LINUX Unplugged

Fedora Hummingbird, RHEL Forever, and Red Hat's AI play: three big Summit takeaways, and why they matter far beyond Red Hat.
Sponsored By:
Jupiter Party Annual Membership: Put your support on automatic with our annual plan, and get one month of membership for free!
Managed Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.
Support LINUX Unplugged
Links:
💥 Gets Sats Quick and Easy with Strike
📻 LINUX Unplugged on Fountain.FM
The mobile experience you've been asking for - Defined Networking — The most recent mobile release brings the mobile app to parity with what you’d expect from Nebula everywhere else: persistent connections, full configuration support, custom DNS, and firewall rules.
Red Hat Summit 2026 Day 1 Keynote - The next platform is choice - YouTube
Enabling long-term stability: Introducing Red Hat Enterprise Linux Extended Life Cycle, Premium
Fedora Hummingbird: Taking the Hummingbird model to the full operating system — Fedora Hummingbird primarily utilizes an image-based workflow, similar to containers, but also runs in virtual machines and even on bare metal. If you’ve been following Project Hummingbird‘s work on container images, or Project Bluefin’s work on the operating system, you already know the model. Fedora Hummingbird applies this model all the way down to the host OS.
Fedora Hummingbird: Taking the Hummingbird model to the full operating system - Fedora Discussion
After Ubuntu, Now Fedora is Jumping Onto the AI Bandwagon With Dedicated AI Developer Desktops — Now, Fedora has voted on an initiative called Fedora AI Developer Desktop that will spawn AI-flavored Fedora Atomic Desktops.
Friction in Fedora over AI developer desktop initiative — After more than a month of sometimes heated discussion, the Fedora Council had voted to approve the initiative; however, a last-minute change to vote against the proposal by council member Justin Wheeler has (at least temporarily) sent it back to the drawing board.
Fedora AI Developer Desktop Objective Discussion
Pick: BudsLink — BudsLink is an application that provides battery monitoring and feature control for supported Bluetooth wearable audio devices, including AirPods, Beats, Sony Audio wearables, Samsung Galaxy Buds and Nothing/CMF buds.
BudsLink on Flathub
Pick: yamlcast — YAMLCast turns a YAML description of a terminal screencast into an animated GIF.
Pick: lightroom-cc-on-linux — Reproducible recipe for running Adobe Lightroom CC on Linux via Wine 11.8 staging. Researched and verified end-to-end by Claude Opus 4.7.

Who survived the install, who made it to the desktop, and who learned the hard way that one little mistake will blow up the entire BSD box.
Sponsored By:
Jupiter Party Annual Membership: Put your support on automatic with our annual plan, and get one month of membership for free!
Managed Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.
Support LINUX Unplugged
Links:
💥 Gets Sats Quick and Easy with Strike
📻 LINUX Unplugged on Fountain.FM
LinuxFest Northwest 2026 - Back to Root — April 24-26, 2026 - Bellingham, Washington
Texas Linux Festival 2026 - November 6-7, 2026 Austin, TX
Texas Linux Fest 2026 - Call for Papers deadline July 1, 2026
Dirty Frag, a new Copy.Fail like vulnerability — The Dirty Frag vulnerability class, first discovered and reported by Hyunwoo Kim, can obtain root privileges on major Linux distributions by chaining the xfrm-ESP Page-Cache Write (CVE-2026-43284) and the RxRPC Page-Cache Write (CVE-2026-43500) vulnerabilities.
How to mitigate the "Dirty Frag" CVE-2026-43284 in OpenShift 4 - Red Hat Customer Portal
Dirty Frag Linux kernel local privilege escalation vulnerability mitigations - Ubuntu
Dirty Frag Explained: Linux Root Exploit, Mitigation & Patching Guide
LINUX Unplugged 666 - The BSD Challenge Rules
Magnolia Mayhem's BSD Challenge Report — It’s still got that old cowboy feel to it.
Magnolia's Sinchflat - GitLab — Anyway, Pinchflat now has a FreeBSD-first competitor.
FreeBSD Foundation's Laptop Support and Usability Improvements Project — The FreeBSD Foundation's Laptop Support and Usability Improvements project aims to deliver a package of improved or new FreeBSD functionality that, together, will ensure that it runs well “out of the box” on a broad range of personal computing devices.
nixbsd: An unofficial NixOS fork with a FreeBSD kernel
Brent's nixbsd config
NomadBSD — Persistent live USB flash drives, based on FreeBSD. Together with automatic hardware detection and setup, it is configured to be used as a desktop system that works out of the box, but can also be used for data recovery, for educational purposes, or to test FreeBSD's hardware compatibility.
GhostBSD — A simple, elegant desktop BSD Operating System
gershwin-desktop — Desktop Environment based on GNUstep welcoming to switchers
gershwin-on-freebsd live iso
gershwin-on-debian live iso
gershwin-on-arch live iso
Maintaining the World’s Fastest Content Delivery Network at Netflix on FreeBSD - FreeBSD Foundation
Pick: kiji-proxy — An intelligent privacy layer for AI APIs. Kiji automatically detects and masks personally identifiable information (PII) in requests to AI services, ensuring your sensitive data never leaves your control.
Pick: Portbook — Local Rust web dashboard that auto-discovers and labels HTTP dev services running on localhost ports — with live SSE updates, project-root detection, and live/error/dead classification.
Pick: Sylve — Sylve is a lightweight, open-source management platform for FreeBSD. It combines Bhyve virtual machines, FreeBSD Jails, and ZFS storage into a modern web interface designed to deliver a streamlined, Proxmox-like experience tailored for FreeBSD environments.
AlchemillaHQ/Sylve — Lightweight GUI for managing Bhyve, Jails, ZFS, networking, and more on FreeBSD
FreshPorts: sysutils/sylve

We dig into the Copy Fail vulnerability and test a proof-of-concept against our own box. Plus, Jon Seager, VP of Engineering at Canonical joins us, and we kick off the BSD Challenge!
Sponsored By:
Jupiter Party Annual Membership: Put your support on automatic with our annual plan, and get one month of membership for free!
Managed Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.
Support LINUX Unplugged
Links:
💥 Gets Sats Quick and Easy with Strike
📻 LINUX Unplugged on Fountain.FM
Copy Fail — CVE-2026-31431 — "An unprivileged local user can write four controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root." — Theori
Copy Fail: 732 Bytes to Root - Xint — "A single 732-byte Python script can edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017." — Xint
Linux Kernel Bug Explained - Jorijn — "CopyFail is more portable. One script, every distro, no offsets. Dirty Pipe needed kernel ≥ 5.8; Copy Fail covers 2017–2026." — Jorijn"Kubernetes Pod Security Standards (Restricted) and default seccomp do NOT block the syscall used." — Jorijn
Ars: Most Severe Linux Threat in Years — "The most severe Linux threat to surface in years catches the world flat-footed." — Ars Technica
Sysdig: CVE-2026-31431 Analysis — "The flaw was introduced in 2017 via commit 72548b093ee3, which switched AEAD operations to in-place processing." — Sysdig
CERT-EU Advisory
Ubuntu Security Tracker
The Register: Crypto Flaw
Kernel Patch (reverts 2017 optimization) — "This mostly reverts commit 72548b093ee3 except for the copying of the associated data." — Kernel Commit
Buggy Commit: 72548b093ee3 (2017)
DeepWiki: AF_ALG Internals
oss-security Disclosure
PSA + GRUB Mitigation - Jan Wildeboer
Ubuntu 26.04 LTS (Resolute Raccoon) Released — "Ubuntu 26.04 LTS sets the example for providing best-in-class resilience while simultaneously embracing innovation and the advancement of open source." — Jon Seager, VP Ubuntu Engineering
The Future of AI in Ubuntu - Jon Seager — "Throughout 2026 we'll be working on enabling access to frontier AI for Ubuntu users in a way that is deliberate, secure, and aligned with our open source values." — Jon Seager
Ubuntu 26.04 Release Notes
Ubuntu AI Features Throughout 2026 - Phoronix — "Canonical's approach to AI is refreshingly thoughtful — Microsoft should take note." — ZDNet
Canonical DDoS Attack Update — "Canonical's web infrastructure is under a sustained, cross-border attack and we are working to address it." — arcticp, Canonical
Ubuntu Weekly Newsletter #942
Canonical AI Approach - ZDNet
9to5Linux: Opt-In LLM Tools
uutils/coreutils: Cross-platform Rust rewrite of the GNU coreutils
LINUX Unplugged 636: Engineering the Future
LiveCD fails to start X session on QEMU · Issue #354 · ghostbsd/issues
Monty's “rescue” drive NixOS config
Magnolia Mayhem's BSD Challenge Report
Pick: NASty — NASty is a NAS operating system built on NixOS and bcachefs. It turns commodity hardware into a storage appliance serving NFS, SMB, iSCSI, and NVMe-oF — managed from a single web UI, updated atomically, and rolled back when things go sideways.
Pick: Defuse — Defuse is a GTK4 application for removing image backgrounds locally.
Defuse on Flathub

After 26 years, we return to our roots and reflect on why LinuxFest Northwest is still a special event.
Sponsored By:
Jupiter Party Annual Membership: Put your support on automatic with our annual plan, and get one month of membership for free!
Managed Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.
Support LINUX Unplugged
Links:
💥 Gets Sats Quick and Easy with Strike
📻 LINUX Unplugged on Fountain.FM
LINUX Unplugged 666 BSD Challenge - Rules and Regrets
LFNW2026 - Back to Root
LinuxFest Northwest 2026 Playlist - YouTube
LinuxFest Northwest - YouTube
The New Linux Kernel AI Bot Uncovering Bugs Is A Local LLM On Framework Desktop + AMD Ryzen AI Max
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain
Bear454's Fundraiser: Support for James Mason's Family
Pick: Updo — Updo is a command-line tool for monitoring website uptime and performance. It provides real-time metrics on website status, response time, SSL certificate expiry, and more, with alert notifications.
Pick: Pake — 🤱🏻 Turn any webpage into a desktop app with one command.

We all have data to rescue, you just don't realize it yet. This week we build our own custom live rescue distros, recover real data, and show you how to make your own.
Sponsored By:
Jupiter Party Annual Membership: Put your support on automatic with our annual plan, and get one month of membership for free!
Managed Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.
Support LINUX Unplugged
Links:
💥 Gets Sats Quick and Easy with Strike
📻 LINUX Unplugged on Fountain.FM
LinuxFest Northwest 2026 - Back to Root — April 24-26, 2026 - Bellingham, Washington
6 ultimate boot CDs (system rescue) for troubleshooting Windows PCs
SystemRescue — A Linux system rescue toolkit available as a bootable medium for administrating or repairing your system and data after a crash.
Finnix — Debian-based, CLI-focused with a comprehensive set of repair tools. Recent updates improved modern hardware support, boot speed, zram compression, and SSH remote access.
Changes/ModernizeLiveMedia - Fedora Project Wiki — Modernize the live media by switching to the "new" live environment setup scripts provided by livesys-scripts and leverage new functionality in dracut to enable support for automatically enabling persistent overlays when flashed to USB sticks.
Fedora 41: Modernize the live media Overlay Features?
aegis-boot — A signed UEFI Secure Boot rescue environment that lets operators pick any ISO from a USB stick's data partition and kexec into it — without leaving the chain of trust.
netboot.xyz — A network-based bootable operating system installer based on iPXE.
Greg's nixos-config
Self-Hosted 129: Forged Alliance — The battle for code forges is heating up. We chat about HexOS' big promises and get excited about Meshtastic.
pocket-id — A simple OIDC provider that allows users to authenticate with their passkeys to your services.
What Is Claude Mythos—And Why Anthropic Won’t Let Anyone Use It
v4call — v4call is a decentralised video, voice and text platform built on the Hive blockchain. Users set their own rates for receiving calls and messages.
Pick: Metadata Cleaner — View and clean metadata in files
Metadata Cleaner on FlatHub
Pick: mat2 — mat2 is a metadata removal tool, supporting a wide range of commonly used file formats, written in python3
Pick: Little Snitch for Linux — Every time an application on your computer opens a network connection, it does so quietly, without asking. Little Snitch for Linux makes that activity visible and gives you the option to do something about it.
littlesnitch-linux-flake — A Nix Flake for Little Snitch for Linux
Pick: PCAPdroid — No-root network monitor, firewall and PCAP dumper for Android