 Welcome to the Home Lab show number 100, I think it's supposed to say 114 when we're talking about DistroBox. The ultimate thing for DistroHoppers, would you say that's accurate, Jay? Yeah, I agree. It's like this app exists in a different universe. It's just a lot of fun. I can't wait to get into it. It's like Docker Distro. It's DistroHopping with Docker. That's what we should actually call this DistroBox. How to DistroHop with Docker? Yeah, or Podman even. Or Podman, yeah, more specifically. We're going to dive into this. This is a fun topic. I was not aware of this tool before Jay brought it to my awareness and I thought it looked interesting. And I think a lot of you who are curious about trying out different distributions are going to like this before we jump into this topic. We got to thank a sponsor of the show and that is our friends at Akamai Linode. They've been a sponsor since the beginning and we host quite a few things on there, including my new website. I did choose that for the hosting, but the Homelab show has always been hosted on there and they've been a great sponsor of the show. They're a great place to host your projects. We have an offer code down in the links. If you want to sign up for Akamai Linode, got an offer code of the Homelab show, pretty easy to remember and we thank them for being a sponsor. Yep. All right. Where do we want to start with DistroBox? Oh, I'll mention this at the beginning, feedback at the homelab.show. That is the easiest way to get some feedback to us for people that have comments, questions, concerns that they want read on the air. Yeah, we want to do another Q&A episode. So help us out and give us some material for Q&A. Yep. Yep. All right, so we want to just jump right into it then. Yeah, let's just jump into it. So let's talk about some fun scenarios first before I get into the topic at hand. Imagine a world where you are using Arch Linux but you're running the Debian package of Google Chrome without using a tool to convert the package. You're actually using the native dev package or perhaps using the latest GNOME desktop on Debian stable without it being a mixed system. So you want the latest GNOME on an enterprise distribution or you want to run any number of applications for another distribution on your current one and perhaps you want to install a completely different desktop environment, maybe the Fedora version of Plasma on your Debian system or your Ubuntu system and then log into it and have it run native. Now this sounds crazy because in the past we'd have to manually compile. I mean, I've tried the process of compiling GNOME on Debian, for example, and it gives me a great deal more respect than I already had for people that package applications in Linux because, oh my gosh, I couldn't get it working. This is obviously early in my career, I never tried it again, but it's generally understood that the desktop environment is just bolted right onto the distro and you don't really have very many options aside from installing another one from the repositories. For example, Debian stable, you can't get the latest GNOME because it's stable, they don't change anything, but distro box, which is the tool we're talking about lets you do these weird things and more and it's kind of like this amazing tool that I'm kind of surprised didn't exist earlier. It doesn't let you do anything you couldn't do before. I mean, you could create a container, install an application and figure out how to forward X or Wayland or whatever to your display manager. You've been able to do this for as long as Docker has been around and probably earlier than that, but distro box is like a front end that makes this extremely easy. Like distro box, create dash n, whatever you wanna call your distro or your container just give it a name and then you tell it what image you want and then you have that container running. So you can have an Ubuntu image on Arch Linux, for example, no problem. And then if you install an application inside of your Ubuntu container in this example and then run it, it shows up on your host operating system as a native app and you could even go as far as to publish it to the applications menu of your distribution to have it right there in your app menu as if you installed it natively and it runs with near native performance. And at first, some people might think, well, why would I wanna do this? I don't really have a use case for this. Some people might be thinking already, oh my gosh, I had no idea that this existed and I can't wait to try it out. But this is just one of those things that just feels like it exists in another universe. And we have this tool that lets you mix and match different components of distributions together in your current one without having to remove your current distro to reinstall a different one just to get those applications or worse, do a multi-boot and have to figure out how to manage your multiple operating systems which I've never been a fan of. And as we're gonna dive into distro box, distro box is a tool that lets you do all of that and your imagination's the limit. You might be thinking, I don't know what I'm gonna use this for but then later on, you might think, well, what about this? What about that? And then light bulbs start going off, things that you didn't even think of and you can do all kinds of crazy stuff with distro box. And I am retitling this show, distro hopping made easy with distro box. I think that accurately describes it. I think so. And you can hop around simultaneously. It's just really incredible. So the best part about this is that it's easy. I sat down yesterday to learn this and I figured it would be one of these days where I'm just diving in and it takes hours upon hours. It didn't take any time at all. Literally to install it, you have to have a container engine. So I just ran on my Debian system, apt install podman. And then to install distro box, apt install distro box done. That's it. Like there's nothing else to do. It's literally that easy to install. There's a large number of distributions that have a distro box package in the default repository. So chances are you may not need another repository. I think CentOS needs the Apple repository but even if you don't have a supported distro, there's a script you can run on the GitHub repository. So it's github.com slash distro box, if I remember correctly, but you could find distro box on GitHub if that's not the actual URL. And once you install it, then that's it. It's just distro box create. You could simplify it down to that. And by default, you get a Fedora container. If you choose no options, it'll choose the name for you. It'll default to I think currently Fedora 38 at least in Debian. And there's a webpage that you can go to that has a list of all the images. So if you want to install a different image, you can use the option, I believe it's dash dash image off the top of my head. Give it the image you want to boon 2204, you want open SUSE, tumbleweed, Arch, whatever it is. Tell it what distro you want, what you want it to be called. It creates it. And once you've done that, then it's just simply distro box enter and then the name of the container, whatever name you gave it. And then at that point, you have a command line in your terminal that's using that distribution. And I ran app install genie, G-E-A-N-Y for the text editor inside the container. And then after it installed, I just ran genie on that command line and it showed up on my Arch Linux system, which is what I'm currently testing this on right now. So I tried it on Debian and now Arch Linux and it's that simple. Like I was starting to wonder how much of an episode can we make out of this? But I'm gonna talk about some of these scenarios in just a moment, but just take a moment and think about this, whatever distro on your current distro, I saw a video, I think it was from Tech Hunt, Tech Hut, I can't talk today, Tech Hut. It was mentioning a couple of these scenarios like DaVinci Resolve running on a, maybe a CentOS container, Rocky Linux or whatever, because it, you know, that supports Red Hat natively but installed on your current distribution. And if it's good enough to run DaVinci Resolve, I mean, come on, that's a high overhead that it's able to handle. And I think that's interesting. And the nice thing about Docker, Podman containerization is it runs pretty much the same as bare metal. That's why, as Jay said in the beginning, you're gonna get really good performance out of it because it's not like when you try to virtualize it, you're running it as close to the hardware as possible because it's sharing the spot in the kernel. Now, the other thing that's interesting to me is, especially if you work in the dev space and you are tasked with supporting multiple environments, you're like, cool, now I can spin up my client's environment and test the problem they're having. And then in the OS distro that they're using, so I can come closer to trying to produce it in my environment as opposed to kicking it down the road, going, works here. You should just reload what I have on my system. Now, there's one thing I wanna get out of the way that distro box does not do. I just wanna get this out of the way. Some people might think, oh, this is a benefit for security. This is gonna help me compartmentalize my apps, keep them separate. Not really, it's not for that. I mean, you can achieve better security with this, but I don't want anyone to think like they start using this and they're automatically more secure. You can be, depending on how you set things up, but that's not really the goal that distro box tries to solve. For example, if you install Firefox, I don't know, the Debian version of Firefox on Arch Linux and you run Firefox, your home directory is accessible to the containers. So if you had, for example, malvertizing in Firefox that dumps something in your Firefox profile, that's in your legit home directory and your host system. So it's not really for security. Still gotta kind of make sure you're not clicking on things. You should always make sure you're not clicking on things if you don't know what you're clicking on, but this isn't gonna give you any additional security unless you use it as a means of architecting something as a component of a greater solution. But the idea is you want to test something on another distribution. What is this command like on CentOS? What is this command like on OpenSUSA? Or perhaps you want to try an application and it's one of those applications you have to install by compiling from source or something. You don't want to junk up your home, your host system. You could put that in the container. So if you think about software engineers that package software for different distributions, it makes their job a lot easier because they have multiple distributions on their host and they could flip between them in their terminal, which is great. So that could help them package applications, companies that develop software might be able to test their app on different distributions a lot easier than they could if they were just like on one system after another testing their app. But again, this doesn't give you anything you didn't have before, but it makes it so much easier. I remember, I think it was 2012 or 2013, I had this period of time where I was just diving into Docker like crazy, like a lot of other people were. And me and a friend of mine, we created a Docker container that contained the Linux version of Steam and also the Windows version of Steam running through Wine. So it was like the ultimate Steam container that was running Windows games and was running Linux games long before, you know, SteamOS and the Steam Deck and all those. And that took a long time. Like it took us several days to really get that right to, you know, expose the applications properly. It was a lot of work. We could do it and we did do it, but with DistroBox, something like that is a lot easier because you don't have to worry about as much as of the underpinnings. For example, if you have an NVIDIA GPU, and you wanna use that with your containerized Debian, for example, you give DistroBox the dash dash NVIDIA option which will expose your GPU to the application. So that way you could have GPU powered applications. My understanding is if you're on Intel and AMD, you shouldn't really have to do anything because it's supported natively in Linux as it is. But, you know, NVIDIA needing a proprietary driver, if you have that installed on your host and wanna expose that to the guest or containers, I said guest, it's not virtualization, but I think we don't know what I mean. And then all of a sudden, your container is able to use the GPU, which could potentially mean you're just running, you know, most things on Intel and you containerize your NVIDIA applications which might be some, have some benefit of them by itself. And I'll mention back when you said can be architected. There are other solutions that are architected for security. If we've never done an episode on it, but Cubes OS, they just had a new release. And I thought I'd mentioned if you're looking for extreme compartmentalization, also a learning curve of using and difficulties that come with it because security and convenience trade-offs that occur. Cubes OS is actually, I've always liked that their title was a reasonably secure operating system. Hands down, they are really solid on security. This is different than that. I haven't tried running Cubes OS inside DistroBox. I don't even know if it's possible. Yeah, probably not. You get these ideas and you're thinking, well, maybe I should try this. What would happen? You know, you could have a lot of fun with this. One thing I didn't get to work, I was just curious about running snap packages. I know a lot of people are face-palming as soon as I say that, but there are some applications, not many that are only packaged that way. It would be nice if you could have access to those. For example, you don't want SnapD on your host system. You just want that in the container because maybe you don't like snap packages, but you have to run one. You could keep it away from your host, but I wasn't able to get that to work. I think you can. There's a dash dash root option that you can give DistroBox to run a root-level container. If you use Podman by default, it's not running containers as root unless you give it that option. I tried it with that option and it still doesn't work, but I'm pretty sure there is a way to get that to work, but you might run into some edge cases that aren't going to work. I don't want to frame this as something that's 100% compatible with everything, but this goes further than anything I've ever used, so it's definitely better than anything I think we've had before, at least that I know. Yeah, I think it's really interesting, and you mentioned before, this is actually in a lot of the distributions as well, isn't it? Yeah, it is. There's a whole list of distributions that have this in the default repositories. I was half expecting Debian to only have it in testing. That's kind of how it works often where you have something like a newer technology I actually don't remember, or it didn't even look up how old DistroBox even is. I know it's been out for a bit. I half expected it not to be in Bookworm, but to be in testing, to be in the next Debian release. No, it's in Bookworm. You could just app install DistroBox just like that, nothing to do, Ubuntu, whatever. There's a snap package for it if you like that kind of thing, but there's two install scripts on their GitHub page for those of you that don't have a supported Distro. I think one of them sets it up as root and the other doesn't, but don't quote me on that. I didn't look at the install script yet, but I just know that those exist for those of you that run something that's a little bit more exotic, for example. I just realized it's in Homebrew as well. Oh, is it? Wow, I didn't even realize that because I was gonna say it's not really a solution for Windows or Mac users so much. That doesn't mean you can't do it. I saw a blog post somewhere where somebody was running it inside of Windows services for Linux in the subsystem, the Windows shell, whatever they're calling it these days, but I think everybody knows what I'm talking about. There's people that were running it inside there, so it wouldn't be surprising to me that it's in Homebrew or something like that, but I didn't see a download for macOS or for Windows, so I'm not really sure about that. I have a feeling because if I dig into this further, does it support, it probably supports Homebrew, but the Linux version, because there's a Linux version of Homebrew as well. I don't see the words Apple Silicon anywhere in here. Well, that alone would probably give it, make it a bit more challenging, not that it can't be done, it's just, when you think about it, it's more work for the developer to do to support another platform, so maybe something like that will be possible later. I think that this solution just opens a lot of doors, especially for people that just want to run a one-off experiment, and they might not have a test system. I mean, I've always had a spare laptop, but that's only because I just don't sell my old one and just keep it around, but for most people that have one machine, this gives them the possibility of trying more than one distro, and Ventoy is another option, but you have to boot into the distro fully, which might be great, but it's not really the same thing because you're running in live mode. You could have a couple of different disks with different distros on there, virtual machines. We have all kinds of different ways of running these applications, but this just gives us an interface that simplifies the creation of creating containers that can do a much better job when it comes to this kind of thing. Yeah, I think it's interesting and it solves some of the compatibility and trouble of loading, because the containerization of things has made it so much easier. I had something I wanted to test and the nice thing is there was an official Docker image from the people and I was like, oh, cool, I can go there. I was able to spin it up and decide if I like the tool or not within a few minutes and I thought it was pretty novel, but it was like, it was just grab that Docker compose, I set a password in it and then that's it. Docker compose up, done. It pulled all, it was a lot of images to pull, but they have a manual setup and I just didn't want to go through that trouble. I really love the containerization. So this is like one more extension of that. So now we can do our testing and distro hopping and kind of like you said, we have access to these. My computer is still, even though it's a few years old, it's still quite fast with a lot of memory in it. Running virtualization stuff on here is still very fast for me. So throwing Docker or Podman, as they suggest on this, and grabbing containers, this is kind of cool. I'm having a ton of fun with this. I'm printing a script right now to eventually do a video on it. So you can expect that. I don't know when, because the studio is very close to being done. The lighting is completely terrible right now. There's some adjustments with the camera and the audio, nothing major, but some minor things. I'm sure some people might have already, people that are watching have seen some inconsistencies, but finally had a chance to sit down with this and I hope to record this as soon as possible. And considering we're getting close to the holiday here in the United States, I think probably sometime in January would be a good estimate that this video will be out. And it's something that I can't wait to show off in a video because I feel like that'll really do it justice more so than talking about it. But it's just so amazing. I'm still kind of playing around with it. Like this morning I was trying to get Nome to run through it, which is something that you can do. You can have an entire test hop environment inside there. But I wasn't able to get that to work, but granted I only had 15 minutes. It's probably something simple, but by the time the video comes out, I should know a lot more and have some concrete steps people could walk through along with me to end up at the same place, get it running and see how it works. Yep, so definitely a cool thing. We left a link in the description and check that out. If you Google distro box that comes right up in your land on our GitHub page, it's pretty easy to get started with. Side note I want to bring up because we talked about this last time and me and Jay has still have personal conversations about this. I actually decided I like log seek. So thank you. And more than one of you recommended log seek as a good note taking app. It's more of a journaling system. So it's not just a markdown system. I've now been using it pretty much ever since like the next day after that. So just the last couple of weeks and I've journaled my life because I wanted to try something different. And I'm really liking it. It's definitely kind of fun. Jay is still going back and forth between what Joplin and what else? Joplin and Obsidian currently. Joplin is still my preferred over Obsidian when it comes to the interface. I'm not saying it's better. It's just better for me in particular. It's just a personal thing. I just like the workflow better. Obsidian, I don't like the interface as much. It's not open source. So there's that. But I was, I tried to go back to Joplin because if the interface works well for me then why not just use that? But the problem is I keep running into issues. And the most recent one was I switched to syncing through a sync thing instead of their built in sync service with their cloud sync or whatever it's called. And I ran into this weird situation where I'm typing a note and it's actually for one of the videos I'm working on it might have even been the distro box notes I was writing, but I just created the note inside Joplin like a completely empty note started typing put the markdown headers in there had it all working right a sync to my other computer and none of the formatting synced at all just a complete wall of text. Just I have no idea why it misses the mark so much. And last time there was an issue where I was writing a note it didn't save it and I lost everything which has one job come on but if only they would fix these bugs and it's just egregious to me but I've never had a problem with Obsidian I never had any of these issues it's just I don't like the interface as much I know a lot of people prefer Obsidian over Joplin but for me it's just I can't use Joplin as much as I like it if I can't rely on it when I'm writing notes I mean imagine if I sit down and record and I wrote a script and the script isn't there I mean that's horrible to even think about that I'm glad I caught it in time but it's kind of one of those things where maybe I just need to go in and check the bugs for Joplin and make sure they're reported or something I'm not really sure but it's not something I can rely on log seek I tried it it doesn't really work for me the workflow either that or I just or maybe I'm using it wrong the problem could be me I'll be completely honest maybe I'm just not getting their flow I tried it again last night and just kind of frustrated me to be honest but then again it takes some learning and just so I say log seek because that's how I've heard it pronounced but the website is loggseq.com so it's more like log sec or log sec it's a queue so if you're looking for log seek you're seeking logs and that is not what this is about Yep I wanna address something in the chat room LightNight is asking how I manage the updates on my systems and I have quite a few servers now it's a combination of Ansible and unattended upgrades Ansible when it runs in all my systems it makes sure that unattended upgrades is there with the config file that updates the things that I wanted to update it's a template so I could set the time for installation of updates the time for reboot and essentially I just let that run I get an email report and that works for me it's simple but I get an email report that is reporting on error I have things that check to make sure things have actually run so it doesn't silently fail and it's simple but it works and I also have a lot of backups everything's automated so if I get a bad update and I don't care I just wipe and reload just basically reinstall Ansible and there's nothing else that I have to do but it takes a while to get it to that point but I just download things straight from the repository update that way I also use kernel care for reboot free kernel updates so live patches they're a sponsor of my channel not this one but I mention them not because they're a sponsor but because I literally actually use kernel care so what it does is it live patches the Linux kernel so if it's a Linux kernel update you should still reboot it doesn't stop you from needing to reboot but it lets you keep things running and reboot when it's convenient instead of like all of a sudden but when it comes to services you know like Apache and all these other ones when that updates the services restart anyway so that's usually taken care of but that's basically how I do it I know that might be underwhelming but I think the Ansible side of it is probably the most exciting but unattended upgrades is pretty basic but if it works, it works yeah and it's about simplicity when it comes to updates me and Jay are of the same idea that you should have a simple and an automated as possible process for doing the patches and updates it's the best way to do it because we as sysadmins have spent way too much of our time looking at things because they're broken and we find out they haven't been updated in years which now we're like what's the path to migration because this hasn't seen an update in three years because someone hit an update, it broke they roll back and that's where it's been ever since been afraid to touch it and I'm like yeah this is it's and then someone mentioned also if there's if I have any advice for getting started with Ansible or Nix I haven't checked out Nix yet believe it or not I've been so busy with the studio among other things I will get to it I promise so I don't have any opinion on that but the Ansible series that I created is still being enjoyed by a lot of people I'm still seeing views for it it should still work just fine so I mean there's been some changes in Ansible but nothing that's really gonna make that you're getting started series of Ansible solid I would still recommend that for sure head over to learnlinux.tv and you can find the entire playlist of the Ansible on there yeah under courses you should find it there and I have like the Vim course one for Teamux a bunch of other ones just in the Linux Crash Course series is now over 60 episodes long and I'm not done yet so it is still going it's still going to do like one command at a time and one video at a time this is gonna run for probably at least a hundred episodes if I had to guess but the idea being if you want it they're all standalone so if you wanted to learn a specific command you don't have to watch all the videos leading up to it just watch that one video and you learn that one thing and you can just digest these in any order that you want for the most part unless I tell you otherwise so that's another resource that I'd like people to check out because I can't believe it's over 60 episodes long it's easily the longest-running tutorial series in the history of the channel Yeah, and not to mention you also have a Docker Essentials kind of related to what we were talking about here if you're so if you need if you need to dive into Docker there's also a tutorial and I'm on Jay's learnlinux.tv it's pretty easy to find everything out there Yep, I do a lot of work to make it as easy to discover things as I possibly can Yeah, yeah, both of us me and Jay both are the same way I'm reorganizing a lot of my data in the same way and you'll find short links under all of most all my videos I'm still pushing all of them so to make it easier to find playlists I have as well so we try to make this information as findable because the algorithm-driven system may not always get you what you're looking for but check our sites respectively and it makes it a lot easier and our playlists I want to also mention or give a response to Jim the IT guy because he brings up a point basically the mentality that exists out there where people aren't running updates because updates break things and that's true sometimes updates do break things but what's easier to recover from? A broken update or identity theft? What's easier to recover from? A broken update or a complete system takeover by a threat actor? I would probably go with the update as being the lesser of the two evils and it's interesting when and Jim isn't saying this he knows the situation it's people that are not Jim and probably not listeners of our podcast that are out there not installing updates because they don't want to break anything and then next thing you know they're on the news for getting taken over and oh, if only we could have done something about it yeah, install your updates it's that simple if you have a broken update have a test system install the updates on the test system or have a few test users that agree to be guinea pigs or something there's always at least a few people at companies that like to be guinea pigs believe it or not there's always a way to do it and it's just one of those things where when I hear other people say this I'm like, oh really? There's far worse things than a broken update Yeah, and it's one of those things like we have an intermittent consultant client they seem to contact us about every two years based on their history with them but the unfortunate part is the most recent contact with them was after a complete takeover and they lost it all and it's one of those things when you start really digging into what happened they had so many things out of date they had stuff that was years out of date and you know, we'd mentioned to them anything we worked on were like, this is out of date this is out of date they're like, oh we're gonna get to it and they never got to it and they left it all publicly exposed as well lots of, they liked a lot of open source tools and it's unfortunate that's that happened to them it's, you know we did everything we could to warn these people they are still trying to figure out what they wanna do going forward but they're realizing they need a plan to patch all their infrastructure and I wanna say they had over 20 servers get taken over so it's not like this was just some small outfit this, they had I don't know exactly how many employees but I knew they have about 20 servers I think was how many we were trying to recover for them Yeah, you know I'm a very understanding and patient person I am patient, not impatient at least I hope that I'm patient and understanding but, you know cause when someone doesn't know something I get it, there's a lot to learn and nobody knows something until they do so obviously if someone says oh gosh, I don't really know the ins and outs of the apt command that's fine, maybe they were using DNF or some other distribution or maybe they didn't use Linux at all until today but I don't have any sympathy as much as this might sound egregious for anyone that gets taken over when it's a simple thing they could have done like updates when nobody that's learning IT I don't care if you're like the first month you're in college trying to get your career in IT or you're watching videos to learn on your own you cannot go a month without hearing that you should install your patches at least a dozen times it's one of those things you cannot escape that like somebody mentioning that so that's like one of the things that everybody should know you have to install your updates especially if you work in an enterprise company and you don't know the value of updates in my opinion, that's kind of hard to justify in my opinion on that but I think even more egregious is when you have the system administrator that knows the importance of updates and wants to update right now and then you have an executive that blocks it because oh my God, problems in that case it's not the system administrators fault they can install updates they're literally being banned from doing so but aside from that if you have the ability to patch then you should be patching Yep, absolutely so we'll leave you with all that send feedback to feedback at the homelab.show we love hearing from all of you we should be able to do this next week as well just because the holidays are happening I think we got lined up so we're getting our cadence back to things Jay's getting the studio back together but looking forward to doing some more episodes and dive into those topics over on Jamie he's got those great courses definitely check them out all right and thanks