Michael:
[0:00] This week in Linux, we’ve got a bit of good news and bad news. First, the bad news is that Intel has abruptly ended Clear Linux out of nowhere, and the Arch Linux team have warned users that malware was found in the AUR. It’s not all bad, though, this week, because Wayback is back on the show with the first preview release for keeping X11 desktops alive in our future Wayland-powered world. Plus, according to one source, Linux usage is even higher than we already thought it was. A couple of episodes ago, I reported that we broke the 5% threshold on the U.S. Desktop market based on stat counter data. But according to one source, it’s already climbed past 6%. What source, you ask? Well, the analytics of the U.S. federal government websites.

Michael:
[0:44] And speaking of governments, GitHub is trying to get the European Union lawmakers to scale Germany’s sovereign tech fund into an EU-wide program to fund critical open source projects. Also, some more good news. We’re about to reach a major milestone for my YouTube channel. We just hit 92,000 subscribers on YouTube and we are so close to hitting a milestone I never thought that I would ever hit. If you’re watching and aren’t subscribed, I would really appreciate it if you went ahead and did that because I hardly ever ask for people to subscribe except I guess at the very end of the episodes. But if you would like to help me reach that 100,000 subscriber mark, that would be awesome. I would really appreciate it. After a very long time on YouTube, I finally might be getting one of those YouTube play button plaques for the channel. So if you want to help with that, that’d be awesome. All of this and more on This Week in Linux, the weekly news show that keeps you up to date with what’s going on in the Linux and open source world. Now let’s jump right into Your Source of Linux GNews.

Michael:
[1:56] This episode of Twill is sponsored by Sandfly Security. More on them later. Intel has decided to end the Clear Linux OS project out of nowhere. They also did this with no grace period or migration time. This is most likely due to budget cuts because Intel is not doing all that great right now. But for those who are curious what Clear Linux is, well, Clear Linux OS is Intel’s own Linux distribution created in 2015 for cloud computing and built for performance and designed specifically for Intel hardware. It also worked on other hardware, but it was made for Intel hardware. It is optimized for speed and power efficiency, as well as security. And a number of changes were made in the defaults for the kernel, for example, with lots of other tweaks, which helped it perform extremely fast, even on older hardware.

Michael:
[2:46] Clear Linux uses the SWPD package management tool, as well as flat packs and as a rolling release, or it was a rolling release distribution. For those who are not familiar with Clear Linux OS, it was a very interesting project because they did a lot of innovation with it. It wasn’t really meant for everyday usage for most people, but they did a lot of cool stuff where they would advance the technology in different ways and test out different ideas and stuff like that. So it is a shame to see Clear Linux OS going away, but that’s probably why a lot of people might not have heard of it. Arjun van de Ven from the Clear Linux Project states that Clear Linux OS GitHub repository will be archived in read-only mode. So if you’re currently using Clear Linux OS, we strongly recommend planning your migration to another actively maintained Linux distribution as soon as possible to ensure ongoing security and stability. Rest assured that intel remains deeply invested in the linux ecosystem actively supporting and contributing to various open source projects and linux distributions to enable and optimize for intel hardware now that’s something that you know most companies will say is like rest assured we’re going to continue to do the thing or you know all the company will still you know i want to acquisition happens like it’s still going to be fine nothing’s going to change and.

Michael:
[4:06] That sort of thing typically does not mean that. They all say it, but no one believes it, right? I hope that this case is true because Intel has done a lot of stuff for the Linux community and the Linux ecosystem. And I suspect they’re still going to continue to do that because the hardware support for Intel in Linux has always been fantastic. And I don’t think they would ever change that. So I hope they continue to do the innovation and all that sort of stuff. Despite not having clear Linux around, I hope they continue to do the work because they have a lot of cool projects and a lot of cool stuff that they have done in the past and are still currently doing. So I hope that does continue. Now, there is some concern with Intel’s future because of the broader cuts that are being done. And also there has been reports of that over 5000 jobs will be cut for U.S. states. So that’s not good. And it’s a shame overall for all of that. But also it’s a shame that Clear Linux is getting the axe because it has led to a ton of improvements in many ways for the ecosystem, especially as a testbed for advancements of Intel hardware in the kernel. But at the same time, it’s always talked about being super fast, but also something that most people wouldn’t run since it had a special packaging system limiting the scope of what could be done on it and various other things. This likely won’t affect many people in the community, but it is a shame that the innovations won’t be happening anymore, at least not to the same degree.

Michael:
[5:34] Hopefully they do, but we’ll have to wait and see. If you’re using Clear Linux, I’d love to know how you’re using it and what distro you’re switching to. Let me know in the comments.

Michael:
[5:44] According to one source, Linux usage is even higher than we already thought it was. A couple of episodes ago, I reported that we broke 5% threshold on the U.S. Desktop market based on data from StatCounter. But according to one source, it’s already climbed past 6%. What source is that? Well, of course, I’m talking about the analytics of the U.S. Federal government websites.

Michael:
[6:08] I didn’t even know that that existed, that you could get this kind of information until I saw this news that the stats and analytics for American government websites was even available, much less how much information it was there. So that’s interesting. But according to this data, according to the analytics website, Linux is at a 6% market share over the last 30 days. This is American-focused data with 75% of that data coming from America. It could be a result of many big wins in Linux happening in the past few years. I mean, the Linux gaining popularity for gaming because of the Steam Deck and because of the Proton stuff, as well as, you know, big YouTubers like PewDiePie and Jay’s Two Cents and that sort of stuff. Promoting Linux in some ways could be a benefit. Also, the fact that Windows 10 end of life is coming up really soon, as well as Windows 11 being not supported by some hardware and bringing in Windows Recall, which is absolutely ridiculous.

Michael:
[7:08] As well as the EU to some degree to move many government computers to Linux while not technically related to the US desktop market. It’s still really good. And also the promotion of it and the conversations of it might be pushing people from the US doing it as well. Now, this is really good because we already thought it hit a certain threshold of 5% and apparently it’s hitting 6% of US desktop share, which is awesome because the growth of Linux means a lot of benefits for the users because we get more companies looking at Linux as a viable platform, meaning more applications. And basically we’re effectively solving the chicken or the egg problem. So hopefully that does happen and we continue to have growth in the platform because there’s a lot of applications that I wish were on Linux that are currently not. And the more and more we grow, the more and more reasons they have to support it. And the fewer and fewer reasons they have to complain about the size of the market. So there we go. If you are new to Linux, let me know in the comments.

Michael:
[8:13] What made you switch to Linux? When did you switch to Linux? And also what distro you picked? I’m very curious about all the new users. And I’ve been around Linux community for a very long time. So I would love to know like, what got you into Linux at this point?

Michael:
[8:29] GitHub is trying to get a new EU tech fund to ensure critical open source software can be maintained in the long term. Their proposal expresses that our economy relies on open source software for digital infrastructure and much more. But that maintenance continues to be underfunded, especially when compared to physical infrastructure like roads and bridges. So according to GitHub’s research, 96% of all code bases contained some kind of open source code. GitHub is estimating that open source contributes to $8.8 trillion to the global economy. Yet most projects get little to no funding, even as dependencies for billion dollar operations. This makes the supply chain vulnerable to burnout, abandonment, and even socially engineered hijacking due to burnout like we saw with the XZ backdoor.

Michael:
[9:23] GitHub’s solution is to scale up Germany’s sovereign tech fund to the entire European Union. GitHub’s report recommends starting with 350 million euros for the multi-year budget from 2028 to 2035. Investing in maintenance, security, and improvements to the EU’s most critical open source dependencies, which would, of course, strengthen the entire open source ecosystem. Now, if you’re a developer looking to cash in, the goal of this funding is fairly limited, so it isn’t going to mean that just any open source side project will get a bag. This is more about the most critical and underfunded dependencies of open source ecosystem. GitHub is actively meeting with EU legislators right now to try to push this forward. It’s not just a suggestion they’re making. They’re currently attempting to make this happen, which is great to hear. Though naturally, I had a question that I’m sure a lot of you have as well. If GitHub, aka Microsoft, wants to get the EU to fund open source projects, what are they doing to fund these kinds of projects themselves?

Michael:
[10:26] Well, it turns out they are already doing some funding through the GitHub Secure Open Source Fund. This fund is nowhere near the 350 million euros they are requesting from the EU, but it is something. The GitHub Secure Open Source Fund provides $10,000 to projects and based on the list that they show on GitHub, they have funded 148 projects so far. We don’t know if each project is funded only once or multiple times, So we can’t really say exactly how much has been funded through this GitHub initiative, but we know it was at least about $1.48 million. This is very good. And thanks to GitHub, aka Microsoft, for doing this. But I can’t help but feel like this is not even the bare minimum that they should be doing. Microsoft clearly benefits from open source. They bought GitHub for a reason. It isn’t just because they were doing some altruistic effort by providing a place for people to host their code. We know there’s more to it when Microsoft does anything. Plus, this GitHub secure open source fund is not funded purely by Microsoft. It also includes 13 other launch partners. And if we break this down on an average, that’s about $106,000 from Microsoft. Comparing that to their revenue, GitHub had a revenue of $2 billion last year, and Microsoft has about $245 billion last year.

Michael:
[11:53] Now, in contrast, the Sovereign Tech Fund funded projects with over 23 million euros, which we talked about last year on Twill 282 when the Sovereign Tech Agency celebrated their second anniversary. Still, it’s good that Microsoft donated something, even if it appears only to have been 0.00004% of their revenue.

Michael:
[12:15] Obviously, I’m not suggesting that they donate all of it or anything like that. That would be absurd. However, maybe at least donate 0.004% instead of 0.00004%.

Michael:
[12:32] And to be clear, that’s just 9.8 million that I’m suggesting, which is not even 40% of what the Sovereign Tech Fund provided. And just a quick note, I know this is not the only thing that Microsoft does. They also do development in the kernel, but it’s mostly for their own benefit. They also do some donations to the Linux Foundation and all sorts of stuff, but it’s very small compared to what they could do and what they benefit from. We all know that, and there’s no surprise there. So I still think, even though this is slightly misleading in a sense because of that small percentage, it is significantly different than what they get a benefit from. So I understand not giving, you know, all the benefits away because then it wouldn’t make any sense. But I mean, like, you know, 10% of what you get from it, at least you could do that. Ultimately, though, I agree that the EU and really every government should follow Germany’s lead and provide funding with no strings attached, of course, to the critical projects because they benefit from them so much. And really, we all do. So it just makes sense. So I agree with the core point that the EU should participate in this because we all owe it to the ecosystem to pull our own weight if we can.

Michael:
[13:49] And Microsoft, you can, and you’re not, so think about it. You chose Linux for its stability and security, but as threats grow more sophisticated, detecting them in time without putting your systems at risk is more critical than ever. Traditional endpoint agents can cause downtime, have performance issues, leaving visibility gaps, and so much. Is there gotta be a better way, right? There is. Meet Sandfly Security, the agentless Linux security platform. Sandfly not only does endpoint detection in response, but also performs SSH key tracking, password auditing, and drift detection to find the widest ranges of threats. Whether your servers are in the cloud or on-premises or even in embedded devices, Sandfly protects them all without the need for risky agent installations.

Michael:
[14:40] Listen to what Ken Kleiner, the senior security engineer at the University of Massachusetts, has to say. Sandfly is the first product I’ve seen that accurately and quickly detects thousands of signs of compromise on the Linux platform. Its unique method automates tasks which would be manually impossible. Automation is key with detection and Sandfly completely fits this and other requirements. If your organization is using Linux, this should be part of your cyber security tool set. Get fast, non-invasive protection for your critical systems. No agents, no downtime, just smarter security that works. Dive into the future of Linux security at thisweeklinux.com/sandfly. That’s thisweekinlinux.com/sandfly. And see how Sandfly can transform your security strategy. And if you’re as fascinated by cybersecurity as much as I am, then go check out the interview we had on Destination Linux, my podcast, where we talked to the CEO of Sandfly. And also the next episode coming out soon is going to have him return to talk about what’s happening new in security. And also we talk about DEF CON and Black Hat and a lot of stuff. So go check that out as well. You can go to DestinationLinux.net to get subscribed to the podcast. Plus, if you want to save some money, then go check out the Home Edition, which you can use the discount code DESTINATION to get 50% off the Home Edition.

Michael:
[15:59] ThisWeekinLinux.com/sandfly to get started. Arch Linux is a great distribution and it offers a lot of cool benefits, but it is often promoted as the best of the best without mentioning any of the caveats. And those exist. That’s why when I talk about it in my content, I always try to mention the caveats because it simply isn’t meant for most people. And yeah, I know the arch diehards will be annoyed by me always doing that. But oh well, I want beginners to be informed about the caveats so they don’t run into them. And so I do it.

Michael:
[16:32] One of those caveats is also something that a lot of people promote as being one of the best things about Arch. And that’s the AUR, which is the Arch User Repository. The AUR is very cool, and you could find a lot of stuff that you might want in there.

Michael:
[16:46] But there’s a reason why the Arch Linux team do not provide access to it out of the box. It makes users manually set it up themselves. That reason is because it’s a bit of a wild west. There’s no real vetting process, and instead it’s essentially a self-governed process by the community.

Michael:
[17:02] A lot of Arch users will drill down to read the package build files, but a lot don’t. And with some Arch derivative distros providing the AUR very easily, sometimes out of the box, well, not everyone is aware of these potential pitfalls of the AUR. Anyone can make an AUR package, even without any credibility or trust. And that is what makes the AUR so good and kind of scary at the same time. This week, the Arch community found out that someone uploaded malicious AUR packages for a few browsers. These were called firefox-patch-bin, librewolf-fix-bin, and zen-browser-patch-bin. These packages installed a RAT from the GitHub repo. RAT meaning Remote Access Trojan. The Arch team addressed this very quickly, once it was recognized. And it only took a couple of days, which is great. But it’s not the first time this kind of thing has happened. And it most certainly won’t be the last time this happens. Again, I like Arch, and I used to use it as my daily driver, but I also feel it’s necessary to talk about the downsides of Arch, not only talking about the good stuff. I just want new users, not necessarily any new user. If you want to use Arch, you absolutely should if you feel like you can handle the ups and downs of it. But beginners, I think beginners need to be informed when they get started rather than finding out stuff the hard way like I did.

Michael:
[18:25] I mean, there was no other way back then because, you know, Ubuntu didn’t even exist. But these days, it’s different.

Michael:
[18:34] Wayland is on the way and it is moving quickly towards the Wayland world. One big concern about this transition from X11 to Wayland is that rewriting a desktop to support Wayland is kind of hard. In some cases, some teams are not even interested in trying. This means we may need to keep X11 around just to support legacy desktops or window managers? Or does it? Well, that’s where Wayback comes in. Wayback, we actually covered Wayback a couple weeks ago on Twill 3.18, but if you missed it, we’ll do a quick overview. So Wayback is an X11 compatibility layer that allows for running full X11-only desktop environments using Wayland. It essentially is an X11 server backed by Wayland, leveraging WL roots and xWaylan. The goal for this is for Wayback to eventually be a completely drop-in replacement to the XORC binary, thus reducing maintenance burden for distro maintainers. Now, this is great news as some older desktop environments now have a chance to survive with the transition to Wayland.

Michael:
[19:41] Wayback has had its first release also with Wayback 0.1. This is considered a preview release, although some users and developers are already daily driving it because they like to live on the edge. It is still considered alpha quality and doesn’t yet support multi-monitor setups, display power management signaling, and other XORG features.

Michael:
[20:06] Wayback also moved from being a side project from Kanini, I think that’s how you say it, to now being a free desktop supported project on these free desktop repo. Additionally, they have split a lot of components into their own repos, including Wayback Compositor, which is the actual Wayland Compositor, xWayback, which provides an XOR compatible command line interface, Wayback Session, providing a StartX compatible interface until they are able to make use of the stock X in it and other things. They also now have a new logo, which is actually kind of clever because they took the X11 logo and replaced the X with a W. And finally, now there is a new website for Wayback for anyone who wants to learn more about it.

Michael:
[20:48] I think it’s insane how much progress this project has made considering when this just came out as a single C file a few weeks ago, like three weeks ago, something like that. It’s kind of crazy how far it’s gone in just this small amount of time. So I’m looking forward to the development of this project. And I think this

Michael:
[21:07] is going to be making a lot of people happy going forward. NVIDIA has announced that it is bringing its CUDA API to RISC-V. Now, this isn’t surprising due to RISC-V becoming more and more popular in data centers, but I wanted to talk about it because I want RISC-V to be the future of hardware due to its open source nature, and that is awesome. And it’s also really cool seeing NVIDIA making support for CUDA on its very promising platform. I mean, And let’s be fair, CUDA is pretty cool and putting it on RISC-V is also very cool. NVIDIA drivers have also been shown to be portable with support for ARC64, IBM Power, alongside of obviously x86-64. Now this is a work in progress and it does not yet have a clear or specific timeline on completion. But if this helps solidify RISC-V as an up and coming architecture, I’m all for it.

Michael:
[22:06] Last week, I reported that Lossless Scaling’s frame generation was ported to Linux. And also, we went into a lot of depth on this topic on my podcast, Destination Linux, so go check out episode 427 to learn more about it there, and also just to check out a fantastic podcast, not biased at all. But now, there’s an unofficial libadwaita GNOME styled app to provide a GUI for the LSFW-VK project.

Michael:
[22:36] This now makes it fairly easy to use this frame generation, which allows you to gain additional performance in your games. This gives a great frame rate boost for any GPU, especially lower end ones that cannot run high-res games as efficiently. Now, the pace of all this effort is very exciting because just thinking about how fast this is moving, maybe in the next few months it might be ready for beginners to try out. Who knows? For now, though, it does require a bit of Linux experience to get this going, but this is very cool and I am very excited to see where this is going to go.

Michael:
[23:08] Thanks for watching this episode of This Week in Linux. If you like what I do here on this show and want to be kept up to date with what’s going on in the Linux and open source world, then be sure to subscribe. Of course, if you want to help me get to that 100,000 subscribers, there’s another reason to subscribe.

Michael:
[23:23] And also, of course, remember to like that smash button. If you’d like to support the show and the TuxDigital Network, then consider becoming a patron by going to tuxdigital.com/membership where you can get a bunch of cool perks like access to the patron only section of our discord server and much much more you can also support the show by ordering the linux everywhere t-shirt or the this weekend linux shirt at tuxdigital.com/store plus while you’re there check out all the other cool stuff we have like hats mugs hoodies and more at tuxdigital.com/store I’ll see you next time for another episode of Your Source for linux GNews thanks again for watching I’m Michael Tunnell i hope you’re doing swell be sure to ring that notification bell and until next time i bid you farewell.