Why KDE Linux Surprised Us

Mar 1, 2026

Listen to this episode

We take KDE Linux for a spin and push it a little too far. Plus, a friend of the show stops by with a fresh tool: Nebula Commander.

Transcript

WEBVTT 00:00:11.225 --> 00:00:15.885 Hello, friends, and welcome back to your weekly Linux talk show. My name is Chris. 00:00:16.085 --> 00:00:17.005 My name is Wes. 00:00:17.225 --> 00:00:18.125 And my name is Brent. 00:00:18.705 --> 00:00:21.805 Well, hello there, gentlemen. Here we are getting ready to head out. 00:00:21.985 --> 00:00:26.325 But before we go, we're going to tell you how KDE Linux surprised us after we 00:00:26.325 --> 00:00:27.685 gave it a little recent run. 00:00:27.845 --> 00:00:28.765 And then a friend's going to 00:00:28.765 --> 00:00:31.965 stop by the show and tell us about his really handy new open source tool. 00:00:32.385 --> 00:00:36.185 And we'll round out the show with some great boosts, some picks, and a heck of a lot more. 00:00:36.305 --> 00:00:39.025 It's a big show. So before we get there, let's say time-appropriate greetings 00:00:39.025 --> 00:00:40.965 to our virtual lug. Hello, Mumble Room. 00:00:41.905 --> 00:00:45.725 Hello, folks. Hello, folks. A real great way in North Alaska. 00:00:47.225 --> 00:00:51.005 Hello, everybody. Hello. We don't know for sure if we'll have a mumble room 00:00:51.005 --> 00:00:54.425 next week because we will be in our Airbnb or on the floor of scale or something 00:00:54.425 --> 00:00:56.945 like that, so you just never really know because we don't know. 00:00:57.085 --> 00:00:57.685 Can we do it in the car? 00:00:58.785 --> 00:01:02.825 Maybe. Maybe. I'm thinking about bringing some mobile connected internet with 00:01:02.825 --> 00:01:06.705 us. I was thinking about it. It's just big. But that could be handy for going down the road. 00:01:06.785 --> 00:01:07.085 Yes. 00:01:07.525 --> 00:01:08.625 And you know what we would do? 00:01:09.591 --> 00:01:12.411 Hook up our Nebula network. We'll talk more about that later. 00:01:12.511 --> 00:01:17.271 But go check out Nebula, define.net slash unplugged. Go meet managed Nebula 00:01:17.271 --> 00:01:18.251 from Define Networking. 00:01:18.311 --> 00:01:23.271 It's a decentralized VPN built on the open source, bulletproof Nebula platform that we love. 00:01:23.691 --> 00:01:26.671 Optimized for speed. And this is a quick way of saying it's going to use less 00:01:26.671 --> 00:01:31.051 battery and less network resources than the other mesh network tools you use. It's really simple. 00:01:31.731 --> 00:01:34.171 I love how simple it can be when you just want a couple of nodes. 00:01:34.331 --> 00:01:38.671 But it's engineered for serious security and a global mesh network. 00:01:38.671 --> 00:01:41.891 originally built for Slack's infrastructure and had to scale to their worldwide 00:01:41.891 --> 00:01:45.231 data center immediately, just systems all over the place, you can imagine, 00:01:45.671 --> 00:01:47.891 and how important Slack's data is. 00:01:47.971 --> 00:01:51.551 They got all of the company's data in the world, basically, and there has to be bulletproof. 00:01:51.851 --> 00:01:55.611 But unlike traditional VPNs, Nebula has a decentralized design, 00:01:55.611 --> 00:01:59.911 so there's no fragile control plane or a hub-and-spoke choke point. 00:02:00.751 --> 00:02:03.971 And your network always stays resilient. You can be in complete control of that, 00:02:04.051 --> 00:02:07.131 or you can use Manage Nebula and let them manage it for you. 00:02:07.131 --> 00:02:12.111 It's a kind of control and flexibility that I think our audience expects from their infrastructure. 00:02:12.491 --> 00:02:16.431 Originally built for something that's massive but can scale down to just a couple 00:02:16.431 --> 00:02:19.871 of nodes, it's really great. And you can get started for free and support the show. 00:02:20.051 --> 00:02:23.271 You just go to define.net slash unplugged. 00:02:23.611 --> 00:02:26.731 Sign up. 100 machines. Absolutely free. No credit card required. 00:02:27.111 --> 00:02:34.331 And gentlemen, they just added always on VPN mode for Nebula on Android and iOS. 00:02:34.451 --> 00:02:34.931 Oh, nice. 00:02:35.551 --> 00:02:36.071 Boom. 00:02:37.071 --> 00:02:42.411 Defined.net slash unplugged. Big thank you to Defined for being our sponsor 00:02:42.411 --> 00:02:43.711 of the unplugged program. 00:02:46.144 --> 00:02:50.364 Well, we're just one day away from hitting the road to go to scale 23x. It's happening. 00:02:50.864 --> 00:02:55.384 The largest Linux and open source event in Northern America, 00:02:55.384 --> 00:02:57.944 I'd say. Maybe not in the world, but definitely in our neck of the woods. 00:02:57.984 --> 00:03:00.424 For sure. And long running. 00:03:00.764 --> 00:03:01.104 Yeah. 00:03:01.584 --> 00:03:02.824 Great mix of communities. 00:03:03.004 --> 00:03:08.544 Yeah. And you can get 40% off registration when you use the promo code UNPLG. Unpludged. 00:03:09.104 --> 00:03:12.924 We'll be at Planet Nix, too, which is bringing all kinds of engineers and builders 00:03:12.924 --> 00:03:15.924 from around the world. Microsoft, Anthropic, Shopify. 00:03:16.264 --> 00:03:18.284 I mean, the list is crazy. 00:03:18.444 --> 00:03:20.744 Way more companies than you think using Nix, it turns out. 00:03:20.864 --> 00:03:21.024 Yeah. 00:03:21.084 --> 00:03:22.504 Planet Nix is a great way to find that out. 00:03:22.624 --> 00:03:26.484 Yeah. Phlox is making it possible. They're making reproducible dev environments 00:03:26.484 --> 00:03:29.484 actually usable. So they're just in the right place at the right moment. 00:03:29.924 --> 00:03:34.024 And they're helping us get down there. And to that end, and this is the last 00:03:34.024 --> 00:03:38.904 housekeeping update you guys have to listen on any of this, we are making a 00:03:38.904 --> 00:03:40.124 meetup super combo deal. 00:03:40.124 --> 00:03:45.304 We have decided since our meetup was on the same day and the same time as the 00:03:45.304 --> 00:03:49.404 Planet Nix after party, it was silly to split the crowd. 00:03:49.584 --> 00:03:53.864 Instead, we're going to do one giant Planet Nix after party meetup. 00:03:54.224 --> 00:03:58.464 So Phlox and JB are hosting happy hour for the community. 00:03:58.644 --> 00:04:02.264 I'll have the details now. It's all updated at meetup.com slash Jupiter Broadcasting. 00:04:02.424 --> 00:04:04.584 It's going to be Friday, March 6, 6 p.m. to 8 p.m. 00:04:05.024 --> 00:04:07.924 Instead of two events at separate times, we're going to do one awesome event 00:04:07.924 --> 00:04:13.404 on Friday night. combining our powers into one giant meetup. So come hang out. 00:04:14.766 --> 00:04:19.146 We also in this got roped into appetizers. So if you're listening and you would 00:04:19.146 --> 00:04:23.606 like to help your other listeners have a good time, we would love some some 00:04:23.606 --> 00:04:24.966 boost support for appetizers. 00:04:25.446 --> 00:04:28.626 We're going to be probably feeding over 100 mouths and it's in California. 00:04:28.826 --> 00:04:30.946 So you can imagine that's going to be expensive. 00:04:31.706 --> 00:04:33.906 But I think it's the right thing to do. People are going to come out. 00:04:34.066 --> 00:04:35.946 It's our way to contribute to the Knicks after party. 00:04:36.326 --> 00:04:40.026 And we'd love some support. We'll be on the road, but you could send a boost 00:04:40.026 --> 00:04:43.906 our way and we'll add it to the boost to bite pipeline, if you will. 00:04:44.766 --> 00:04:48.246 Thank you, everybody, who's going to meetup.com slash Jupiter Broadcasting 2 00:04:48.246 --> 00:04:49.766 and signaling their intention. 00:04:50.006 --> 00:04:52.426 We really appreciate that. It helps us plan. And we're really looking forward 00:04:52.426 --> 00:04:56.746 to the Planet Nix after party and seeing everybody down there. It's getting close. 00:04:59.146 --> 00:05:04.526 Well, this year, KD is having quite a moment. Plasma 6.6 just dropped with HDR 00:05:04.526 --> 00:05:09.246 support, better Wayland performance, and is finally stable enough to daily drive. 00:05:09.986 --> 00:05:16.206 The desktop Linux market, as you know, last year hit 5% desktop chair and, 00:05:16.206 --> 00:05:18.326 well, KD has been right at the center of that. 00:05:20.860 --> 00:05:28.680 KDE Linux, as you remember, is not Plasma, but its own thing. Not Neon either. 00:05:29.200 --> 00:05:29.720 Right. 00:05:29.840 --> 00:05:34.040 It's definitely not Neon. It's a new project by the KDE crew that we've been 00:05:34.040 --> 00:05:38.780 super excited about because, well, it's brand new. It's throwing in some super 00:05:38.780 --> 00:05:43.060 modern technology and is very actively under development right now. 00:05:43.160 --> 00:05:49.720 It aims to be one of the best ways to get the front row seat to KDE and Plasma. 00:05:49.720 --> 00:05:54.120 and well it's just it's code name project banana so what is there not to like. 00:05:54.120 --> 00:05:56.240 I see this is very much a brent pick. 00:05:56.240 --> 00:05:59.960 Right plasma bananas i mean did he force us to do this maybe. 00:06:01.180 --> 00:06:03.820 You know also it's it's a 00:06:03.820 --> 00:06:06.820 great time to check out because plasma is 00:06:06.820 --> 00:06:09.900 in such a great space yeah it's oh 00:06:09.900 --> 00:06:12.900 man you know being on hyperland for a little while now and then coming back 00:06:12.900 --> 00:06:18.960 to absolutely modern plasma it is looking so so good uh and it is a bit of an 00:06:18.960 --> 00:06:21.320 adjustment we've talked about this before and we're going to get more into this 00:06:21.320 --> 00:06:25.440 some of the weeds here with this episode there's no package manager traditionally 00:06:25.440 --> 00:06:27.840 here right you got flat pack you got app images, 00:06:28.380 --> 00:06:33.440 this is an image-based immutable whole os idea they have built it on arch but 00:06:33.440 --> 00:06:42.180 pac-man is not on this thing it is a self-contained single 4.8 gigabyte uh is it erofs image yeah. 00:06:42.180 --> 00:06:46.460 Erofs erofs yeah um i'll let you come up with your own pronunciation but. 00:06:48.563 --> 00:06:50.243 I'm just going to say E-R-O-F-S. 00:06:50.343 --> 00:06:50.923 E-R-O-F-S. 00:06:51.423 --> 00:06:54.403 Yeah. So that's the image layer. And that's like these are the image. 00:06:54.483 --> 00:06:56.263 And that's like almost five gigs on its own. 00:06:56.363 --> 00:07:00.263 And then you layer on the flat packs you want up to that. It's really meant for user space. 00:07:00.523 --> 00:07:05.183 And KDE's goal here is to create what they say is, quote, a bulletproof OS that 00:07:05.183 --> 00:07:06.423 showcases the best of KDE. 00:07:06.863 --> 00:07:09.283 And we've also talked about Gnome's creating Gnome OS. 00:07:09.963 --> 00:07:14.983 And what you get to see is something, if you're a Plasma fan, 00:07:15.123 --> 00:07:18.843 that is really, really nice. It's very lean, mean, and focused. 00:07:19.043 --> 00:07:23.283 The beta is coming along, right? This is still very early. They're about 65% complete right now. 00:07:23.563 --> 00:07:26.443 They're in some refinement areas. I know they've been working on Whalen stuff. 00:07:26.483 --> 00:07:29.643 I couldn't say exactly where they're at with that, but it looks like multi-monitor 00:07:29.643 --> 00:07:32.483 stability was a priority and high refresh rate, which I love to see. 00:07:33.003 --> 00:07:37.243 But the technical details, Wes, are... I mean, that's what I think is maybe 00:07:37.243 --> 00:07:40.943 most appealing to KDE Linux to us, is some of the practical decisions they've 00:07:40.943 --> 00:07:44.483 made, because they could have gone off in the weeds and done some really crazy stuff, 00:07:45.432 --> 00:07:49.752 But I think part of what's making this distribution so solid this early is they 00:07:49.752 --> 00:07:52.052 made some really sound, practical, technical decisions. 00:07:52.312 --> 00:07:57.412 Yeah. You know, it sounds a lot kind of similar to maybe like the uBlue type immutable service. 00:07:57.532 --> 00:08:00.872 We've talked a lot of different shades of immutable Linux versions. 00:08:02.012 --> 00:08:06.052 But this one is very lean and it feels conceptually simple because it really 00:08:06.052 --> 00:08:10.452 is relying a lot on a bunch of stuff that has been developed in a lot, 00:08:10.512 --> 00:08:12.852 mostly the systemd, but a slightly wider community than that. 00:08:12.852 --> 00:08:15.752 especially after if you remember um leonard had a blog post in 00:08:15.752 --> 00:08:18.572 2021 uh putting things together i think it was called yeah 00:08:18.572 --> 00:08:21.332 it was kind of like a lot of modern ideas that's where we got maybe like the 00:08:21.332 --> 00:08:24.712 ideas behind systemd home d and like a lot of stuff we've seen develop over 00:08:24.712 --> 00:08:29.932 the years including um unified kernel kernel images you can't ukis which kd 00:08:29.932 --> 00:08:36.132 linux does use and so as part of that you get um what's called mkosi or mcosi 00:08:36.132 --> 00:08:37.132 i don't know what do you like there i. 00:08:37.132 --> 00:08:39.772 Like mcosi So M-K-O-S-I. 00:08:40.072 --> 00:08:43.692 Yeah. So this is a tool to make operating system images. 00:08:43.932 --> 00:08:44.092 Ah. 00:08:44.712 --> 00:08:48.812 And the core philosophy is building an OS image should be reproducible, 00:08:49.132 --> 00:08:51.912 declarative, and unprivileged, right? 00:08:51.932 --> 00:08:53.452 Because often when you think about this, you think about like, 00:08:53.672 --> 00:08:58.572 oh, loop devices and like F disk and formatting and like making new file systems, 00:08:58.752 --> 00:08:59.972 all of which sounds like root permission. 00:09:00.192 --> 00:09:00.832 All needs root. Yeah. 00:09:01.052 --> 00:09:05.192 Yeah. So what's great here is instead you run this, you give it a single config file. 00:09:05.352 --> 00:09:05.472 Okay. 00:09:05.472 --> 00:09:09.532 And it uses systemd repart under the hood and it's got some clever stuff. 00:09:09.672 --> 00:09:13.572 There's also, of course, because of systemd, cgroups and namespaces and unshare 00:09:13.572 --> 00:09:17.332 and basically it's able to look like it has root inside of a specially crafted 00:09:17.332 --> 00:09:19.652 namespace that has the permissions it needs to do. 00:09:19.652 --> 00:09:23.872 a whole bunch of clever, modern Linux plumbing engineering under the hood so 00:09:23.872 --> 00:09:28.032 that at the end of the day, you can create stuff like raw GPT disk images, 00:09:28.252 --> 00:09:32.352 EROFS images, squash FS, container directories, UKIs, tarballs, 00:09:32.652 --> 00:09:37.072 all from just something that can run without crazy permissions, 00:09:37.252 --> 00:09:39.552 run in CI, or run right in your terminal. 00:09:40.232 --> 00:09:43.012 And then, of course, there's a bunch of other stuff that layers in there. 00:09:43.012 --> 00:09:45.472 So you do get EROFS, which we'll go more into, but... 00:09:46.287 --> 00:09:51.227 Okay, you use MKOSI to make yourself like a disk image, maybe an EROFS, 00:09:51.627 --> 00:09:54.447 but what do you do with that? 00:09:54.587 --> 00:09:57.167 Well, there's more tools. There's systemd sysupdate. 00:09:57.347 --> 00:09:57.787 Okay. 00:09:57.947 --> 00:10:02.147 And this is the thing that actually handles the cool rollback and like slot 00:10:02.147 --> 00:10:04.967 sort of A-B functionality that's going on. 00:10:04.987 --> 00:10:08.327 So when you want to do an update, you're not pulling down app packages. 00:10:08.807 --> 00:10:11.827 You're not, you know, there's no DNF. There's no Pac-Man involved. 00:10:12.027 --> 00:10:14.767 You download a whole big new disk image. 00:10:14.767 --> 00:10:14.907 Right. 00:10:14.907 --> 00:10:18.407 We'll get to the Delta update story later. But you download a new image. 00:10:18.567 --> 00:10:22.687 Systemd puts that in the right spot and hooks up all the bootloader stuff for 00:10:22.687 --> 00:10:26.407 you so that automatically you can boot into the new version. 00:10:26.467 --> 00:10:28.647 If it doesn't go well, it can boot back to the old one. 00:10:28.747 --> 00:10:31.347 And it understands that all at the Systemd layer. 00:10:31.507 --> 00:10:34.647 Well, and to the point earlier, they didn't invent that tool. 00:10:34.867 --> 00:10:37.427 Nope. They didn't have to roll that. They didn't have to iron out all the logic 00:10:37.427 --> 00:10:39.027 to make sure it was robust and reliable. 00:10:39.627 --> 00:10:42.327 That's an example of a practical technology choice where, yeah, 00:10:42.387 --> 00:10:45.647 they could have invented their own system and maybe even have like a nice little 00:10:45.647 --> 00:10:47.387 plasma integration and all of that. 00:10:47.567 --> 00:10:51.187 But instead they chose to go with something that's already been built and in production. 00:10:51.707 --> 00:10:53.667 So it's already stable, that aspect of it. 00:10:53.827 --> 00:10:57.107 And then, you know, you get to layer on stuff too. So then there's systemd system 00:10:57.107 --> 00:11:00.987 extensions because in this model you have slash user that is hermetically sealed, 00:11:01.007 --> 00:11:05.187 that is this EROFS that you can't touch, that has a bunch of nice cryptographic properties. 00:11:05.667 --> 00:11:08.907 So maybe that's your base system. And then on top of that, like in the testing 00:11:08.907 --> 00:11:12.447 edition we've been playing with, you can layer in all the plasma stuff as its 00:11:12.447 --> 00:11:15.807 own systemd system extension that you can update, that you can swap in and out, 00:11:15.867 --> 00:11:18.947 and you don't have to mess with all of the Arch packages underneath necessarily. 00:11:19.187 --> 00:11:23.527 Do you want to talk about system extensions more later, or could we expand on that right now? 00:11:23.647 --> 00:11:26.787 Because systemd sysextent seemed like at the announcement of the project, 00:11:26.967 --> 00:11:30.247 well, this is the way I'm going to layer in my mesh networking, 00:11:30.247 --> 00:11:34.467 or this is the way I'm going to modify this otherwise immutable distro to have 00:11:34.467 --> 00:11:36.267 this particular customization I want. 00:11:36.407 --> 00:11:39.207 And it does work for that, but it's a little heavyweight. It's still getting 00:11:39.207 --> 00:11:43.027 kind of ironed out sometimes, especially like services that are served in there 00:11:43.027 --> 00:11:44.527 can be a little bit flaky, which is... 00:11:44.659 --> 00:11:47.499 a little unexpected considering the origins 00:11:47.499 --> 00:11:50.719 of all this stuff um but what it works really well for is something like plasma 00:11:50.719 --> 00:11:54.779 or libraries frameworks where you don't just have a single file like if you're 00:11:54.779 --> 00:11:57.399 just trying to install something like a you know that's like a single binary 00:11:57.399 --> 00:12:01.359 download from some rust or go project or whatever you can do it but it's more 00:12:01.359 --> 00:12:04.239 work than you need right there's already places to just stick that like opt 00:12:04.239 --> 00:12:06.419 or user local or whatever or what about like the. 00:12:06.419 --> 00:12:07.559 Case of nebular tail scale. 00:12:07.559 --> 00:12:10.299 Yeah so those are too easy to distribute basically but if 00:12:10.299 --> 00:12:13.399 you're trying to add something that needs libraries it needs png assets it has 00:12:13.399 --> 00:12:17.859 all this stuff that is expected to be under those normal slash usr like stuff 00:12:17.859 --> 00:12:21.159 that a linux operating system expects that's where system extensions really 00:12:21.159 --> 00:12:25.559 shine so it's really for the core system extension and not as much of the story 00:12:25.559 --> 00:12:28.839 necessarily you can do it right but for like user apps but. 00:12:28.839 --> 00:12:31.379 If yeah if you could get a user app that's a go binary you just go that route. 00:12:31.379 --> 00:12:32.019 Yeah i. 00:12:32.019 --> 00:12:37.139 Got you so let's talk more about this er ofs which stands for enhanced read-only 00:12:37.139 --> 00:12:39.839 file system it came out of huawei for Android. 00:12:40.059 --> 00:12:44.679 We've had it in Linux since Linux 5.4. So again, it's been around since 2019. 00:12:44.859 --> 00:12:47.919 It's a technology that is stable. It's in use in Chrome OS. 00:12:48.179 --> 00:12:51.259 It's actually required for Android now. All the system partitions are using it. 00:12:51.359 --> 00:12:54.779 And they're using it in KDE Linux. So I think the obvious question, 00:12:54.859 --> 00:12:56.499 because if you're going to ask a Linux user, how would you do this? 00:12:56.579 --> 00:12:57.839 They'd say, well, I would use SquashFS. 00:12:58.679 --> 00:13:03.279 It's been around forever. SquashFS has been in Linux since kernel 2.6.29. 00:13:03.539 --> 00:13:03.919 Wow. 00:13:04.259 --> 00:13:07.219 Yeah. Yeah. But there's a difference and it matters here. 00:13:07.319 --> 00:13:10.139 So SquashFS takes a fixed chunk of uncompressed data, like, say, 00:13:10.559 --> 00:13:13.979 128 kilobytes of data, and it compresses it to a variable-size output. 00:13:14.179 --> 00:13:18.699 And the blocks land arbitrarily and offsets, and reading one random byte means 00:13:18.699 --> 00:13:21.599 loading and decompressing that entire 120-kilobyte. 00:13:22.120 --> 00:13:25.660 So the whole point for SquashFS is maximizing the compression, 00:13:25.880 --> 00:13:28.720 which is great, right? Especially when it was made and the internet was super slow. 00:13:28.780 --> 00:13:30.440 Back in the two six days when you're squashing. 00:13:30.700 --> 00:13:33.540 Yeah, right. But it kind of means that the output is variable, 00:13:33.680 --> 00:13:37.920 which means you can't easily, like, you have to unpack kind of everything or at least big chunks. 00:13:37.980 --> 00:13:40.940 If you want just one file, you can't get that. 00:13:41.240 --> 00:13:45.520 Right. So this is where the enhanced rate only file system flips it. 00:13:45.720 --> 00:13:49.580 It has fixed output for compression. Like, you know what you're going to get. 00:13:49.580 --> 00:13:52.960 the compressor is told give me exactly four kilobytes every block 00:13:52.960 --> 00:13:59.020 is page size block aligned and indexed and then so i guess to your point much 00:13:59.020 --> 00:14:02.860 easier to extract the exact piece that you need memory overhead per block drops 00:14:02.860 --> 00:14:07.840 in this example from say 128 kilobytes with the squash fs to just four kilobytes 00:14:07.840 --> 00:14:09.920 with the enhanced read-only file system. 00:14:09.920 --> 00:14:13.260 And it kind of just directly maps to memory because it's meant to match the 00:14:13.260 --> 00:14:17.200 page size and so instead of having to like unpack stuff and copy stuff you can 00:14:17.200 --> 00:14:19.740 kind of just go mount it into memory and. 00:14:19.740 --> 00:14:22.600 Get reading and you can imagine that matters a lot 00:14:22.600 --> 00:14:25.820 like at boot time you've got a train you've got a chain of 00:14:25.820 --> 00:14:30.400 trust you're trying to get everything from secure boot signing to the UKI embeds 00:14:30.400 --> 00:14:34.260 all this crap that I barely even understand to actual like kernel loading and 00:14:34.260 --> 00:14:37.760 you want it all done as fast as absolutely possible and you're using these images 00:14:37.760 --> 00:14:41.460 this is the exact kind of scenario where you need a solution where you know 00:14:41.460 --> 00:14:44.040 the predictable size of the compression and where it's going to be at. 00:14:44.763 --> 00:14:47.683 And it's just a really neat technical idea that's worked really well. 00:14:48.323 --> 00:14:53.483 It's also kind of neat because SquashFS has been hard to work with cryptographically 00:14:53.483 --> 00:14:56.643 and work with DM Verity and kind of all the nice stuff that people want when 00:14:56.643 --> 00:15:00.263 you are taking the time to use Secure Boot and to use signed UKIs and all that 00:15:00.263 --> 00:15:02.783 kind of stuff that you might want for enterprise trust at scale, right? 00:15:04.023 --> 00:15:08.143 and EROFS works really well with that which means you can have nice cryptographic 00:15:08.143 --> 00:15:12.523 checksums and actual DMV protection so that if someone does try to mess with 00:15:12.523 --> 00:15:15.023 your root file system, the kernel can detect it immediately. 00:15:15.203 --> 00:15:15.563 That's great. 00:15:15.823 --> 00:15:18.243 It's not all roses though. 00:15:18.403 --> 00:15:18.523 No? 00:15:18.803 --> 00:15:22.123 Well, I bet you're feeling this one right? One of the bigger friction points 00:15:22.123 --> 00:15:27.143 is it's not a scientific limitation, it's more like an engineering problem that is being worked on. 00:15:27.163 --> 00:15:27.843 It is a problem though. 00:15:27.963 --> 00:15:30.083 But there are no delta updates. 00:15:30.163 --> 00:15:30.763 It sucks man. 00:15:30.763 --> 00:15:36.043 So you go change a couple little bits. That's a whole new five gigabyte download. 00:15:37.240 --> 00:15:39.140 They'll get there, though, right? I mean, that's on the roadmap. 00:15:39.460 --> 00:15:41.960 And, right, you do have this layered ability. And especially, 00:15:42.120 --> 00:15:46.100 right, where with, like, EROFS and other things, you can keep all the nice cryptographic 00:15:46.100 --> 00:15:49.180 signing for the bottom, even if you add some system extension that isn't itself 00:15:49.180 --> 00:15:52.280 signed. So you don't have to go, like, break the whole trust of the system just 00:15:52.280 --> 00:15:53.620 to add on some stuff at the top. 00:15:53.740 --> 00:15:54.780 That's elegant. I like that. 00:15:55.820 --> 00:15:59.260 Composable things. So there's some hope that, like, maybe you don't have to 00:15:59.260 --> 00:16:03.700 update the core tiny layers, like, all the time for that rebuild. 00:16:03.700 --> 00:16:08.340 and there there are things in progress upstream i think even there's been some 00:16:08.340 --> 00:16:12.000 work from like various parts of the community i think leonard had one at one 00:16:12.000 --> 00:16:15.780 point so i expect this will get solved it's just it's just early days. 00:16:15.780 --> 00:16:21.500 So we all had a little chance to kick the tires and um i thought let's start 00:16:21.500 --> 00:16:24.420 with brent's observations because i'm brett you're probably the most act well 00:16:24.420 --> 00:16:27.840 actually wes you're on plasma all the time too but when we think of our biggest 00:16:27.840 --> 00:16:31.560 plasma fan i think of brent so i'm curious what your observations of kde linux were. 00:16:31.560 --> 00:16:35.520 Well i was fully expecting like the reference kd 00:16:35.520 --> 00:16:38.660 implementation i've used many spins and 00:16:38.660 --> 00:16:41.320 such over the years and it 00:16:41.320 --> 00:16:45.760 always feels like there's of course opinions thrown into spins which is the 00:16:45.760 --> 00:16:50.460 whole purpose but it never quite felt like unless you were running neon that 00:16:50.460 --> 00:16:55.900 you had the reference that the kd software developers were building plasma to 00:16:55.900 --> 00:16:58.960 work perfectly with and to see you know the future of plasma. 00:16:59.340 --> 00:17:03.100 So as soon as I installed and booted KD Linux, 00:17:03.500 --> 00:17:07.920 that's the feeling I got was like, Oh wait, I'm learning like even the tour 00:17:07.920 --> 00:17:12.900 for the first boot up tour that you get, which I, you know, over the years have 00:17:12.900 --> 00:17:14.740 seen them and don't really click on them now. 00:17:14.780 --> 00:17:20.240 I was like, wait, this is teaching me new ways that the developers intended 00:17:20.240 --> 00:17:24.880 for me to use plasma that I haven't been doing. And it made me realize like, 00:17:25.566 --> 00:17:29.766 Even though I'm a huge Plasma fan, I don't know that I understand how they want me to use it. 00:17:29.886 --> 00:17:34.126 And I'm learning new ways to use it just through booting for the first time 00:17:34.126 --> 00:17:36.466 KDE Linux, which was a nice feeling to have. 00:17:36.566 --> 00:17:40.686 Because I felt like, well, I'm a big fan, but I could become even more of a 00:17:40.686 --> 00:17:43.846 fan if I understand all of the different paradigms that they're building into 00:17:43.846 --> 00:17:45.606 Plasma that I don't even know about. 00:17:46.046 --> 00:17:51.186 Did you get that feeling too, Chris? Because I think I saw you mention something about that. 00:17:51.766 --> 00:17:57.026 I think my takeaway was more like, it's just so well done. It felt smooth, 00:17:57.366 --> 00:17:59.586 clean, professional, polished. 00:18:00.346 --> 00:18:04.266 I don't know how you strike that tone with an introductory wizard, but it got there. 00:18:04.446 --> 00:18:09.106 Like, I was like... I made a note in my... Like, this is a great introductory wizard. 00:18:09.186 --> 00:18:13.286 I've seen versions of this with other distros, but this one felt particularly polished. 00:18:13.426 --> 00:18:15.666 Wes, what did you think? We all went through it. 00:18:15.786 --> 00:18:16.186 Well, and... 00:18:17.574 --> 00:18:21.594 It was just so light and clean and solid and fast. 00:18:21.834 --> 00:18:24.914 I mean, the install was super fast. I did only try it in a VM this time, 00:18:25.014 --> 00:18:27.074 but it was a great virtualization. 00:18:27.094 --> 00:18:27.614 Oh, super great. 00:18:27.674 --> 00:18:29.974 Like, less than five minutes, had it installed, rebooted. 00:18:30.094 --> 00:18:30.754 Snappy the entire time. 00:18:30.774 --> 00:18:35.234 It had all the virtio drivers and, like, graphics support. So it almost just 00:18:35.234 --> 00:18:36.714 felt like using my native Plasma. 00:18:36.934 --> 00:18:41.654 And it was visually consistent in a way that feels like some of the stuff in 00:18:41.654 --> 00:18:44.894 Plasma maybe hasn't been visually consistent, too. I think maybe that was... 00:18:44.894 --> 00:18:48.514 This was the first time I didn't turn off the light theme. I'm a big dark theme guy. 00:18:48.694 --> 00:18:52.054 Part of it was like, I'm running plasma and plasma here, so it's a little less 00:18:52.054 --> 00:18:53.334 confusing if one of them's a different theme. 00:18:53.514 --> 00:18:55.654 But it was also like, the light theme just looked really good. 00:18:55.774 --> 00:18:59.134 I instinctively went to Switch. I was like, wait, this looks great. I don't need to. 00:18:59.274 --> 00:19:02.414 I know. I feel like with the latest plasma and the stuff they're doing with 00:19:02.414 --> 00:19:04.834 Breeze, I'm a light theme guy again. 00:19:04.934 --> 00:19:07.674 It just looks, the light theme looks better than the dark theme. 00:19:08.114 --> 00:19:08.694 It does. 00:19:08.774 --> 00:19:12.274 As you guys are mentioning this, I'm realizing I didn't even realize I was in 00:19:12.274 --> 00:19:16.714 a light theme and I never changed it. And that is like the first time that ever happens. 00:19:17.574 --> 00:19:19.714 It looks good. It really does. 00:19:19.794 --> 00:19:21.934 I'm redefining my identity all of a sudden. 00:19:24.254 --> 00:19:26.014 Brent finds himself in KD Linux. 00:19:27.614 --> 00:19:29.874 You think by now I would have figured that out? 00:19:32.114 --> 00:19:36.374 I think that was a very good first impression, right? When that comes up, it's good. It was good. 00:19:37.002 --> 00:19:38.442 Clearly made an impression on all of us. 00:19:38.582 --> 00:19:42.522 I found the installer too was just simple and straightforward. 00:19:42.882 --> 00:19:45.922 I, of course, did my usual test of trying out the encryption, 00:19:46.642 --> 00:19:53.342 which worked perfectly fine, except for on first boot, I forgot the password that I put in. 00:19:53.942 --> 00:19:54.422 No. 00:19:54.802 --> 00:20:01.022 More because I've adopted our JB Studio temporary password in my own home lab now. 00:20:01.022 --> 00:20:01.802 We don't have one of those. 00:20:01.842 --> 00:20:02.922 No, no, we never do that. 00:20:02.942 --> 00:20:03.762 We're OWASP certified. 00:20:03.762 --> 00:20:06.402 We always generate unique passwords for every temporary thing. 00:20:06.402 --> 00:20:09.682 I usually put Cosmo as a password, to be honest. But anyway, 00:20:09.842 --> 00:20:13.162 so I like briefly, you know, I was having breakfast and it was early. 00:20:13.522 --> 00:20:17.802 So I put the wrong password in at the encryption screen when you first boot just to unlock the disk. 00:20:17.942 --> 00:20:20.962 And I was like, oh, no, OK. All right, right. I put the wrong one in. 00:20:21.062 --> 00:20:22.242 So I'm going to get to try again. Right. 00:20:22.862 --> 00:20:26.522 And it just dropped to a rescue shell, which I hadn't. 00:20:26.882 --> 00:20:30.482 That's not the usual flow. Usually it lets you at least try three times. 00:20:30.702 --> 00:20:34.862 So that was interesting. But once I, you know, put in the right password, 00:20:34.962 --> 00:20:36.722 everything worked just fine. And so that was nice. 00:20:37.162 --> 00:20:41.342 But what surprised me the most was, I think, what we talked about earlier. 00:20:41.562 --> 00:20:46.542 And what I would like to bring even more attention to is the underlying technologies 00:20:46.542 --> 00:20:53.322 that are making this image-based distribution work for the KDE team. 00:20:53.622 --> 00:20:57.602 And I discovered some software under the hood in their docs, 00:20:57.822 --> 00:21:01.862 actually, which are pretty light, but answer all of the most important questions 00:21:01.862 --> 00:21:04.962 when you're first booting into KD Linux. 00:21:04.962 --> 00:21:09.082 One of them was like, well, how do I get other software on here? 00:21:09.142 --> 00:21:12.902 Of course, Flatpak was built in to discover, which was nice. 00:21:12.902 --> 00:21:15.982 But they list a bunch of other options for geeks and nerds like us because, 00:21:16.202 --> 00:21:17.482 well, that's who they're building it for. 00:21:17.742 --> 00:21:24.122 So I discovered, of course, Nix is a first-class citizen for how to get additional 00:21:24.122 --> 00:21:25.902 software on your KD Linux. 00:21:26.462 --> 00:21:29.722 Now, hold on. Let's pause here for a second. Because I know some of the audience 00:21:29.722 --> 00:21:30.722 is going to roll their eyes. 00:21:30.842 --> 00:21:31.082 Sure. 00:21:31.082 --> 00:21:37.282 But I actually think this is a very notable differentiation between the Bluefin 00:21:37.282 --> 00:21:39.342 crowd and maybe KDE Linux here. 00:21:39.942 --> 00:21:44.462 What KDE Linux has done is just made sensible steps to make it possible to sideload Nix. 00:21:45.202 --> 00:21:50.042 What that does is that gives you the world's largest package repository on an 00:21:50.042 --> 00:21:52.302 immutable distribution that doesn't have a package manager. 00:21:52.502 --> 00:21:56.402 In Ubulu's defense, they do have some more difficulties because they're doing 00:21:56.402 --> 00:22:00.382 a composeFS thing that sort of makes an EROFS, and that's for the whole root. 00:22:00.422 --> 00:22:01.282 The root of the file system. 00:22:01.302 --> 00:22:03.942 Right. Whereas here, it's just slash user right now, mostly, that's like... 00:22:03.942 --> 00:22:06.942 So you can create a new root directory, which in this case is slash Nix. 00:22:06.942 --> 00:22:11.222 But it did stand out because, like, right away, there is a fair amount of stuff. 00:22:11.222 --> 00:22:14.282 Actually, I was kind of looking at it, and you get, by default, 00:22:14.462 --> 00:22:19.982 like, a bunch of development utilities and a fair amount of common file system 00:22:19.982 --> 00:22:22.382 stuff. So it's not totally Spartan, but it doesn't have everything. 00:22:22.622 --> 00:22:25.542 And if Flatpaks are your primary way to get, like, user apps, 00:22:25.622 --> 00:22:29.562 that doesn't really get me Netcat very well, which I need on every system I have, apparently. 00:22:30.162 --> 00:22:33.282 And Nix kind of, especially if you have this whole, like, I want an immutable 00:22:33.282 --> 00:22:37.242 rock solid, the way Nix works, then you can just sort of ephemerally summon 00:22:37.242 --> 00:22:39.442 a tool, and then you don't have to worry about it and it didn't pollute your 00:22:39.442 --> 00:22:41.322 system, and it's not going to get in the way of future updates. 00:22:41.342 --> 00:22:42.522

Previous episode

Next episode

Search

Listen on

Apple Podcasts Spotify RSS feed