16:21

Ep. 10 Jun 5, 2026

AI for Everyone! But Can You Trust It? | Hot Takes & Cold Storage

This week on Hot Takes and Cold Storage: AI policy wars, a legislative win with an asterisk, and a supply chain security milestone that deserves more attention than it’s getting. 🔥 HOT TAKES California and Colorado carve Linux out of age verification laws, but California’s bill simultaneously expands age-gating to the open web. The EFF isn’t happy. Flatpak’s next architecture may require systemd, raising questions about non-systemd distro compatibility Flathub bans all AI-generated code, docs, and submissions, effective immediately Debian mandates reproducible builds, the first major general-purpose distro to do so, and a real structural response to the XZ backdoor 🎙️ DEEP DIVE: AI for Everyone, But Can You Trust It? PewDiePie just dropped Odysseus, a fully open source self-hosted AI workspace, and handed the concept of digital self-reliance to a hundred million people. Meanwhile, I’ve been fighting with OpenClaw trying to get it running against a local LLM, and what I found in Vitalik Buterin’s April post has me thinking hard about limits. The open source community can’t agree on AI-generated code policy, and that debate is happening in public right now. 📰 STORY LINKS California/Colorado Age Verification: https://www.techtimes.com/articles/317449/20260530/california-age-verification-bill-clears-assembly-linux-spared-websites-added-age-gating-regime.htm https://ostechnix.com/colorado-california-age-verification-law-open-source-exempt/ Flatpak + systemd: https://linuxiac.com/flatpaks-future-may-leave-non-systemd-distros-behind/ https://www.osnews.com/story/145071/flatpak-will-depend-on-systemd/ Flathub AI Ban: https://linuxiac.com/flathub-now-rejects-ai-assisted-apps-and-submissions/ https://www.gamingonlinux.com/2026/05/flathub-moves-to-ban-nearly-all-apps-and-submissions-made-with-generative-ai/ Debian Reproducible Builds: https://www.phoronix.com/news/Debian-Must-Ship-Reproducible https://itsfoss.com/news/debian-makes-reproducible-builds-mandatory/ PewDiePie / Odysseus: https://github.com/pewdiepie-archdaemon/odysseus https://virtualuncle.com/pewdiepie-odysseus-self-hosted-ai-workspace/ Vitalik Buterin on local AI and OpenClaw security: https://vitalik.eth.limo/general/2026/04/02/secure_llms.html Linux Kernel AI policy: https://www.tomshardware.com/software/linux/linux-lays-down-the-law-on-ai-generated-code-yes-to-copilot-no-to-ai-slop-and-humans-take-the-fall-for-mistakes-after-months-of-fierce-debate-torvalds-and-maintainers-come-to-an-agreement https://gigazine.net/gsc_news/en/20260413-linux-a-generated-code-assisted-by/ QEMU AI Policy: https://linuxiac.com/qemu-may-relax-its-ban-on-ai-generated-contributions/ https://www.theregister.com/ai-and-ml/2026/05/29/qemu-mulls-relaxing-ai-contribution-ban/5248638 The Iron Sysadmin publishes bi-weekly. Find us on the fediverse: 📺 PeerTube: https://video.ironsysadmin.com 🎙️ Podcast: https://pods.ironsysadmin.com

19:02

Ep. 09 May 22, 2026

Hot takes & Cold Storage, May 22, 2026

Welcome back to Hot Takes and Cold Storage! After a brief hiatus around Red Hat Summit season, Nate is back with a packed episode. Hot Takes: Microsoft quietly added Copilot as a co-author to VS Code git commits — even with AI tools disabled. They reversed it after developer backlash, but it’s another reason to consider VSCodium. The Dutch government has launched its own self-hosted Forgejo instance as a digital sovereignty move, joining a growing trend of nations taking control of their code infrastructure. US states continue filling the federal privacy vacuum. California’s AB 2561 now prohibits apps and OSes from resetting your privacy settings, and Connecticut passed a law requiring data brokers to register with the state. MiciMike is producing a drop-in replacement PCB for the Google Home Mini Gen 1 that turns it into a Home Assistant Voice device — completely local, ESP-based, and available to back on Crowd Supply. And in a story that writes itself: a CISA contractor stored AWS GovCloud admin credentials, a Firefox password CSV, and deployment documentation in a public GitHub repo. For six months. With secret scanning disabled. Cold Storage (Deep Dive): The TanStack Supply Chain Worm On May 11, 2026, over 170 packages were compromised across npm and PyPI. 84 malicious versions across 42 TanStack packages were published in a six-minute window, also hitting Mistral AI, UiPath, and OpenSearch. This is the first documented supply chain worm to ship with valid SLSA provenance certificates. We break down the pull_request_target exploit pattern, how the attacker poisoned the GitHub Actions cache without touching any credentials, and how the worm propagated itself through every developer it infected — including a vindictive payload that wiped your home directory if you revoked your token. The community response was fast and transparent, and that’s the real win. Links: Microsoft Copilot co-author controversy: https://www.msn.com/en-us/news/technology/microsoft-secretly-made-copilot-co-author-your-code-until-developers-revolted/ar-AA22CHBL Dutch government self-hosts Forgejo: https://www.opensourceforu.com/2026/04/dutch-government-backs-forgejo-for-sovereign-open-source-github-alternative/ California AB 2561 & state privacy law roundup: https://www.troutmanprivacy.com/2026/05/proposed-state-privacy-and-ai-law-update-may-18-2026/ Connecticut data broker registration: https://www.troutmanprivacy.com/2026/05/proposed-state-privacy-and-ai-law-update-may-11-2026/ MiciMike Google Home Mini replacement PCB: https://www.cnx-software.com/2026/04/29/micimike-open-source-drop-in-pcb-converts-google-home-mini-into-a-local-voice-assistant/ Back MiciMike on Crowd Supply: https://www.crowdsupply.com/micimike-rev-devices/micimike-home-mini-drop-in-pcb

14:53

Ep. 08 Feb 20, 2026

The Truth About Discord's Age Scans & Mastodon's Big Adoption Fix

Stop letting tech giants trample your privacy. In this week’s recap, we’re diving into the latest controversy surrounding Discord user privacy and their new “Teen by Default” age verification system which might already be shadow-surveilling you via AI. We also have some positive news: Mastodon is finally fixing its onboarding friction to help decentralized social media go mainstream, and ASUS is leading a new charge to unify the gaming on linux experience through the Open Gaming Collective. In this episode: Discord Privacy Alert: Why their new age-scan policy is a nightmare for internet freedoms. Mastodon Adoption Fix: How redesigned profiles and improved onboarding are fighting centralization. Linux Gaming Unified: What the “Open Gaming Collective” means for the future of open source gaming. Show Notes & Timestamps [00:00] Intro: The State of Internet Freedoms Nate’s take on the recurring cycle of corporate overreach and the need for open source alternatives. [02:15] Discord’s “Teen by Default” & AI Surveillance The Gist: All users must verify their age or face restricted “teen” account status starting March 2026. Privacy Concerns: Discord is leveraging Persona (a 3rd party with links to Palantir) for facial age estimation scans. The “Shadow” AI: Discord claims many users won’t need to scan because they’ve already been analyzing chat patterns to “peg” user ages. History Repeating: Reminder of the 2025 data breach involving a 3rd party vendor. Links: https://discord.com/press-releases/discord-launches-teen-by-default-settings-globally https://www.techbuzz.ai/articles/discord-walks-back-age-verification-fears-for-most-users https://www.windowscentral.com/gaming/discord-leave-windows-central-readers https://www.nytimes.com/2025/05/30/technology/trump-palantir-data-americans.html [08:45] Mastodon: Breaking the Barriers to Entry New leadership is attacking the “adoption problem” by simplifying server choices. Key Updates: Email notifications for non-account holders and profile redesigns for creators. Admin Tools: Introduction of automated content scanning and external block-lists to fight spam. Links: https://dataconomy.com/2026/02/19/mastodon-is-finally-fixing-its-biggest-entry-barrier/ [14:20] Linux Gaming: The Open Gaming Collective ASUS’s Linux division launches a collective to standardize the Linux gaming stack. Goal: Move away from translation layers (Proton) toward native open source development. Supported Distros: Bazzite, Nobara, ChimeraOS, and more. Links: https://www.techpowerup.com/345777/open-gaming-collective-forms-to-enhance-linux-gaming

11:52

Ep. 07 Jan 23, 2026

Why Washington State Wants to Control Your 3D Printer (And New AI Malware)

3D Printer DRM: Washington State Proposal The Issue: A proposed bill in Washington State would require 3D printer manufacturers to include firmware that identifies and blocks the printing of firearm parts. The Penalty: Violations could carry up to five years in prison and a $15,000 fine. The Concern: While the “spirit” is to prevent unregistered firearms, Nate points out this is already illegal. The real danger lies in the implementation: Permission to Print: Printers may need to "check-in" with an authority to compare jobs against a database. The Slippery Slope: This technology could easily be expanded to block copyrighted materials (like LEGO) or cosplay items (like Disney/Star Wars props). Sources: [Tom's Hardware Article ](https://www.tomshardware.com/3d-printing/washington-state-proposes-new-3d-printed-gun-controls-with-blocking-features-and-blueprint-detection-algorithm-proposal-would-carry-sentences-of-five-years-in-prison-usd15-000-fine-for-violation) BillTrack50 - Washington Bill Details [YouTube: Loyal Moses Discussion](https://www.youtube.com/watch?v=QvBVZIJWejs) Voidlink: The New Frontier of Linux Malware Overview: A new malware toolkit called Voidlink has been discovered, specifically targeting Linux in the cloud and containerized environments. AI-Authored: Researchers suspect the code was generated using AI, allowing for more rapid and complex development. Advanced Modular Design: Unlike typical “one-off” scripts, Voidlink is a modular framework with over 30 components. Capabilities: Includes modules for stealth, privilege escalation, lateral movement, and reconnaissance. Dynamic Loading: Attackers can load or unload these modules as needed depending on the target environment. Sources: [Ars Technica - Never-before-seen Linux Malware](https://arstechnica.com/security/2026/01/never-before-seen-linux-malware-is-far-more-advanced-than-typical/) [InfoSecurity Magazine - Voidlink Built Using AI](https://www.infosecurity-magazine.com/news/voidlink-linux-malware-built-using/) [ The Hacker News - Voidlink Framework](https://thehackernews.com/2026/01/voidlink-linux-malware-framework-built.html)

18:46

Ep. 06 Jan 9, 2026

Rust in the Linux Kernel, Immutable RHEL, and the Decline of Firefox (2026 Update)

Is 2026 the year of the Linux desktop? Join Nate, the Iron Sysadmin, as we break down ZDNet’s 2026 predictions, the rise of immutable Linux distributions like RHEL, and why users are ditching Windows. In this week’s news recap, we explore the evolving landscape of open-source software and digital freedom. We discuss the growing “Rust-in-the-kernel” movement, the reality of immutable operating systems going mainstream, and the concerning fall of Firefox’s market share. We also take a deep dive into the Freedom House 2025 assessment of global internet freedom and the “unbundling” of Twitter into decentralized protocols. ZDNet’s 2026 Predictions: https://www.zdnet.com/article/linux-and-open-source-2026-predictions/ Freedom House’s Assessment of Internet Freedom: https://freedomhouse.org/report/freedom-net/2025/uncertain-future-global-internet Net Influencer’s article on on Twitter’s users “Unbundled”: https://www.netinfluencer.com/twitter-alternatives-in-2026-the-platform-didnt-get-replaced-it-got-unbundled/