Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:10
Hello and welcome to Episode Two Seven
0:13
Six. A Great Night Linux recorded on
0:15
the Seventh or April. Twenty Twenty Four.
0:17
I'm joking with Mail Fate back Graham
0:19
Good. Evening and will. Oh, that's what
0:21
you think fighting. We've actually replaced you
0:24
permanently now with someone who hates Katie
0:26
A and loves the cloud. Is it
0:28
the ai? Others as take that much
0:30
less help. So yeah, So.
0:32
We're recording a little bit early and I'm going
0:35
to try and get this one out and up
0:37
early. Fun will say about that. But.
0:39
There's only really want nice towards talk
0:42
about and that's the x said you
0:44
tells back door but before that some
0:46
happy news. Hybrid Cloud show is a
0:48
new show that as part of the
0:50
late night Linux family. So.
0:52
This. Is the combination of
0:54
a very, very long con.
0:57
To. Troll failing. Essentially I listened to it
0:59
and of the goodness of my a hard
1:01
to give it a chance. Yeah and you
1:04
loved it. I loved every well it's It's
1:06
pretty decent. all is that are in. First
1:08
it's very well done but I. I.
1:10
Honestly couldn't care less anymore about a subject
1:12
or less of as a I. If you
1:14
can combine the two of them together, maybe
1:16
they could talk about ai on the shelf
1:18
next time he added definitely would burst into
1:20
flames. So. I'm not on the show.
1:23
But. We've got for professionals who
1:25
work in the area of cloud talking
1:27
about private cloud, public cloud, and everything
1:30
in between. That's kind of the catchphrase
1:32
for it. So. It's a hybrid
1:34
cloud show.com or it's in the all
1:36
episodes fade. so if you just search
1:38
your pocus player for late night linux
1:41
family all episodes. Then. You'll
1:43
just get everything that we do, and there's
1:45
actually quite a lot now. Between. The
1:47
shower turn off admins, linux matters let us
1:49
after dark the next day of time Hi
1:51
Records show and us the house once a
1:54
month. There's quite a lot going on and
1:56
I'm pretty busy these days, so do subscribe
1:58
to that and check out or. the great
2:00
shows that we have. So the
2:02
news then, there's been a back
2:04
door in XZU tools. Now
2:07
if you want all the technical details for this
2:09
I would strongly recommend listening to the Ubuntu security
2:11
podcast. We'll link to that in the show notes.
2:14
Alex did a great job of explaining the whole thing
2:16
there so I highly recommend it. But
2:18
here's a sort of synopsis of what we know
2:21
about this. So it
2:23
was found by a Microsoft employee called
2:25
Andreas Heind in his free time when
2:27
he was working on Postgraph. And
2:29
this back door was introduced by
2:32
someone calling themself Jia Tan. And
2:34
this person in quotes lurked for about
2:37
two years and slowly contributed and gained
2:39
the trust of the
2:41
XZUtils developers. Some
2:44
sock puppet accounts pressured the
2:46
dev of XZUtils Lassie
2:48
Collin to add Jia Tan as a
2:50
maintainer. And Lassie Collin
2:52
had some mental health issues. And
2:57
about a year ago Jia Tan became
2:59
a maintainer and recently snuck
3:01
in a quite sophisticated back door which
3:04
gives SSH access but only with
3:06
a specific private key. So it's
3:08
only exploitable by this Jia Tan
3:10
person. Now the back
3:13
door made it into Debian, Unstable and
3:15
Testing and Fedora Rawhide. And
3:17
it made it into the proposed
3:19
pocket for Ubuntu 24.04 but not
3:22
into the actual pre-release so
3:24
it's not on the box that I've
3:26
got running 24.04 thankfully. And it
3:28
seems to have made it into Windows which is pretty funny
3:30
and it has delayed the Ubuntu 24.04 beta by a week.
3:34
So that's sort of roughly what we
3:36
know about this. Did I get
3:38
anything wrong or miss anything? Maybe
3:40
the pronunciation I think it's XZ.
3:42
No it's XZ I don't care
3:44
what anyone says. I
3:47
quite like Z. I think I'm gonna go with
3:49
it. It's easy to say. Yeah you've got it
3:51
as EFS as well. Yeah yeah it's so much
3:54
easier to say. You've all changed
3:56
since I've been away. Two
3:58
weeks. It's all gone to crap. So
4:01
I heard to take some this.
4:03
Either. We got incredibly lucky.
4:06
That. It was sound. Or.
4:08
This is classic open source because
4:10
it was all episodes were able
4:12
to find it. I would go
4:15
with both. Yeah, I think we
4:17
were lucky. Fair enough And you
4:19
know there's quite an amazing community
4:21
of. Was the
4:23
nice way to put this. Like.
4:25
To spot that Ssh was running mars
4:27
and he saw like apparently like not
4:29
even that much smell like not as
4:32
and you'd look at and go wireless
4:34
retail work very well as in. Tiny.
4:37
Amounts slow and that's weird and went
4:39
to the effort of borrowing down on
4:41
that's and then the email that which
4:43
unlike included he sent the email with
4:45
his personal account so stuff given myself
4:47
credit for the says i just have
4:49
to do something else. Fuck off misguided
4:51
this on his own time. I
4:53
bitter insists that they're so anyway it's
4:56
boss. I think the fact that we
4:58
have a.the to eat up a seat
5:00
have the ability to even look of
5:02
us have to go back and analyze
5:04
all the stuff like if this happened
5:06
in a proprietary twenty which is absolutely
5:08
those hundred percent because am Isis the
5:10
open source. At podcast and
5:12
they were talking. I sucked up.
5:15
A while they said a very
5:17
large ninety nineties mobile. Not a
5:19
factor so I I say see
5:21
the Nokia or Motorola.which ones maybe
5:23
isn't books. They apparently employed someone
5:25
who turned out to just disappear
5:27
one day because they were Snc
5:29
a state actor working on path
5:31
of an agency fit get something
5:33
entire system and. For.
5:35
Health of as he was can be taken
5:38
advantage of. but I think the fact that
5:40
we are to analyzed and this level is
5:42
an amazing ability of yes it was lucky
5:44
or hello to survive on that was lucky
5:47
Books are still I think that's amazing Africa.
5:49
While. i agree with you i think we
5:51
did get lucky i do think however
5:53
that this was not the only opportunity
5:55
to spot this problem right it happen
5:57
sooner than perhaps it would have done
6:00
But reading around the issue, looking at some
6:02
other comments on GitHub, there seem to be
6:04
a few people who are kind of thinking,
6:06
oh, this looks a little bit dodgy, maybe
6:08
I should look into it, and then never
6:10
did. So I like to believe that even
6:13
if this wasn't spotted when it was spotted,
6:15
that it would have been spotted, let's say,
6:17
before like the next bigger Buntery release, for
6:19
example. But there's no guarantee. Yeah,
6:21
I agree with both of you as well. I
6:23
think I'm definitely erring on the fact
6:26
that it's great that open source has been
6:28
able to respond this way. I mean, you're
6:30
just reading up again about this today. There's
6:33
so many people now who have looked into this
6:35
from a different perspective, so many people who have
6:38
taken the work that others have done and tried
6:41
to take it a little bit further in what's going
6:43
on and the reasons behind it and how
6:45
it's been engineered. And I just can't
6:47
see that happening in anything else other
6:50
than open source. And I think
6:52
that's fantastic. The fact that it
6:54
happened at all is perhaps part of the system
6:56
that we use. But I think overall,
6:59
it's very good because we just never know the whole thing
7:01
would be buried or just be just left to live with
7:03
it. Yeah, because it's all
7:05
open source, it's all there in Git.
7:07
You can go back and see exactly
7:10
how this unfolded. Yeah, exactly. And I'm
7:12
so much for everything being done in
7:14
the open, maybe naively so. But I'd
7:16
much rather know what vulnerabilities I'm exposed
7:19
to than just have my head
7:21
forced into the sand for me. One
7:24
of the most interesting aspects of this
7:26
whole story is how
7:28
targeted it looks to have
7:30
been specifically against
7:33
the people or rather the
7:35
person responsible for maintaining XZ.
7:38
They must have had some inclination that
7:41
this guy was struggling in his personal
7:43
life and used
7:45
that as a sort of crack in the
7:47
armour and gone in there and forced
7:50
it open and pushed the cells in. And
7:52
so that implies to me that they have
7:54
been watching a number of critical
7:57
open source projects and
7:59
looked. these chinks in the armour, wherever they
8:01
could find them, and then really
8:03
attacked them, and not only just in
8:05
a seemingly helpful way, but also having
8:07
these sock puppet accounts hammering the message
8:09
home for them. I guess that's kind
8:11
of standard practice that you would find
8:13
a chink in the armour and then
8:15
force your way through there with all
8:17
of these personalities backing your side. But
8:20
it seems like a very sophisticated
8:22
and quite violent way of
8:24
inserting your code into another
8:26
project. And that really struck
8:28
me as a serious point
8:30
that across all of these open
8:32
source projects, where's the next chink
8:35
in the armour and what can we do as
8:37
the community to try and help support those people?
8:39
I don't really have a good idea for that.
8:41
I think you're absolutely right. I know we'd
8:44
probably come to this, the fact that it just comes down
8:46
to a single person. We've talked about
8:48
this before with really
8:50
important projects that are vital to the
8:52
infrastructure of everything that we use being
8:54
run by one person who's doing it
8:56
voluntarily. And we've
8:59
just talked about is this a problem of open
9:01
source? Maybe the problem we have with open source
9:03
here is the licensing, and that there's
9:05
so many people, so many large corporations,
9:08
so many individuals reliant
9:10
on these pieces of software
9:12
that are run by one
9:14
person for charity when
9:16
so many corporations are able to make billions
9:18
off the back of it. And it
9:20
just doesn't seem right. Yeah, XKCD 2347. I
9:25
did see something interesting about that, though, where they
9:28
said, imagine you do run a small project. You
9:30
probably did the development work 10 years
9:32
ago, and it's just kind of been taking over
9:34
gradually every now and again with a bit of
9:36
a minor release. There's nothing exciting to
9:38
do in that project. It's kind
9:40
of hard to fund something which is essentially
9:42
just sitting there turning over. And
9:44
the other thing was, if you do
9:47
have that project, and then along comes, say,
9:49
Linux Foundation says, hey, we've got five managers
9:51
that are now going to be in charge
9:53
of your project for you, and you're going to
9:55
do what they say, OK, that's cool. And
9:58
no, fuck Off, it's my budget. That's not
10:00
how I want to do a year. you do
10:02
that for a reason and you probably enjoy doing
10:04
that or did so. I don't know what's the
10:06
state forward as just sip it in a lotta
10:09
money because and the other, hey, pay for some
10:11
that doesn't need to change. Was. Thinking
10:13
of money willing to opposed by Thomas
10:15
de Pr. I. Am not a
10:17
supplier and sexy from December. Twenty Twenty
10:19
two. Way. Talks about the
10:21
supply chain and open source people often
10:24
to what they saw console supply chain
10:26
and he says no that's politics. On
10:28
our supply because you don't pay me. I'm
10:31
a volunteer. Yours is using my sit.
10:33
And he can't blame May when things
10:35
go wrong with it. Now you com.
10:38
And. That's. Where I think
10:40
this a piece of the puzzle missing
10:42
in those of us. the company's their response.
10:44
You know that used this kind of punted
10:47
as part of their infrastructure and I don't
10:49
know how we address this problem. And.
10:51
Going back to what Will said before,
10:53
we've got to scrutinize other projects and
10:55
we've got to perhaps come up with
10:57
a as looking for this kind of
10:59
behavior looking for weakness? Test test projects
11:01
in the same way that we test
11:03
software. Which is kind of ironic is
11:05
this was part of the testing infrastructure.
11:07
Vexatious. Get. Rid of
11:09
binary choice in projects that it was to
11:12
from Michigan to reproduce who builds and or
11:14
Amazon Verizon is visible Those yes, if we
11:16
had reproducible veils and we didn't have a
11:18
lot of chunky binary nonsense than a be
11:21
very hard to sneak something in or more
11:23
hard for lot like yes understand that they
11:25
need to have package files that the one
11:27
that works will not doesn't but when you
11:29
look at the site he was doomed that
11:32
like extract the tiny bit of info to
11:34
get the key to work with on the
11:36
different multiple heads mean at the the how
11:38
you look. About go Ah yes so Dinamo
11:40
I didn't things here carry ons and though
11:43
it's it's it's a seems now. Obvious
11:45
that it was weird book. I think
11:47
a technology from gonna be hard to get to solve this
11:49
stuff. I think that the role
11:51
of the destroy is very significant hair
11:54
and I know for a thought about
11:56
a boon to put a lot of
11:58
effort into assisting project that may depend
12:00
on my way of patches and pull
12:02
requests and contributions generates and I'm sure
12:04
all the other destroys their as well
12:06
but they perhaps is a more formal
12:09
structure that could be put in place
12:11
that says if you are destroyed and
12:13
you are reliant on this in in
12:15
the way that they literally all of
12:17
them off well maybe know them most
12:19
of the law then you have some
12:21
obligation to have the amount of work
12:24
that you do measured and reported on
12:26
to try and encourage people to do
12:28
more of it. An. Interesting
12:30
point the alex made on the a
12:32
been too scary for cost with that
12:35
whoever this Tucker is as got really
12:37
detailed knowledge of the entire open source
12:39
ecosystem and. Is probably not One
12:41
person is am and a can't be a
12:43
must be a nice and state. I
12:46
don't forget to go into this. I
12:48
discuss criminal organizations. He wants her blackmail
12:50
people in their systems of pip maybe
12:52
just a small group of hackers who
12:54
won. They find an exploit and sell
12:56
it on. Really, the sophistication of it
12:59
makes me think that there's. A.
13:01
Fairly significant and advanced power behind
13:03
or with is certainly states and
13:05
pile of consent of maybe two
13:07
or three that would take undertake
13:09
such as such a thing. yeah
13:11
why did a bit so thing
13:14
about this and tied to find
13:16
out. Who was responsible but
13:18
I think is all speculation. Rabia we
13:20
are don't think we'll ever know who
13:22
actually was responsible. the other think I
13:24
was by see might not being a
13:26
stay on the of. The. U
13:29
K's ability to put technical solutions
13:31
in places. Like
13:33
the Nhs to be just as gifts
13:35
and is getting there with it was
13:37
the Uk which probably spend about three
13:39
billion on it and then just scrap
13:41
is a specific as far as I
13:44
say under Berlin so let's see what
13:46
you actually what happened with it though
13:48
because I'm in the didn't manage to
13:50
get x that the vulnerability in place
13:52
else does sandri like a government projects
13:54
and yeah exactly two years ever allow
13:56
fucking work for C blown up more
13:58
weekend. what he fucked up on load of things
14:00
in the packaging. No,
14:02
but I don't want to get into too much into
14:05
the conjecture, but I do think, you know, if you
14:07
look at old-fashioned cracking groups
14:09
and the way they've reverse engineered all
14:12
kinds of complicated hardware, people can get
14:14
very, very organised when there's the potential
14:17
of millions or billions. The
14:20
most interesting aspect to me is that this
14:22
is not a general backdoor. This is not
14:24
just leave a backdoor open for anyone to
14:26
get in. This requires a
14:28
private SSH key, and
14:30
so they must have been
14:32
going after some specific target,
14:34
surely? Or did they just want
14:37
to have access to everything, maybe? I think so. It's
14:39
also good that it required this level of
14:41
engineering to kind of create a backdoor in
14:43
SSH. It kind of leaves me thinking that
14:45
SSH generally is such a great solution. Yeah,
14:48
you have to go round the back almost
14:50
to get into it. Exactly. It
14:52
is funny that there's the system D
14:54
dependency, though, and the non-system D folks
14:56
are gloating about that. Linux!
15:00
Also, my Centaur 6.2 is safe. Well
15:05
played, Grim. Well played. It's
15:08
interesting to see that Linux is such
15:10
an important part of the world these
15:12
days that what
15:14
I assume is a very significant amount
15:16
of investment has gone into a project
15:19
like trying to break XC in this
15:21
way. I think it just
15:23
reflects that, as we all know, Linux
15:26
is such a critical piece of every
15:28
infrastructure now that it is worth focusing
15:30
a huge amount of energy on in
15:33
this way. It was only,
15:35
let's say, 15 years ago that
15:37
viruses didn't exist for Linux, primarily because
15:39
it wasn't worth the effort. But now
15:41
it very much is worth the effort.
15:44
And this is probably one of many
15:46
irons they had in this file. Like their first
15:48
one has been discovered, there will be others that
15:51
have been going on at the same time. And
15:53
now we wait and see what they were. Yeah, that
15:56
was what I was going to ask you
15:58
all. How Many more of these accounts do
16:00
you in? We've got the are women their
16:02
way into critical open source projects. And
16:04
what you do about that you can't
16:06
stop casting aspersions on people showed up
16:08
to. Contribute. Your project
16:11
point else. But
16:13
I think that related to what Will was
16:16
saying. I you on. I think the real
16:18
worry isn't now that we look at contributors.
16:20
it's that there are people looking at weaknesses
16:22
and projects. all kinds of weaknesses. This is
16:25
just one that died David then to fight
16:27
and we don't know what are the weaknesses
16:29
them and and like be hosting or t
16:31
to the way project is maintained and the
16:34
I think that's the really ethical one time
16:36
guess now other weaknesses may exist in the
16:38
way that protects a. But.
16:40
You would hope that security researchers
16:43
are just working Brady hard on
16:45
this, trying to find the stuff
16:47
that you mentioned potential other people
16:50
like this because To Ten did
16:52
do some dodgy stars. Quite
16:54
a while ago, but it wasn't quite
16:56
as.a But like in retrospect, he can
16:58
see that there was this patent forming
17:01
and so. Is. There are other
17:03
accounts for the almost certain the are. So.
17:05
Be people looking for new now surely? And
17:07
that has to be a good thing that
17:09
people are making the Ss. Because
17:12
I mean imagine you find the next one. Earlier
17:14
than this. even. The.
17:16
Or Andreas find is a proper Here
17:19
are do. But. Just brainstorming
17:21
this. What Happens A. The.
17:23
Hundred developers the of working on this
17:25
of these important projects of kind of
17:27
working alone. the wicking a home? maybe?
17:29
what's to stop them being kidnapped? What's
17:31
to stop them being murdered in a
17:33
t stolen and some the impersonating them
17:35
for those projects I don't know. We've
17:37
got to think kind of outside the
17:39
box and how these attacks now where
17:41
they could come from and books eight
17:43
they take. To sit on crime can.
17:47
You write those guys a potential risk
17:49
if. There. was a story the
17:51
i had a long time ago about somebody's
17:53
going to read a country and i don't
17:55
know which ones and was that went through
17:58
security at the airport their laptop was taken
18:00
away for examination and it came back with a different
18:02
hard drive in it and you know,
18:04
somebody installed some nefarious software on there.
18:07
And in order to counter that, what
18:09
you had to do was this very
18:11
complex boot chain thing with Linux
18:13
and encryption and so on and so on
18:15
and so on. And now I
18:18
think that was probably quite a good idea. Previously,
18:20
I thought, what is there to worry
18:22
about? But if I was a distro
18:24
maintainer, these people could well
18:27
be targeted by people sending
18:29
them crafted emails or trying
18:31
to steal their laptops from their houses
18:34
and things like that. Like it would
18:36
be very, very easy to insert something
18:39
in the chain of the open source community because
18:42
as Graham said, people are working
18:45
from home, they're quite laid back
18:47
and groovy. It would be quite
18:49
easy to attack them in this way. So I'm
18:51
kind of worried at the moment. As
18:54
far as I'd be concerned, the best thing that
18:56
we can do about this is make things more
18:58
open and more transparent. If there's any code anywhere
19:00
that is a binary blob, things like firmware, those
19:02
are the things we need to worry about. Because
19:04
those are things that can be adjusted and we
19:06
just don't know. All we know is they changed.
19:09
And there's a lot of that stuff that's
19:11
not about in drivers for graphics cards, for
19:14
network cards, all sorts of manner of things. If
19:17
we can eliminate as much as possible, then
19:19
we are able to then use
19:21
Linus's law of the many eyeballs making
19:23
bugs shallow. But we can't do
19:25
that if there's a whole lot of like a big
19:27
chunk of fucking machine code somewhere sitting there that somebody
19:29
says, Oh yeah, well that just loads the thing. Don't
19:31
worry about it. It'd be grand. And yeah, there's only
19:34
one person who knows how that works. We
19:36
need to eliminate the single point failures, not
19:38
to take away projects from people. But if
19:41
you have open code, it makes it harder to
19:43
hide stuff. You can't hide things in plain sight
19:46
unless you're doing like hokey shit like your man
19:48
was doing with his binary files that he was
19:50
chopping head and tail and all over the place.
19:52
Yeah, because this wasn't Easily readable code
19:54
was it? It was very much snuck into a place
19:57
where people wouldn't be looking. Yeah, and it was part
19:59
of the. Susannah only happened if
20:01
it was given the right amount of data,
20:03
otherwise it just ignored and carried on. You
20:06
wouldn't even know it was, it wouldn't trigger
20:08
for you. So and it was in a
20:10
test I think I wasn't. The tests have
20:13
to sail. It was like it was meant
20:15
to be a broken acts as Ads compressed
20:17
file so it was meant to not work
20:19
as part of the test suite And things
20:22
like that where it a it's all hidden.
20:24
He should be able to present your project
20:26
and say yet, this may works You'll need
20:28
to insert these tests of a broken Xv
20:31
file, a warfare sci fi walnuts over the
20:33
size and then they should be able to
20:35
put it into their own test suite so
20:38
you know you don't have to provide the
20:40
Shaanxi files that you've crafted to work with
20:42
us. It's a neat to
20:44
see and six of how to do
20:47
it And then they can provide their
20:49
own stuff so we eliminate every single
20:51
piece of obscured cove. I think the
20:53
primary goal now is remain vigilant, see
20:55
something, say something and means to assess
20:57
assess. I looked into this is to
20:59
as well and tests have taken over
21:02
software development. And. It seems
21:04
to me that. Are not developer
21:06
but there's less scrutiny and tests
21:08
and is more ways as I
21:10
mean this This was like something
21:12
wanted to school and to a
21:15
full right bits from the output
21:17
in a way that you kind
21:19
of get away with in tests
21:21
and creating tendencies. full sets of
21:23
data detest said my specs of
21:25
it and I don't know maybe
21:28
this decreasing for will but is
21:30
testing becomes a wild frontier web.
21:32
For. We're doing is kind of. Building.
21:35
Bespoke. Bits of data that we
21:37
can throw something to testify specific
21:39
things that is leaving us on
21:41
a boat. And as is a
21:43
problem with testing itself, It's an
21:45
interesting question because a lot of
21:47
projects like to have a standardized
21:49
test corpus that you can throw
21:51
your projects and everybody's using the
21:53
same. Bits. Of information and
21:55
so in a you can be
21:58
relatively happy dance. particular
22:00
files which are known to fail in a
22:02
particular way continue to fail, that's
22:04
good. But as you say,
22:06
and I totally agree with this, that it's
22:08
got so diffuse now that just
22:11
throwing another file into a directory and claiming
22:13
that it's a new test file, I
22:15
think you're right. I think people just sort of say, oh
22:18
yeah, yeah, fine tests carry on. So
22:20
what is the answer? Certainly getting rid
22:22
of things like that is not a
22:24
great idea. We are absolutely dependent on
22:26
these kind of crafted files to do
22:28
a whole bunch of testing. Could
22:31
they be replaced with something else? Well,
22:33
yes, probably. Will they be replaced by
22:35
something anytime soon? I doubt it. I
22:38
think that it's a lot of effort to go
22:40
to to replace all of those. I
22:42
don't know the answer to this really. I can
22:44
see that it is a problem, though. That pretty
22:46
much sums up this whole situation, doesn't it? We
22:49
know there's a problem, but we don't know how
22:51
to solve it. Well, we don't. Hopefully people smarter
22:53
than us do. Well, fingers crossed. Okay,
22:56
this episode is sponsored by people who support
22:58
us with PayPal and Patreon. Go
23:01
to latenightlinux.com/support for details of how
23:03
you can support us too. For
23:06
$10 a month on Patreon, you can
23:08
get access to an RSS feed that
23:10
contains all the late night Linux family
23:12
shows without adverts like this. There's also
23:14
an option to get just this show ad free for
23:16
$5 a month. Some episodes are
23:18
even released today or so early for Patreon
23:21
supporters. So if you like what
23:23
we do and can afford it, it'd be
23:25
great if you could support us
23:27
at latenightlinux.com/support. On
23:29
to a bit of admin then. First of all, thank
23:31
you everyone who supports us with PayPal and Patreon. We
23:33
really do appreciate that. And if you want to
23:35
get in contact, you can email show at latenightlinux.com.
23:39
Well, now we're joined by a special guest, Gary.
23:41
Hello, Gary. Hi, Joe. How are you doing? Yeah,
23:43
good. When you won
23:45
the last couple of episodes? I was. I couldn't
23:47
get enough of it, so I've decided to come
23:49
back for more. Yes, this time specifically to talk
23:52
about OCCAMP. So where
23:54
and when is OCCAMP happening, first of all? So
23:56
OCCAMP is happening again this year in 2024. I've been
23:58
away for... five years.
24:01
So it's happening at the Manchester Conference
24:03
Centre in the Pendulum Hotel in Manchester.
24:05
So those of you who were there in 2019
24:07
may remember it. It's exactly the
24:09
same place and it's happening
24:11
on the weekend of the 12th and 13th
24:13
of October. Right, so what is an OCCAMP?
24:16
OCCAMP is an unconference and
24:19
it's effectively the UK's biggest
24:21
free culture, free open source
24:24
software, hardware hacking, digital rights
24:26
meetup. So we have
24:28
a scheduled track of talks that is
24:30
to be announced and then everything else
24:33
is completely decided on the day. So
24:36
turn up with the talk in mind, stick it
24:38
on a whiteboard and people vote for it. Yeah
24:40
there's been various technological solutions over the years
24:42
but they tend to fall over and we've
24:44
ended up with post-it notes most years. Sometimes
24:47
the old systems work best. Yeah, so
24:50
this has been announced and
24:52
it's definitely happening but there's still quite
24:54
a few details to work out like
24:57
discount rates for the hotel and
24:59
when the call for papers is going to be. Yeah absolutely.
25:01
So we will be releasing a call for
25:04
papers hopefully sometime in the next six to
25:06
eight weeks. We've just got some logistics to
25:08
work out there in terms of systems
25:10
that we use etc. And
25:12
yes discount code for the hotel, the venue
25:15
have told us will be available and we'll
25:17
release that hopefully alongside tickets as well. And
25:20
we're very much looking for sponsors for this. Yes
25:22
absolutely. So we've several sponsorship tiers this year
25:24
ranging from individual sponsors so if you feel
25:27
like you can afford a little bit more
25:29
of the ticket I want to chuck us
25:31
some money. We've got that all
25:33
the way up to Pinnacle sponsorship where you get
25:35
things on t-shirts and all the rest of it.
25:38
Details there are available on
25:40
the OCCAMP website, occamp.org sponsors.
25:43
And you mentioned tickets there. When tickets
25:45
are available it's going to be a
25:47
pay-what-you-can situation. Yes absolutely. So we try
25:49
and keep our camp as accessible as
25:52
we can. It's always been the
25:54
case. So we're going for pay-what-you-can. Suggested
25:56
amount is £40 but if you can afford
25:59
more... more. That's absolutely great. If
26:02
you can't afford that much, then feel free to
26:04
check us a few quid wherever you can. And
26:07
there's usually social events often on the Friday,
26:09
Saturday and Sunday nights. Yeah, absolutely. So
26:11
we haven't arranged anything yet. We're definitely planning
26:13
on there being something in the hotel on
26:15
the Saturday evening, as there always traditionally
26:17
has been. And we'll keep
26:19
an eye out and see what there is going to be
26:22
on Friday and Sunday as well. So
26:24
as you said, there's quite a lot still to
26:26
be announced about this. So people are probably going
26:28
to want to follow on socials then. Yeah, absolutely.
26:30
We just wanted to get the word out early
26:32
and let people know it through things so that
26:35
they can arrange it around family and everything else.
26:37
So follow us on
26:39
social media for updates. Main place as
26:41
usual is going to be Mr. Don.
26:43
So that's ockamp at mastodon.social. Or
26:46
if you can't find that, all the details will be on
26:48
the website, ockamp.org. And you're even sticking
26:50
around on Twitter. Yeah, we stay
26:52
there for now just for the stragglers. We haven't moved over
26:54
to the Fediverse quite yet. Well, thanks
26:56
for coming and telling us all about it and
26:58
look forward to updates soon. Yeah, thanks for having us, Jay.
27:01
Well, how very exciting. Ockamp happening
27:03
again. And how about this
27:05
for exciting? No guarantees yet,
27:08
but I would like in June to
27:10
do a meetup in a pub somewhere
27:12
in London. So I'm
27:14
thinking, and this is not official at
27:16
all yet, 15th of June, which is
27:18
the day before England's first match in
27:20
the Euros and the day before Father's
27:22
Day, funnily enough, on a Saturday. But
27:26
I need to find somewhere that will do
27:28
this suitable venue, but just kind of gauging
27:31
interest at this point. Is anyone interested in
27:33
a very informal pub
27:35
meetup in June? Yes.
27:37
Yes. Yeah. Well, we'll see where it's
27:40
going to be. And if it is going to be on
27:42
that day, it is subject to change at this point. But
27:45
let's say roughly around that time, hopefully.
27:47
And do I use my receipt
27:49
of the plane ticket? Do I give that to
27:51
you, Joe? How does that happen?
27:54
Yeah, yeah. You send it to
27:56
me and I'll forward it to Dev Noll. over
28:00
come on maybe I can banjax a
28:02
client server in London oh no I'm
28:04
gonna have to go to London to
28:06
fix that how convenient yeah
28:08
yes come on you've got XE
28:10
exploits to fix that's true and
28:12
that unrivable ZFS that's gone bandy
28:14
again too yeah exactly
28:18
right well on that hopeful bombshell we better get out
28:20
of here we'll be back next
28:22
week when there'll be voice of the masses
28:24
and some disguises probably until then
28:27
I've been Joe I've been Salem I've been
28:29
Graham and I've been well see you later
28:55
you
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More