s put it this way. I have gone cold turkey on Xorg since October 2022. I have never needed to open Xorg on my main machine, the same machine I edit my videos, do light development work, and watch my anime and everything works fine WITH NVIDIA. If it works on my system, it’s probably even better for non-NVIDIA users! DistroTube has no right call Wayland “beta software,” especially with new wlroots alternatives cropping up (still won’t support NVIDIA, big sadge).

Instead at 4:55, he says no one is putting in the work to use Xorg because it’s easier to develop on Wayland. Not only that, you’re going up against the GNOME and KDE Foundations because they unabashedly back Wayland as being the future.

DistroTube seems to in general not want to accept ANYTHING new.

• I’m convinced he’s still using Xorg, given his opinion of Wayland.
• He still uses PulseAudio even though many distros have already made the move to Pipewire, another key piece to the future of Linux and XDG portals.
• If DTOS is anything to go off of, I know he doesn’t use full disk encryption as distros like Fedora and PopOS! are pushing their users to enable full disk encryption.
• He made a video complaining about the dependency hell of Arch Linux and AppImages, but it also revealed he fails to apply updates frequently. Refusing updates in a sign of grumpy old man computing if I’ve ever seen it (and I should know!).

Personal Hot Takes

Unlike Luke Smith or Brodie Robertson, DistroTube’s channel isn’t his real name and his channel name implies distributions of Linux and BSD. And this caused lots of people to dredge up videos out of my memory and recently where he doesn’t talk about technology, but rather, inserts his own life beliefs into an explicitly tech focused channel.

• He claimed if you believe in open-source, you should reject gun control, which doesn’t make sense whether you support gun control or not. Running open source software isn’t the same as a gun and can’t be regulated as such; the same can be said for guns.
• He filmed a Donald Trump reelection rally in Louisiana for content. It’s privated on YouTube, but still up on Odysee. This really made me scratch my head and wonder why he even uploaded and edited this at all.
• Various videos in his backyard or his office talking about human nature. Which is fine… I guess, but what’s the link to the channel’s niche? (I’ll give him a pass for complaining about YouTube.)

But even stuff that is related to the channel is a personal hot take. I get that things I say are my own opinion, but when you make a video declaring word processors the worst thing ever, which is frankly ridiculous because I had to edit a PDF document in LibreOffice Draw to fill out my taxes with my accountant friend. It’s not even an argument if WYSIWYG editors are bad, it’s not pointless and evil if I need to fill out a document sent me by my state! It’s not my fault Microsoft is a despot monopoly on governments and the business world; it’s not pointless when everyone views it as the standard.

There’s also the issue that not just DistroTube, but many Linux channels, are just not sustainable. Staring at a virtual machine and flipping through programs in an application menu isn’t enough and even distros which do make the cut on larger channels, just aren’t ready for prime time and are cluttering the internet with more exposure to Linux, but make people worse off than using a conventional proprietary operating system.

Then after friend of the channel the Linux Cast criticized distro reviews, DistroTube uploaded a video getting the most defensive I have ever seen him get in 5 years after getting his Linux content creator flippers on it.

But wouldn’t you be defensive if only source income was these sorts of videos?

Calling Others Out

This all changed with a trend I’ve observed in DistroTube. The thing that scares me the most is what happened to eBuzz Central. DistroTube made a video describing how eBuzz Central was responsible for plagiarism of news articles and other YouTubers, including copying DistroTube’s thumbnail layout. First, I will freely admit my thumbnails were stolen from the ever-infamous channel Dhar Mann. My thumbnails do have some differences and I will freely admit they are counterfeits if but in idea:

• rounded corners rather than boxes
• font is Quicksand not Impact
• I don’t have a person making a dumb face in most of my thumbnails, not often anyway.
• Orange is used instead of blue
• My titles are often more terse than Dhar Mann’s
• I don’t have any workers and Dhar Mann refuses to pay his…

But you see what I mean? I ’m afraid that DistroTube doing this is setting a trend. Sure, it might be okay when someone does something legitimately wrong like with eBuzz Central or Roel Van de Paar or some douchebag on Reddit bullying a viewer, but who’s next on the chopping block?

Whether you believe eBuzz Central is guilty or not, he brings up an interesting point:

We always talk about how big of a community is, but at the end of the day, it is small if something like this comes up, why wouldn’t people reach out? Why wouldn’t they say, “Hey man, what’s going on here?”

eBuzz Central: Ebuzz Central A Fraud? | Response To DistroTube, The Linux Tube & Everyone Else | 5:57

That’s the problem with doing videos like this. I don’t want any of what I’m saying to be an attack on DistroTube. I’m sure he’s a nice guy, but this behavior doesn’t exactly foster a welcoming community when people are being called out left and right.

I Have Problems

But I’m confident someone is going to make the argument my criticism is just epidemic of everyone I brought up: it’s a hot take that calls DistroTube out. I say this as everyone’s content has legitimate problems. With my content, it relies heavily on me ripping stock footage from random Linux conferences and Big Tech events; if I edit a video wrong or there’s a major change with Fair Use in the US, I’m screwed. I don’t have a fancy DSLR or mirrorless camera to film or take pictures and I’m locked up in the house or my cubicle most of the day. I also have the problem of my content is very inconsistent and people can’t really predict what I’m going to do next in a reasonable way. Especially since changing my channel name last year and streamlining my process, I can say I’ve learnt a lot, but I still have a long way to go. I’m still haunted by one of the few mistakes I ever made in a video by saying you needed an account to boot an alternative OS on the Steam Deck (I learned my lesson okay guys??) or flubbing my livestream weeks ago.

And truthfully, sharing political or personal beliefs on YouTube has always made me very uncomfortable, not just because I’m sharing it with the public is a part of it, but the fact that Google is a data hungry monster and is going to send you and me targeted ads attached to my Google account about such things.

It’s actually one of the reasons I never go “fleshtubing” (I recently learned this was a word by the way, it’s basically a zoomer way of saying recording in-person). We know social media networks like Facebook, TikTok, and YouTube all employ tracking algorithms to identify people’s faces, their age, or their race. I don’t want to be caught up in that dragnet and that’s why you will never see my face online.

Unlike a lot of people, I don’t have a modelled avatar for a gimmick, I do it out of the compromise of necessity for my own privacy. If you don’t like it, go watch a fleshtuber like DistroTube. When I say I value my privacy, I mean it and I value your autonomy as users because if it impacts you, 100% it impacts me or someone in my life. I hate technology so much I made entire channel to help all of you combat its ills.

A Ending Promise

I want to take an oath, if you will, to say my channel will solely be dedicated to technology. I value my privacy so much I will never divulge anything about my personal life that isn’t a technological stance. I also deeply research everything, because as my base grows larger, my opinion is going to carry more weight and I need to be careful with it and my own public presence.

And to DistroTube, times have changed. It’s time to grow up and embrace what Linux is becoming. Sure, you may not like it, but it’s coming whether we want it to or not. That means we use things like Wayland, Flatpak, and Pipewire. You aren’t a small channel anymore, you’re now one of the largest internet personalities representing the open-source community. Let’s be better together and let’s be for each other.

Hey guys, it’s always good to avoid controversial subjects, so let’s talk about the pandemic! The 2020 Coronavirus Pandemic fundamentally changed the way we go about our lives, but I want to address some of this today. One of the things greatly affected by the pandemic was the right to privacy.

The Pandemic Problems

Working from home and doing so privately has become more difficult with things like employee monitoring software, constant video calls with mandatory rules that your camera is on at all times, and the use of personal computers and “bring your own device” are now commonplace.

But this goes beyond the workplace and education. Many other facets of our lives are now done at home on video conferencing software ranging from therapy sessions, telehealth visits, and town hall meetings. The question is, how are we going to keep our computers clean and maintain our privacy in a post-pandemic world?

Schools, workplaces, and medical services require you use a personal computer, where you keep all sorts of things you’d like private, and they install all sorts of invasive video calling programs, anti-cheat rootkits for online classes, and bossware playing Big Brother to make sure you are working.

Instead of complaining, I want to take this time to either improve what we can do or more importantly, prepare us for the next pandemic. The next time this happens, let’s be ready.

A Disclaimer

Before I proceed with any of this, I want to you to be aware I do this for fun and games because I value my own privacy, but if this is critical to you getting a job, educational opportunity or healthcare treatment, do NOT do anything I say; your well-being is more important than the content I make on my YouTube channel. Pick the hill you will die on wisely and know which battles you can win. Be smart about this and don’t break the law or any guidelines set by work or school.

That being said, your employer or university might be kind enough to offer accomodations, let’s say that, so you can work from home and not have the privacy invasive technology wreck havoc on your personal computer. All of this is also a lesson on social engineering and while social engineering might have negative connotations because of the infosec world, it’s all about everyone getting what they want in the end. They get a good worker and you get your privacy at home and with your data. Think of it as professional excuse making.

I’m not going to go into deep detail, but I’m also going to go over price or potential costs. I understand, especially for broke zoomer students that price is an important consideration.

The “Work” Computer:

Obviously the cheapest solution is to have a dedicated computer. You could use an old computer you have lying around, buy a new one, or convince your employer/school to provide you one.

• Tell your employer providing you a computer will have everything all preset and it’s more secure as it’s hardware the company controls.
• Say how technically illiterate you are and installing all that VPN software and monitoring software is too difficult for you to do.
• If it’s a university, they often allow students to rent out laptops like library books and most other types of schools provide Chromebooks or iPads for younger age groups.
• Tell them you’re an Arch Linux user and frequently get kernel updates that break PulseAudio and Arch doesn’t natively support Zoom or Teams. (Don’t tell them Flatpak or Snap exist!)

Also when you make excuses like this: do not be hostile or say how much you disapprove of their practices. Your employer or university might feel they don’t have to do anything for you and you are the one on the short end of the stick here. You will get more accomplished by being agreeable and demonstrating the willingness to be a good worker.

The Home Router/Firewall

The con of being issued a computer is many schools or workplaces forbid you from installing software on your computer and this is where a home firewall becomes your first line of defense. A home firewall can be a spare computer or a dedicated piece of hardware to control what happens on your network. This also protects your back if a skilled adversary targets your company or university, like what happened with LastPass.

To prevent any unsavory connections, system calls, or third-party IT software tracking your home address, I use a pfSense firewall on a Protectli firewall when I’m at home . I have had bad luck with OPNSense, but many others tell me it’s great. Both pfSense and OPNSense allow you to set up custom VPN connections with a VPN provider through OpenVPN, Wireguard, or IKE2.

The Most Expensive (Potentially)

Unfortunately, this is a steep price hike. Buying dedicated hardware for this is at least $300 and paying a subscription fee to a trustworthy, commercial VPN provider, which can be up to another $10 per month. You also need the know-how to setup a firewall or acquire hardware to run it.

But using this setup ensures you never download any programs on a work device. Having a dedicated machine also makes it easier to mentally and digitally compartmentalize your work activities from your personal activities. I know when I crack open my Windows laptop I’m there to get work done. I believe with the right investment, this setup is incredibly effective at achieving privacy while working from home.

Using Your Own Computer

So let’s say you can’t get your hands on a device; there’s no budget for you or the school cheaped out on you, what now?

Virtual Machines

The next solution is if you have capable hardware, run a Linux virtual machine. VirtualBox or HyperV on Windows, UTM on Mac, and KVM on Linux through GNOME Boxes or virt-manager will separate your work life from your personal machine through a strong sandbox.

Interestingly enough, all of the video conference software most businesses use, like Zoom, WebEx, Google Meet, and Microsoft Teams, all work on Linux and Windows. I strongly recommend installing Windows 11, Fedora, or Debian because Zoom, WebEx, and Teams all offer .deb and .rpm packages. You also might want to consider using X11 as your display manager as screensharing is not as functional as it is on Wayland.

The Cons of Virtual Machines

The issue with virtual machines is USB passthrough, which varies wildly from device to device. This means you pass a USB webcam or microphone to a virtual machine so you can use it with video conference software, the same way you do on a physical computer.

Some might argue VM escapes are a threat, but the reality is business software from official sources won’t contain such exploits. HyperV and KVM especially are enterprise level software and Microsoft and the Linux Foundation will do everything in their power to stop that from happening.

This also requires you have a half-competent gaming computer in order to run a virtual machine effectively. You also need to be sure you can allocate enough storage and if you do something like animation or video editing, this is progressively more difficult. Anti-cheat software and security programs might also alert your proctors or your IT department you are using a virtual machine.

Live USBs

If you can’t get a virtual machine working or you have a low-spec computer, use a live Linux USB. The live USB ensures you can use a separate operating system, but still using the same computer. The problem is removing the USB stick will cause you to lose your setup and lose all of your data. There’s also the issue of performance. Especially on low spec hardware, live USBs are limited in their read speed and running off the RAM of your computer.

Secondary/Portable Drives

To avoid your files getting erased, you could use a portable hard drive or a second drive. If you have a second SSD or hard drive, you can boot into it when you need to get work done. And since you have full control of your hardware, you can use VPN software on your device. Using Windows on a portable hard drive isn’t very feasible (it was discontinued in 2020), but it will if you use a PCI or SATA connection. Debian, Fedora, and Ubuntu should work fine regardless of your situation.

Progressive Web Apps

Many programs today are also done in progressive web apps, and using a Chromium-based browser like Brave, you can use many websites the same as you would on Windows. I did a full video on running Discord as a progressive web app and you can apply the same blocking techniques to other web-based software like Google Meet or Slack.

Webcam Rules

Now we also have mandatory webcam rules. Some workplaces, online classes, and telehealth visits require interviews or your work day with your camera on all day. Of course, you could raise a stink about it (and some would argue you should), but it’s far easier to play stupid than say you don’t like something. Whenever you appear in a video call, always have an excuse ready, especially when you take your computer to get setup with your employer.

Desktop Computers

The most successful one I have had is say your main computer is a desktop computer. Most monitors for desktop computers don’t include webcams or microphones and it’s impossible to use video conferencing programs without one. Don’t tell them you use your USB webcam for running a secret Vtuber YouTube/Odysee escapade though!

And notice this: I never lied to my employer; my main computer is a desktop computer and my poor Asus E403NA laptop isn’t good enough to run Zoom. When I told them about my situation, they were happy to provide a Windows laptop with Microsoft Office and monitoring software preinstalled.

Part of making a good excuse is you express that you are trying your best to do what they want. Also pick something that is the most true for you.

“My Internet is bad”

But let’s say your employer or school isn’t as accommodating. They give you a webcam and tell you to get to work. You can also claim you live in an area with low-bandwidth. You know what takes up a lot of bandwidth? It’s the pictures and videos in video calls!

If you were to say, your first couple of calls, disconnect yourself from the network from your settings rather than hanging up in the middle of a call, it will help sell your story. This way, participants in a video call will see you disconnected and you come back, but tell them “Oh my call works better with my webcam off,” they just want you to get work done and will be more likely to adapt to this change.

What about your phone?

One question I heard once from the doctor’s office was “why don’t you use <<our video conferencing app>> on your phone?” But I was prepared. I bought a cheap phone from Best Buy, hit the screen a few times with a hammer, used the Android Debugging Bridge to rip out all Google apps, and brandished it in front of the receptionist and said “Oh, but my Android phone has trouble downloading apps.” And that ended conversation really quick, with my iPhone safely in my pocket.

A Little Bit of Tape

Another weird alternative is putting layers of scotch tape or using a dedicated room in your home for work. Now hear me out: the layers of scotch tape diffuse the mass surveillance and facial recognition done by platforms like Zoom and Microsoft Teams, but it allows people to loosely see the detail of you and your workspace.

A Dedicated Space

The other reason why I recommend a dedicated room or space is as a last resort if they demand you remain on camera, you can limit how much of your home they see. Make sure important sentimental or controversial things are not in frame like:

• pictures of you, your family, or friends
• certificates or trophies
• items unrelated to work
• religious imagery
• alcohol or smoking products (depending on culture)
• adult or NSFW material

The reason you need to do this is because first, your coworkers and supervisors will judge you based on your Zoom room, so it’s to be conscientious of this. The other reason it’s easier to mentally be in a room you know you’re going to be working. This tells you mentally, I’m in this room, so I’m going to be working.

The other reason is some anti-cheat proctors will demand you move your computer around and show them the entire room. This way, if you are forced to do so, you can limit what they see.

Takeaways

The culture of working from home may be a new one, but the situation is not entirely hopeless and we have a wide variety of options at our disposal.

• You can use a dedicated computer or a work device.
• You can use a Windows or Linux virtual machine to separate your work activity on your main machine.
• You could use a live USB or a portable drive to boot into Linux and do your business.

You provide sufficient excuses to get your work done and play dumb.

• You have bad internet.
• Your computer can’t run the software.
• The webcam provided isn’t Linux-friendly.
• That you’re too stupid or tech-illiterate to download their stuff

And hopefully this provides some hope in our ever-connected cyberpunk dystopia.

Hey everyone! You know, a funny thing happened to me on the way home today. I ran out of content, that’s what! So I decided that I like pain, so let’s install Alpine Linux as a desktop environment!

For those who don’t know, Alpine Linux is a distribution that prides itself in being incredibly minimalist. There’s no graphical installer, they don’t include the core GNU utilities, and they also use the BSD equivalent of sudo doas.

As a result of being incredibly stripped down, Alpine is generally used in the development of containers, but who told you you couldn’t use it as a desktop OS? I want to, gosh darn it! I want to perpetuate the meme and clown all those FSF zealots!

“I use Alpine, a distro that doesn’t include the GNU coreutils, or any other GNU code. It’s Linux, but it’s not GNU+Linux.”

Luke Smith, Schooling a Beta GNUtard on Linux

In all seriousness, I got a nasty idea in my head. A constant meme is perpetuated by online Linux circles is begging people to use things like Void Linux or Gentoo. And when I began to consider the systemd-free distributions. The fact of the matter is it is far easier to use systemd than to use something like openrc (Alpine’s alternative) and many applications are built around it. The documentation is way better and it sees very active development.

That being said, on a security perspective, systemd does too many things, more than what most desktop users or admins need on a daily basis. This isn’t to systemd is inherently bad. Controversy on the internet travels quickly and lives a long time, and there are still people who resist this to this day for the wrong reasons. The beauty of open-source is you have the choice not to use it.

First, I’m not using Gentoo, because I am not waiting 16 hours for a minor update to compile. Binary distributions all the way!

Second, with distributions like Devuan, Void, and Artix, it’s difficult to pinpoint how widely used these distributions actually are and whether they get the love and attention your operating system needs (No offense, but I might look at them in the future).

Alpine Linux is the only distribution that fits most people’s needs in this regard. It’s a minimal, binary distribution with biannual releases, but there’s a surprising number of packages in its repositories to get some work done. You can still browse the web, watch videos, or edit documents; practically anything you could do on desktop Linux is available to you. Except for:

• Gaming (at least optimally)
• GPU acceleration that isn’t integrated (Nvidia only supports glibc not musl, AMD requires Gentoo hacks)
• Running in a virtual machine as a desktop OS. I can’t get spice-vdagent to work and good luck with VirtualBox
• Programs that require systemd

Installing Alpine

If you are using Alpine on a virtual machine as a desktop user, I strongly recommend picking the standard ISO. While you might be tempted to pick the virtualized install, it’s so stripped down, you won’t be able to use copy/paste or drag/drop with Spice or have any other major kernel features out of the box.

1. On boot, hit Enter to proceed with booting
2. Login as root. There’s no passphrase.
3. We’re going to run setup-alpine. This is a command-line installer for Alpine Linux.

setup-alpine

Alpine’s command-line installer actually bridges together multiple other scripts that automate the process of building your system. I have them as headings here as a bit of insight to what’s happening.

setup-keymap

• Select your keyboard layout by country code. Mine is us.
• Select your keyboard variant. Mine is us.

setup-hostname

• Enter system hostname. For a desktop user, the default of localhost is fine, but you can change this whatever you want.
• Next, we need to connect to the network by selecting an interface. I always use wired eth0, but Alpine’s kernel should have the priorietary blobs necessary to get Wi-Fi to work.
• Choose dhcp (default) for a dynamic IP.
• Additional configuration?

usermod & passwd

Create a passphrase for your root user. Don’t worry about this one, because we’re going to lock the root user later.

setup-timezone

• Press ? to see what timezones are available and pick the one that’s applicable for you.
• I live in the US, so I’m going to pick America/
• Next, the installer will ask for a sub-timezone. This is the area you live in.
• I live in the East Coast, so I’m going to pick New_York.

setup-proxy

I don’t use a proxy, but you can configure one here (Default: none).

setup-apkrepos

Alpine will now show various mirrors for their repositories. You can select a number here for a specific one, press f to choose the fastest, or press r for a random one.

Standard user

I’m going to set up a standard user account, where I can do my daily activities. I’m going to pick user, but you can put whatever you want here; it’s your username.

Next, it will ask for your passphrase and make this passphrase a good one.

setup-sshd

I’m not going to be using SSH, but you can set it up here.

setup-disk

• Choose the desired volume. Mine is vda.
• Choose your desired volume type. If you are using a virtual machine, you can select the default of sys. However if you are using a physical computer, I strongly recommend choosing cryptsys, which is the encrypted LUKS install, which will protect your computer in the event of seizure or theft.
• Type in your passphrase at the prompts.

Post-Installation

Now we can reboot into our new system using reboot. Now enter in your encryption passphrase if you have one, since you’ll need to do this when you boot up. First, we’re going to log to our root user and get our stuff set up.

APK Updates

Alpine uses the apk package manager (Alpine Package Keeper), which is pretty basic, so you need to hold its hand a little bit.

• apk update to update the package list.
• apk upgrade --available to install any upgrades.
• apk add <package> to install a package.
• apk del <package> to uninstall a package.

I prefer to use vim instead of vi, but you can do whatever works for you.

Rootless User With doas

By default, Alpine does not install sudo, but we’re going to opt for doas, as it is more minimal. Remember, I chose user as my username, so you need to choose your username.

adduser user wheel
apk add doas

Now, we need to logout of our root user and into our user account, now with freshly minted doas privileges by typing exit.

On logging into the user account, we now have reduced privileges and we are able to run commands with doas. Now we need to lock the root account, so nobody can just abuse it.

doas passwd -l root

Installing a Desktop Environment

As Alpine is largely used on servers, we need to add the community repository to gain access to desktop packages. With doas, we can edit the line with the community mirror.

doas vim /etc/apk/repositories
doas apk update

You’ll know it worked when the package count leapt from ~4000 to ~17000.

Alpine does not have a wide selection of desktop environments, but they support:

• GNOME
• KDE Plasma
• Sway

I’m going to pick GNOME as GNOME on Alpine doesn’t require using Xorg, since we should all be moving to Wayland. To be clear, installing GNOME, KDE, or Xfce doesn’t install a minimal package; it installs some other things too.

Run the following command to setup your desktop. We also need NetworkManager, . Afterwards, we’re going to reboot and start those new services.

doas setup-desktop [gnome]
doas apk add bash bash-completion networkmanager-wifi
doas reboot

Niceties

The following are things I have tested out.

Debloating GNOME

Let’s debloat GNOME.

doas apk del firefox
doas apk add evince eog nautilus alacritty vlc

Flatpak

Now let’s setup Flatpak with some of the packages we need, which provides a whole host of apps that never would be in Alpine’s repos anyway.

doas apk add flatpak
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak install flathub org.mozilla.firefox

Pipewire

There’s no sound out of the box, so let’s install PipeWire.

doas addgroup user audio
doas addgroup user video
# If you installed a desktop environment
doas apk del pulseaudio 
doas apk add pipewire wireplumber pipewire-pulse

AppArmor

There’s no mandatory access controls in Alpine, so we need to install it ourselves.

doas apk add apparmor apparmor-utils apparmor-profiles

Next we need to review our Linux security modules (LSM).

cat /sys/kernel/security/lsm

Then we’re going to edit the boot configuration to override the default LSM files. It’s important you copy /sys/kernel/security/lsm and put whatever you saw there, with

doas vim /boot/extlinux.conf

lsm=landlock,yama,apparmor

Now start AppArmor on boot:

doas rc-service apparmor start
doas rc-update add apparmor boot

Finally, verify AppArmor is working.

doas aa-status

If this is good, then set all available profiles into enforce mode. If you use any of these applications, set them into complain mode if they give you problems or write your own configuration.

doas aa-enforce /etc/apparmor.d/*

Spice Agent

I haven’t figured out how to get Spice working properly on Alpine. If someone knows, let me know down in the comments on YouTube or Odysee.

Long time viewers of the channel know I don’t talk about my current setup. I started using KDE Plasma a couple months ago and I’ve been incredibly impressed with how just a little bit of setup, KDE Plasma has become my desktop environment of choice.

Why KDE?

The last time I daily drove KDE was 6 years ago. I ran a setup much like MacOS and was a big Latte Dock user (rest in peace Latte Dock). KDE is also a powerhouse in desktop Linux, coming strong through things like Valve’s Steam Deck or as the flagship in SUSE’s desktop spins. KDE is one of the oldest desktop environments in Linux, receiving funding from Google, Canonical, and Tuxedo.

Long time viewers will know I previously used the Awesome window manager and GNOME on camera in the past, but I’ve never gotten into detail about this change. I also have an Nvidia graphics card (specifically the Nvidia 1080 TI) and have been seeking the next thing that runs it the best. I want to advocate for using what works for you, but at the same time, we need to be looking towards the future.

Wayland & Nvidia

The truth is most Linux desktop environments or window managers are not prepared for the future or don’t see enough development. One of the major reasons I switched was Wayland. Along with GNOME and Sway, KDE promotes and supports the Wayland display protocol, a secure and cleaner display system for the modern age.

Many other desktops just are not prepared for Wayland and part of future-proofing our stuff is using software that promotes future technologies. Wayland is more secure and we need to use as much as possible especially since XOrg’s development has hit an all time low.

Now the eagle eyed among you will know Nvidia is a massive pain on Linux. But in reality, I had to make zero changes to get KDE to accept the proprietary driver. What shocked me the most was I had experimented with KDE months ago and Nvidia was not functional at all. It truly is a “it just works” situation!

Of course, this might be because I have an incredibly common computer. I frequently get asked what my computer is, and if you want to know, go look up the Cyberpunk 2077 benchmark computers. Basically, I have that and 32 GB of RAM and Fedora 37. Your mileage may vary. If you are using an older KDE version on another stable distro, do not expect Wayland to work with Nvidia.

Tiling Windows

Every nerd loves a tiling window manager, but while I initially wanted to use the Sway window manager, they refuse to support the proprietary Nvidia driver, so they’re off the table. That sent me crawling over to GNOME, where you can use System76’s GNOME extension, Pop Shell. I’ve never covered it in depth, but it adds a sort of “pseudo-tiling” functionality to GNOME. I’ll freely admit using Pop Shell in its current state is an objective downgrade from using a tiling window manager, but I wanted to experience Nvidia and Wayland, for content of course!

But System76 rocked the Linux desktop space by announcing the creation of their own desktop environment, Cosmic. This actually got me worried because if System76 is going to drop GNOME soon, what’s going to become of the state of Pop Shell GNOME extension?

A talk by Victoria Brekenfeld, where she discusses smithay, PopOS’s custom Wayland compositor.

Yes, I am aware that System76 wants to support Wayland and Nvidia, but it’s going to take time for that to propagate through Linux distros repositories. For perspective, it took years for Arch Linux and Fedora’s maintainers to package ElementaryOS’s Pantheon desktop environment when it first came out. Plus there’s the risk Cosmic will suffer the same fate Unity did at the hands of Canonical.

On the other hand with KDE, KDE has pledged to support a new API to allow built-in window tiling without the assistance of an extension. This functionality is now in KDE, but developers still need to catch up, so I’ve been using bismuth, the most popular extension for tiling, which also has a .RPM package in Fedora.

Moving from Pop Shell to Bismuth is night and day. Pop-Shell requires you press a set key, like Super + Shift + Enter to enter a “window moving” mode, then another key to move your windows around (default hjkl). It’s a lot of keystrokes and moving to Bismuth requires I only press 1 shortcut to shuffle windows around.

Since Bismuth is around and KDE has added new APIs to support window tiling, I can now rest assured that nobody is going to touch my window tiling!

In defense of Pop Shell, this is likely a limitation of GNOME.

Customization

GNOME has treated me well and I can still say that I still has one of the stable desktop experiences out there. But a lot of people, including myself, don’t like having work around GNOME having their own vision, particularly when that vision doesn’t align with my own.

For example, you can’t export your GNOME keybindings through the GUI. Instead, you run this dconf command to output the keys into a file.

dconf dump /org/gnome/settings-daemon/plugins/media-keys/ > keys.txt

Then you need to load the same keys again on the new device.

cat keys.txt | dconf load /org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/

I respect GNOME for what it is, but I don’t want to have to fumble through dconf to figure out I have to do when at least with KDE, while their settings menu is confusing, at least it’s search-able. They also let you set a default terminal (unlike GNOME), have more than 4 desktops accessible via keybindings, and native tiling windows.

KDE also lets you customize your desktop to a great degree. I always gravitate to the Unity layout (Ubuntu Unity) since it makes better use of the short-end of the screen, but I stopped because of the way my multi-monitor setup works. My current setup is more similar to Windows 11, but instead of nagging from the weather widget, I have a visual list of all my desktops.

The KDE Ecosystem

I tried out each various programs from the KDE ecosystem:

• Dolphin has improved a lot and even has the ability to mount Apple devices via GUI, which only GNOME used to be able to do previously. Dolphin also has better thumbnailing for non-standard files, but you need to install ffmpegthumbs on Arch or Fedora.
• Spectacle also lets you annotate or draw on top of screenshots as well as record native Wayland sessions, which is an absolute functionality win compared to GNOME Screenshot.
• Discover now has direct links to a project in the repos, which is something GNOME Software doesn’t have. However, Discover’s auto-update feature is so resource intensive that I just deleted PackageKit and Discover altogether out of annoyance.
• I tried using Kmail, but as a creature of habit I went back to using Mozilla Thunderbird.
• KColorChooser is one of the few standalone color pickers on Wayland that I know and it’s very functional.
• KDE Partition Manager, while native to KDE, still feels inferior to GNOME Disk Utility. GNOME Disk Utility is more intuitive, doesn’t require root privileges on startup, and lets you burn ISOs to devices.
• Okular lets you sign documents (even if the method is really convoluted)
• KCalc doesn’t connect to the internet (did you know GNOME Calculator connects to the internet to get real-time currency conversion rates?)

Caveats

I’m going to briefly going to touch upon some minor issues now.

• KDE 5.26 has errors when you log out and your computer will be a black screen. I have replicated this on both X11 and Wayland, but 5.27 has fixed it. However, 5.27 is only being shipped in Arch Linux right now.
• Firefox on Wayland requires a special flag on KDE and using your distro’s native package or the Snap will give you problems. If you use the Flatpak and add the environment variable MOZ_ENABLE_WAYLAND=1 in .bashrc/.zshrc, it will work fine.
• Copy/pasting in (Neo)vim requires you install wl-clipboard as vim defaults to xclip rather than a native Wayland solution.
• DaVinci Resolve does not display window decorations. It doesn’t mean much to me as a tiling window manager user, but if I was using KDE as a floating window manager, I’d be upset.
• Chromium/Electron apps, like Signal or Brave, and Zoom cannot share your screen. This is because XDG Portals, a standard in the XDG Desktop, isn’t yet supported.
• OBS works as long as you are using Pipewire and you add the environment variable (You should be using Pipewire because it’s more consistent and secure than PulseAudio)
• Night light filters do not work on Wayland, not on KDE nor GNOME.
• Mixing GNOME and KDE apps does not look good. Same criticism applies for GNOME.
• Windows that don’t use their own icons will default to using XOrg or Wayland icons, depending on which display system they use.

Did you that the retail company Gap is expecting net sales growth in the coming year? I heard about during that new Microsoft video where they demoed ChatGPT! It looks really great until you realize there’s no way clothing retail is going to go up at all in our suffering economy and ChatGPT lied to me!

And Google Bard? More like Google Bad! But it’s not just Google guys! It’s the AI craze everyone has been talking about and the chat bot to triumph over all chat bots, ChatGPT. AI has a place in automating grunt work that could otherwise be incredibly annoying to do. I use a few offline programs from such purposes, but what ChatGPT does completely breaks the purpose of AI and it’s time to expose its weaknesses and why I have not and will never touch it for the remainder of my life!

ClosedAI

First, let’s talk about OpenAI, the company responsible for the creation of ChatGPT. OpenAI was originally a non-profit organization that wanted to collaborate with other businesses and groups to expand the use of AI, but to keep things short, OpenAI spent hundreds of millions of dollars to build their organization’s infrastructure and were unable to make any money and as a result, became a “capped for-profit” company.

We Don’t Know What’s Happening…

Lots of big names have invested in OpenAI for years, but most importantly are the products developed by OpenAI, like:

• Alignment: an AI traning framework
• DALL-E 2: an image generation program
• Whisper: a transcription tool
• And ChatGPT: the informational chatbot.

The problem is out of every tool released by OpenAI, we know little to nothing about how any of their programs work. In fact, out of every program I mentioned, Whisper is the only one that is fully open-source. In fact, Whisper became so popular they removed the issue tracker from their GitHub. So much for feedback, right?

OpenAI provides technical documentation and research papers for their tools, so we know roughly how these programs work, but we don’t know the process by which OpenAI trains anything. It’s really on the basis of “just trust us”, but that’s not good enough in my book.

The Time Exclusive

In fact, some Time reporters thought they got the 1-Up on OpenAI by describing how OpenAI hires Kenyan workers to filter out toxic waste from their training models for less than $2 USD/hour.

First off, us brain-dead Americans and Westerners expect to get more money, but this amount that they are paying is actually quite fair and it’s much higher than the standard wages of Kenya. The issue is, if Time can go run with this dumb story like it’s some sort of secret, it really shows how little anyone outside of OpenAI really knows what’s underneath the surface.

This isn’t even touching on the “open-source” thing, because why would they open-source anything? But it’s more about how is it that a company called OpenAI never talks about publicly or lets anyone see behind the curtain.

Open In the Public

But let’s say we don’t care about the nitty-gritty technical details—what about their privacy? I don’t think it’s fair to test OpenAI’s security since they haven’t been open to the public for a long time, but privacy I believe is something they can fairly be judged for.

Please note that phone verification is required for signup. Your number will only be used to verify your identity for security purposes.

A serious crime OpenAI commits is demanding for your phone number or as we should take to calling it, your internet social security number, because every dang service wants your phone number, the personal tracking beacon of your life, to do the most basic things online! It’s already bad enough in the “land of the free and home of the brave,” but other countries have it worse. You basically need to hand over your real identity to OpenAI.

I refuse to use any service that demands a phone number out of me and I can’t wait for someone to say in the comments “Your number will only be used to verify your identity for security purposes.” The bleak reality is OpenAI couldn’t give one about your privacy. In fact, reading through their privacy policy yields legal boilerplate that lawyers love, great things like:

Conducting/Sharing Research About You:

To conduct research, which may remain internal or may be shared with third parties, published or made generally available;

Using PII to Feed the Beast:

To develop new programs and services;

Sharing Personal information

In certain circumstances we may share your Personal Information with third parties without further notice to you, unless required by the law, including without limitation in the situations below:

• Vendors/Sevice providers
• Business acquisitions
• Affiliates
• Other Users

But none of these things could really be that bad, right? Who could OpenAI possibly affiliate with?

Microsoft Marketshare

Microsoft has been very open about their integration into OpenAI with executives proudly bragging about the integration ChatGPT will have in Bing and AI throughout the rest of Microsoft AI products.

But we all know Microsoft is a soulless corporation that wants in on the next best thing and has transformed the tech industry into a mad rush to get AI in an arms race with Google and all of us civilians are caught in the crossfire. Microsoft isn’t content on just integrating in Bing, they want to control OpenAI itself and harvest the wealth of data and information of its users. Microsoft has invested $10B into OpenAI, outpacing all of the other donors of OpenAI and owning the absolute maximum of 49% of the company.

Microsoft’s Acquisition Addiction

It isn’t the AI or the open one they dumped money into; it’s about setting the stage for market dominance. In the past year, Microsoft has been ravenously hungry to capitalize on their dominance outside of their already thoroughly crushed enterprise field.

• One of the worst news of last year was the $69B acquisition of the popular games company, Activision/Blizzard and $7.5B Zenimax, aggressively trying to centralize a grip on gaming communities.
• Microsoft has been expanding its advertising network, specifically Bing’s own advertising network, by signing a major deal as the principal advertising of Netflix’s new free tier.
• Even though most people previously laughed at Bing, Bing was still consistently the second most popular search engine to Google. While Google is imperfect, at least Google isn’t objectively evil like Microsoft is.

And all of these factors positions Microsoft to extend their reach to control more of people’s lives. And what better time when all of other Big Tech companies are in the federal wheelhouse to regain the power they once had…

ChatGuineaPigTesting

An unfortunate side effect of everyone talking about how amazing ChatGPT, and this isn’t to downplay it, sometimes it is awesome. But when their system can get so many things wrong, even under the prerecorded fake demos created by Google and Microsoft, can we even trust this technology?

ChatGPT and GPT-3 was and has been trained at this for a long time and pushed it out to the public as some sort of guinea pig test, and it still gets everything wrong.

On Wikipedia, there’s a screencap where someone asked ChatGPT if Jimmy Wales died in the Tienanmen Square massacre, which it correctly answers no, but it wrongly states Jimmy Wales was 23 at the time. The core question is answered, but accuracy is an ongoing issue with many prompts you issue ChatGPT.

Here’s some more good ones:

• True and real ChatGPT (@brodieonlinux)
• Bings Favorite Human? Bill Gates…. Sus as hell! (@christitustech)
• “Who won the [2023] super bowl” but it’s based on 2021 data (shank on Hacker News)
• A Conversation With Bing’s Chatbot Left Me Deeply Unsettled (Kevin Roose, New York Times)

It gets better, it adds this cute little disclaimer at the bottom, claiming “oh it’s not a definitive answer” (and if it’s the Bing one, it’ll probably add an emoji afterwards), but this is a weak excuse for leading people to overvalue the system and treat it as an authoritative source,

Sometimes, the AI gets derailed and seemingly for no reason.

Then there’s also the problem of legal issues and the fact that Bing giving this training network the internet, the AI is now going to be trained on material people never would have imagined or consented to.

For example, ChatGPT and GitHub Copilot can generate code if you ask it, but what if this code was originally from somewhere and sometimes violates the license of the original code? If you ask ChatGPT to write you a story, how do you know that ChatGPT isn’t pulling from material that could hold you liable for plagiarism of intellectual property? Guess you better have fun getting sued to find out!

Then there’s all those Ne’er-do-wells using it in malware or trying to exploit governmental systems. In fact, this has gotten so bad that Microsoft has had to limit questions to 5 heavily neutered responses and sneaking in emojis at the end. That’s going to get those pesky troublemakers to stop! I’m sure the consequences were considered!

Outro

Okay, I’m done. I’m never touching any of this Bing, Google Bad, OpenAI crap for a long time.

Additional Videos:

MATT: Here’s some insider information Windows Insiders never get. It’s the most optimal way to view images on Windows. Introducing ImageGlass! An amazing and blazing fast image viewer that opens all of your images!

Are you tired of Windows not opening common photo formats? Do you want to speed up this process by up to 5 times? ImageGlass uses the free and open image formats to open any image you want, Adobe Photoshop support, cropping, resizing, and changing image formats of your images.

Did you find out that Apple’s iCloud gave you someone else’s photos?

CARMEN: Just install iCloud for Windows from the Microsoft Store and the photos you take with your iPhone will appear automatically.

buzzer

WINWARD: There has to be a better way!

MATT: Are you tired of using hack image programs that might not be getting updates anymore? Now ImageGlass gets updates automatically, sets itself as your default sets itself as your default photo viewer, and efficiently caches photos you want to view next.

ImageGlass makes viewing images a snap! Just double click on your images today for only $9.49 from the Microsoft Store.

If you download now, we’ll double your download value! We’ll even throw in the bonus image format compatibility that Windows Photos can’t open for free! That’s right, free and without the bloatware extensions That’s right! Free and without the bloatware extensions from the Microsoft Store. So don’t delay! Download today!

If you download ImageGlass right now, we’ll even throw in the optional family photos of ImageGlass creator Phap Dieu Dong for free!

(sped up voice) To download your copy of Image Glass for $9.49 plus free shipping and handling, call 248-434-5508, or see other ways you can donate at imageglass.org/support. Once again, that’s 248-434-5508. Call now!

Stream - Kyaai

MATT: Hello everybody. Welcome to Samsung. Let me present with you today the bingo card cam. You can now actually see what I’m writing. So look, we have the word “epic” because oh my gosh, we were so epic guys.

WINWARD: Oh boy, a disclaimer!

MATT: Disclaimer is exactly the same as last time.

WINWARD: Wait, are we gonna get..

MATT: Wow. My gosh, I know you too well, Samsung. This is literally the exact same disclaimer with the exact same wording. Wow. Oh, and mm. Okay, Samsung, you’ve shown us the disclaimer long enough. We’re going to do this… they’re just going to show it for a minute to make sure you really, really get into your head that you’re not allowed to do any of this.

WINWARD: They want you to actually read through the whole thing.

INVESTOR: Most people, when I ask the question, they go, what is it? And my answer is, if you don’t know, how could your kids possibly know because they’re the ones exercising it after you’ve passed away.

What is a Disclaimer?, Christopher J. Kruse

WINWARD: So yes, it’s live.

(applause)

(Matt laughs in Samsung simpology)

WINWARD: The X in Galaxy are the lights? That’s rather cheesy. They have a disclaimer on the picture that they’re showing in the background.

MATT: All right, let’s talk about that now. The disclaimer is so small I can’t even read it! What does it say? May not be available in like…

WINWARD: Images simulated for Windows something?

MATT: And we’re just going to make a tally of every time Samsung says a disclaimer. Because if you get 30 Samsung, I am deducting 3 points from your rating.

WINWARD: You know, if we were ever live in-person during a show like this, we would be so horrible because we would just be talking the whole time.

MATT: We would just be talking the whole time, because this is the most insufferable presentation ever. You know, it’s funny. I got, I got asked by one of my co-workers, “Don’t you want to go to like one of those technology conventions?” And I said, no, because watching these conventions is worse than watching a B rated movie

TM: In the powerful… (inaudible)

MATT: Is the microphone glitch? Poor audio mixing? Can we check the poor audio mixing box?

WINWARD: I mean, I mean, it’s it’s live. So I mean…

MATT: No, no, poor audio mixing.

WINWARD: Okay, fine.

MATT: That was that was pretty bad. Check the box. They got the phone.

WINWARD: Geez, are they already almost at a bingo?

MATT: This is so fast. Maybe I should have just left it as you know, penalizing them for being bingo early.

TM: I have to thank my (inaudible)

WINWARD: I think they’re going to go blackout again.

MATT: The audio glitched out again, why?!

WINWARD: Okay, yeah, that’s just bad audio mixing.

MATT: Why?? Why did the audio glitch out again? Like what is what’s happening?

WINWARD: Wow, they got rid of the bezel thing.

MATT: Wait, so this isn’t increased camera bumps.

This is decreased camera bumps.

Disclaimer #2?

MATT: All right. WINWARD: That that was at least 3 that I’ve seen.

(Matt speaks in disclaimer disbelief)

MATT: Dude, the disclaimers are so tiny!

WINWARD: There’s another. (laughing)

MATT: Oh, here we go. (laughing)

DREW: this Unpacked were filmed using the Galaxy S23 Ultra.

(MATT laughs in #withGalaxy)

BUDDY: You sit on a throne of lies.

WINWARD: Oh, wait, they’re saying that this was

DREW: world renowned director (inaudible)

WINWARD: Is that why the audio keeps glitching?

Because they’re trying to power this whole thing using smartphones?

MATT: “With the aid of professional equipment!” I’m sorry, every time I see like the camera boom with like with a phone or an iPad in it,

WINWARD: With a phone?

MATT: I just cannot take it seriously. It’s like there is NO WAY these people are doing that with these cameras.

WINWARD: It’s like okay, did you get the shot? Okay, switch it out for the real camera.

RIDLEY SCOTT: Just do it.

MATT: Just do it. Just do it.

WINWARD: Another disclaimer.

MATT: All right. All right. I was worried that I set the number too high, but now I’m thinking I didn’t set it high enough.

WINWARD: Image simulated for illustrative purposes.

MATT: Okay, we got that one. So that means if we ever see that disclaimer again, we can’t use that one.

WINWARD: There’s another. MATT: Wow, this is like… Samsung, you’re killing me here.

WINWARD: I’m expecting one in the corner to be like not a picture of an actual horse or something.

MATT: I mean, it could be like not the real Leonardo da Vinci.

WINWARD: They tried to hide that one.

MATT: They showed another one. Wow, they just keep going. Wow, another disclaimer.

JACKS: When lighting is low…

MATT: Technobabble delivered via narration? I think this is technobabble delivered via narration.

WINWARD: 100%.

MATT: This is just complete bogus nonsense. Wait a minute, they filmed this all in one go because this is the same set that Ridley Scott was using.

WINWARD: Don’t worry about it.

MATT: Look at them bragging about their UI. Samsung, Samsung loves bragging about their UI. They absolutely love talking about their UI.

JACKS: …high quality GIFs to share with friends and family.

WINWARD: She said GIF. I disagree with her pronunciation.

MATT: There’s gonna be people flaming, flaming mad.

MAN: In this case, the creator of the Graphics Interchange format, Steve Wilhite says it’s GIFs.

Devolver Digital - Big Fancy Press Conference 2018

WINWARD: It’s not peanut butter. I promise it’s not peanut butter.

MATT: Disclaimer. There’s 2 disclaimers there in the small print so that the people who are watching this online can’t read it.

NA: (speaking Korean, inaudible)

MATT: What? Wait, why is it glitching out there? What?

WINWARD: Well, it did in the other pre-recorded thing with the woman who was speaking, So I don’t know what they’re doing for their audio mixing.

MATT: I didn’t even notice that one. What are they doing? Samsung, this is embarrassing.

NA: (speaking Korean, inaudible)

WINWARD: Is the audio dying? Audio dying?

MATT: Yep, yep. Disclaimer.

WINWARD: Disclaimer, disclaimer, disclaimer.

MATT: All right, Samsung, we’re at 20 disclaimers. Get 10 more and… AI, AI. There we go. AI, AI. Robots and them AI.

WINWARD: That was like 3 frames of a disclaimer. I mean, come on. How is someone supposed to read that?

YOONIE: And that’s just the beginning of the epic camera experience at Galaxy…

MATT: Epic! Epic.

WINWARD: Just in case you didn’t think that Epic was covered, it’s been covered twice.

MATT: Just scribble it over some more. Wait, there’s 2 disclaimers on top of each other.

(laughing)

WINWARD: They have to be memeing at this point.

MATT: This is like Samsung, come on.

(music abruptly ends)

Wait, that was just a hard audio cut. What was that? That was so bad.

WINWARD: It was a hard cut going into it as well.

MATT: (laughing) That disclaimer. Another disclaimer! One more disclaim—all right, Samsung, you’re getting a 7/10 now. That was so bad. Couldn’t even finish my sentence. All right, Samsung, you now lose 3 points in your rating. Congratulations.

WINWARD: Qualcomm chips? Qualcomm?

MATT: Qualcomm? Qualcomm? Qualcomm? Samsung,

WINWARD: That counts!

MATT: what are you doing with Qualcomm? What happened to making the new chips with Google? Guess what, guys? Less security updates for you now. You only get 3 years of security updates because Qualcomm hates you, that’s why.

WINWARD: I mean, you chose a Samsung phone at the first place anyway, so.

(Winward laughs in rapid disclaimers)

WINWARD: That was 4!

MATT: That was so many disclaimers.

WINWARD: Four disclaimers, back to back to back.

MAN: Is that a phone?

MATT: No one talks that way.

WINWARD: This feels really cringe. I just want to, I just want to like go crawl into a hole. It’s so cringe.

MATT: This is so bad.

WINWARD: (screams in cringe) It’s so cringe. No clapping, by the way. Zero clapping. They clap after everything else. They did not clap after that.

DREW: …to our PCs.

MATT: What? I wasn’t prepared for this. I thought we were only doing phones. How overpriced do you think this computer is going to be?

WINWARD: $2,000. It’s always at least half again more expensive than what you think expensive enough is.

WINWARD: Is that the intended audio quality or is that broken audio quality?

MATT: I can’t tell. Yeah, Samsung, your audio stinks. come on.

WINWARD: I gave them the benefit of the doubt back in the beginning and yeah, they have really bad audio mixing on this.

RYAN: Being on mic is part of the fun.

MAN: Run, run, run.

WINWARD: There was a stark lack of swearing there.

MATT: (crosstalk) There would be a kid saying, hey, anyone got a mic? And then instantly the wave of like angry grown men are going to be shut up, you stupid little kid. What are you doing without your parents playing a video game?

WINWARD: It’s like Apple handoff. Wow. Amazing. It’s like iPhotos.

MATT: Yep. bragging about bloatware. bragging about bloatware. What is that?

WINWARD: the thing is, if you want this degree of integration, why don’t you just use a Mac where you’ll actually get support for more than 2 or 3 years?

MATT: Get a Mac so you don’t have to deal with the bloatware garbage that Samsung shovels into all of their computers.

WINWARD: Well, I mean, in all fairness, Apple shovels it into their computer as well. It just comes with their computer.

MATT: But not as much! Samsung computers have to like in their phones have to like add in one extra program for every program that Windows or Android already has inside of it.

WINWARD: Oh, this is something you can’t do with your Mac.

MATT: What do you mean? Have you ever heard of FreeForm? What a joke. How much does this cost?

WINWARD: Just don’t worry about it. Just buy it. Wait, AMOLED? Is that OLED anything?

MATT: Yeah, let’s check OLED anything.

KIM: And there’s no privacy without security.

MATT: Wow, Knox. I’ll check that. All right, that’s bingo. They got Knox. All right. Ding, ding, ding. We got bingo. Oh, bingo. Bingo.

WINWARD: Yay. Wow.

(Matt screams in Bingo)

KIM: It also keeps all the apps you’ve downloaded private.

MATT: Yeah, confusing privacy and security. I love Samsung.

WINWARD: Yep. They clicked on something in the UI and then it something instantly happened and it said it said simulated shortened. As in real life, it takes longer than that.

(Matt laughs in artificial load times)

MATT: I love how they have shown 3 products now and not a single one have they shown a price tag for. Okay, no change. Okay, come on. Come on. What else? Except you get Samsung’s crappy boot loader.

WINWARD: Okay, that is exactly what I called it as. That is exactly what I called it as.

MATT: (laughing) $2,200!! I swear, if they say 2030, I’m going to lose it.

MARK: This means achieving net zero…

(Matt laughs in empty promises, Winward laughs in disbelief)

MARK: Let me tell you more.

WINWARD: Let me tell you more! No. What if we answer no?

MATT: No. Can you tell us less??

MARK: … to use Corning Gorilla Glass Victus 2.

WINWARD: Because we are the first phone to come out since Corning released their new glass type.

MARK: Galaxy S23 series comes with up to 4 generations of software updates.

WINWARD: Okay, how do they do that with Qualcomm’s processors?

MATT: The little light jog he did up the stairs. It’s not even that many stairs!

WINWARD: Qualcomm is a big tech company. I mean, though we don’t classically think of them as a tech company He just looks so uncomfortable.

MATT (as Cristiano): Can someone take the kiss cam off of me?

WINWARD: He’s handling it a lot better. Look at him. That stupid lady taking a picture!

MATT: You got to be careful there, Cristiano. We got a blue screen behind you.

WINWARD: We could do a lot with that.

MATT: We can do a lot with that.

WINWARD: Yay…

MATT: Look at the product placement of him loyally wearing that Pixel Watch.

HIROSHI: …RCS Messaging Standard.

(both think in anti-Apple blue bubbles)

TM: …trusted collaboration.

MATT: More like parasite.

Samsung is like the parasite of big tech.

It’s over.

WINWARD: Oh, seriously? Wow. I expected an ad.

MATT: Just cuts to the Samsung logo. Okay. Well, all right.b
You know, that awful event’s over. Okay. What was your favorite part about the event?

WINWARD: I liked all the disclaimers.

(both laugh in legalese)

MATT: My favorite was TM jogging up the stairs on the on the stage.

WINWARD: I mean, see, so the other thing is I’m an Apple guy. I use all Apple stuff. None of this really applies to me because it’s cool. Another Samsung thing came out. What was the last Samsung thing again? I have no idea. So I have no reference point. But it’s yeah, that seems pretty cool. You know, Corning glass on their new phone. Yeah, Yeah, that seems pretty cool. I feel like their last phone probably also had Corning glass, but this is the better Corning glass. I think you didn’t expect that there would be a computer. I guess that’s novel.

MATT: No, I didn’t.

WINWARD: So I guess congratulations on them for making a computer.

MATT: Yay, a computer. But it’s just it’s the same old crappy overpriced computer that Samsung shills every year. And it’s no doubt $200-400 more than it needs to be. And it also is like filled to the brim of bloatware. Forget all this. I ain’t buying these computers. I’m going to recommend that you actually steer clear from these computers because do not buy them. They don’t even let you customize little things in them. Don’t even bother when there’s already a bunch of other Windows OEMs will let you customize this. This is a total joke. Don’t buy their computers. Their phones only get 5 years of updates, but you can’t root them or do anything to them. So don’t buy their phones either. Just get a Google phone.

WINWARD: Correct me if I’m wrong, but you can root a Samsung phone. It’s just if you root it, you like permanently brick some of the functionality, right?

MATT: You just permanently brick your device, yeah.

WINWARD: Yeah, so like you permanently disable the camera and the microphone for like ever because of how they have the security engine set up.

MATT: Yeah, because they use a broken proprietary security engine, which was proven to have bad security standards, which is why we just cannot trust Samsung with these things.

WINWARD: But the screens! They’re so pretty!

MATT: Do not trust Samsung for any of your security. Do not trust them with their computers because they’re overpriced pieces of garbage, which everyone I know who’s had one has broken down in like 1-2 years or they’re like you and have installed Linux on it and have had a better experience because they don’t have any of the bloatware or any of the garbage in it.

WINWARD: I will tell you, removing Chrome from my Chromebook was the best thing that could have been done to that Chromebook.

MATT: And then there’s also the issue of like their phones are run by Qualcomm and you can’t install custom ROMs on them.

WINWARD: I mean, evidently, they have some kind of a deal going with Qualcomm because they’re claiming 5 years of support.

MATT: Just get a Google phone. With a custom ROM, you’ll get 10 years of support. You don’t want a Google phone?

You’re like Nick from The Linux Experiment? You don’t want to buy a Google phone? Just get an iPhone. What? You don’t want an iPhone? Get an iPhone. Sorry, bucko. Phone manufacturers don’t care about choice.

WINWARD: You don’t like an iPhone? Get an iPhone anyway!

MATT: Phone manufacturers don’t care about your choice. So basically assume when you have a phone, you don’t get any choice in the matter at all. Don’t buy their phones. Don’t buy their computers and don’t buy smart anything. There we go. We covered all the bases. The only thing you should buy from Samsung is their SSDs. Their SSDs are really great.

Thank you for coming to watch Samsung’s awful event. Leave a like on this video. Leave a like on this video if you want Samsung to fix the dang audio in their video. Thank you for watching. We will see you all later.

WINWARD: Okay, bye.

Khaim - Neon Lamp

Patrons/YouTube Members

If you pledge on Patreon or become a YouTube Member, you get bonus access to our full commentary track and early bingo card access, which you get to watch alongside with us the week of the event.

Commentary

MATT: Oh, hello everybody. Today we’re going to be doing Apple, because there’s no bingo card, because Apple tried to bury this event by not telling anyone about it.

WINWARD: Yeah, Apple didn’t even feel the need to put this on their website.

JOHN: …along with stunning new designs.

MATT: Stunning new designs! What? You mean the designs that don’t include a touch bar?

WINWARD: The stunning new design that is literally the identical chassis that they had last time. Do you feel like we were kind of just dropped into the middle of an Apple event?

MATT: Yeah, it’s like, where’s Tim Cook?

WINWARD: I feel like this was supposed to be part of one of the other events, and then they just kind of cut it.

MATT: No! It’s the Watch event! Remember?

WINWARD: Oh yeah! Yeah!

MATT: The Watch event, where they had to insert Jeff in everywhere? They’re in the same building! They had to have included this in the same event!

WINWARD: We should go back to that event, and we should find the cuts, and see if we could figure out exactly where this was supposed to be.

MATT: No, this 100% had to have been when they were talking about the Watch, and then they flip it on its head and say, now we’re gonna talk about the M2.

DEIDRE: Now back to Jeff.

WINWARD: Maybe this is why Apple didn’t announce the event, because they’re kind of embarrassed about it, but they’re like, so we have all of this extra footage lying around. Can we just put it on the YouTube channel? Okay, yeah, go ahead.

MATT: No, it’s the iPad event from the end of last year, that they completely buried, and it’s six minutes long, and the only thing of value from that event is DaVinci Resolve showing up on iPad, and then that one lady saying we moved the camera from here to here, and that’s it! That’s all we have! And then there’s this, and it’s Apple. You expect me to call 25 minutes of extra video an event?

ERIN: Here’s Tim.

MATT: Tim?

WINWARD: Tim?

MATT: Tim?

WINWARD: Which Tim?

WINWARD: Nope.

MATT: Scam! Scam! That wasn’t Tim!

WINWARD: It is A Tim. It’s not THE Tim.

TIM: Introducing M2 Pro.

WINWARD: Wow! At least they stuck to a consistent naming scheme. Congratulations, Apple. You stuck to a consistent naming scheme.

MATT: Did you see the blur of the background of that room back there? Like, what’s the point of that?

WINWARD: I feel like he might be in front of a green screen, but I can’t tell.

TIM: …over M1 Pro.

MATT: Wait, so they said it’s 50% faster.

TIM: Twice what M2 delivers.

MATT: But it’s also only 20% faster. What are these numbers?

WINWARD: It’s 50% faster in some places.

ERIN: Today, we’re introducing Mac Mini with M2 Pro.

MATT: I love how they cut when he threw it, so you can’t see if he missed or not.

WINWARD: Hey, look, you can do Mac stuff on a Mac. Dang.

MATT: Ooh.

WINWARD: That’s, that’s enticing.

MATT: The laptop is so hot, she has to use a pillow. I’m just kidding, guys. Anyone who’s used an Apple computer knows that’s not true.

WINWARD: Wait, what? A real transition?

MATT: What do you mean? They’ve been doing real transitions the whole time.

LAURA: …80% faster than the fastest Intel-based MacBook Pro.

MATT: Oh, you know a computer that’s literally 3-4 years old?

WINWARD: This is just, don’t mention that.

LAURA: Back to Tim to tell you more.

MATT: Tim? Tim? Oh, I think that’s Tim.

WINWARD: Tim?

MATT: It’s the other Tim.

WINWARD: Do you have deja vu going through this?

MATT: Yeah, this is like the same thing, but with a different computer model.

WINWARD: It’s like the same exact graphs and same exact speech, except with bigger numbers.

TIM: So that’s M2 Max.

MATT: Wow, that was what they literally had nothing to add because they just reiterated everything they just said. This is like such a nothing burger.

WINWARD: I know.

MATT: Why? Why did you do this, Apple?

WINWARD: By the way, it’s still an SDXC port and not like the upgraded port that most people are asking for. Wow, it’s almost like it’s exactly the same laptop as the laptop they had before.

KARL: That’s impossible versus possible.

MATT: What? Impossible versus possible? What does that even mean? Are they ending? Is it over?

JOHN: …of innovation.

WINWARD: Tremendous.

MATT: Do you want to be innovative? You show us Tim Cook. Nope. No Tim Cook!

WINWARD: Show us one of the people we care about.

MATT: No Tim Cook, no Craig Federighi.

Closing Thoughts

All right, so what was your favorite part?

WINWARD: They sure as well had an event. What they actually said during the event, I think I’ve forgotten by now. The Mac Mini, I think, is a wonderful thing because having lots of power in a desktop computer that is cheap for people is a good thing.

MATT: I agree with you. I think the Mac Mini is my pick of the event.

WINWARD: But realistically, if you’re a student and you’re like, okay, I’m going to go buy a Mac or something and you want to get a Mac Mini, I would talk you out of a Mac Mini and talk you into a laptop because let’s be honest, you’re a student. You need a laptop.

MATT: Then $2,000 on the other one, please.

WINWARD: Or even like $1,000 on a baseline M1. I mean, it’s not like the M1 laptop is bad.

WINWARD: Yeah, because you get portability. MATT: In some ways, you can argue it’s better than the M2 because of faster SSD speeds too. Let’s let the conspiracy theories fly because I didn’t know about this until you told me. And I have like RSS feeds like stalking everything about Apple. And I heard nothing about this event at all.

WINWARD: I did not hear about this event until it showed up in my YouTube feed. Clearly Apple had an event and they seeded units beforehand to the YouTubers that they liked. And then they released this event so that those YouTubers could then release their videos talking about how good they are.

MARQUES BROWNLEE: This little machine is not only super powerful and super efficient and super small, but it’s also a really good price.

M2 Pro Mac Mini Review: Game Changer!, Marques Brownlee

BRIAN TONG: It’s just for this review and I will sadly give it right back to Apple. Now as a content creator…

M2 Max MacBook Pro Review - Real World Tests! Should You Upgrade?, Brian Tong

WINWARD: and they could subvert all of the other channels that they don’t like all that much from making videos that are critical of their announcement. They also didn’t put it on their website. So maybe they didn’t intend for this to be a big thing, but it kind of turned into more of it because they were kind of trying to hide it.

MATT: Yeah, I don’t know how I feel about this. And like what you said earlier, it’s like it feels like they just strung together portions from the last event. Like they could have recorded this during the last event for all we know.

WINWARD: The other thing is I think years ago… Did Apple have events announcing it’s like oh we’re using the new Intel processor. Yay. No, no they just they just released a computer with a new processor.

MATT: I said it last year I’ll say it again. Apple’s events are slowly getting worse. This event and the iPad event are just like little stepping stones on that road of progression. We already know from rumors that they’re not going to talk about the AR headset this year because they just can’t get it completed by the end of this year. It’s not a true Apple event. Like there’s no Craig Federighi. There’s no Tim Cook. There’s no like fancy introduction. Like they kind of just like just did like a fake commercial and just leapt right into it.

WINWARD: It was like and now everyone expects events from them all the time. And so they’re kind of like sort of doing them but not really putting the effort into it.

MATT: Here’s another theory. Okay. What if they’re trying to lower people’s expectations?

WINWARD: I believe you.

MATT: I know hear me out here.

WINWARD: I believe you.

MATT: They are trying they should hit it out of the park in 2020 with their events. Like anyone go back and watch their 2020 Apple events were like amazing. Like you looked at like every other tech event from that year and like Apple’s were like the glowing beacon of hope between like every other tech event being completely bad. Apple is trying to reduce people’s expectations. Hear me out on this one. They want to do live events again. And this is the way to ease people into doing live events again. Nice to have seen you for a video. No bingo this time. I’m sorry.

Outro

But leave a like on this video. Leave a like on this video if you felt scammed when that fake Tim showed up in the event. And by the way, next week is Samsung.

WINWARD: It’s at least a real event. Like they announced it and stuff. So so we expect something from them.

MATT: Thank you for watching. See you all later. Have a great rest of your week.

WINWARD: Bye bye.

Khaim - Neon Lamp

Patrons/YouTube Members

If you pledge on Patreon or become a YouTube Member, you get bonus access to our full commentary track and early bingo card access, which you get to watch alongside with us the week of the event.

Long time viewers of the channel know I don’t talk about my current setup. I started using KDE Plasma a couple months ago and I’ve been incredibly impressed with how just a little bit of setup, KDE Plasma has become my desktop environment of choice.

Why KDE?

The last time I daily drove KDE was 6 years ago. I ran a setup much like MacOS and was a big Latte Dock user (rest in peace Latte Dock). KDE is also a powerhouse in desktop Linux, coming strong through things like Valve’s Steam Deck or as the flagship in SUSE’s desktop spins. KDE is one of the oldest desktop environments in Linux, receiving funding from Google, Canonical, and Tuxedo.

Long time viewers will know I previously used the Awesome window manager and GNOME on camera in the past, but I’ve never gotten into detail about this change. I also have an Nvidia graphics card (specifically the Nvidia 1080 TI) and have been seeking the next thing that runs it the best. I want to advocate for using what works for you, but at the same time, we need to be looking towards the future.

Wayland & Nvidia

The truth is most Linux desktop environments or window managers are not prepared for the future or don’t see enough development. One of the major reasons I switched was Wayland. Along with GNOME and Sway, KDE promotes and supports the Wayland display protocol, a secure and cleaner display system for the modern age.

Many other desktops just are not prepared for Wayland and part of future-proofing our stuff is using software that promotes future technologies. Wayland is more secure and we need to use as much as possible especially since XOrg’s development has hit an all time low.

Now the eagle eyed among you will know Nvidia is a massive pain on Linux. But in reality, I had to make zero changes to get KDE to accept the proprietary driver. What shocked me the most was I had experimented with KDE months ago and Nvidia was not functional at all. It truly is a “it just works” situation!

Of course, this might be because I have an incredibly common computer. I frequently get asked what my computer is, and if you want to know, go look up the Cyberpunk 2077 benchmark computers. Basically, I have that and 32 GB of RAM and Fedora 37. Your mileage may vary. If you are using an older KDE version on another stable distro, do not expect Wayland to work with Nvidia.

Tiling Windows

Every nerd loves a tiling window manager, but while I initially wanted to use the Sway window manager, they refuse to support the proprietary Nvidia driver, so they’re off the table. That sent me crawling over to GNOME, where you can use System76’s GNOME extension, Pop Shell. I’ve never covered it in depth, but it adds a sort of “pseudo-tiling” functionality to GNOME. I’ll freely admit using Pop Shell in its current state is an objective downgrade from using a tiling window manager, but I wanted to experience Nvidia and Wayland, for content of course!

But System76 rocked the Linux desktop space by announcing the creation of their own desktop environment, Cosmic. This actually got me worried because if System76 is going to drop GNOME soon, what’s going to become of the state of Pop Shell GNOME extension?

A talk by Victoria Brekenfeld, where she discusses smithay, PopOS’s custom Wayland compositor.

Yes, I am aware that System76 wants to support Wayland and Nvidia, but it’s going to take time for that to propagate through Linux distros repositories. For perspective, it took years for Arch Linux and Fedora’s maintainers to package ElementaryOS’s Pantheon desktop environment when it first came out. Plus there’s the risk Cosmic will suffer the same fate Unity did at the hands of Canonical.

On the other hand with KDE, KDE has pledged to support a new API to allow built-in window tiling without the assistance of an extension. This functionality is now in KDE, but developers still need to catch up, so I’ve been using bismuth, the most popular extension for tiling, which also has a .RPM package in Fedora.

Moving from Pop Shell to Bismuth is night and day. Pop-Shell requires you press a set key, like Super + Shift + Enter to enter a “window moving” mode, then another key to move your windows around (default hjkl). It’s a lot of keystrokes and moving to Bismuth requires I only press 1 shortcut to shuffle windows around.

Since Bismuth is around and KDE has added new APIs to support window tiling, I can now rest assured that nobody is going to touch my window tiling!

In defense of Pop Shell, this is likely a limitation of GNOME.

Customization

GNOME has treated me well and I can still say that I still has one of the stable desktop experiences out there. But a lot of people, including myself, don’t like having work around GNOME having their own vision, particularly when that vision doesn’t align with my own.

For example, you can’t export your GNOME keybindings through the GUI. Instead, you run this dconf command to output the keys into a file.

dconf dump /org/gnome/settings-daemon/plugins/media-keys/ > keys.txt

Then you need to load the same keys again on the new device.

cat keys.txt | dconf load /org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/

I respect GNOME for what it is, but I don’t want to have to fumble through dconf to figure out I have to do when at least with KDE, while their settings menu is confusing, at least it’s search-able. They also let you set a default terminal (unlike GNOME), have more than 4 desktops accessible via keybindings, and native tiling windows.

KDE also lets you customize your desktop to a great degree. I always gravitate to the Unity layout (Ubuntu Unity) since it makes better use of the short-end of the screen, but I stopped because of the way my multi-monitor setup works. My current setup is more similar to Windows 11, but instead of nagging from the weather widget, I have a visual list of all my desktops.

The KDE Ecosystem

I tried out each various programs from the KDE ecosystem:

• Dolphin has improved a lot and even has the ability to mount Apple devices via GUI, which only GNOME used to be able to do previously. Dolphin also has better thumbnailing for non-standard files, but you need to install ffmpegthumbs on Arch or Fedora.
• Spectacle also lets you annotate or draw on top of screenshots as well as record native Wayland sessions, which is an absolute functionality win compared to GNOME Screenshot.
• Discover now has direct links to a project in the repos, which is something GNOME Software doesn’t have. However, Discover’s auto-update feature is so resource intensive that I just deleted PackageKit and Discover altogether out of annoyance.
• I tried using Kmail, but as a creature of habit I went back to using Mozilla Thunderbird.
• KColorChooser is one of the few standalone color pickers on Wayland that I know and it’s very functional.
• KDE Partition Manager, while native to KDE, still feels inferior to GNOME Disk Utility. GNOME Disk Utility is more intuitive, doesn’t require root privileges on startup, and lets you burn ISOs to devices.
• Okular lets you sign documents (even if the method is really convoluted)
• KCalc doesn’t connect to the internet (did you know GNOME Calculator connects to the internet to get real-time currency conversion rates?)

Caveats

I’m going to briefly going to touch upon some minor issues now.

• KDE 5.26 has errors when you log out and your computer will be a black screen. I have replicated this on both X11 and Wayland, but 5.27 has fixed it. However, 5.27 is only being shipped in Arch Linux right now.
• Firefox on Wayland requires a special flag on KDE and using your distro’s native package or the Snap will give you problems. If you use the Flatpak and add the environment variable MOZ_ENABLE_WAYLAND=1 in .bashrc/.zshrc, it will work fine.
• Copy/pasting in (Neo)vim requires you install wl-clipboard as vim defaults to xclip rather than a native Wayland solution.
• DaVinci Resolve does not display window decorations. It doesn’t mean much to me as a tiling window manager user, but if I was using KDE as a floating window manager, I’d be upset.
• Chromium/Electron apps, like Signal or Brave, and Zoom cannot share your screen. This is because XDG Portals, a standard in the XDG Desktop, isn’t yet supported.
• OBS works as long as you are using Pipewire and you add the environment variable (You should be using Pipewire because it’s more consistent and secure than PulseAudio)
• Night light filters do not work on Wayland, not on KDE nor GNOME.
• Mixing GNOME and KDE apps does not look good. Same criticism applies for GNOME.
• Windows that don’t use their own icons will default to using XOrg or Wayland icons, depending on which display system they use.

Using technology is all about making use of what we have, but as we all know, technology is more often than not and Skinner box designed to manipulate the masses.

No company has gone through all of this better than Discord. Now before the zoomers in the comments start calling me old and out of touch (I’m well aware that I am), I’m just stating what we know from public record and the public record shows Discord doesn’t believe in your rights.

Discord is a free of charge chatting app. It’s pretty much Slack, if Slack wasn’t owned by Salesforce and run by a bunch of people who think they’re more hip than they really are.

But being free has a cost. Discord has Nitro subscriptions and sells games, but this can’t even come close to fixing their revenue problem. Naturally, they copy the Big Tech companies who sell people’s information, and monetize the data of their users. I think this is something that is horribly overlooked and if people aren’t aware, you should be.

But even if you can stand the privacy violation, let’s take it a step further. Members of some rival furry communities feuded over discord.gg/furry and one of the moderators of the link gave access to one of the groups he was a part of. While the URL has been returned to the original owners, it proves the administration and moderation of Discord is corrupt and cannot be trusted.

The Gameplan

Now that all young people are gone, we’ve weeded out the smart people who stayed here (or skipped to the timecard). I want to have my cake and eat it too. I would like to use Discord, but don’t want Discord slurping up my personal data or spying on me.

Just use the app bro…

Now firstly, people are wondering, shouldn’t you just use the app? The issue with the app is :

1. The app uses an outdated fork of Electron, which hasn’t been updated in at least 2 years from what can be found. If you use Chromium-based browser, you are basically doing the same thing, but on a more up-to-date, secure, and feature-packed browser.
2. Discord scans all of your local processes the same way spyware does to find out what games you are playing. As far as I’m concerned, they don’t need to know what games I play or the programs I use. They can just subscribe to my channel if they’re so interested.
3. The Linux version of Discord is broken on Wayland and they still only officially distribute a DEB package and tar archive, so sucks to be you if you have preferences.
4. Discord dragged their feet to make an Apple Silicon version of their program, almost 2 years after Apple’s original announcement (March 22, 2022).

No Forks or Third-Parties

Second, any unofficial Discord forks will get you banned, because they have banned developers who make third-party front-ends. You also need to trust an additional party along with Discord. No forks or alternative front-ends.

My solution:

This leaves my solution. Using a Chromium-based browser like Brave, we’re going to create a PWA, use Brave Shields to clam up any telemetry, and have a more secure and a more Wayland-friendly Linux experience. This requires two things, both of which I’ve done videos on:

• A Chromium-based browser like the Brave Browser.
• While you could attempt this with Firefox, Firefox has a different WebRTC engine than Chromium and causes incompatibilities with Discord. Firefox also does not support Progressive Web Apps.
• A content blocker with the ability to intercept and block network requests. You can use uBlock Origin, but because of the need for a Chromium-based browser and the deprecation of ManifestV2, this will not work for long.
• Brave’s content blocker, since it’s built into the browser, will last us beyond ManifestV3’s beginning.

Note: blocking XHR elements will not be counted in Brave Shields “blocked” items. However, if you use the Chromium Developer Tools, they will be correctly blocked.

Configuring Chromium & Discord PWAs

The first step is we need to create a separate profile for Discord to live in, in case Discord tries to sniff on our local data.

• Hamburger menu → Create a New Profile
• Configure your profile however you want.

Next, go log into your Discord account and we’re going to create a Progressive Web App (PWA). This lets us run Discord in a glorified browser window and the best part of all is this is an undocumented and official means of using Discord.

PWAs are basically a way for you to run a website like you would a native app. Since Discord is based on Electron anyway, using another Chromium-based browser isn’t too much of a stretch. It also adds a desktop shortcut and a copy in your menus.

Unlike the official app, content blockers will still function for PWAs, so you can take advantage of what we doing next.

Configuring Brave’s Shields

Next, we need to learn a little bit about what Discord is doing behind the scenes. In uBlock Origin, you can use the logger to intercept all connections to the website.

It’s pretty clear what some of these domains are supposed to do. We’ve got attachments, @me, and more.

The key connections we are looking for have been documented by Luna, someone who I stumbled across on Gitlab who documented some of the inner workings of Discord’s API (she works on a XMPP/Discord bridge).

In her documentation, Discord uses the following to track you. The worst part about this is even if you opt out in the settings, Discord will still collect this anyway (they claim to delete it server side, you just have to trust them, pretty please?). Using her documentation and from the obvious Discord domain names, I have compiled the following:

• /api/science (This is blocked by EasyPrivacy, a default list in Brave/uBlock Origin)
• /api/track (a previous domain which Discord changed to /api/science because of the furry fiasco above)
• /api/applications/detectable (Discord attempting to scan applications)
• /api/friend-suggestions (because I hate people)

Now we need to add these to Brave Shields in brave://settings/shields/filters. The API version needs to be changed when Discord internally updates their API. Paste the following into Brave Shields and click “Save”:

discord.com/api/v9/science
discord.com/api/v9/track
discord.com/api/v9/applications/detectable
discord.com/api/v9/friend-suggestions

Change Discord’s Useless Checkboxes

• Gear → Safe Direct Messaging → Do not scan
• Gear → Use data to improve Discord → Off
• Gear → Use data to customize my Discord experience → Off
• Gear → Allow Discord to track screen reader usage → Off
• Gear → Connections → Remove all unused/unnecessary connections
• Gear → Activity Privacy → Display current activity as a status message → Off
• Gear → Activity Privacy → Display your activity status by default when joining large servers → Off
• Gear → Text & Images → Show embeds and preview website links pasted in chat → Off

Additional things to know:

• Deleting messages does not work. Discord will just store a copy permanently and this can be found if you ever request your data.
• Discord ignores all GDPR and CCPA requests, so screw your right to privacy.
• Expect any message you send, server you join, or anything you attempt to stream will be intercepted and viewed by Discord staff or moderators of your current server.
• Everything done here is “badness reduction.” It will not completely prevent Discord from doing whatever they want to you.

Okay, it’s the obligatory video and I’ll freely admit this video exists, because I had planned some content about snaps and its experimental features, but that doesn’t work anymore and Canonical wasted 2 weeks in my content calendar, so really, you can go thank Canonical for wasting my time by wasting your time.

But I also got the idea from being transparent about my financial situation and the absolute state of my channel. So if you are interested in making a YouTube channel, what I go through as a creator, and keeping the channel sustainable and at its current level of quality.

What was the origin of the Vtuber getup?

I want to be transparent about why I chose to do this whole thing to begin with.

I used to be innocent just like all of you. I would watch people on YouTube and I could live blissfully unaware of all of Big Tech. In my personal life, I don’t have a Google account, don’t use social media like Facebook, Twitter, or Mastodon, and haven’t bought a single item off Amazon in 4 years. But as I watch many people in tech YouTube, and with a heavy slant towards Linux YouTube and occasionally I hear some of the worst hot takes ever and I didn’t want to sit idly by and watch misinformation get thrown around.

Enter my channel, where I chose to do the news on YouTube livestreams for a time (You can’t get them now, but they’re really bad). I tried doing narrated deep fake videos. After discovering what the whole avatar thing was, I decided to do that and things took off from there.

On a side note, some people wanted Vtuber “lore” or something, you know, did you get fired from Microsoft? Did Tim Cook ruin your life because he did the prayer hands one too many times? Will you ever find Mark Zuckerberg ever be unironically funny? You want some lore, I’ll give you guys some.

I work in a job with not a lot of income. I don’t get paid minimum wage, but I don’t make a 6 figure salary. I used to be married, but my wife left me, took my kids (who I only get to see twice a year since they live in a different state), and I have to pay her alimony every year, which is why I ebeg on the internet and try to get you to give me money on Patreon or something! If you wanted a story there it is!

A few people have asked what I do for a living. I won’t get too much into detail, but I don’t have any formal background in technology and my job really doesn’t require it of me (they assume if you’re over 50, you don’t know the “computer things”). I’m just a loser who reads way too much on the internet.

Less than 10 people in my life know my YouTube channel exists. Eventually the cat will be out of the bag, and I’ll know who really approves of my life choices.

But I choose to be a Vtuber because I want to push the medium forward. In my bowels of internet research, the vast majority of “internet-famous” Vtubers literally fall into the following categories:

• They sing songs. I have a basic musical talent, but can’t play any instruments or sing. Trust me, you don’t want hear me sing.
• They play video games. Video games became a thing when I was much older than the majority demographic of the people who watch my channel. I never grew up with gaming so it escapes me why you would stream copious hours doing something better off alone, unless it’s a multiplayer game, like pong.
• Have a funny voice.
• Finally, they’re mostly young kids like you. I have confidence that 95% of all Vtubers are significantly younger than me (even this is generous and probably much higher). I don’t have the status of youth anymore, but I can pretend I do as a Vtuber!

Something you’ll notice is I don’t ever promote myself specifically as a Vtuber. YouTube’s algorithm as well as people’s preconceived notions of what a Vtuber is, is frankly in an awful state. I believe I can do more than sing, play video games, pretend to be a seiyu, or be young.

Think about it like this. It’s bad enough people already have biases against your race (unfortunately), your religious views (or lack thereof), or your sexual orientation never mind about your content or if you have a real body or not! I don’t want to be caught in that boat and unfortunately, I have to resort to being very coy about it on the internet. That’s why you will never see in my thumbnails, my profile picture, or branding anywhere the stereotypical baggage of being a Vtuber is something I can never do.

I have some hard rules that I want others to keep in mind:

• I’m not getting involved in drama. If I want drama, it better be in anime form.
• No politics, unless it’s explicitly technology related. I’m not the next Tucker Carlson, no matter how much YouTube wants me to watch his videos (for some reason).
• No crass language. While I will admit, yes I know other creators do utter such words, I believe it’s largely unnecessary for me to curse to get a point across. Now I have shown some of such language, but only when necessary or applicable.

What does running the channel look like?

I also want to be transparent about how the channel is run. It works something like this: I am the writer, designer, video editor, content manager, subtitles, and holder of all accounts and finances. I essentially control and run everything myself, including the creation of my own body. There are no third party editors, contractors, or artists involved.

My buddy Winward, who tags along for many other videos, literally does nothing except pitch ideas, most of which have led into circles and not content. He’s a zoomer just like most of you and probably wastes too much time watching Pokemon or Minecraft speed runs than actually earnestly seeking answers to his questions or making Apple content.

It takes me on average 4 hours/day to edit a video:

1. Write a script in markdown.
2. Record and execute said script. Patrons and soon YouTube Members will receive a podcast recorded before or after said recording session.
3. Edit video by removing all instances of dead air or fluff.
4. Edit video by inserting text and memes.
5. Edit in subtitles, upload video, and deal with social media.

This allows me to set aside enough time when I want to go out with friends or do something other than the channel while continuing to do my day job.

In the interest of financial transparency, this channel is very close to breaking even, but not financially stable. I pay for the following things for the sake of the channel and if you want to get started online, consider this:

• A burner phone, exclusively for use on the channel. This costs roughly about $15/month for the lowest plan I could find. This has now moved to a VOIP number, so even if you did figure it out, you can’t sim swap me like you could a normal cell phone.
• My vanity domain, trafotin.com. This is $13/year, which averages around $1.10/month. I have been working on a website and the latest series of videos all have individual written tutorials and transcripts on a beta version. Hosting a website via VPS will also cost an additional $4 a month, increasing how much I need to receive. Building the website will require I make special changes to the server, so Gitlab pages, Netlify, and that kind of thing are off the table.

Then my financial situation. I’m going to have to be very careful about this because Adwords has changed rules about what I am allowed to say publicly in the past.

• I currently make $13/month on Patreon. This grants subscribers access to a bonus podcast thing run every other week, which is where some of the footage you see in videos comes from.
• YouTube AdSense: This is where things get complicated. I was not officially a partner until July 2022, but while a decent amount, I have come to view this money as YouTube’s blood money. I do not believe in YouTube’s business model at all and I’m simply trying to make the best of it. At least I can attempt to mitigate the harm of the industry by taking some of it, but this money will 100% never be used for my livelihood or the sustainability of my channel. The newest policy changes and the strike/warning I received previously are proof you cannot rely on YouTube for money.
• I am working on YouTube memberships. I would say something about the number 30 and how it’s related, and while I am working on tiers, some things are left better unsaid. I want members to get the same benefits Patrons do.
• I have no interest in doing YouTube full time ever. Too many creators have been screwed over by literally entrusting their livelihoods to a platform run by robots. I might consider part-time way off in the future, but even then, I don’t think I would.

I want to also make it clear I make less than $6/month in ads. Whether you choose to watch them or block them is up to you. This money is going towards recouping almost 2 years of not being sustainable right now, but I want this money invested in things that Google can’t take away by hitting my channel. Namely, one-time purchases. If I’m going to be doing hardware reviews, this money will be dedicated to doing hardware reviews because while YouTube staff could take away my channel, they can’t take away a computer from my house. Right now at my current rate, it’ll take another year to buy one computer (and the economy right now sure won’t make this easier!).

• Google Analytics
• The Facebook Pixel
• ads and tracking scripts
• GDPR Cookie banners
• Autoplaying video
• Softpaywalls
• Useless recommended articles
• YouTube not notifying you about my videos even if you clicked the bell to get notifications because I know all you are loyal enough to click the bell and enable notifcations??

And so on..

Instead of chasing all of these websites individually or through social media. we’re going to roll with a dedicated, offline RSS feed reader. While more all-in-one applications like Mozilla Thunderbird, Brave, and Microsoft Outlook provide RSS agregators, we should pick a dedicated application meant for this, so you aren’t mentally bogged down by your email or the 150 tabs of waifu art in your browser!

Now Linux and Mac have access to some great RSS feed readers, but literally none of them work on Windows. And I want to pick a solution that works for everyone, no matter what your operating system is.

• Fluent Reader for Windows or a pure cross-platform experience. Works on Windows, Mac, Linux, $1.99 on iOS and Android (you can get the for free from Github and Test Flight).
• NetNewsWire for Mac and iOS, minimally built using native Apple APIs and WebKit.
• Feeder a minimalist RSS feed app for Android, on F-Droid and Play Store that uses Google’s Material design.
• GNOME Feeds for Linux users who like GTK ecosystem.
• Newsflash is identical to GNOME Feeds, but moves faster.
• Akregator for Linux users who like KDE/QT toolkit.
• Newsboat, a terminal-based feed reader for Mac and Linux. Useful for combining custom scripts with your reading experience.