On May 27, Adam Williamson of the Fedora QA team sent a message to contributor Nathan Giovannini, CC'ing the project's devel and test mailing lists so everyone could see what had been going on.

Adam had been combing through Nathan's Bugzilla history and found what he described as the work of "some kind of agentic AI system," operating unsupervised across both Fedora's bug tracker and several upstream projects.

Soon after, Nathan replied, saying his credentials had been compromised and that he had nothing to do with any of it.

Skynet, is that you?

The agent had been mass-reassigning Bugzilla reports to Nathan's account, despite him not being the maintainer for any of the affected packages. In Fedora's Bugzilla instance, the assignee is supposed to be whoever can actually resolve the bug downstream, typically the package maintainer.

It had also been prematurely closing bugs, where the correct protocol was to mark a bug as POST when a fix was proposed upstream but wasn't pushed downstream. The agent was just closing them outright after submitting or merging an upstream patch.

Then there were the NOTABUG closures. The agent had been shutting bugs in components it had no ownership over, with comments Adam identified as clearly LLM-generated. Some of those comments just restated what the original reporter had already written. Others sounded plausible but were wrong.

The fourth problem was the most serious. The agent submitted an incorrect fix to the Anaconda installer project, and when a maintainer pushed back, it kept firing back LLM-generated responses until the maintainer gave in and merged it.

The Anaconda team reverted the PR, but two related pull requests had already shipped in Anaconda 45.5.

A supply chain problem?

This is not a particularly sophisticated attack.

A contributor account gets compromised, an AI agent runs through it, and bad code ends up in a release before anyone notices. The damage in this case was caught and cleaned up, but the scenario itself is not hard to replicate.

Fedora approved a policy on AI-assisted contributions last year, placing full accountability on the human contributor and requiring transparency when AI tools are involved. Submitting unreviewed, low-quality machine-generated content is explicitly called out as unacceptable.

What played out here was the policy's failure conditions, except it was routed through a stolen account rather than a contributor acting in bad faith, so the policy had no way to apply.

Open source software sits underneath nearly all modern enterprise infrastructure, which is what makes the supply chain angle worth taking very seriously.

IBM and Red Hat announced Project Lightwell in late May as a $5 billion effort to secure open source supply chains using AI tooling and a team of over 20,000 engineers. It targets vulnerability remediation across upstream and enterprise environments, from language ecosystems to AI frameworks.

However, it does not address the specific problem of agentic AI operating through hijacked contributor accounts, but it reflects where the industry is moving towards as AI keeps accelerating both the discovery and exploitation of vulnerabilities.

Fedora's 2FA problem isn't going away

The incident kicked off a debate on the devel list that has apparently been sitting unresolved since the XZ backdoor in 2024.

Daniel Berrangé, a Red Hat engineer and long-time Fedora contributor, pointed out that mandatory 2FA had come up after that incident; the only outcome was a soft recommendation that provenpackagers should have it enabled, and nothing has moved since.

Fabio Valentini raised a separate issue saying that a lot of this activity happened on Bugzilla, which uses its own account system and may not support 2FA at all. Daniel acknowledged that but said it was not a reason to avoid mandating it for the Fedora Accounts (FAS), and noted Bugzilla may become less relevant if Fedora eventually moves to the issue tracker on Fedora Forge.

Michael Catanzaro, a GNOME developer, said he uses 2FA everywhere except Fedora, even though his Fedora account is among his most sensitive. The sticking point in his case is that Kerberos ticket renewal isn't working properly with 2FA in GNOME Online Accounts.

In the end, seeing that a compromised account got bad code into their repos, the Fedora folks ought to step up their efforts when it comes to mandating 2FA for contributors whose work affects many users.

If you have been keeping an eye on the display server situation on Linux, you know where things are headed. Wayland is taking over as distros are dropping X11 sessions one by one.

So naturally, someone went ahead and built a brand new X11 server from scratch. Developer Jos Dehaes recently went public with yserver, a new MIT-licensed X11 display server written entirely in Rust.

Now, this will either impress you or make you shout "Clanker!" but this project was built with significant help from Claude Code, Anthropic's AI coding agent. The repo has both a CLAUDE.md and an AGENTS.md file in plain sight, making this a proper vibe-coded project.

What is it?

Well, yserver isn't aiming to clone X.Org, rather it is meant to be a practical X11 server for modern Linux that focuses on what real desktop environments and applications actually need today.

Everything that has accumulated over decades and serves no purpose in today's computing environment has been dropped. That includes the DDX driver ABI, multiple X11 screen support, non-TrueColor legacy visuals, indirect GLX, and endian-swapped clients.

Under the hood, yserver drives hardware directly through DRM/KMS and Vulkan, skipping the usual middleware layers that sit between the display server and the GPU. This means a more direct path to the hardware with fewer moving parts sitting in the middle.

According to the project's documentation, yserver uses libseat for seat management, which ensures it can run without root and the core is deliberately single-threaded, resulting in predictable protocol behavior.

What can it do?

Currently, yserver can already boot into MATE, Xfce, and Cinnamon sessions, and it has also been tested with window managers like FVWM3, e16, and Window Maker. FreeBSD support is on the roadmap, but work on it has not started yet.

Hardware coverage is wider than you might expect. In testing, Jos has covered AMD Ryzen and Radeon setups, Intel Kaby Lake iGPU, NVIDIA with the proprietary driver, Snapdragon X1, and Apple M1 and M2 on Asahi Linux.

These were all tested on MATE, Xfce, and Cinnamon configurations, btw.

The obvious question

Major players in the Linux space like Ubuntu dropped the X11 session in 25.10, Fedora has done away with X11 on its flagship Workstation desktop edition, and KDE has already announced Plasma 6.8 will drop X11 support entirely.

So who is yserver for, exactly? Well, there is still a distinct group of users stuck on X11, whether because of legacy desktop environments, specific hardware setups, or workflows that just have not made the jump yet.

And the project itself is very early. There is one primary contributor, and the security model is incomplete, with the design documentation clearly stating that clients can currently read other clients' windows and global input.

Heck, even the name is a placeholder. 😅

So, yserver won't be replacing Wayland or X11 on your computer anytime soon, but it is a nice project to know about, and it also shows us how prevalent vibe coding has become, whether you like it or not.

Via: Phoronix

It's FOSS turns 14 tomorrow. Incidentally, my son turns 1 tomorrow as well. Two milestones the same day call for celebration, right?

But there is something important that I wanted to share with you and it relates to the future of It's FOSS.

The thing is that Google Search is gone. Not broken but gone. What replaces it is an AI that reads the web, summarizes it, and hands you the answer directly. No links. No clicks. No visits to the sites that actually wrote the content.

This is not a minor update. This is a structural shift in how the internet works.

For the past two decades, a quiet but fair deal powered the open web: you search, you click, we earn a little from ads, and we use that to keep writing. That deal is over. Google now takes our content, serves the answer, and the publisher gets nothing. Not even a visit.

Since the launch of ChatGPT, It's FOSS has already lost 80% of its Google search traffic. And it's alarming now.

I built It's FOSS because I love Linux and open-source software. Not to get rich. I built it because I wanted a place where people could learn Linux for free, stay informed, and feel part of a community that actually cares about what open-source software means. For years, that worked. Ad revenue kept the lights on. We kept creating informational content that helped Linux users all around the world.

That model is now broken, and no tweak to our content strategy will fix it. This is not an algorithm we can optimize around.

The big publishers will survive this. They have corporate backing, licensing deals, and investors to absorb the losses. We don't. What we have is you.

If It's FOSS has ever helped you, fixed a problem, taught you something new, saved you a frustrating hour, this is the moment to return the favor. You want us to continue for 14 more years, right?

Becoming a Plus member keeps this alive:

• The newsletter you're reading right now
• The tutorials, guides, and news on It's FOSS
• A small, independent voice in a world where content is increasingly written by non-humans for non-humans

To mark 14 years of It's FOSS (and my son's first birthday), I'm offering $30 off the lifetime membership this week. This one-time payment also solidifies the trust you have in It's FOSS and keeps us going in the age of AI slop.

Not in a position to subscribe? A one-time donation helps too. Every contribution, whatever the size, is a vote for keeping It's FOSS alive, keeping the open web alive.

I've spent years writing about open source because I believe software freedom matters, using a free operating system matters. I still do. But this freedom also needs people willing to sustain the communities that talk about it.

I'm asking you to be one of those people.

📰 News That Matter

Proton has given us some back-to-back updates. There's an encryption overhaul that makes uploads up to 3x faster and downloads up to 2x faster, thanks to a cryptography rewrite. News on how a native GUI client for Linux is in the works, and an official CLI offering for Drive that works on Linux, Windows, and macOS.

A lot has landed in the DocSpace 3.7 release. You get AI-generated files, DeepSeek, xAI and Google AI support, a complete rework of form filling rooms that now handle PDF creation, room tagging, bulk deletion, and new admin controls.

Similarly, Collabora have introduced CODE 26.04, possibly their biggest release yet. It includes AI assistance across all three editors, a reworked document comparison tool in Writer, per-user sheet views in Calc, 14 new spreadsheet functions, and a follow-me presentation mode in Impress. Yeah... AI everywhere.

You know what else is everywhere? systemd. Well... almost. KaOS has decided to distance itself from systemd and opted for dinit instead.

🧠 What We’re Thinking About

ProtonMail is a solid Gmail alternative for privacy-conscious users, but the absence of canned responses is still a daily pain point for me.

🧮 Linux Tips, Tutorials, and Learnings

Man pages are famously dense, but they're also the most accurate and complete documentation Linux has.

Need to send a large file without uploading it to someone else's server first? CheezyPizza does it browser to browser over WebRTC, with no account, no size cap, and no middleman.

Not open source software but Melia is a new Linux desktop email client that takes privacy seriously in ways most clients don't bother with. Tracking pixels are neutralized, incoming emails are verified against SPF, DKIM, and DMARC, and senders whose display names don't match their addresses get flagged automatically.

If you find Linux Mint running slowly, try disabling animations and window effects. It may improve the performance a yiny bit and tiny bits help when you are struggling with performance.

On the contrary, if you have decent hardware, you can add eye candy to Linux Mint by adding more desktop effects.

👷 AI, Homelab and Hardware Corner

Bambu Lab has been on a path to vendor lock-in, and even after outcry from the community over some of its recent moves, they don't seem to be learning anything.

Luckily, the open source community knows how to respond to such predatory behavior.

✨ Apps and Projects Highlights

AliasVault can be a refuge from your escape from Bitwarden, seeing how they have been pulling off some major moves quietly.

📽️ Videos for You

If you use top to monitor processes in Linux, you ought to know some of its lesser-known commands.

💡 Quick Handy Tip

If you are on a GNOME setup, then you can enable certain user interface settings on the Resources app to display important usage and hardware-related details in the sidebar at all times.

Go into the "Preferences" menu via the hamburger button (looks like three lines), then under the "General" tab, look for these options and enable them:

• Show Usage Details in Sidebar
• Show Device Descriptions in Sidebar

Suggested Read 📖: Mission Center vs. Resources

🎋 Fun in the FOSSverse

There have been many instances of the open source community striking back at projects that locked down. We have a puzzle that will test your knowledge of such occurrences.

Can you help this Arch user? 🤣

🗓️ Tech Trivia: On June 7, 1954, Alan Turing, the mathematician who conceived the theoretical blueprint for modern computers and helped crack Enigma cipher at Bletchley Park, reportedly took his own life at age 41.

His work helped shorten World War II and laid the foundation for every computer running today.

🧑‍🤝‍🧑 From the Community: A newcomer is asking which web browsers his fellow FOSSers are using. Care to contribute?

The LF AI & Data Foundation has announced the formation of the DocLang Specification Working Group, kicking off a collaborative effort to build an open, AI-native document format standard.

The working group operates under the Joint Development Foundation's vendor-neutral governance model, ensuring that no single company controls the roadmap.

The founding members are IBM, NVIDIA, Red Hat, ABBYY, and HumanSignal. Though, the spec documentation also credits Forgis as a founding member, but the announcement didn't mention them.

By the way, DocLang is not the only thing in play here. Combining its open document format specification with Docling, IBM's open source document processing toolkit also under LF AI & Data, the initiative is looking to build a more complete open source document AI stack under one roof.

Together, the two cover the full pipeline from document ingestion and parsing through standardized representation and downstream consumption by language models and agentic AI systems.

As for the specification itself, it is already at v0.6, is available under the Apache 2.0 License, and covers document structure and semantics, geometric layout, pagination, and complex components like tables, charts, formulas, and code blocks.

There's also native support for audio, image, and video content, and governance metadata like privacy flags and model training constraints are embedded directly in the document rather than stored in a separate file.

Who is it for?

The primary target is enterprises running generative AI and agentic workflows on large document sets. Formats like PDF, DOCX, and JPEG were designed for human consumption, not machine interpretation.

When such files are fed into AI pipelines, their reading order gets mangled, tables flatten into plain text, and figures disappear entirely. The result is a scenario where the document quality becomes the bottleneck, not the model itself.

DocLang is meant to fix that by giving pipelines a single, unambiguous representation where the same document always produces the same output regardless of which tool processed it.

It is also relevant to anyone building with LLMs and vision-language models on real-world content. Docling and ABBYY FineReader Engine already support DocLang output natively, so existing pipelines can adopt the standard without overhauling their tooling.

You can go through the specification for DocLang on GitHub.

Suggested Read 📖: Open Standards for What AI Actually Costs

We are used to seeing systemd as the default init on most Linux distributions, but not everyone is a fan.

Some users and developers take issue with its broad scope, preferring init systems that do one thing and do it well rather than one that reaches into session management, logging, device handling, and more.

To escape it, people often find refuge in systemd-free distributions that feature a diverse selection of init systems.

While we are yet to see a widespread trend where mainstream distros ditch systemd, smaller projects have the flexibility to do so, with the decision usually being made only after discussing such a major change with the community.

KaOS, the independent distro built around Qt, has successfully embarked on its move away from systemd, introducing the first release candidate (RC) for what will be the next chapter in its developmental cycle.

Their motivation boils down to upstream changes that left the team in a tight spot. Systemd 254 dropped support for its split /usr setup, later versions killed AUFS compatibility, and KDE Plasma's increasing systemd dependency made things worse.

In the end, switching init systems became the only real option for the project. 🤷

KaOS' Dinit Image Debuts

The KaOS Dinit 2026.06 RC image ships with a new startup stack where Dinit takes over as the init system and service manager, Turnstile handles session and login tracking, and seatd takes care of seat management. Together, these cover what systemd previously handled as a single unit.

Just so you understand what the fuss is about, Dinit (source code) is a lightweight, open source service manager that can also act as a system init. It handles starting services in parallel, respects dependencies between them, and is designed to work with other system components rather than replace them fully.

It already powers Chimera Linux and eweOS as the default init and is one of the init options available on Artix Linux and antiX.

That said, KaOS is not going fully systemd-free with this release. Systemd's udev and tmpfiles stay in place for now, and elogind is still present. The devs plan to keep these components around for the forseeable future.

What else does the ISO offer?

For the display manager, SDDM has been ditched in favor of greetd with tuigreet, which is said to integrate better with the new seatd-based session setup. The Calamares installer has also been updated to run cleanly on a pure Wayland session, with fixes applied to QML modules that had lost text input capability in areas like the user creation screen.

Likewise, Limine is now the default bootloader, with other UEFI options remaining available through the installer, and for partitioning, the automated setup in Calamares now covers most popular filesystems.

There's also a new welcome utility, Croeso, which walks new users through around 15 common post-install settings after installation. And for the sound backend, phonon-mpv is now the default, replacing the previous VLC-based one.

Try the RC

This is a release candidate, not a stable release. Rough edges are expected, so it is best treated as a testing build rather than something for everyday use. The ISO is available for download from the KaOS RC portal via mirrors hosted across regions like France, U.S., and Japan.

Moreover, existing non-Dinit ISOs are still around and will be for sometime. The KaOS developers have not confirmed when or if these will be phased out.

Proton Drive (partner link) is getting a lot of love these days. We recently covered the encryption upgrades and the Linux desktop client that's in the works. Now Proton has added something the terminal dwellers will find useful; an official Command-Line Interface (CLI) for Drive, available on Linux, macOS, and Windows.

The CLI is built on the Proton Drive SDK, the same foundation that powers the official desktop and mobile apps. It runs as a single binary on the various platforms and carries the same end-to-end encryption capabilities as Drive.

Here's a look at what it can do and how you can get it running on Linux.

What does it offer?

The CLI lets you handle the usual file management tasks from your terminal. You can upload, download, and browse files; manage the trash folder; and even oversee content sharing and invitations.

Results come out in plain text by default, and passing --json makes the output machine-readable for scripting.

Do note that it does not have a built-in continuous sync engine like the existing desktop clients do. That said, you should get similar behavior by scheduling it with cron or a systemd timer on Linux, so it is not as limited as it first sounds.

If you are the kind of person who would rather write a shell script than reach for a mouse, this will make Proton Drive (partner link) a natural part of your existing workflow rather than something that needs to be launched from the app launcher.

This is how you get it on Linux

I tested these instructions on a Fedora Workstation 44 system, and everything went smoothly.

First, you have to download the relevant CLI binary for your platform from the downloads index. I went with linux/x64 as I am on an x86 setup.

Now, open a terminal in the directory where you saved it and make the file executable:

chmod +x proton-drive

Verify the build:

./proton-drive version

Sign in through your browser:

./proton-drive auth login

Your session is stored securely via libsecret, so no password is ever passed on to the command line. Following that, you can run ./proton-drive help for getting the full command list or add --help to any command for its available flags.

If you prefer building from source, then the instructions and the source can be found on GitHub.

Suggested Read 📖: Microsoft Just Brought Linux Commands to Windows

Other than its well-known lineup of office suites, ONLYOFFICE has been consistently building up its collaborative platform, DocSpace, since 2023. It sits in the same space as Google Workspace and Microsoft 365, targeting teams that want a self-hostable, format-compatible alternative.

Things got a bit complicated recently when Nextcloud and IONOS forked ONLYOFFICE into Euro-Office, a "Made in Europe" alternative aimed at organizations with data sovereignty requirements. ONLYOFFICE pushed back, accusing the fork of violating the additional conditions attached to its AGPLv3 license.

When ONLYOFFICE Docs 9.4 arrived shortly after, it came with a licensing update that tightened the language around attribution, copyright notices, and trademark rights, which felt very much like a direct response to that dispute.

Now, DocSpace 3.7 is here with its own licensing update along the same lines, and it brings expanded AI provider support, a reworked form filling experience, and several room management improvements on top of that.

🆕 ONLYOFFICE DocSpace 3.7: What's New?

The editors on this release are the same ones from the Docs 9.4 release, getting you niceties like horizontal lines in documents, a Dark Document mode for spreadsheets, 25 new slide themes, 20 new slide transitions, and a dedicated Chart Design tab.

Then there's the form filling rooms, which have received comprehensive upgrades that let you create and edit PDF forms directly inside a room rather than having to upload a finished form from external sources.

A new Start filling mode, accessible from the editor toolbar or the file context menu, puts the form into filling mode for everyone in the room, making it easier to collect responses from multiple people at once.

Related to that change, the form filler role now keeps the form hidden from the room list until filling mode is active, at which point responses get gathered into a spreadsheet automatically.

Additionally, you can refresh that file on demand with the new "Sync responses to XLSX" option, and there is now also support for routing responses to a third-party external database if you have one connected.

DocSpace 3.7 similarly goes big on upgrading its existing AI functionality. You can now generate DOCX files, PDF forms, and PPTX presentations directly from the AI agent chat and open them immediately for editing.

Accompanying them are three new AI providers, DeepSeek, xAI, and Google AI. This brings the total to seven, joining the existing roster of Anthropic, OpenAI, OpenRouter, and Together AI options, along with any custom providers you configure.

Beyond that, you can set a default provider and model that gets auto-selected whenever you spin up a new agent, and the provider configured in DocSpace also syncs automatically to the editors.

You can also upload images into the AI chat for adding more context to your queries, and an extended thinking display shows up for more complex queries. Those who would rather keep AI out of their workspace entirely can now toggle it off across DocSpace and the editors without losing chat history.

The toggle resides at:

Settings > Customization > General > AI Services Management

The rest of the update covers a good spread of smaller but useful changes, including the ability to group rooms with tags, bulk-delete multiple rooms at once, and replace default document templates via settings.

Admins also get a couple of new access controls, with options to prohibit external link creation and set limits on how many users can join via an invite link and for how long.

📥 Get it Now

This release is available via a dedicated portal for users who are okay with ONLYOFFICE taking care of the infrastructure. Those who prefer a more hands-on approach can wait a bit and self-host the community edition of DocSpace 3.7 when it is made available.

The source code for all of that can be found on GitHub.

Suggested Read 📖: Tuta Joins The Euro-Office Umbrella

digiKam 9.1 open-source professional photo manager is now available for download with support for Pixel motion photos, timezone support with registered item time-stamps, and more. Here’s what’s new!

The post digiKam 9.1 Photo Manager Released with Support for Pixel Motion Photos appeared first on 9to5Linux - do not reproduce this article without permission. This RSS feed is intended for readers, not scrapers.

Euro-Office launches its stable 1.0 release on June 9, billed as a ‘truly open’ sovereign alternative to Microsoft Office – a claim riling The Document Foundation, makers of LibreOffice. In an open letter published today, TDF’s Italo Vignoli takes issue with the upstart productivity suite’s pitch. He disputes Euro-Office’s marketing, which he says positions it as the first open-source office suite developed in Europe. It’s historically inaccurate as OpenOffice.org got there in 2001, followed by LibreOffice from 2010. But he calls out another issue. The European Union is making a big push for digital sovereignty, cutting down on how much […]

You're reading LibreOffice slams Euro-Office as ‘de facto ally’ of Microsoft, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

VideoLAN formerly announced the dav2d project as an open-source, cross-platform, and free AV2 decoder focused on speed and correctness, based on the popular dav1d decoder.

The post VideoLAN Announces dav2d as an Open-Source and Super Fast AV2 Decoder appeared first on 9to5Linux - do not reproduce this article without permission. This RSS feed is intended for readers, not scrapers.

Collabora is a UK-based company that builds open source office suite solutions based on LibreOffice. These are designed to run both on a browser and locally, integrating directly into an organization's infrastructure.

Their flagship offering is Collabora Online (COOL), the paid, enterprise-grade version that ships with support agreements, long-term maintenance, and thoroughly tested updates.

Complementing that is Collabora Office, a desktop app for Linux, Windows, and macOS that mirrors the same interface. However, there's a third edition called Collabora Online Development Edition (CODE) that runs the same codebase as COOL but gets new features first and doesn't cost a dime.

It has now received a new release that delivers a range of upgrades, including some AI ones that are quite interesting.

A Packed Release

Calc gets AI integration aimed at data analysis and formula debugging. A floating indicator now appears on cells with errors, opening a quick menu to inspect and fix the issue in place.

Per-user sheet views are another useful addition for teams, where each person working on a shared spreadsheet can now set up their own filters and column or row arrangements without touching anyone else's view.

Similarly, pivot tables now support calculated values, so you can build calculated columns from existing spreadsheet data, and table styles arrive with preset themes covering light, medium, dark, and custom options.

A batch of new functions is also included; they are CHOOSECOLS, CHOOSEROWS, DROP, EXPAND, HSTACK, TAKE, TEXTAFTER, TEXTBEFORE, TEXTSPLIT, TOCOL, TOROW, VSTACK, WRAPCOLS, and WRAPROWS.

AI assistance is now available in Writer as well, helping with text suggestions, rewrites, and general writing tasks without leaving the document. Document comparison receives an overhaul too.

You can now bring up an older version of a file, either from the server or a local copy, and see exactly what changed. Insertions, deletions, moved text, images, and tables are all marked up with color-coded indicators showing who made each change and when.

The comparison can be viewed side by side or through the tracked changes panel.

The editor also handles conflicting changes more gracefully. When one change overlaps with or depends on another, accepting or rejecting it no longer risks wrecking the surrounding content.

Combined with reinstate improvements, going back and forth through a review cycle is a lot less tedious than it used to be.

Before I forget, markdown files can now be imported into Writer and exported back out. This can be helpful for anyone whose work crosses between a traditional document editor and a text-based or developer-oriented workflow.

No surprises here, but Impress gets some AI powers too! It can assist with early research and slide preparation, helping summarize information and turn dense content into something that works better on a slide deck.

A new follow-me presentation mode lets viewers sync to the presenter's current slide automatically. Someone who missed an earlier point can pause, go back to review it, and rejoin the live session without interrupting the presenter.

The present to all feature works like a buff to the above, allowing the presenter to kick off the slideshow for all viewers at once rather than waiting for everyone to manually start it themselves.

Presentations can now mix slides of different sizes within the same file, and ODP files gain section support, allowing longer decks to be organized into grouped sections with overview pages.

Interoperability with Microsoft's OOXML family of file formats continues to improve in this release. Collabora has been running a validation effort across 200,000+ documents, spreadsheets, and presentations, working toward zero conversion errors when files move between Collabora and Microsoft Office.

This release also introduces significant accessibility improvements, with screen readers now able to properly detect color pickers, line style selectors, numbering options, bullet choosers, and special character dialogs.

Form controls across interface elements in Writer, Calc, and Impress now carry correct labels that assistive technology can read aloud, and keyboard-only navigation is now more consistent across toolbars, sidebars, and panels.

All of that has earned Collabora a BITV 2.0 (in Deutsche) certification from the German accessibility regulator.

Try CODE 26.04

Don't let the warning note earlier fool you, though. While this is a fast-moving class of document editors, Collabora thinks it is ideal for home users, small teams, and early adopters.

If you want to try it without setting anything up, Collabora offers a live hosted demo. Sign up with an email address, and you get access to both the Collabora Online and Collabora Office Classic demos.

For self-hosting, CODE is available as a Docker image for x86-64, ppc64, and arm64 hosts, and as native .deb and .rpm packages for Linux. The CODE portal has full setup instructions, including reverse proxy configuration for Apache and Nginx, and SSL setup via Let's Encrypt.

Suggested Read 📖: TDF and Collabora Feud

There are ways to transfer files over the internet. Twenty years ago, it was FTP for technically advanced people and emails for lazy people. (And Torrents for legally challenged people),

Then came Dropbox and other cloud services and things have moved in that direction.

But sharing large files through cloud services has its own quirks. Most services either have strict size limits, require account creation, or quietly store your data on their servers even when encryption is involved.

This is where Cheezy Pizza comes in.

What does Cheezy Pizza do?

CheezyPizza is an open source, browser-based file transfer app that uses WebRTC to transfer files directly between two browsers.

This means there is no server in the middle, no login, no installation required. Just open the site, share a link, and the transfer happens peer to peer.

It is actually a fork of FilePizza, which is a pretty solid tool but has its limitations. Like large files would fail, and there is no way to pause or resume a transfer if something goes wrong.

This is the reason why Jeevan forked it into Cheezy Pizza and started adding the features he needed.

Here's what Cheezy Pizza does differently than File Pizza:

• Large file support: It works reliably for files larger than 10 GB. However, some browsers may restrict this.
• Pause and resume feature: Interrupted transfers pick up from the last byte, with progress saved via OPFS or IndexedDB. It happens on the downloader side only.
• Flow control: High/low watermarks on the WebRTC data channel prevent fast senders from overwhelming the receiver.
• SHA-256 verification: files are checked before being written to disk.

Project repo mentions that all WebRTC communications are encrypted using DTLS.

The project is being actively developed, with more features planned.

You can try it at cheezypizza.in or check out the source code in the repository.

Testing Cheezy Pizza

The idea is simple. You upload the file to the Cheesy Pizza web interface. You can password protect the file, if you want.

And then you get links, short and full URLs, both can be used. There is also a QR code generated for ease.

I uploaded Omarchy ISO file of around 7 GB and shared it with my teammate Sreenath, who is a few thousand kilometers (or miles) away from me. When he started the download, I could see the status changed to file transfer as my file was now being uploaded.

Initially, the file transfer was in a few KBps but soon it the speed increased into few hundred KBps, and then it peaked at around 7 MBps, I think. It took 2-3 minutes to reach the max speed.

On the downloader side, the browser shows a notification about persistent data storage.

It also shows that the downloader can close the tab and resume the transfer later.

To test the pause resume feature, Sreenath closed his browser a few times and opened the link again. CheezyPizza correctly recognized the the file was being downloaded earlier.

At the other end, it showed me, the uploader, several interrupted transfers.

Password protect the transfer

By the way, the file transfer can be password protected, too. Just add a password while initializing the file upload and share the password with the downloader.

Uploader need to stay online

When I, as the uploader, closed the browser tab, things were lost and it could not be resumed.

Worth a bite?

Many large file transfer (and cloud storage) services store data on their servers, even if it is encrypted. If you want a peer-to-peer alternative, Cheezy Pizza is worth trying.

FilePizza does the same job, of course, but Cheezy Pizza adds a few extra toppings to that -- and no, it's not pineapple.

The pause and resume feature is a nice touch, but if the uploader closes the tab, everything falls apart and that is a problem.

I am not sure whether Cheezy Pizza supports self-hosting, but there is a Docker mention in the README and since it is web-based, self-hosting should be possible.

By the way, if you want to share files between devices on the same network, a local file transfer tool like LocalSend works well for that.

Would you use a service like Cheezy Pizza for large file transfers over the internet? Share your thoughts in the comments.

People who dabble in 3D printing know that Bambu Lab makes some of the most capable consumer 3D printers on the market right now. And no, this is not sugarcoating it; the hardware is genuinely good, catering to tinkerers at varying price points.

The software, though, is like a slow-burning wound for anyone who values owning what they buy. Things have been downhill for some time now, and it started back in January 2025, when the company announced a new authorization and authentication system for its X1 Series printers.

Some Lore Info

They pitched it as a security update, with the change requiring Bambu Lab authorization for basic printer operations, locking out third-party tools in the process even in the offline LAN mode.

The backlash was severe enough that Bambu had to walk back parts of the announcement, add an FAQ, and introduce a "Developer Mode" as a compromise. The damage to trust, however, was already done.

By June 2025, the same authorization system had rolled out to the P and A series as well, cutting off third-party software from working with Bambu printers by default.

More recently, they went after an open source developer who had built a fork of OrcaSlicer that restored direct communication with Bambu printers by studying the publicly available Bambu Studio source code.

He had not touched any proprietary library, yet Bambu Lab threatened him with a cease-and-desist, which led to the project being taken down. The Software Freedom Conservancy later confirmed this was a violation of the AGPLv3 license that governs Bambu Studio and its upstream projects.

This is where open source alternatives like Bambuddy come in. The tinkerer community has made it clear that locking down hardware people paid for tends to produce exactly this kind of response.

Bambuddy: Overview ⭐

Bambuddy is a self-hosted, open source print management system for Bambu Lab printers, built by a developer known as Martin (maziggy). It runs in Docker, sits on your local network, and gives you a full web-based dashboard to manage your printer.

It offers you things like real-time monitoring, print management, file archiving, scheduling, and a lot more, all running locally on hardware you already own, whether that is a pricy Raspberry Pi 5, a NAS, or any other Linux-capable machine.

Bambuddy also has a print queue with drag-and-drop reordering and time-based scheduling, so you can line up overnight jobs or off-peak prints without having to babysit the machine.

For anyone running multiple printers, it supports dispatching to a fleet with automatic load balancing based on which machine is idle and has the right filament loaded.

Remote printing is handled through Proxy Mode, which lets your slicer talk to your printer from anywhere in the world without port forwarding or touching Bambu's infrastructure. Traffic is forwarded securely with full end-to-end TLS, and there is built-in Tailscale awareness if you already run a private mesh network.

Not only that, but it also supports a wide range of Bambu Lab printers, including the X1 Carbon, X1E, P1P, P1S, P2S, A1, A1 Mini, and the newer H2D, H2D Pro, H2C, H2S, and X2D.

For people who want to cut desktop slicers out of the loop entirely, there is an optional sidecar that runs OrcaSlicer or Bambu Studio headlessly in Docker. With this, you get a Slice button directly in the Bambuddy interface, multi-plate support, per-AMS filament matching, and the finished file drops straight into the queue when it is done.

Get Bambuddy

The source code for Bambuddy can be found on GitHub, licensed under AGPLv3. Installation guides, setup walkthroughs, and feature documentation are all on the official wiki.

You can also check out the Bambuddy website for a live demo and a full feature overview before committing to a self-hosted setup on your homelab.

Passwords are one of those things everyone knows they should handle better but rarely do. The bare minimum is not reusing them across sites, and beyond that, you really want a password manager doing the heavy lifting for you.

If you have been looking for options, you have probably come across Proton Pass (partner link) and Bitwarden as two of the more popular cloud-powered choices. For local hosting, something like KeePassXC lets you keep everything on your own machine without any cloud dependency at all.

But I recently came across something a bit different. It is web-based, fully open source, works completely outside any ecosystem, and does a fair bit more than just storing passwords. And you can self-host it as well. So let me tell you about it.

AliasVault: One Vault for Everything

Offered as an open source, end-to-end encrypted password and email alias manager, AliasVault lets you store passwords and create new aliases for use on the web.

The latter works like this. Instead of using your real name and email address everywhere, you generate a unique identity, password, and email alias for each service you sign up to.

If one of those services ever leaks your data or starts spamming you, you know exactly where it came from, and you can just kill that alias.

Operated under XIVISOFT, this is the work of Leendert de Borst, a software developer from the Netherlands who has been building privacy-focused tools since 2013. The project itself is licensed under AGPL-3.0, and the source is available on GitHub.

The cloud version runs on dedicated servers in Germany (Hetzner), within the EU, making it GDPR-compliant. There is also a full self-hosting path via Docker if you would rather keep everything on your own infrastructure.

Initial configuration

Getting started with AliasVault on the cloud version means heading over to app.aliasvault.net and creating a new vault.

The first thing I noticed is that it does not ask for an email address at signup. You just pick a username, anything you want, and that's all the identifying information it collects.

Before you get to the vault itself, you are asked to agree to the terms and conditions. This is pretty standard for any web service, though the terms here are straightforward and not particularly alarming.

The short version is that you cannot use AliasVault for illegal purposes, you are responsible for keeping your account secure, and the project itself is not liable if you lose your master password and your data becomes inaccessible.

Once past that, you set your master password, and AliasVault shows a strength indicator right there during setup. A strong password is not optional here given the zero-knowledge architecture and the sensitive nature of the contents; lose it and the vault contents are gone for good.

If you are coming from another password manager, the empty vault screen immediately displays an import button. AliasVault can pull in credentials from 1Password, Bitwarden, Chrome, Dashlane, Firefox, KeePass, KeePassXC, Proton Pass, and Strongbox.

Adding new logins

Clicking on the "+ New" button will give you multiple options to add a new entry for Login, Alias, Card, and Note. During my use, I mostly stuck to the Login entry, using it to add new credentials to the vault.

The interface presented here is easy to get used to. You enter the username, add the password, enter the website URL, and click on "Save Item" to get an item added to the vault.

You can even generate passwords, and from the left-hand side menu or at the bottom of the item entry, you can add more content to a vault item, such as email addresses, notes, a two-factor authentication secret, file attachments, or a custom field.

Just click on the plus button to get going.

Keeping things organized is straightforward too. Creating a folder takes about three seconds. Click "+ New Folder", type a name, and hit "Create". Moving an existing login into a folder is done through the item's edit screen, where a Select Folder dropdown lists all your folders.

What is missing, though, is anything resembling bulk management. There is no drag and drop to move items into folders, no batch select to reorganize a bunch of credentials at once, and no multi-select for bulk deletion.

If you are migrating a large existing vault and want to sort everything into folders, you are doing it one item at a time.

The search functionality does make navigating a crowded vault easier, at least. The search bar at the top of the interface queries across your entire vault in real time, pulling up matching items as you type, with icons shown.

Creating an alias

This is where AliasVault separates itself from a regular password manager. Switching to the Alias tab in the "+ New" panel lets you create a fictional identity tied to a service, not just a username and password.

You give it a name and a website URL, hit Create, and AliasVault generates the whole package. A unique email address at the @aliasvault.net domain, a username, a strong password, and a fictitious identity complete with a first name, last name, gender, and birth date.

All of it is ready to use at signup for whatever service you are creating the alias for.

Any emails that land on that alias address show up directly on the item's page inside the vault. I tested this with Facebook, and it worked well enough, getting multiple emails, including the OTP needed to confirm the signup.

The only wrinkle was Facebook asking me to verify the account with a live selfie. ☠️

Another thing to keep in mind is that the built-in email server is currently receive-only.

You cannot reply to or forward emails from your alias addresses on the cloud version. It is a deliberate limitation for now, listed on the roadmap as a future paid feature, so if two-way alias email is something you need, that is worth factoring in.

The browser extension

AliasVault also has browser extensions available for Chrome, Firefox, Edge, Safari, and Brave. I tested it on Vivaldi using the Chrome extension, and the experience was clean.

Logging in connects directly to aliasvault.net, and you get a "Log in using Mobile App" option here as you do on the web app if you would rather not type your master password. I didn't test this one, but it should work well.

Once inside, the extension mirrors the web app fairly closely.

You get your full vault list with website icons, folder filters, a search bar, and a "+" button to add new items without leaving the browser. The Emails tab also works here, so you can check alias inbox activity without switching to the web app.

It even shows relevant saved credentials automatically when you land on a website you have a login stored for.

The Settings tab also has a few things worth knowing about. You can switch the vault unlock method between your master password and a PIN code, with the PIN falling back to the master password after three failed attempts.

There is also an auto-lock timeout you can configure, ranging from 15 seconds all the way up to 24 hours, or never if that is your preference. Clipboard behavior is configurable too. Copied sensitive data is cleared automatically after 10 seconds by default, with options to change that to 5, 15, or never.

Closing words

AliasVault is one of those tools that makes you wonder why no one put these two things together sooner. A password manager that also handles email aliasing is something that Proton Pass does, but there are some limits involved.

While it is still in beta and missing a few things like bulk credential management and reply support for aliases, nothing about the current state feels rough or half-baked. If privacy matters to you and you have been running a password manager and a separate alias service side by side, this is worth a serious look.

Suggested Read 📖: Bitwarden vs. Proton Pass

Flatpak 1.18 Linux application sandboxing and distribution framework is now available for download. This is a major release that brings several new features and improvements.

The post Flatpak 1.18 Linux App Sandboxing and Distribution Framework Officially Released appeared first on 9to5Linux - do not reproduce this article without permission. This RSS feed is intended for readers, not scrapers.