643: The Sunday Soapbox

We pull on a few loose threads from recent episodes, and some of them unravel into way more than we expected. Sponsored By:

• Managed Nebula (https://defined.net/unplugged): Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love. (https://defined.net/unplugged)

• 1Password Extended Access Management (https://1password.com/unplugged): 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. (https://1password.com/unplugged)

• CrowdHealth (https://www.joincrowdhealth.com/): Discover a Better Way to Pay for Healthcare with Crowdfunded Memberships. Join CrowdHealth to get started today for $99 for your first three months using UNPLUGGED. (https://www.joincrowdhealth.com/) • Unraid (https://unraid.net/unplugged): A powerful, easy operating system for servers and storage. Maximize your hardware with unmatched flexibility. (https://unraid.net/unplugged)

Support LINUX Unplugged (https://jupitersignal.memberful.com/checkout?plan=52946) Links:

• 💥 Gets Sats Quick and Easy with Strike (https://strike.me/) • 📻 LINUX Unplugged on Fountain.FM (https://www.fountain.fm/show/dWiuBeqpDSM86AwXRXov) • LUP's Great Holiday Homelab Form (https://linuxunplugged.com/holiday) • LUP's Great Holiday Homelab Old Fart Form (markdown) (https://linuxunplugged.com/oldfart) • Jellyswarrm (https://github.com/LLukas22/Jellyswarrm) — Bring all your Jellyfin servers together • LiveTV support · Issue #9 · LLukas22/Jellyswarrm (https://github.com/LLukas22/Jellyswarrm/issues/9) • pangolin (https://github.com/fosrl/pangolin) — Identity-Aware Tunneled Reverse Proxy Server with Dashboard UI. • Pangolin | Secure Access Platform (https://pangolin.net/) • NixOS Search - Options - Pangolin (https://search.nixos.org/options?channel=unstable&query=Pangolin) • Youtarr (https://github.com/DialmasterOrg/Youtarr) — Self-hosted web app that automates downloading, organizing, and scheduling YouTube channel content with support for Plex, Kodi, Emby and Jellyfin • Add ability to set subfolder for manual downloads · Issue #287 · DialmasterOrg/Youtarr (https://github.com/DialmasterOrg/Youtarr/issues/287) • Dawarich (https://github.com/Freika/dawarich) — Your favorite self-hostable alternative to Google Timeline (Google Location History) • dawarich CHANGELOG.md (https://github.com/Freika/dawarich/blob/master/CHANGELOG.md) • CVE-2025-40090 | Ubuntu (https://ubuntu.com/security/CVE-2025-40090) — Since commit 305853cce3794 ksmbd_session_rpc_method() attempts to lock sess->rpc_lock. This causes hung connections / tasks when a client attempts to open a named pipe. • SMB3 & KSMBD See Performance Improvements With Linux 6.18 (https://www.phoronix.com/news/Linux-6.18-SMB3-KSMBD) — KSMBD also now adds a max IP connections parameter to optionally limit the maximum number of connections permitted per IP address. • ksmbd vulnerability research · Doyensec's Blog (https://blog.doyensec.com/2025/01/07/ksmbd-1.html) • ksmbd - Fuzzing Improvements and Vulnerability Discovery (2/3) (https://blog.doyensec.com/2025/09/02/ksmbd-2.html) • ksmbd - Exploiting CVE-2025-37947 (3/3) (https://blog.doyensec.com/2025/10/08/ksmbd-3.html) • doyensec's KSMBD-CVE-2025-37947 PoC (https://github.com/doyensec/KSMBD-CVE-2025-37947) • GrapheneOS bails on OVHcloud over France's privacy stance (https://www.theregister.com/2025/11/28/grapheneos_ovhcloud/) • GrapheneOS exits France — what it means for encryption (https://proton.me/blog/grapheneos-france) • France's Encryption War Escalates: GrapheneOS Exodus Signals Dangerous Precedent for Open Source Privacy Tech (https://www.compliancehub.wiki/frances-encryption-war-escalates-grapheneos-exodus-signals-dangerous-precedent-for-open-source-privacy-tech/) • Seems like the GrapheneOS phone collab may be with Motorolla. (https://x.com/HSVSphere/status/1994884278950531284) • Rust For Linux Kernel Co-Maintainer Formally Steps Down (https://www.phoronix.com/news/Alex-Gaynor-Rust-Maintainer) • Bcachefs Ousted from Mainline Kernel: The Move to DKMS and What It Means (https://www.linuxjournal.com/content/bcachefs-ousted-mainline-kernel-move-dkms-and-what-it-means) • Red Hat Introduces Project Hummingbird for “Zero-CVE” Strategies (https://www.redhat.com/en/about/press-releases/red-hat-introduces-project-hummingbird-zero-cve-strategies) • Richard Hipp - Git: Just Say No - YouTube (https://www.youtube.com/watch?v=ghtpJnrdgbo) • 2011 SouthEast LinuxFest - Richard Hipp - Fossilize Your Code - YouTube (https://www.youtube.com/watch?v=-ceEWWqaVsI) • Pick: Gopher64 (https://github.com/gopher64/gopher64) — Highly compatible N64 emulator. • Gopher64 — simple64's official and spiritual successor - Libretro (https://forums.libretro.com/t/gopher64-simple64s-official-and-spiritual-successor/48565) — It’s made by the same developer(s). Unlike simple64 however, it’s not based entirely on Mupen64Plus. And it’s aiming for a more LowSpec hardware overhang. • Install Gopher64 on Linux | Flathub (https://flathub.org/en/apps/io.github.gopher64.gopher64)