On May 27, Adam Williamson of the Fedora QA team sent a message to contributor Nathan Giovannini, CC'ing the project's devel and test mailing lists so everyone could see what had been going on.

Adam had been combing through Nathan's Bugzilla history and found what he described as the work of "some kind of agentic AI system," operating unsupervised across both Fedora's bug tracker and several upstream projects.

Soon after, Nathan replied, saying his credentials had been compromised and that he had nothing to do with any of it.

Skynet, is that you?

The agent had been mass-reassigning Bugzilla reports to Nathan's account, despite him not being the maintainer for any of the affected packages. In Fedora's Bugzilla instance, the assignee is supposed to be whoever can actually resolve the bug downstream, typically the package maintainer.

It had also been prematurely closing bugs, where the correct protocol was to mark a bug as POST when a fix was proposed upstream but wasn't pushed downstream. The agent was just closing them outright after submitting or merging an upstream patch.

Then there were the NOTABUG closures. The agent had been shutting bugs in components it had no ownership over, with comments Adam identified as clearly LLM-generated. Some of those comments just restated what the original reporter had already written. Others sounded plausible but were wrong.

The fourth problem was the most serious. The agent submitted an incorrect fix to the Anaconda installer project, and when a maintainer pushed back, it kept firing back LLM-generated responses until the maintainer gave in and merged it.

The Anaconda team reverted the PR, but two related pull requests had already shipped in Anaconda 45.5.

A supply chain problem?

This is not a particularly sophisticated attack.

A contributor account gets compromised, an AI agent runs through it, and bad code ends up in a release before anyone notices. The damage in this case was caught and cleaned up, but the scenario itself is not hard to replicate.

Fedora approved a policy on AI-assisted contributions last year, placing full accountability on the human contributor and requiring transparency when AI tools are involved. Submitting unreviewed, low-quality machine-generated content is explicitly called out as unacceptable.

What played out here was the policy's failure conditions, except it was routed through a stolen account rather than a contributor acting in bad faith, so the policy had no way to apply.

Open source software sits underneath nearly all modern enterprise infrastructure, which is what makes the supply chain angle worth taking very seriously.

IBM and Red Hat announced Project Lightwell in late May as a $5 billion effort to secure open source supply chains using AI tooling and a team of over 20,000 engineers. It targets vulnerability remediation across upstream and enterprise environments, from language ecosystems to AI frameworks.

However, it does not address the specific problem of agentic AI operating through hijacked contributor accounts, but it reflects where the industry is moving towards as AI keeps accelerating both the discovery and exploitation of vulnerabilities.

Fedora's 2FA problem isn't going away

The incident kicked off a debate on the devel list that has apparently been sitting unresolved since the XZ backdoor in 2024.

Daniel Berrangé, a Red Hat engineer and long-time Fedora contributor, pointed out that mandatory 2FA had come up after that incident; the only outcome was a soft recommendation that provenpackagers should have it enabled, and nothing has moved since.

Fabio Valentini raised a separate issue saying that a lot of this activity happened on Bugzilla, which uses its own account system and may not support 2FA at all. Daniel acknowledged that but said it was not a reason to avoid mandating it for the Fedora Accounts (FAS), and noted Bugzilla may become less relevant if Fedora eventually moves to the issue tracker on Fedora Forge.

Michael Catanzaro, a GNOME developer, said he uses 2FA everywhere except Fedora, even though his Fedora account is among his most sensitive. The sticking point in his case is that Kerberos ticket renewal isn't working properly with 2FA in GNOME Online Accounts.

In the end, seeing that a compromised account got bad code into their repos, the Fedora folks ought to step up their efforts when it comes to mandating 2FA for contributors whose work affects many users.

If you have been keeping an eye on the display server situation on Linux, you know where things are headed. Wayland is taking over as distros are dropping X11 sessions one by one.

So naturally, someone went ahead and built a brand new X11 server from scratch. Developer Jos Dehaes recently went public with yserver, a new MIT-licensed X11 display server written entirely in Rust.

Now, this will either impress you or make you shout "Clanker!" but this project was built with significant help from Claude Code, Anthropic's AI coding agent. The repo has both a CLAUDE.md and an AGENTS.md file in plain sight, making this a proper vibe-coded project.

What is it?

Well, yserver isn't aiming to clone X.Org, rather it is meant to be a practical X11 server for modern Linux that focuses on what real desktop environments and applications actually need today.

Everything that has accumulated over decades and serves no purpose in today's computing environment has been dropped. That includes the DDX driver ABI, multiple X11 screen support, non-TrueColor legacy visuals, indirect GLX, and endian-swapped clients.

Under the hood, yserver drives hardware directly through DRM/KMS and Vulkan, skipping the usual middleware layers that sit between the display server and the GPU. This means a more direct path to the hardware with fewer moving parts sitting in the middle.

According to the project's documentation, yserver uses libseat for seat management, which ensures it can run without root and the core is deliberately single-threaded, resulting in predictable protocol behavior.

What can it do?

Currently, yserver can already boot into MATE, Xfce, and Cinnamon sessions, and it has also been tested with window managers like FVWM3, e16, and Window Maker. FreeBSD support is on the roadmap, but work on it has not started yet.

Hardware coverage is wider than you might expect. In testing, Jos has covered AMD Ryzen and Radeon setups, Intel Kaby Lake iGPU, NVIDIA with the proprietary driver, Snapdragon X1, and Apple M1 and M2 on Asahi Linux.

These were all tested on MATE, Xfce, and Cinnamon configurations, btw.

The obvious question

Major players in the Linux space like Ubuntu dropped the X11 session in 25.10, Fedora has done away with X11 on its flagship Workstation desktop edition, and KDE has already announced Plasma 6.8 will drop X11 support entirely.

So who is yserver for, exactly? Well, there is still a distinct group of users stuck on X11, whether because of legacy desktop environments, specific hardware setups, or workflows that just have not made the jump yet.

And the project itself is very early. There is one primary contributor, and the security model is incomplete, with the design documentation clearly stating that clients can currently read other clients' windows and global input.

Heck, even the name is a placeholder. 😅

So, yserver won't be replacing Wayland or X11 on your computer anytime soon, but it is a nice project to know about, and it also shows us how prevalent vibe coding has become, whether you like it or not.

Via: Phoronix

It's FOSS turns 14 tomorrow. Incidentally, my son turns 1 tomorrow as well. Two milestones the same day call for celebration, right?

But there is something important that I wanted to share with you and it relates to the future of It's FOSS.

The thing is that Google Search is gone. Not broken but gone. What replaces it is an AI that reads the web, summarizes it, and hands you the answer directly. No links. No clicks. No visits to the sites that actually wrote the content.

This is not a minor update. This is a structural shift in how the internet works.

For the past two decades, a quiet but fair deal powered the open web: you search, you click, we earn a little from ads, and we use that to keep writing. That deal is over. Google now takes our content, serves the answer, and the publisher gets nothing. Not even a visit.

Since the launch of ChatGPT, It's FOSS has already lost 80% of its Google search traffic. And it's alarming now.

I built It's FOSS because I love Linux and open-source software. Not to get rich. I built it because I wanted a place where people could learn Linux for free, stay informed, and feel part of a community that actually cares about what open-source software means. For years, that worked. Ad revenue kept the lights on. We kept creating informational content that helped Linux users all around the world.

That model is now broken, and no tweak to our content strategy will fix it. This is not an algorithm we can optimize around.

The big publishers will survive this. They have corporate backing, licensing deals, and investors to absorb the losses. We don't. What we have is you.

If It's FOSS has ever helped you, fixed a problem, taught you something new, saved you a frustrating hour, this is the moment to return the favor. You want us to continue for 14 more years, right?

Becoming a Plus member keeps this alive:

• The newsletter you're reading right now
• The tutorials, guides, and news on It's FOSS
• A small, independent voice in a world where content is increasingly written by non-humans for non-humans

To mark 14 years of It's FOSS (and my son's first birthday), I'm offering $30 off the lifetime membership this week. This one-time payment also solidifies the trust you have in It's FOSS and keeps us going in the age of AI slop.

Not in a position to subscribe? A one-time donation helps too. Every contribution, whatever the size, is a vote for keeping It's FOSS alive, keeping the open web alive.

I've spent years writing about open source because I believe software freedom matters, using a free operating system matters. I still do. But this freedom also needs people willing to sustain the communities that talk about it.

I'm asking you to be one of those people.

📰 News That Matter

Proton has given us some back-to-back updates. There's an encryption overhaul that makes uploads up to 3x faster and downloads up to 2x faster, thanks to a cryptography rewrite. News on how a native GUI client for Linux is in the works, and an official CLI offering for Drive that works on Linux, Windows, and macOS.

A lot has landed in the DocSpace 3.7 release. You get AI-generated files, DeepSeek, xAI and Google AI support, a complete rework of form filling rooms that now handle PDF creation, room tagging, bulk deletion, and new admin controls.

Similarly, Collabora have introduced CODE 26.04, possibly their biggest release yet. It includes AI assistance across all three editors, a reworked document comparison tool in Writer, per-user sheet views in Calc, 14 new spreadsheet functions, and a follow-me presentation mode in Impress. Yeah... AI everywhere.

You know what else is everywhere? systemd. Well... almost. KaOS has decided to distance itself from systemd and opted for dinit instead.

🧠 What We’re Thinking About

ProtonMail is a solid Gmail alternative for privacy-conscious users, but the absence of canned responses is still a daily pain point for me.

🧮 Linux Tips, Tutorials, and Learnings

Man pages are famously dense, but they're also the most accurate and complete documentation Linux has.

Need to send a large file without uploading it to someone else's server first? CheezyPizza does it browser to browser over WebRTC, with no account, no size cap, and no middleman.

Not open source software but Melia is a new Linux desktop email client that takes privacy seriously in ways most clients don't bother with. Tracking pixels are neutralized, incoming emails are verified against SPF, DKIM, and DMARC, and senders whose display names don't match their addresses get flagged automatically.

If you find Linux Mint running slowly, try disabling animations and window effects. It may improve the performance a yiny bit and tiny bits help when you are struggling with performance.

On the contrary, if you have decent hardware, you can add eye candy to Linux Mint by adding more desktop effects.

👷 AI, Homelab and Hardware Corner

Bambu Lab has been on a path to vendor lock-in, and even after outcry from the community over some of its recent moves, they don't seem to be learning anything.

Luckily, the open source community knows how to respond to such predatory behavior.

✨ Apps and Projects Highlights

AliasVault can be a refuge from your escape from Bitwarden, seeing how they have been pulling off some major moves quietly.

📽️ Videos for You

If you use top to monitor processes in Linux, you ought to know some of its lesser-known commands.

💡 Quick Handy Tip

If you are on a GNOME setup, then you can enable certain user interface settings on the Resources app to display important usage and hardware-related details in the sidebar at all times.

Go into the "Preferences" menu via the hamburger button (looks like three lines), then under the "General" tab, look for these options and enable them:

• Show Usage Details in Sidebar
• Show Device Descriptions in Sidebar

Suggested Read 📖: Mission Center vs. Resources

🎋 Fun in the FOSSverse

There have been many instances of the open source community striking back at projects that locked down. We have a puzzle that will test your knowledge of such occurrences.

Can you help this Arch user? 🤣

🗓️ Tech Trivia: On June 7, 1954, Alan Turing, the mathematician who conceived the theoretical blueprint for modern computers and helped crack Enigma cipher at Bletchley Park, reportedly took his own life at age 41.

His work helped shorten World War II and laid the foundation for every computer running today.

🧑‍🤝‍🧑 From the Community: A newcomer is asking which web browsers his fellow FOSSers are using. Care to contribute?

The LF AI & Data Foundation has announced the formation of the DocLang Specification Working Group, kicking off a collaborative effort to build an open, AI-native document format standard.

The working group operates under the Joint Development Foundation's vendor-neutral governance model, ensuring that no single company controls the roadmap.

The founding members are IBM, NVIDIA, Red Hat, ABBYY, and HumanSignal. Though, the spec documentation also credits Forgis as a founding member, but the announcement didn't mention them.

By the way, DocLang is not the only thing in play here. Combining its open document format specification with Docling, IBM's open source document processing toolkit also under LF AI & Data, the initiative is looking to build a more complete open source document AI stack under one roof.

Together, the two cover the full pipeline from document ingestion and parsing through standardized representation and downstream consumption by language models and agentic AI systems.

As for the specification itself, it is already at v0.6, is available under the Apache 2.0 License, and covers document structure and semantics, geometric layout, pagination, and complex components like tables, charts, formulas, and code blocks.

There's also native support for audio, image, and video content, and governance metadata like privacy flags and model training constraints are embedded directly in the document rather than stored in a separate file.

Who is it for?

The primary target is enterprises running generative AI and agentic workflows on large document sets. Formats like PDF, DOCX, and JPEG were designed for human consumption, not machine interpretation.

When such files are fed into AI pipelines, their reading order gets mangled, tables flatten into plain text, and figures disappear entirely. The result is a scenario where the document quality becomes the bottleneck, not the model itself.

DocLang is meant to fix that by giving pipelines a single, unambiguous representation where the same document always produces the same output regardless of which tool processed it.

It is also relevant to anyone building with LLMs and vision-language models on real-world content. Docling and ABBYY FineReader Engine already support DocLang output natively, so existing pipelines can adopt the standard without overhauling their tooling.

You can go through the specification for DocLang on GitHub.

Suggested Read 📖: Open Standards for What AI Actually Costs

We are used to seeing systemd as the default init on most Linux distributions, but not everyone is a fan.

Some users and developers take issue with its broad scope, preferring init systems that do one thing and do it well rather than one that reaches into session management, logging, device handling, and more.

To escape it, people often find refuge in systemd-free distributions that feature a diverse selection of init systems.

While we are yet to see a widespread trend where mainstream distros ditch systemd, smaller projects have the flexibility to do so, with the decision usually being made only after discussing such a major change with the community.

KaOS, the independent distro built around Qt, has successfully embarked on its move away from systemd, introducing the first release candidate (RC) for what will be the next chapter in its developmental cycle.

Their motivation boils down to upstream changes that left the team in a tight spot. Systemd 254 dropped support for its split /usr setup, later versions killed AUFS compatibility, and KDE Plasma's increasing systemd dependency made things worse.

In the end, switching init systems became the only real option for the project. 🤷

KaOS' Dinit Image Debuts

The KaOS Dinit 2026.06 RC image ships with a new startup stack where Dinit takes over as the init system and service manager, Turnstile handles session and login tracking, and seatd takes care of seat management. Together, these cover what systemd previously handled as a single unit.

Just so you understand what the fuss is about, Dinit (source code) is a lightweight, open source service manager that can also act as a system init. It handles starting services in parallel, respects dependencies between them, and is designed to work with other system components rather than replace them fully.

It already powers Chimera Linux and eweOS as the default init and is one of the init options available on Artix Linux and antiX.

That said, KaOS is not going fully systemd-free with this release. Systemd's udev and tmpfiles stay in place for now, and elogind is still present. The devs plan to keep these components around for the forseeable future.

What else does the ISO offer?

For the display manager, SDDM has been ditched in favor of greetd with tuigreet, which is said to integrate better with the new seatd-based session setup. The Calamares installer has also been updated to run cleanly on a pure Wayland session, with fixes applied to QML modules that had lost text input capability in areas like the user creation screen.

Likewise, Limine is now the default bootloader, with other UEFI options remaining available through the installer, and for partitioning, the automated setup in Calamares now covers most popular filesystems.

There's also a new welcome utility, Croeso, which walks new users through around 15 common post-install settings after installation. And for the sound backend, phonon-mpv is now the default, replacing the previous VLC-based one.

Try the RC

This is a release candidate, not a stable release. Rough edges are expected, so it is best treated as a testing build rather than something for everyday use. The ISO is available for download from the KaOS RC portal via mirrors hosted across regions like France, U.S., and Japan.

Moreover, existing non-Dinit ISOs are still around and will be for sometime. The KaOS developers have not confirmed when or if these will be phased out.

Proton Drive (partner link) is getting a lot of love these days. We recently covered the encryption upgrades and the Linux desktop client that's in the works. Now Proton has added something the terminal dwellers will find useful; an official Command-Line Interface (CLI) for Drive, available on Linux, macOS, and Windows.

The CLI is built on the Proton Drive SDK, the same foundation that powers the official desktop and mobile apps. It runs as a single binary on the various platforms and carries the same end-to-end encryption capabilities as Drive.

Here's a look at what it can do and how you can get it running on Linux.

What does it offer?

The CLI lets you handle the usual file management tasks from your terminal. You can upload, download, and browse files; manage the trash folder; and even oversee content sharing and invitations.

Results come out in plain text by default, and passing --json makes the output machine-readable for scripting.

Do note that it does not have a built-in continuous sync engine like the existing desktop clients do. That said, you should get similar behavior by scheduling it with cron or a systemd timer on Linux, so it is not as limited as it first sounds.

If you are the kind of person who would rather write a shell script than reach for a mouse, this will make Proton Drive (partner link) a natural part of your existing workflow rather than something that needs to be launched from the app launcher.

This is how you get it on Linux

I tested these instructions on a Fedora Workstation 44 system, and everything went smoothly.

First, you have to download the relevant CLI binary for your platform from the downloads index. I went with linux/x64 as I am on an x86 setup.

Now, open a terminal in the directory where you saved it and make the file executable:

chmod +x proton-drive

Verify the build:

./proton-drive version

Sign in through your browser:

./proton-drive auth login

Your session is stored securely via libsecret, so no password is ever passed on to the command line. Following that, you can run ./proton-drive help for getting the full command list or add --help to any command for its available flags.

If you prefer building from source, then the instructions and the source can be found on GitHub.

Suggested Read 📖: Microsoft Just Brought Linux Commands to Windows

Other than its well-known lineup of office suites, ONLYOFFICE has been consistently building up its collaborative platform, DocSpace, since 2023. It sits in the same space as Google Workspace and Microsoft 365, targeting teams that want a self-hostable, format-compatible alternative.

Things got a bit complicated recently when Nextcloud and IONOS forked ONLYOFFICE into Euro-Office, a "Made in Europe" alternative aimed at organizations with data sovereignty requirements. ONLYOFFICE pushed back, accusing the fork of violating the additional conditions attached to its AGPLv3 license.

When ONLYOFFICE Docs 9.4 arrived shortly after, it came with a licensing update that tightened the language around attribution, copyright notices, and trademark rights, which felt very much like a direct response to that dispute.

Now, DocSpace 3.7 is here with its own licensing update along the same lines, and it brings expanded AI provider support, a reworked form filling experience, and several room management improvements on top of that.

🆕 ONLYOFFICE DocSpace 3.7: What's New?

The editors on this release are the same ones from the Docs 9.4 release, getting you niceties like horizontal lines in documents, a Dark Document mode for spreadsheets, 25 new slide themes, 20 new slide transitions, and a dedicated Chart Design tab.

Then there's the form filling rooms, which have received comprehensive upgrades that let you create and edit PDF forms directly inside a room rather than having to upload a finished form from external sources.

A new Start filling mode, accessible from the editor toolbar or the file context menu, puts the form into filling mode for everyone in the room, making it easier to collect responses from multiple people at once.

Related to that change, the form filler role now keeps the form hidden from the room list until filling mode is active, at which point responses get gathered into a spreadsheet automatically.

Additionally, you can refresh that file on demand with the new "Sync responses to XLSX" option, and there is now also support for routing responses to a third-party external database if you have one connected.

DocSpace 3.7 similarly goes big on upgrading its existing AI functionality. You can now generate DOCX files, PDF forms, and PPTX presentations directly from the AI agent chat and open them immediately for editing.

Accompanying them are three new AI providers, DeepSeek, xAI, and Google AI. This brings the total to seven, joining the existing roster of Anthropic, OpenAI, OpenRouter, and Together AI options, along with any custom providers you configure.

Beyond that, you can set a default provider and model that gets auto-selected whenever you spin up a new agent, and the provider configured in DocSpace also syncs automatically to the editors.

You can also upload images into the AI chat for adding more context to your queries, and an extended thinking display shows up for more complex queries. Those who would rather keep AI out of their workspace entirely can now toggle it off across DocSpace and the editors without losing chat history.

The toggle resides at:

Settings > Customization > General > AI Services Management

The rest of the update covers a good spread of smaller but useful changes, including the ability to group rooms with tags, bulk-delete multiple rooms at once, and replace default document templates via settings.

Admins also get a couple of new access controls, with options to prohibit external link creation and set limits on how many users can join via an invite link and for how long.

📥 Get it Now

This release is available via a dedicated portal for users who are okay with ONLYOFFICE taking care of the infrastructure. Those who prefer a more hands-on approach can wait a bit and self-host the community edition of DocSpace 3.7 when it is made available.

The source code for all of that can be found on GitHub.

Suggested Read 📖: Tuta Joins The Euro-Office Umbrella

Collabora is a UK-based company that builds open source office suite solutions based on LibreOffice. These are designed to run both on a browser and locally, integrating directly into an organization's infrastructure.

Their flagship offering is Collabora Online (COOL), the paid, enterprise-grade version that ships with support agreements, long-term maintenance, and thoroughly tested updates.

Complementing that is Collabora Office, a desktop app for Linux, Windows, and macOS that mirrors the same interface. However, there's a third edition called Collabora Online Development Edition (CODE) that runs the same codebase as COOL but gets new features first and doesn't cost a dime.

It has now received a new release that delivers a range of upgrades, including some AI ones that are quite interesting.

A Packed Release

Calc gets AI integration aimed at data analysis and formula debugging. A floating indicator now appears on cells with errors, opening a quick menu to inspect and fix the issue in place.

Per-user sheet views are another useful addition for teams, where each person working on a shared spreadsheet can now set up their own filters and column or row arrangements without touching anyone else's view.

Similarly, pivot tables now support calculated values, so you can build calculated columns from existing spreadsheet data, and table styles arrive with preset themes covering light, medium, dark, and custom options.

A batch of new functions is also included; they are CHOOSECOLS, CHOOSEROWS, DROP, EXPAND, HSTACK, TAKE, TEXTAFTER, TEXTBEFORE, TEXTSPLIT, TOCOL, TOROW, VSTACK, WRAPCOLS, and WRAPROWS.

AI assistance is now available in Writer as well, helping with text suggestions, rewrites, and general writing tasks without leaving the document. Document comparison receives an overhaul too.

You can now bring up an older version of a file, either from the server or a local copy, and see exactly what changed. Insertions, deletions, moved text, images, and tables are all marked up with color-coded indicators showing who made each change and when.

The comparison can be viewed side by side or through the tracked changes panel.

The editor also handles conflicting changes more gracefully. When one change overlaps with or depends on another, accepting or rejecting it no longer risks wrecking the surrounding content.

Combined with reinstate improvements, going back and forth through a review cycle is a lot less tedious than it used to be.

Before I forget, markdown files can now be imported into Writer and exported back out. This can be helpful for anyone whose work crosses between a traditional document editor and a text-based or developer-oriented workflow.

No surprises here, but Impress gets some AI powers too! It can assist with early research and slide preparation, helping summarize information and turn dense content into something that works better on a slide deck.

A new follow-me presentation mode lets viewers sync to the presenter's current slide automatically. Someone who missed an earlier point can pause, go back to review it, and rejoin the live session without interrupting the presenter.

The present to all feature works like a buff to the above, allowing the presenter to kick off the slideshow for all viewers at once rather than waiting for everyone to manually start it themselves.

Presentations can now mix slides of different sizes within the same file, and ODP files gain section support, allowing longer decks to be organized into grouped sections with overview pages.

Interoperability with Microsoft's OOXML family of file formats continues to improve in this release. Collabora has been running a validation effort across 200,000+ documents, spreadsheets, and presentations, working toward zero conversion errors when files move between Collabora and Microsoft Office.

This release also introduces significant accessibility improvements, with screen readers now able to properly detect color pickers, line style selectors, numbering options, bullet choosers, and special character dialogs.

Form controls across interface elements in Writer, Calc, and Impress now carry correct labels that assistive technology can read aloud, and keyboard-only navigation is now more consistent across toolbars, sidebars, and panels.

All of that has earned Collabora a BITV 2.0 (in Deutsche) certification from the German accessibility regulator.

Try CODE 26.04

Don't let the warning note earlier fool you, though. While this is a fast-moving class of document editors, Collabora thinks it is ideal for home users, small teams, and early adopters.

If you want to try it without setting anything up, Collabora offers a live hosted demo. Sign up with an email address, and you get access to both the Collabora Online and Collabora Office Classic demos.

For self-hosting, CODE is available as a Docker image for x86-64, ppc64, and arm64 hosts, and as native .deb and .rpm packages for Linux. The CODE portal has full setup instructions, including reverse proxy configuration for Apache and Nginx, and SSL setup via Let's Encrypt.

Suggested Read 📖: TDF and Collabora Feud

There are ways to transfer files over the internet. Twenty years ago, it was FTP for technically advanced people and emails for lazy people. (And Torrents for legally challenged people),

Then came Dropbox and other cloud services and things have moved in that direction.

But sharing large files through cloud services has its own quirks. Most services either have strict size limits, require account creation, or quietly store your data on their servers even when encryption is involved.

This is where Cheezy Pizza comes in.

What does Cheezy Pizza do?

CheezyPizza is an open source, browser-based file transfer app that uses WebRTC to transfer files directly between two browsers.

This means there is no server in the middle, no login, no installation required. Just open the site, share a link, and the transfer happens peer to peer.

It is actually a fork of FilePizza, which is a pretty solid tool but has its limitations. Like large files would fail, and there is no way to pause or resume a transfer if something goes wrong.

This is the reason why Jeevan forked it into Cheezy Pizza and started adding the features he needed.

Here's what Cheezy Pizza does differently than File Pizza:

• Large file support: It works reliably for files larger than 10 GB. However, some browsers may restrict this.
• Pause and resume feature: Interrupted transfers pick up from the last byte, with progress saved via OPFS or IndexedDB. It happens on the downloader side only.
• Flow control: High/low watermarks on the WebRTC data channel prevent fast senders from overwhelming the receiver.
• SHA-256 verification: files are checked before being written to disk.

Project repo mentions that all WebRTC communications are encrypted using DTLS.

The project is being actively developed, with more features planned.

You can try it at cheezypizza.in or check out the source code in the repository.

Testing Cheezy Pizza

The idea is simple. You upload the file to the Cheesy Pizza web interface. You can password protect the file, if you want.

And then you get links, short and full URLs, both can be used. There is also a QR code generated for ease.

I uploaded Omarchy ISO file of around 7 GB and shared it with my teammate Sreenath, who is a few thousand kilometers (or miles) away from me. When he started the download, I could see the status changed to file transfer as my file was now being uploaded.

Initially, the file transfer was in a few KBps but soon it the speed increased into few hundred KBps, and then it peaked at around 7 MBps, I think. It took 2-3 minutes to reach the max speed.

On the downloader side, the browser shows a notification about persistent data storage.

It also shows that the downloader can close the tab and resume the transfer later.

To test the pause resume feature, Sreenath closed his browser a few times and opened the link again. CheezyPizza correctly recognized the the file was being downloaded earlier.

At the other end, it showed me, the uploader, several interrupted transfers.

Password protect the transfer

By the way, the file transfer can be password protected, too. Just add a password while initializing the file upload and share the password with the downloader.

Uploader need to stay online

When I, as the uploader, closed the browser tab, things were lost and it could not be resumed.

Worth a bite?

Many large file transfer (and cloud storage) services store data on their servers, even if it is encrypted. If you want a peer-to-peer alternative, Cheezy Pizza is worth trying.

FilePizza does the same job, of course, but Cheezy Pizza adds a few extra toppings to that -- and no, it's not pineapple.

The pause and resume feature is a nice touch, but if the uploader closes the tab, everything falls apart and that is a problem.

I am not sure whether Cheezy Pizza supports self-hosting, but there is a Docker mention in the README and since it is web-based, self-hosting should be possible.

By the way, if you want to share files between devices on the same network, a local file transfer tool like LocalSend works well for that.

Would you use a service like Cheezy Pizza for large file transfers over the internet? Share your thoughts in the comments.

People who dabble in 3D printing know that Bambu Lab makes some of the most capable consumer 3D printers on the market right now. And no, this is not sugarcoating it; the hardware is genuinely good, catering to tinkerers at varying price points.

The software, though, is like a slow-burning wound for anyone who values owning what they buy. Things have been downhill for some time now, and it started back in January 2025, when the company announced a new authorization and authentication system for its X1 Series printers.

Some Lore Info

They pitched it as a security update, with the change requiring Bambu Lab authorization for basic printer operations, locking out third-party tools in the process even in the offline LAN mode.

The backlash was severe enough that Bambu had to walk back parts of the announcement, add an FAQ, and introduce a "Developer Mode" as a compromise. The damage to trust, however, was already done.

By June 2025, the same authorization system had rolled out to the P and A series as well, cutting off third-party software from working with Bambu printers by default.

More recently, they went after an open source developer who had built a fork of OrcaSlicer that restored direct communication with Bambu printers by studying the publicly available Bambu Studio source code.

He had not touched any proprietary library, yet Bambu Lab threatened him with a cease-and-desist, which led to the project being taken down. The Software Freedom Conservancy later confirmed this was a violation of the AGPLv3 license that governs Bambu Studio and its upstream projects.

This is where open source alternatives like Bambuddy come in. The tinkerer community has made it clear that locking down hardware people paid for tends to produce exactly this kind of response.

Bambuddy: Overview ⭐

Bambuddy is a self-hosted, open source print management system for Bambu Lab printers, built by a developer known as Martin (maziggy). It runs in Docker, sits on your local network, and gives you a full web-based dashboard to manage your printer.

It offers you things like real-time monitoring, print management, file archiving, scheduling, and a lot more, all running locally on hardware you already own, whether that is a pricy Raspberry Pi 5, a NAS, or any other Linux-capable machine.

Bambuddy also has a print queue with drag-and-drop reordering and time-based scheduling, so you can line up overnight jobs or off-peak prints without having to babysit the machine.

For anyone running multiple printers, it supports dispatching to a fleet with automatic load balancing based on which machine is idle and has the right filament loaded.

Remote printing is handled through Proxy Mode, which lets your slicer talk to your printer from anywhere in the world without port forwarding or touching Bambu's infrastructure. Traffic is forwarded securely with full end-to-end TLS, and there is built-in Tailscale awareness if you already run a private mesh network.

Not only that, but it also supports a wide range of Bambu Lab printers, including the X1 Carbon, X1E, P1P, P1S, P2S, A1, A1 Mini, and the newer H2D, H2D Pro, H2C, H2S, and X2D.

For people who want to cut desktop slicers out of the loop entirely, there is an optional sidecar that runs OrcaSlicer or Bambu Studio headlessly in Docker. With this, you get a Slice button directly in the Bambuddy interface, multi-plate support, per-AMS filament matching, and the finished file drops straight into the queue when it is done.

Get Bambuddy

The source code for Bambuddy can be found on GitHub, licensed under AGPLv3. Installation guides, setup walkthroughs, and feature documentation are all on the official wiki.

You can also check out the Bambuddy website for a live demo and a full feature overview before committing to a self-hosted setup on your homelab.

Passwords are one of those things everyone knows they should handle better but rarely do. The bare minimum is not reusing them across sites, and beyond that, you really want a password manager doing the heavy lifting for you.

If you have been looking for options, you have probably come across Proton Pass (partner link) and Bitwarden as two of the more popular cloud-powered choices. For local hosting, something like KeePassXC lets you keep everything on your own machine without any cloud dependency at all.

But I recently came across something a bit different. It is web-based, fully open source, works completely outside any ecosystem, and does a fair bit more than just storing passwords. And you can self-host it as well. So let me tell you about it.

AliasVault: One Vault for Everything

Offered as an open source, end-to-end encrypted password and email alias manager, AliasVault lets you store passwords and create new aliases for use on the web.

The latter works like this. Instead of using your real name and email address everywhere, you generate a unique identity, password, and email alias for each service you sign up to.

If one of those services ever leaks your data or starts spamming you, you know exactly where it came from, and you can just kill that alias.

Operated under XIVISOFT, this is the work of Leendert de Borst, a software developer from the Netherlands who has been building privacy-focused tools since 2013. The project itself is licensed under AGPL-3.0, and the source is available on GitHub.

The cloud version runs on dedicated servers in Germany (Hetzner), within the EU, making it GDPR-compliant. There is also a full self-hosting path via Docker if you would rather keep everything on your own infrastructure.

Initial configuration

Getting started with AliasVault on the cloud version means heading over to app.aliasvault.net and creating a new vault.

The first thing I noticed is that it does not ask for an email address at signup. You just pick a username, anything you want, and that's all the identifying information it collects.

Before you get to the vault itself, you are asked to agree to the terms and conditions. This is pretty standard for any web service, though the terms here are straightforward and not particularly alarming.

The short version is that you cannot use AliasVault for illegal purposes, you are responsible for keeping your account secure, and the project itself is not liable if you lose your master password and your data becomes inaccessible.

Once past that, you set your master password, and AliasVault shows a strength indicator right there during setup. A strong password is not optional here given the zero-knowledge architecture and the sensitive nature of the contents; lose it and the vault contents are gone for good.

If you are coming from another password manager, the empty vault screen immediately displays an import button. AliasVault can pull in credentials from 1Password, Bitwarden, Chrome, Dashlane, Firefox, KeePass, KeePassXC, Proton Pass, and Strongbox.

Adding new logins

Clicking on the "+ New" button will give you multiple options to add a new entry for Login, Alias, Card, and Note. During my use, I mostly stuck to the Login entry, using it to add new credentials to the vault.

The interface presented here is easy to get used to. You enter the username, add the password, enter the website URL, and click on "Save Item" to get an item added to the vault.

You can even generate passwords, and from the left-hand side menu or at the bottom of the item entry, you can add more content to a vault item, such as email addresses, notes, a two-factor authentication secret, file attachments, or a custom field.

Just click on the plus button to get going.

Keeping things organized is straightforward too. Creating a folder takes about three seconds. Click "+ New Folder", type a name, and hit "Create". Moving an existing login into a folder is done through the item's edit screen, where a Select Folder dropdown lists all your folders.

What is missing, though, is anything resembling bulk management. There is no drag and drop to move items into folders, no batch select to reorganize a bunch of credentials at once, and no multi-select for bulk deletion.

If you are migrating a large existing vault and want to sort everything into folders, you are doing it one item at a time.

The search functionality does make navigating a crowded vault easier, at least. The search bar at the top of the interface queries across your entire vault in real time, pulling up matching items as you type, with icons shown.

Creating an alias

This is where AliasVault separates itself from a regular password manager. Switching to the Alias tab in the "+ New" panel lets you create a fictional identity tied to a service, not just a username and password.

You give it a name and a website URL, hit Create, and AliasVault generates the whole package. A unique email address at the @aliasvault.net domain, a username, a strong password, and a fictitious identity complete with a first name, last name, gender, and birth date.

All of it is ready to use at signup for whatever service you are creating the alias for.

Any emails that land on that alias address show up directly on the item's page inside the vault. I tested this with Facebook, and it worked well enough, getting multiple emails, including the OTP needed to confirm the signup.

The only wrinkle was Facebook asking me to verify the account with a live selfie. ☠️

Another thing to keep in mind is that the built-in email server is currently receive-only.

You cannot reply to or forward emails from your alias addresses on the cloud version. It is a deliberate limitation for now, listed on the roadmap as a future paid feature, so if two-way alias email is something you need, that is worth factoring in.

The browser extension

AliasVault also has browser extensions available for Chrome, Firefox, Edge, Safari, and Brave. I tested it on Vivaldi using the Chrome extension, and the experience was clean.

Logging in connects directly to aliasvault.net, and you get a "Log in using Mobile App" option here as you do on the web app if you would rather not type your master password. I didn't test this one, but it should work well.

Once inside, the extension mirrors the web app fairly closely.

You get your full vault list with website icons, folder filters, a search bar, and a "+" button to add new items without leaving the browser. The Emails tab also works here, so you can check alias inbox activity without switching to the web app.

It even shows relevant saved credentials automatically when you land on a website you have a login stored for.

The Settings tab also has a few things worth knowing about. You can switch the vault unlock method between your master password and a PIN code, with the PIN falling back to the master password after three failed attempts.

There is also an auto-lock timeout you can configure, ranging from 15 seconds all the way up to 24 hours, or never if that is your preference. Clipboard behavior is configurable too. Copied sensitive data is cleared automatically after 10 seconds by default, with options to change that to 5, 15, or never.

Closing words

AliasVault is one of those tools that makes you wonder why no one put these two things together sooner. A password manager that also handles email aliasing is something that Proton Pass does, but there are some limits involved.

While it is still in beta and missing a few things like bulk credential management and reply support for aliases, nothing about the current state feels rough or half-baked. If privacy matters to you and you have been running a password manager and a separate alias service side by side, this is worth a serious look.

Suggested Read 📖: Bitwarden vs. Proton Pass

Every once in a while, a project comes that is very adamantly heavy on its principles and it is always a breath of fresh air in a world where corporate greed forms the basis of all the services we use.

This time it is for a service that is extremely basic and essential, e-mail.

There are a few email clients for desktop Linux already. Thunderbird, Evolution, Geary, to name a few.

I am not saying that they are not good but there is always scope for improvement and new features. And Melia does just that. It brings some additional features, a privacy enthusiast will appreciate.

What Makes Melia Different?

Let's see what makes Melia so special.

Local and offline

All e-mails on the application are stored locally in a SQLite database, which means you don't have to run around with your internet connection, waiting for your data to sync. Even the credentials are stored in the OS keyring (where your OS account passwords are stored), which makes it as safe as it gets from online cyber attacks.

Supports 32+ services

There are 32 pre-programmed presets for most of the common e-mail providers such as Gmail, Outlook, Yahoo, Protonmail, iCould and so on. You need to ensure the allowance of an SMTP connection from the plan that you have on your particular service, however.

Contact management

If you are particular about managing the contacts, Melia builds the address book automatically from sent and received emails. You can edit it and organize it as you want. It also helps with instant autocomplete when composing a mail. You also get stats on each contact.

Rules for a more organized inbox

Get statements from your bank, boring but good to keep for the future? Create a rule and send it automatically to a folder. Your inbox remains clean, and the emails are preserved.

There are many more ways to use the rules and organize the inbox on Melia.

Proper HTML email rendering

HTML-based emails are everywhere, and they need to be displayed the same way they are intended to. Melia uses Shadow DOM isolation, intelligent dark mode transformation, and post-render quality audits to display your favorite newsletters, like FOSS Weekly, beautifully.

Search across accounts

There's a unified full-text search that can find anything across all the accounts that you've added to the client at blazing fast speeds (especially considering all the e-mails are available offline).

Privacy and Security Take Center Stage

There are some really great security features, solving some issues, which I admit didn't even know were issues. The entire focus is on security with verifiable zero telemetry, and privacy instead of analytics, such as:

Tracking pixels neutralized

Some services use tracking pixels to mark e-mails as read back to the sender. The tracking pixels are thus neutralized on Melia, preventing a great deal of invasive telemetry.

Automatic suspicious sender flagging

The senders whose names don't match with the ones assigned to the address are automatically flagged, preventing a lot of scam/spam e-mails that one might receive.

Message authentication

All e-mails received are authenticated against SPF, DKIM, and DMARC to ensure nothing falls through the cracks.

One-click unsubscribe

The worst part of being spammed by a service is getting unrequited e-mails all day annoyingly. Good news is that you an unsubscribe them with just one click, making the whole process much easier.

There are still more minor features, all of which you can check out here.

Transparency You Don’t Usually Get in Email Clients

Apart from the privacy features, Melia prides itself on the transparency it provides to the users. What contributes to that? I'm glad you asked:

Trust center

There's an inbuilt Trust Center, which allows users to block or restrict the activities of the senders, giving you the option to block out e-mail addresses or entire domains, with a full activity log and statistics of all changes made to block or trust any sender.

Connection monitor

The Connection Monitor feature that shows exactly what server the information is coming from or going to in real time, making it as clear as possible that Melia only talks to the servers.

A Simple, Familiar Interface

Melia is built on Electron, which means the interface will translate consistently to any distribution you might want to use. Some will scoff at Electron but it does provide a rather beautiful graphical interface, in my opinion.

They have a full explanation as to why they chose Electron despite the bad rep it gets, and their answer is satisfactory considering it works well, safe, and "claims to keep the RAM usage within 250MB".

The interface itself is slick and simple. There are 2 vertical panels: account list and categories, list of e-mails on the selected category, and the e-mail itself. There's a possible fourth panel if you open the Connection Monitor.

It comes with two inbuilt themes, dark and light, and both are easy on the eyes. Theme can be switched manually or automatically based on your system theme. There are several buttons on top to easily access some of the features, like creating a new e-mail, search, contacts, Connection Monitor, Trust Center and settings. Speaking of which, the settings provide some very simple options, such as:

• Theme, and list density
• Import/export options
• Font settings
• Sync settings (default being every 5 minutes)
• Sound notification settings (you can set a custom one for new mails, opening the app, deletion, etc.)
• Licensing and updates

There's an easy to access sync button right on top of the accounts list on the left panel. There are also two toggle switches on the bottom panel, for sound and theme.

My Experience Setting Up Melia

Initially, I ran into some issues setting up Melia.

Two of my accounts, Google and Protonmail, were being difficult to set up. Then I realized the errors I was making.

First, that Gmail requires 2-step-authentication for it to be set up on Melia, so after doing that, there wasn't an issue.

As for Protonmail, however, using it on an external client isn't a feature available on the free tier, which made it not possible for me to sync up.

So just make sure you read the instructions when setting up accounts; they're usually pretty clear and tell you exactly what to do.

Installing Melia on Linux

Since Melia claims to be an e-mail client for Linux, it offers several choices of packages. So, you have Deb package, AppImage, Snap and Flatpak. You won't find it in the distribution's repository because the software is not open source.

While Debian and Ubuntu users have the deb package option, rest of the distros can choose among AppImage, Flatpak and Snap.

Final Thoughts: Is Melia Worth Trying?

Melia makes several claims and backs all of them up well. It is secure, transparent, easy on the eyes, and very simple to use. The functions all work very stably, primarily including writing and reading e-mails.

It is definitely worth a shot if you want to give it a trial shot with just one account, and then you can decide for yourself if it is worth the $10 to add your other accounts as well.

I would have been much more happier if it was open source. It's one of the classic cases where software seems so much like open source but is not actually.

What do you think of Melia? Let us know in the comments.

I use ProtonMail for all official communication related to It's FOSS. Around 2020, I took their Visionary plan and switched from Google Workspace for the @itsfoss.com emails.

The bundled offer of email, VPN, calendar, drive and password manager is a good ecosystem in its own. I am happy with their offering and continuous feature additions and improvements. Well, for the most part,

One thing that I am still missing after all these years is the canned response feature.

The lack of saved replies

If you have ever used Gmail, you probably would have heard of the 'canned response' feature.

The idea is simple and it solves a major problem for people who get emails that often need similar replies. A canned response lets you save template responses. It lets you insert the template response in the email. Here, you can quickly modify it and hit the send button.

Without this feature, I have the usual responses saved in my knowledge base. I have to open that, go to the appropriate response section, copy it and then paste it in Proton Mail, modify the message if needed and then hit the send button.

This could have been fine if it was a once-a-day activity. But if I have to do it multiple times a day, I surely lose time in it. This is especially frustrating because I am aware of the existence of the canned response feature.

It's like being forced to use the mouse when you know the same thing can be quickly done through keyboard shortcuts easily and quickly.

I give you an example. I receive multiple press releases and software coverage requests a day. Often, the reply is similar, with only a little modification needed. Imagine if I could compose the repetitive reply in 2-3 clicks:

I think this feature is more than ten years old and is available for free to all Gmail users. I don't see a reason why ProtonMail cannot offer it.

There are a few more things that can help us ProtonMail users save some time

In Gmail, if you are replying to an email and type Hi its predictive text feature already suggests the responder's name. It does save a few keystrokes.

Now that is Google but I am sure ProtonMail can work on providing a similar feature without intrusing our privacy.

How come? Well, Proton does provide a deep search option where messages are downloaded to the system and then you can search through email content. By default, you can only search through the email subject and sender. This way, the Proton server doesn't see your messages and yet you can do a full search.

Perhaps something on that line to make our lives more convenient? I don't know how technically challenging it could be, that's why it's just a suggestion.

Another convenient feature would be to make their AI integration more useful. ProtonMail has integrated its (private) Lumo AI but I don't find it helpful.

Perhaps it can be utilized to provide predective text? If not that, at least it can be used to compose replies to emails?

For now, it provides a few options: Write for me, proofread, shorten, expand and a couple of options on changing the tone of the message.

The Write for me feature needs full prompts on what to write. If it could read the reply, locally in the browser, and suggest a response, that would be good. Basically, a "compose a reply" option here.

I know, not everyone is a fan of AI and many find it repulsive but if Proton has to become a real private alternative to Google Workspace, it has to offer the cutting edge tools and features. And AI is the hottest buzzword that can raise a shoe company's stocks 800% in a single day.

Come on, good people at Proton. Give us lazy users the boon of template response 😄

During your journey around the world of Linux, you might've come across riced-up builds that look and feel like something out of a sci-fi novel. And if you wondered, why can't I have this on my system?, then you wouldn't be alone.

Many of those builds have something like Niri or Hyprland sitting on top of a Linux distribution that plays nice with such heavy customization. But setting those up is a bit of work, and not everyone might be up for it.

That is where pre-configured distros and scripts like Garuda Linux, Omarchy, ArchRiot, etc. come into the picture. With this article, we will be taking a look at Dank Linux, a desktop shell suite that can transform your system into a slick Hyprland one.

Dank Linux: Hyprland Premium?

Okay, that might be a bit overstated, but using Dank Linux will make you feel that.

Here, you don't need to pay extra for Hyprperks, and instead, you get a tailored Hyprland desktop experience powered by DankMaterialShell (dms), which is a desktop shell built with Quickshell and Go.

It brings panels, a notification center, a lock screen, an app launcher, media controls, and automatic wallpaper-based color theming into one package.

Currently at v1.4.6 "Saffron Bloom", the MIT-licensed project is actively developed, with the installer supporting Arch Linux (incl. derivatives), Fedora (incl. derivatives), Ubuntu, Debian, openSUSE, and Gentoo (requires systemd), with both x86_64 and ARM64 hardware covered.

Installation was okay

After setting up a minimal Arch Linux virtual machine, I ran the cURL script to get Dank Linux installed. The installer asked me to configure a few preferences, like the privilege escalation tool (I went with sudo), the compositor, and the terminal emulator.

I initially picked Niri as the compositor, but after installation, the session would hang on startup due to some bug. I tried a few fixes, but none worked, so I reran the installer and switched to Hyprland with Kitty as the terminal.

After entering my password and letting the installation finish, rebooting left me at a TTY login screen. The system didn't automatically boot into Hyprland, so I had to run the following command to get into the Dank Linux session:

hyprland

The desktop experience was lovely

Once in, you will notice that the installation is quite minimal, with only a limited set of applications shipped out of the box.

To get close to my usual Linux workstation setup, I had to separately install Firefox for browsing, LibreOffice for documents, Nemo as a GUI file manager, and VLC for audio and video playback.

Launching them was easy via the application launcher, with the top bar showing the active window title, a clock, a calendar, weather info, system resource usage, battery status, network connectivity, and quick access to notifications and settings.

Window tiling works cleanly, with windows snapping into a neat layout without any fussing around from my side. That said, the settings menu is where things get interesting in terms of customization.

You can pick a Material Design color theme, let the shell pull one automatically from your wallpaper, or set a custom one. Font changes apply across the shell from the 'Typography & Motion' section, and you can enable a dock if a top bar is not your thing.

The top bar itself is configurable, and you can even swap out the app launcher logo. Similarly, the quick access options are reorderable, so you can arrange them to match how you actually work.

Though this last one was a bit wonky during my testing, refusing to slot the buttons where I wanted them to.

Audio and video playback worked without any issues. I pulled up a YouTube video in Firefox, and it played back smoothly, with no tearing or stuttering worth noting given this was running inside a virtual machine.

What made it nicer was the 'Media' panel sitting in the top bar. It picks up whatever is playing and shows the title, the source, and a progress bar, along with buttons to skip, pause, or resume playback.

For documents, I grabbed a sample ODT file and opened it in LibreOffice Writer. Formatting text, rearranging content, and saving the file all worked as expected. Nothing surprising there.

Plus, it was good to see that the Wayland clipboard and app integration was working well during edit sessions.

The workspace switcher is another area where Dank Linux does well. You get 10 workspaces out of the box, and the switcher gives you a view of what is open across each one.

From the settings menu, you can choose what the workspace switcher indicator shows, whether that's workspace names, running app icons, or both, along with tweaking the overall appearance and enabling reverse scrolling direction.

Small stuff, but having all of that in a GUI menu rather than being buried in a config file can make a real difference in day-to-day use.

Get Started

On a supported distribution, you simply need to run the following cURL script to get Dank Linux:

curl -fsSL https://install.danklinux.com | sh

Though I highly suggest you go through the instructions for dankinstall to prepare your base system properly before making the switch.

If you have been following Proton Drive this year, you know the pace of development has picked up. The developers have been busy rolling out a shared SDK across all their clients, and each update has introduced major improvements.

This week's update is the biggest one yet.

Two things have landed at once. Proton pushed a cryptography overhaul that makes file encryption a lot faster and quietly confirmed that a native Linux client is now in development.

A faster Drive experience

According to Proton's testing, uploads are now up to 3x faster across platforms, and downloads are up to 2x faster.

Everyday tasks like Android photo backup and macOS file sync finish quicker, and the Photos section has been cleaned up too, with faster album loading and smoother timeline scrolling even in large libraries.

All of this is a result of Proton pulling together the work from their Mac, Windows, iOS, Android, and web teams into one integrated engine. Whereas earlier, every platform was running its own separate implementation, which meant development efforts were scattered across the board.

Now they all run on the same codebase, which means improvements roll out everywhere at the same time rather than platform by platform.

Encryption got a serious upgrade

Proton Drive has used OpenPGP to encrypt file contents since day one. The latest update moves to a newer version of that, and the key change here is that encryption now makes full use of the device's hardware.

The numbers shared by Proton make the difference clearly apparent. On mobile, a 4MB file that used to take 97ms to encrypt now takes 32ms. On desktop-class hardware, the same job goes from 12ms down to 3ms.

In practical terms, this means encrypting an HD video on your phone dropped from about 90 seconds to around 30, and on a desktop the same goes from around 12 seconds to 3.

Existing users are urged to update their clients to take advantage of these improvements.

Linux users, rejoice! 🎉

The most interesting bit of info in the SDK announcement is very easy to miss. Proton has confirmed that they are currently building a native Drive client for Linux, which is being put together from scratch using the SDK.

Earlier this year, the January SDK update had briefly mentioned a Linux client as something on the roadmap. This week's post is a step past that, with them confirming it is now in active development.

For years, many of you have been vocal about the lack of a native Proton Drive app on Linux, and if our comments section is anything to go by, it has been one of the most requested things from the Proton ecosystem.

The SDK is what is making it possible now, and building on it means the Linux client will not be playing catch-up with other platforms when it does arrive. If you haven't already, you can check out Proton Drive via our partner link below while supporting us in the process.

Microsoft has released its own version of Coreutils to bring Linux commands to Windows command prompt. If you can't beat them, join them? This is a big move from the company that once called Linux a "cancer".

Someone forked Vim to keep it free from any AI assisted code contribution. A bit too extreme? You tell me.

KDE Linux is shaping up well, as May's progress update shows the project dropping its AUR dependency, switching to kde-builder for a faster and more distro-agnostic build system, and replacing KWalletManager with the newer KeepSecret app.

Valve brought the Steam Deck OLED back after months of absence and quietly raised prices by nearly 50% to cover rising component costs. People bought them anyway. North America sold out overnight, and if you've been waiting for prices to normalize, don't.

M5Stack's CardputerZero is a credit card-sized Linux computer built around a Raspberry Pi Compute Module Zero, with a 46-key keyboard, 1.9-inch display with HDMI out up to 1080p, 8MP Sony camera, Wi-Fi, Bluetooth, Ethernet, and a 1,500mAh battery.

AlmaLinux Day is coming to Los Angeles on July 18, scheduled the day before SIGGRAPH 2026 to catch the VFX and studio crowd before the larger conference kicks off.

More European companies are joining hands to push Euro-Office, the ONLYOFFICE clone.

Here are other highlights of this edition of FOSS Weekly:

• A new tool that feels like a reverse WSL.
• Software that feels open source, but isn't.
• Getting the fastest Arch Linux download mirrors.
• And other Linux news, tips, and, of course, memes!

🧠 What We’re Thinking About

GitHub Copilot's metered billing went live this week. What was a predictable monthly subscription is now usage-based, with each request priced dynamically by model and context.

The thing is that you cannot avoid AI specially if you are working as a sysadmin or DevOps. The best way is to use AI as a tool to assist you in your workflow. There is this new book that guides you to build intelligent automation using LLMs, RAG, and AI agents for monitoring, troubleshooting, and system administration. You don't want to be left behind, after all.

Get the book

🧮 Linux Tips, Tutorials, and Learnings

Your Arch mirror list from install day is probably not your fastest option anymore. reflector lets you pull the most recently synced HTTPS mirrors by country in one command. rate-mirrors benchmarks them and picks the fastest without you needing to specify anything.

Want to try Alpine Linux without touching your main system? The installation process is text-based and a bit different from what most distros do, so running it in VirtualBox first makes sense.

Steam is proprietary. So are Obsidian, Warp, Docker Desktop, and the Snap Store backend. Thirteen tools that regularly fool Linux users into assuming otherwise, with open source alternatives listed.

👷 AI, Homelab and Hardware Corner

ZimaBoard was the device I began my homelab journey with a couple of years ago. I tried their latest device, ZimaCube 2 and shared the experience in this review. If money is not a problem and you are looking for the comfort of owning a homelab, Zima devices are worth it.

Jan AI came close to replacing Ollama for Bhuwan with its one-click model downloads, built-in cloud provider support, and local API server. But performance-wise, it disappointed.

✨ Apps and Projects Highlights

WSL runs Linux inside Windows. Winpodx does the opposite. It spins up a Windows container using Podman and streams individual Windows apps to your Linux desktop via FreeRDP.

📽️ Videos for You

We are now almost halfway through 2026, and these things still hold up.

💡 Quick Handy Tip

In GNOME, if you have multiple keyboard layouts enabled, click on the keyboard layout button in the quick settings panel and click the "Show Keyboard Layout" button to get a quick overview of that layout.

🎋 Fun in the FOSSverse

Can you spot all the hidden logos in this image puzzle?

A glass of Wine to keep the Winslop away. 🍷😉

🗓️ Tech Trivia: On June 5, 1833, Ada Byron met Charles Babbage at a party in London and walked away captivated by his mechanical Difference Engine.

That chance encounter sparked a friendship that led Ada to write what is now recognized as the world's first computer program, over a decade before the word "computer" referred to anything other than a person doing sums.

🧑‍🤝‍🧑 From the Community: Manuel, a regular FOSSer is looking for suggestions for a terminal app that shows git branch history. If that doesn't interest you, then there's another thread discussing whether technical education is failing in Australia.

I already reviewed the original ZimaCube Pro and gave it a positive verdict, for the most part.

So when IceWhale offered me the newer version for review, I was curious to see how much had actually changed.

Not much specification-wise. Here's why. If you compare the spec sheets of the ZimaCube Pro (original) and the ZimaCube 2 Pro side by side, you will find the same Intel Core i5-1235U processor, the same 16 GB DDR5 RAM, the same 256 GB system SSD, and the same six SATA bays. The core hardware of the Pro tier has not changed between generations.

What IceWhale actually did with the ZimaCube 2 lineup is more subtle. The real generational leap happened at the entry level of ZimaCube. The new $799 Standard model replaces the old N100-based unit with a proper Intel Core i3, Thunderbolt 4, and DDR5, which is a substantial and much needed step up. Intel N100 was not the best choice even two years ago.

The Pro, meanwhile, got refinements, especially on the cooling and fan noise side, along with a more mature ZimaOS. The Pro version is not a new machine, it's just a better-tuned version of the same one.

With that said, here is everything I learned from almost a month of use.

ZimaCube Pro v2 Specifications

The ZimaCube 2 is available in three models:

• ZimaCube 2 Standard ($799): Intel Core i3-1215U, 8 GB DDR5, 256 GB system SSD, 2.5GbE networking
• ZimaCube 2 Pro ($1,299): Intel Core i5 (12th Gen), 16 GB DDR5-4800, 256 GB PCIe Gen4 SSD, 10GbE + 2.5GbE networking
• ZimaCube 2 Creator Pack ($2,499): Everything in Pro, plus NVIDIA RTX Pro 2000 GPU, 64 GB RAM, 1 TB system SSD

The unit I have for this review is the Pro, and I added an NVIDIA RTX 2000 Ada (16 GB VRAM) via one of the PCIe slots bringing it close to Creator Pack territory. This gives local AI capabilities to my otherwise Homelab device.

Again, the Pro specs are essentially identical to the original ZimaCube Pro. The i5-1235U, 16 GB DDR5, 256 GB SSD all unchanged. The ZimaCube 2 lineup's real generational upgrade happened at the base model ($799 Standard with i3), not the Pro tier.

Key specs for the Pro version:

• CPU: Intel Core i5-1235U, 10 cores
• RAM: 16 GB DDR5-4800 (expandable to 64 GB)
• System Storage: 256 GB PCIe Gen4 x4 SSD
• Drive Bays: 6x SATA (3.5"/2.5") + 4x M.2 NVMe slots
• Networking: 10GbE + 2.5GbE LAN (no WiFi)
• Ports: 2x Thunderbolt 4 (USB-C, 40Gbps), 2x USB-A (front), 2x USB-C 5Gbps + 2x USB-A (back), DP, HDMI and audio jack
• Expansion: 2x PCIe slots (4.0 X4 and 3.0 X2)
• OS: ZimaOS (default), but you can install Proxmox, Unraid, TrueNAS, Ubuntu, and others

What else in the Box?

The accessory bundle is generous and thoughtful. You get:

• Four heatsinks for the M.2 NVMe drive slots
• A couple of screwdrivers so you can actually open and configure the device without hunting for tools
• Plenty of screws for hard disks and SSDs
• A high-quality Cat6 UTP cable for networking
• A power cable matching your region (a small but sensible touch since they ship worldwide)

Fan noise is handled a lot better now

One of the major complaints I had with the previous ZimaCube was the fact that the tower cooler fan was annoyingly loud. I could not work without my Bose QuietComfort headphones on. I am a little picky about keeping the work environment quiet.

ZimaCube Pro v2 is noticeably quieter than the original generation. That is a real improvement and definitely worth acknowledging.

It is still not an absolute silent device. There is still a faint, constant, low-level whirring from the fans that you may hear in a quiet room if you are standing too close to it and the device is under load. You'll only notice it if you want to notice it. My TerraMaster NAS operates in near-silence by comparison.

Where you place this device matters. A dedicated server spot away from your workspace: no problem. On your desk in a home office, you might notice it.

The ZimaOS Experience: Still the heart of this device

ZimaOS is the backbone of ZimaCube and all other Zima devices. The good news is that it has matured considerably since the original ZimaOS that was released with the previous ZimaCube.

The interface is familiar: a clean web UI accessible from any browser on the local network, a file manager, and an app store for one-click deployment of self-hosted software. The applications run in Docker containers underneath, but you do not need to know Docker to install or use them.

The storage manager continues to be one of the strongest features.

Disk management, merging storage pools, and setting up RAID are all handled through a graphical interface that makes things a lot easier.

I migrated two drives from my original ZimaCube: a 1 TB SSD and a 500 GB SSD.

A note on RAID for anyone in a similar situation: yes, ZimaCube 2 supports RAID and the ZimaOS GUI makes creating a RAID array incredibly easy.

But with mismatched drive sizes, RAID is wasteful. A 1 TB + 500 GB RAID 1 mirror gives you only 500 GB of usable space, wasting the rest.

So I skipped RAID and went with a practical split setup instead:

• 500 GB SSD dedicated to app data (persistent storage for all Docker-based apps)
• 1 TB SSD for actual user data and files

Moving the application and container data between disks is effortless thanks to the storage manager.

ZimaCube has 256 GB of built-in storage. But it starts filling up quickly as you install more (Docker) applications and add user data.

This is why I moved the app data to a 500 GB SSD and the user data to a 1 TB SSD. This way, the built-in storage is free. Once migrated, applications like Immich and others use the dedicated drive without needing to manually configure storage volumes in every app.

ZVM (Zima Virtual Machines) is also available, letting you run other operating systems directly on ZimaCube from the browser. It comes with a trial of Windows in a VM by default. Not useful to me but I guess it extends the functionality and offering of ZimaCube.

ZimaOS has many little gems that are not well advertised. For example, there is an option to enable UPS settings. In the event of a power failure, if you have added a UPS in the set up, you can choose to gracefully power off the ZimaCube if the power is not restored in the given time frame. This saves the disks and data from a prolonged power failure.

Many self-hosted applications are required to be configured with username and password at installation/deployment time. In such cases, ZimaOS shows the default credentials used under the Tips section. It is accessible when you click on the three vertical dots on the app.

ZimaOS still has room to grow!

The GUI hits its limits more often than the marketing suggests. Some things still require dropping into a terminal, which is fine for Linux users but undercuts the "easy homelab for everyone" pitch for less technical users.

For example, I installed Ollama-Nvidia from the app store. But there was no further information on using it. Since I have used Ollama in the past and I also have experience with ZimaOS, I figured out that it has to be accessed via the terminal of the Docker application.

When I ran Ollama commands, there was no visible output while the model downloaded or installed. It appeared to do nothing and then it was done. For anyone unfamiliar with CLI tools, this will cause confusion.

Thankfully, Open WebUI now directly downloads models from Ollama so a separate Ollama server is not mandatory anymore. But for agentic AI flow, I think Ollama is still better suited.

Jellyfin as a media server

While ZimaOS does makes self-hosting open source software easier, individual applications do require occasional tweaking and configuration changes.

For example, I installed Jellfin Nvidia GPU version as I have added the RTX 2000 Ada. When I tried streaming a 4K video file, the GPU was not used at all. It started consuming 90% of the CPU.

It's because Jellyfin still needed configuration changes and I had to enable the hardware transcoding with NVIDIA NVENC.

And once I did that, the CPu consumption was at the minimum. GPU was consumed but not much as NVIDIA RTX 2000 Ada is way too powerful for video transcoding.

The point I am trying to make here is that individual apps may require setting and configuration changes of their own.

Zima has improved its documentation considerably and mostly covers such pain points but there is plenty of scope for improvements here.

Photo storage and management with Immich

Immich is a self-hosted Google Photos alternative and ZimaCube is an excellent host for it. The combination covers the full use case: mobile photo backup via the Immich app, face recognition, smart albums, CLIP-based semantic search, and a clean timeline interface in the browser.

With a GPU present, Immich's machine learning tasks like facial recognition, smart search run noticeably faster than on a CPU-only setup. I forgot to benchmark this data. Sorry for that 😦

The ZimaCube mobile client provides basic folder sync as an alternative if Immich feels like too much setup for your needs. Simple photo backup from your phone can be done without any additional app configuration. Although, it was buggy in my experience and I would prefer relying on PhotoPrism instead.

Using ZimaCube 2 for local AI

This is where ZimaCube Pro v2 genuinely separates itself from a typical NAS as no traditional NAS manufacturer gives you a PCIe slot for a GPU. ZimaCube does, and that changes what the machine can be.

I shared my experience with Ollama earlier but then you don't necessarily need Ollama all the time. Open WebUI, AnythingLLM works well too.

Anyways, the runtime experience is a different story. Once Ollama is running and models are pulled, things are smooth. With the RTX 2000 Ada's 16 GB VRAM, 7B and 13B parameter models run entirely in VRAM with no memory spillover. Response times are fast enough for real use: comfortable for chat, fast for summarization tasks, very fast for coding assistance.

For everyday tasks like text summarization, Q&A, quick coding help, 7B to 13B models are the practical sweet spot. They are fast, fit cleanly in 16 GB VRAM, and the quality is more than adequate. Larger models in the 32B+ range will start to push the memory limits, though quantized versions can still run well.

I tried Deepseek-r1, qwen and llama primarily. I wanted to use Kimi but Ollama only has it in cloud mode and that fails the point of setting up a local AI.

I used AnythingLLM as an AI assistant for my private notes. It helps me find and create quick tips for the newsletter and social media. Setting up AnythingLLM was a struggle too.

On the agentic AI side, I rely on Nanoclaw as it is super easy to setup. ZimaOS only offers OpenClaw which is more popular but not something I prefer. Setting up Hermes Agent is easier as it has graphical interface.

Let's be clear. Without a GPU, local AI on ZimaCube is CPU inference. Functional but slow and limited to smaller models. The PCIe slot is what makes the real difference here but then you have to spend on a small form factor GPU as not all GPUs will fit in the ZimaCube.

Linux is still not getting the place it deserves

There were two main concerns that I raised in the previous ZimaCube review: it's fan was too noisy and the Zima client was not available for Linux.

Built on ZeroTier, Zima client allows you to use your ZimaOS device from anywhere in the world. You have to enable remote access option for this.

This way, even if your ZimaCube is on your home network, behind a NAT, you can access it from another location, city or country. This makes your homelab available outside the home network.

The problem is that you need to install the Zima Client application on your system and this application is still available only for Windows and macOS.

Two years and we still don't have Zima Client for Linux and as a Linux user, I am surely disappointed.

What I am using ZimaCube Pro v2 for

I have a few Zima devices in my setup. I started my homelab journey with the ZimaBoard, a smaller SBC type of device that came with CasaOS. It was upgraded to ZimaBoard 2 and it runs continuously in my setup and powers my Home Assistant and Jellyfin servers.

ZimaCube 2 runs the same operating system and thus I could use it for all my homelab need and remove ZimaBoard from the picture, but I chose not to do so.

I use ZimaCube 2 as a combination of NAS and local AI. It has more power and thus also consumes more power. I usually turn the ZimaCube off at the end of the day and keep it running during my working hour.

Photo backup and management with Immich is the primary use case. My full photo library lives here now.

Then I use Local AI inference with Ollama and Open WebUI. Running Qwen and a few other models for summarization, knowledgebase assistant helps (with Anything LLM on my laptop).

File storage for important documents. ZimaCube is one node in my backup strategy.

Is it worth getting?

ZimaCube 2 Pro is priced at $1299. There is an increase in price because SSDs, RAMs cost more (all thanks to the AI craze).

If you already own a ZimaCube Pro, there is genuinely no hardware reason to upgrade. The processor, RAM, and storage are the same. It is not worth the cost of switching just for a more silent fan.

If you are buying for the first time, the ZimaCube 2 Pro is the one to go for. The standard ZimaCube 2, priced at $799, also provides more value now.

Some people may think that it is better to build a PC in the same or cheaper price but than not everyone would want to do that. Devices like ZimaCube serve a niche of people who want to own a homelab without spending too much time dealing with the hardware, networking and the operating system.

These days, you need more than just a NAS, You need that hardware to do more than just storing data. And ZimaCube brings NAS, self-hosting and local AI together. It gives you PCIe expansion, Thunderbolt 4, and an approachable homelab OS in the same box. For the right kind of user, that combination has no real alternative.

For me, ZimaCube is an integral part of my home setup, and it stays that way.

P.S. You can win a ZimaBoard 2 (not ZimaCube 2) and start a small lab with that. Please enter the giveaway on X (formerly Twitter).

Canonical's Steam snap for ARM64 has been promoted to stable, nearly five months after a call for testing drew feedback from users across a wide range of ARM hardware.

The reason a snap like this exists at all is that Valve's Steam client for Linux is x86-only. To make it run on ARM64, Canonical bundled the x86 Steam binary together with FEX-Emu, a Linux usermode emulator that translates x86 and x86-64 instructions for ARM64 systems at runtime.

This stable release also introduces FEX's library forwarding feature (thunking) as a user-configurable option. Instead of emulating every graphics API call through FEX, thunking forwards OpenGL and Vulkan calls directly to the host system's native ARM64 libraries, which cuts down on emulation overhead.

Canonical has tested this release across three hardware families, all of which are said to have shown good performance across popular games. These include the NVIDIA DGX Spark and associated GB10 devices, Qualcomm Snapdragon laptops (Lenovo ThinkPad X13s, T14s, and Dell XPS 9345), and the Radxa Orion O6 and O6N.

Switch to stable

If you are already running the snap on candidate or edge and want to move to stable, run:

sudo snap refresh steam --channel=stable

They have also laid out a release cycle for the Steam Snap, with new versions first landing in the edge channel for experimental testing, then moving to candidate after around one to two weeks if no major issues surface. From candidate, they graduate to stable after another one to three weeks.

What's next?

Mitchell Augustin, who announced the stable promotion, wants to eventually rebuild the snap around Valve's native ARM64 Steam client and drop the FEX layer Canonical currently maintains on top of it.

Yeah, that native client is already out there, but quietly. ROCKNIX has already shipped it in their distribution, keeping both ARM64 and x86 launch paths available side by side.

Mitchell said he is keeping a close eye on it but is waiting for Proton 11 to exit beta first before making any moves.

For now, you can use the snap on your ARM64 device, and if you run into any issues or want to contribute to development, then the GitHub tracker for this app is the place to go.

Suggested Read 📖: Microsoft Just Brought Linux Commands to Windows

The Linux Foundation has been steadily growing its roster of projects and initiatives, with AI governance becoming an increasingly prominent part of that push.

Their latest push in this direction is a plan to launch the Tokenomics Foundation, a new program focused on open standards, benchmarks, and best practices for the economics of AI token consumption.

It will work in close partnership with the FinOps Foundation, which has been busy with efforts surrounding cloud cost management since 2020.

Why now?

The foundation says that token costs have been moving around. They dropped heavily through 2023 and 2025, then settled down, and new model pricing is climbing again.

Citing a research paper, they pointed out that global token usage is projected to grow 24x between 2026 and 2030, hitting 120 quadrillion tokens per month.

Separately, they also noted industry analyst projections of AI infrastructure investment crossing $1 trillion by 2027, with the inference market going from roughly $106 billion in 2025 to $255 billion by 2030.

None of this spending is easy to measure consistently today. Cached vs. non-cached tokens, input vs. output pricing, on-demand vs. reserved compute. Every provider defines and bills for these differently, with no neutral framework to compare them across vendors.

Having a standardized approach to all of this is precisely the gap the Tokenomics Foundation is looking to fill with its open standards and benchmarks.

What will it do?

The foundation will operate through a Governing Board that sets direction and allocates funding, alongside a Technical Committee responsible for the actual specifications and benchmarks.

The first confirmed deliverable is expanding the FOCUS specification, an open billing format that came out of FinOps, to cover token-based spending models. That would give enterprises a common schema for AI cost data regardless of which provider they are using.

Twelve organizations have thrown their support behind it so far, including Google Cloud, Flexera, KPMG, Accenture, Microsoft, Oracle, Salesforce, SAP, ServiceNow, Booking.com, IBM, and JPMorgan Chase.

The formal launch is at FinOps X in San Diego, from June 8 to 10, where the technical roadmap, initial working groups, partnerships, and upcoming conferences will be announced.

You might remember that the Linux Foundation took a similar approach with the Agentic AI Foundation late last year, pulling MCP, goose, and AGENTS.md under open governance before the agentic AI space had a chance to fragment further.

Suggested Read 📖: Tuta Joins The Euro-Office Umbrella