Michael:
[0:00] This week in Linux, we have a lot of news to cover. We have some good news and some bad news. Well, people like to start with bad news first, I guess. So there is a fiasco happening with Secure Boot and how it may be affecting Linux users. Also, the EU is proposing a law that is pretty close to being passed that is very scary and a step towards mass surveillance. We’ll talk about that. Then also we have some good news and that the Pebble watches are back and we have some beta releases from Linux Mint and Ubuntu Touch as well as Syncthing is back, which is a really cool tool to sync your files across multiple devices. We are so close to 100,000. If you want to help this channel get to 100,000, I would very much appreciate it. I never thought I’d get to 100,000 in my life and it seems that it’s probably going to happen. And if you wanna help make it happen sooner rather than later, I’d appreciate that. So please subscribe. All of this and more on This Week in Linux, the weekly news show that keeps you up to date with what’s going on in the Linux and open source world. Now let’s jump right into Your Source for Linux GNews.

Michael:
[1:18] This episode of TWIL is sponsored by Sandfly Security.

Michael:
[1:22] More on them later. Some tech sites have been recently reporting about a Secure Boot key expiring problem, potentially causing Linux systems to be unbootable. This key is set to expire on September 11th, 2025.

Michael:
[1:37] What a date to pick. Anyway, the replacement key has existed since 2023, but some distros don’t support it. So there are a lot of websites talking about this could be a problem for Linux users. Now, Secure Boot relies on trusted certificates stored in a system’s firmware to verify bootloaders and drivers. The DB holds trusted certs and DBX holds revoked ones. There’s a lot of people saying that this is going to be an issue and that you will have to disable secure boot to use Linux or add a new key or make your own keys or even just install Windows. However, this is not true for most people. Certificates have official expiry dates, but…

Michael:
[2:19] Most PC companies don’t actually enforce, so it’s not really going to be an issue for most people. Many Linux systems already boot with expired certificates and work fine. Systems can’t reliably tell the real date / time before the OS loads, so enforcing expiry could lock out displays and recovery. Also, Microsoft’s own code bypasses expiry checks for this reason. The new key needs to be added to machines, both old and new, So for a while, Microsoft will be signing things with both the old and the new key. So, you know, there’s going to be a transition period. OEMs are also pushing firmware updates to add it, and Microsoft offers a generic fallback method as well. So problems only arise if something is signed only with the new key and a system doesn’t have it, or vice versa.

Michael:
[3:10] In a worst case scenario, you might need to boot an older Linux to update your trusted keys before installing a newer one. But for now, Linux distros can keep shipping shims signed with both old and new certs. No system currently running Linux will suddenly fail to boot because of this rollover. For most users, all you have to do is update your firmware when updates are offered. So no, your Linux box isn’t doomed. Keep your system updated and you’ll sail through the rollover just fine. And like I do for every topic, if you want more technical details,

Michael:
[3:41] you’ll find links in the show notes. I typically avoid politics on this show unless it’s some kind of Linux politics, because then it fits the point of the show. But a few weeks ago, we covered a new unfortunate UK Privacy Act that is wreaking havoc. And thanks to all the people in the comments, I learned that the United States did not leave us out. We’re also dealing with some equally terrible efforts to pass idiotic laws under the guise of protection. Well, now we have another one from the EU. There’s a new potential law called the EU Chat Control Law.

Michael:
[4:13] And well, the goal of this is to make every message, image, and file you send get automatically scanned before it’s sent. Did you choose a chat platform because of their encryption? Well, forget all that because this silly thing wants everything you send ever to be pre-scanned and then encrypted after it is deemed okay by whoever decides unlimited surveillance is a good idea. This means that there would have to be backdoors in all of your apps. No exceptions. There’s also risks of false positives occurring, which may trigger damaging investigations. So that’s fun. Fightchatcontrol.eu points out that many child protection organizations and the UN argue against this scanning of messages because it makes children less safe by weakening security for people and diverting resources away from things that actually protect children. Currently, Austria, the Netherlands, and Poland are opposed to this law, but 15 other countries are supporting it. Nine countries are currently undecided, and if you live in one of these countries, maybe you should try to convince your MEPs to oppose this law because a backdoor in any app is a bug, not a feature.

Michael:
[5:24] These undecided countries are Belgium, the Czech Republic, Estonia, Finland, Germany, Greece, Luxembourg, Romania, and Slovenia. If you are in these countries, fightchatcontrol.eu will help you draft an email with the reasons to oppose important to you and email it to all the MEPs that are either supporting this law or undecided. So maybe, if possible, one of the 15 could change their minds if enough people send them messages about why this is ridiculous.

Michael:
[5:58] Hopefully, that’s possible, but otherwise, hopefully the nine countries that haven’t decided, decide in the right way, which is to not do this, because it is insane. Anyway, that’s my take.

Michael:
[6:13] What’s yours? Let me know in the comments. KDE Gear had a new release with updates to many of your favorite KDE apps. Itinerary is an app for planning travel, and you can now manually enter train and bus trips into it rather than selecting them from a table. It also has more flexible alternative connection search, a new and improved public transport departures view, and improved location search, as well as integration with OpenRailwayMap. Akhenadi, I think that’s how you say it, is the engine behind Contact and Mercuro, Macuro.

Michael:
[6:46] This, the calendar app, and handling emails and calendars, contacts, tasks, and so on. And its recent update reduced memory usage by 75% and improves integration with proprietary group or services like Microsoft’s Intune. K Organizer has a new date picker and improved tooltips with search fields. Cleopatra, the app for managing signatures, encryption keys, and digital certificates, now allows for opening the encrypted notepad feature in separate windows allowing multiple notepads at the same time. Dolphin now lets you switch between fast file indexing search or simple search which is slower but more detailed. You can also open file light in the tools menu showing how much space a file or folder is taking up with charts and the view mode button also now lets you choose how to sort items, toggle previews on and off, and show hidden files. NeoChat for Matrix now lets you create polls and open a context menu for each individual thread of messages.

Michael:
[7:42] Articulate, which is spelled with a K, of course, for improving foreign language pronunciation is now fully Plasma 6 compatible. And the Angelfish browser is also updated with the ability to disable ad block and it adds new keyboard shortcuts and a right-click menu for the back button with your history. For those who are not familiar with Angelfish, this is a browser for like Plasma Mobile and that sort of thing. And there’s also many, many more things that is related into this release of KDE Gears. And if you want to check out all the releases and all the news for 25.08, you’ll find links in the show notes.

Michael:
[8:18] As Linux users, we know what’s up. Security is non-negotiable, but with threads evolving faster than ever, your security tools need to keep pace without dragging your system down, of course. Traditional agents, I mean, they slow you down and they create stability risks. It’s time for a smarter approach. And that is why this weekend Linux is proud to be sponsored by Sandfly Security, the agentless security platform designed for Linux. Sanfly doesn’t just detect and respond. It transforms security with SSH key tracking, password editing, and drift detection, covering threats from every angle. Whether your systems are in the cloud or on-premises or in embedded devices, Sanfly ensures they’re all secure without headaches from agent-based solutions. If your company’s interested in transforming your security strategy, Sanfly Security also offers free trials to show off what it can do for your business. So visit thisweekinlinux.com/sandfly. That’s thisweekinlinux.com/sandfly to learn more. And also listen to what Timothy Lisko, the deputy CISO at Digital Ocean has to say. Sandfly is one of the most exciting pieces of security tech I’ve seen recently. We’re excited to not only be a customer, but also offer an integrated solution to our customers through the Digital Ocean marketplace. This technology addresses Linux security in a in a really novel and compelling way.

Michael:
[9:38] So experience security that’s not just effective, but gives you peace of mind. No agents, no downtime, just cutting edge protection. Dive into the future of Linux security at thisweekinlinux.com/sandfly and see how Sandfly can transform your security strategy. And if you’re as fascinated by cybersecurity as much as I am, then go check out the interviews we had with the CEO of Sandfly on Destination Linux. Craig has an awesome story about how he got into Linux and how he got into security. So check out destinationlinux.net/409 for that.

Michael:
[10:08] And also he returned on episode 429 to do a new segment of Sandfly Security Scoop, where he talked about all sorts of different things, including him explaining this stealthy BPF door, backdoor that evades firewalls and so much more. Plus, if you wanna save some money on the Homelab edition, you can use the discount code DESTINATION. So again, go use that discount code DESTINATION for the Homelab and check out the other tools they have, the other services they have at thisweeklinux.com

Michael:
[10:37]/sandfly. Remember Pebble? Yeah, the legendary smartwatch that refused to die? Well, it’s back. And it’s not just in spirit. This time, it’s official. If you used to be a fan of the Pebble watches, then you’re going to be excited because we covered a new effort from the original creator a few months ago, and now he has a video to show off some designs of the new Pebble 2 Duo and Pebble Time 2. For those who’ve been watching the show for a long time, you might have remembered that was a different name before. Originally, they were known as the Core 2 Duo and the Core Time 2, but the company was able to regain the Pebble trademark. So yeah, it’s now fully back.

Michael:
[11:16] With that, they have revealed the final design for the Pebble Time 2, featuring an industrial design debuting with four colors. And also it’s adding a multicolored RGB LED backlight and a second mic for potential noise cancellation feature, as well as a compass sensor and a screw mounted back cover. It also features stainless steel for the body and the buttons and comes with a 1.5 inch 64 color e-paper display, a touch screen, a quick release 22 millimeter watch strap, a heart rate monitors, sleep tracking, a speaker, water resistance, at least to some degree. And here’s the kicker, 30 day battery life.

Michael:
[11:58] No, I didn’t, I did not mess that up. 30 days of battery life. And this is going to be available to pre-order at $225. So if you are interested in checking out the return of the Pebble watches, you’ll find links in the show notes.

Michael:
[12:13] Linux Mint 22.2 has entered its beta phase. It features some visual improvements, such as a new blurred effect and user avatars on the login screen. It adds a little bit of blue to the default theme for a purpose of updating the look to be more modern. LibEdWeda apps play nicer on Linux Mint now as they added patches to make it work with Mint Y, Mint X, and Mint L themes. Accent colors now work on LibEdWeda and Flathub apps. They added fingerprint support with their new FingWit application. And the Sticky Notes app now has Wayland support and Android syncing.

Michael:
[12:50] Its IPTV player now adds the ability to have a theater mode and a borderless mode. A borderless mode is really cool because it means that there’s going to be no window decorations at all, just the video itself. And they’ve also added updated versions of GNOME Calendar, Simple Scan, and GNOME Disk Analyzer that now ships with Lib at WADA. And for the Warpinator tool for file sharing, it now allows local network file sharing and now also has an iOS companion app as well as many more features are coming in this next release of Linux Mint. Now this is a beta, so keep that in mind if you plan to test it out, but we’re not gonna go much more in depth because as always, when the actual release drops, we’ll cover it in all the full details that you would expect. So if you wanna learn more right now, you can find links in the show notes, but when it does come out in full, will give you the whole in-depth version.

Michael:
[13:42] The UBports team have announced a beta release for the next version of Ubuntu Touch. Now, Ubuntu Touch 24.04-1.0 beta is now available.

Michael:
[13:54] This beta features a huge tech stack upgrade from the 20.04 all the way to 24.04. It comes with a ton of new features. And when it comes to the full release, we’ll go to the full details. But as an overview, There’s a new logo that they’ve made for Ubuntu Touch, which matches the redesign from 2022 of the Ubuntu logo. And there’s now a light mode for the shell, as well as a partial implementation of live theme switching. And they also shipped the OTA-10 for Ubuntu Touch 20.04, which adds a new upgrader that will make upgrading to 24.04 easy when it comes out.

Michael:
[14:32] And if you might have noticed that they have a new version scheme for the next versions, and they’re basing it on the combination of the Ubuntu base with any changes that are specific to Ubuntu Touch. That’s why the release number is Ubuntu Touch 24.04-1.0. Not a big fan of that version scheme, but it is what it is. So I’m looking forward to the full release of Ubuntu Touch. But if you already have a phone that supports Ubuntu Touch, then maybe you want

Michael:
[15:00] to check out the beta release. you can help do some testing to improve it for the final release. Syncthing is a continuous file synchronization program allowing syncing of files between multiple devices and it’s been around for a while. The first time we talked about it was way back in 2019 before the end of everything. It was really slick back then but now this week we are going to talk about an even slicker version which is Syncthing 2.0. Now, the 1.0 was in 2019, and that version number might seem a bit weird to go from, it takes six years to go from 1.0 to 2.0, but there was a lot of releases. They had plenty of releases since then, so it doesn’t really tell the whole story, so I just wanted to clarify that. But let’s talk about what’s new in Syncthing 2.0. There’s been a database backend change from LevelDB to SQLite. They state that there’s a migration on first launch, which can be lengthy for larger setups. So just be prepared for that.

Michael:
[16:00] Their logging format has changed to use more structured log entries and gives more control on per package level. They also deleted items are now forgotten after six months and not kept in the database forever, which will be good for those who want to keep their database nice and clean without having unnecessary data. But there is a flag for those who want to keep the information for longer than six months. Also, they have modernized the command line parsing. they’ve also made it so that the rolling hash detection of shifted data is removed making scanning and syncing faster and also more efficient the default folder is no longer created on the first startup basically the idea is to pick whatever folders you want to sync instead because a lot of people think that the dropbox kind of system where it’s all in just one folder and you put everything in that folder that’s not how Syncthing works you can basically just choose whatever folder you want and then sync it to whatever folder you want on whatever other device that you want to sync it to. It doesn’t really care the hierarchy of where the folders are as long as you tell it where to sync and what to sync to. Multiple connections are now used by default between V2 devices with one for index metadata and the other one for data exchange. The handling of conflict resolution involving deleted files has changed, allowing a delete to be the winning outcome. And there’s just plenty of bug fixes and performance improvements and all that sort of stuff. So if you’re looking for a way to sync your files between devices on Linux, then Syncthing.

Michael:
[17:27] Might just be the thing. Sparky Linux 8.0 has been released, and this is probably the first distro that is based on the new Debian 13. This includes all packages being updated that was found in the update for Debian 13. Of course, that means the kernel 6.12 has been included, LibreOffice 25.2.3, KDE Plasma 6.3.6, LXQT 2.1, MATE 1.26.

Michael:
[17:55] XFCE 4.20, and OpenBox 3.6.1. Also Firefox and Thunderbird ESR is included in this release, as well as Firefox 141 for those who would like to use it. This release of Sparky Linux also comes with the new Sparky Package Tool or SPT, helping with package management in a text-based console. Also, GIMP is now gonna be pre-installed with this release and the CLI system installer now allows auto-partitioning from a whole disk and encrypted home partitions. PCManFM has been replaced by Thunar in the open box version and also there’s been some updates and improvements for Sparky’s Aptus App Center.

Michael:
[18:35] So you’d like to add a Spark to your system, check out Sparky Linux. There’s been a post from Richard Hughes, the creator of the LVFS or Linux Vendor Firmware Service, trying to find funding to hire additional resources for the project to eliminate the bus factor. For those who don’t know, the bus factor means a single person can be hit by a bus, which is a little morbid, but hit by a bus and then the system completely collapses. So you want to add more people to the bus factor so that that doesn’t happen.

Michael:
[19:05] But anyway, currently the Linux Foundation pays the hosting costs and Red Hat pays for the creator to maintain LVFS, but the creator wants to hire a me replacement as he put it. So there is a backup. So he is doing this by introducing a fair use quota with different sponsor levels, having a different quota allowance. The free quota allowance is also rather generous offering 50,000 monthly downloads and 50 monthly uploads.

Michael:
[19:31] Also, Hugh notes that almost all of the 140 vendors won’t be affected. Nothing happens if the quota is exceeded. It’s mostly warnings with graphs showing vendor quota usage as well as rewarding vendors for contributing with their logos on the page and that sort of thing. Starting in December, it will show warnings on firmware pages showing that they are past their quota. And if they are below the startup sponsors level, then it will turn off detailed per firmware analytics as well as turn off access to custom LVFS APIs for vendors below that level. Now, the LVFS is a very useful thing for updating your firmware because it makes it possible to have built-in firmware updating inside of your operating system. So you don’t have to open your BIOS and do the updates. You can do it directly inside of your system management and that sort of tools. So that’s really good. And it makes sense for vendors using this to support the service. So here’s hoping they do.

Michael:
[20:30] The open source video transcoding tool Handbrake came out with version 1.10. So there’s a lot of new versions. One of the most notables is the ability to have a social compression, which means that you can get it down specifically to a 10 megabyte preset.

Michael:
[20:48] And this is for those who share stuff through Discord, which has that limit. Also, there’s new options to choose the encoding, the encoder color range, as well as new CLI option to disable Dolby Vision and HDR10+ pass-through if you want to, as well as a new option to disable audio track names, pass-through, and auto-naming. This release of Handbrake also improves metadata pass-through, preserving more metadata, including the creation data and location. There’s some performance improvements, such as the frame rate, shaper metrics, or high-resolution frames, and also a bunch of bug fixes, as you would expect from this kind of update. Linux users get some additional fixes as well, including resolution for an annoying queue removal crash, also proper Opus and Vorbis pass-through validation in WebM, and presets for unavailable hardware encoders being hidden by default. For those who are interested in getting a video transcoding tool.

Michael:
[21:44] Handbrake is fantastic. It has been around for a while and it has been a go-to solution for me in a lot of ways.

Michael:
[21:51] So if you are in the market for one, go check out Handbrake. Thanks for watching this episode of This Week in Linux. If you like what I do here on this show and want to be kept up to date with what’s going on in the Linux and open source world, then be sure to subscribe. And of course, remember to like that smash button. If you’d like to support the show and the TuxDigital Network, then consider becoming a patron by going to tuxdigital.com/membership. We get a bunch of cool perks like access to the patron-only section of our Discord server and much, much more. You can also support the show at the end of the week.

Michael:
[22:20] You can also support the show by ordering the Linux is Everywhere t-shirt and the This Week in Linux shirt at tuxdigital.com/store. Plus, while you’re there, check out all the other stuff we have like hats, mugs, hoodies, stickers, and more at tuxdigital.com/store. I’ll see you next time for another episode of Your Source for Linux GNews. Thanks again for watching. I’m Michael Tunnell. I hope you’re doing swell. Be sure to ring that notification bell. Until next time, I bid you farewell.