Blogger

by: Sourav Rudra Wed, 12 Nov 2025 17:12:36 GMT The OpenSearch Software Foundation is a vendor-neutral organization under the Linux Foundation that hosts the OpenSearch Project. It recently appointed a new Executive Director, and the project itself has already seen over 1 billion software downloads since launch. If you didn't know, OpenSearch focuses on search, analytics, observability, and vector database capabilities. What's Happening: During this year's KubeCon + CloudNativeCon North America conference, the foundation announced that IBM has joined as a Premier Member. This move comes at a time when enterprises are increasingly adopting retrieval-augmented generation (RAG) for AI applications. The membership costs $150,000 annually, where IBM joins existing Premier Members, including AWS, SAP, and Uber. IBM currently uses OpenSearch in production through DataStax, its subsidiary. The company integrated JVector with OpenSearch for high-performance vector search at billion-vector scale. During the announcement, Ed Anuff, the VP of Data and AI Platforms Strategy at IBM, added that: As part of IBM’s work in the evolution of AI, we’re thrilled to contribute to the development of OpenSearch. By joining the Foundation, we are helping ensure that production generative Al can be built on a robust open source foundation.What to Expect: IBM will contribute enterprise-grade enhancements to OpenSearch's security and observability features. The company plans to share high-availability patterns tested through IBM Cloud deployments. The focus areas include vector search performance improvements and multimodal document ingestion. IBM also aims to advance the developer experience for building AI agents. Plus, the company is on track to announce a new open source project featuring OpenSearch at the OpenRAG Summit on November 13. Reflecting on the partnership's significance, Bianca Lewis remarked: IBM’s commitment to the OpenSearch Software Foundation is a testament to the role open source search and analytics play in AI-enabled enterprises of the future. Our member organizations help shape and develop the tools and technology that make intelligent operations a reality, and we are thrilled that IBM has joined the Foundation, strengthening our community and mission.Suggested Read 📖 OpenSearch Foundation Strengthens Leadership with New Executive DirectorBianca Lewis becomes executive director of the OpenSearch Foundation.It's FOSSSourav Rudra

by: Sourav Rudra Wed, 12 Nov 2025 15:11:51 GMT The Linux ecosystem is facing increasing pressure from threat actors, who are getting more clever day-by-day, threatening critical infrastructure worldwide. Servers powering essential services, industrial control systems, and enterprise networks all rely on Linux, and these attackers know it. What was once considered a relatively safe ecosystem is now a lucrative target. 🥲 This brings us to Kaspersky, the Russian cybersecurity firm with a reputation. The company was banned from selling its antivirus software and cybersecurity products in the U.S. back in July 2024. But for users outside the U.S., Kaspersky just announced something interesting. They are bringing antivirus protection to home Linux users. Though, it remains to be seen, whether this addresses genuine security needs or if it's just security theater for worried penguins. 🚧This piece of software is not FOSS. We covered it because it is available for Linux!Kaspersky for Linux: What Does it Offer?Kaspersky has expanded its consumer security lineup to include Linux. This marks the first time their home user products officially support the platform. The company adapted their existing business security solution for home users. Support covers major 64-bit distributions, including Debian, Ubuntu, Fedora, and RED OS. Depending on the plan you opt for, the feature set includes real-time monitoring of files, folders, and applications to detect and eliminate malware. Behavioral analysis detects malware on the device for proactive defense. Removable media like USB drives and external hard drives get scanned automatically upon connection. This prevents the spread of viruses across devices and networks. Anti-phishing alerts users when attempting to follow phishing links in emails and on websites. Online payment protection verifies the security of bank websites and online stores before financial transactions. Anti-cryptojacking prevents unauthorized crypto mining on devices to protect system performance, and AI-powered scanning blocks infected files, folders, and applications upon detecting viruses, ransomware trojans, password stealers, and other malware. Though, there is one important thing to consider: Kaspersky for Linux isn't GDPR-ready, so keep this in mind if you are an EU-based user concerned about data protection compliance. Get Kaspersky for LinuxAn active paid subscription is required to download and use Kaspersky for Linux. A 30-day free trial is available for users who want to test before committing to a paid plan. Both DEB and RPM packages are provided for easy installation. The official installation guide contains detailed setup instructions. Kaspersky for LinuxVia: Phoronix

by: Sourav Rudra Wed, 12 Nov 2025 13:29:24 GMT Ubuntu's move to Rust-based system utilities has hit some bumps. Earlier, a bug in the Rust-based date command broke automatic updates. The command returned current time instead of file modification timestamps, causing Ubuntu 25.10 systems to stop automatically checking for software updates. That issue was quickly fixed, but now, two security vulnerabilities have been found in sudo-rs. Better Now than LaterThe first vulnerability involves password exposure during timeouts. When users type a password but don't press enter, the timeout causes those keystrokes to replay onto the console. This could reveal partial passwords in shell history or on screen. The second issue affects timestamp authentication. When Defaults targetpw or Defaults rootpw options are enabled, sudo-rs incorrectly recorded the wrong user ID in timestamps. This allowed bypassing authentication by reusing cached credentials even when policy required a different password. Patches for both issues have been released in sudo-rs 0.2.10. Ubuntu is set to push the fixes through a Stable Release Update (SRU). These bugs being caught in Ubuntu 25.10 is actually a good sign. The interim release serves as a testing ground before Ubuntu 26.04 LTS arrives in April 2026. Finding critical security flaws now allows developers ample time to address them. Here's the Fix!At the time of writing, the updated sudo-rs package had not yet arrived in the Ubuntu 25.10 repositories. But it should be available soon. Once the update is live, you can get the fix using the graphical Software Updater tool by launching it from your application menu and installing any available security updates. sudo-rs' upgrade process on Ubuntu 25.10. Alternatively, you can use the terminal. Run these commands one after the other to get the patch: sudo-rs updatesudo-rs upgradePS: Using sudo instead of sudo-rs also works the same. Via: Phoronix Suggested Read 📖 sudo vs sudo-rs: What You Need to Knowsudo-rs is poised to take over. Here’s what you should know about sudo-rs as a sudo user.It's FOSSAbhishek Prakash

by: Ani Wed, 12 Nov 2025 11:14:36 +0000 The only constant in life is change. About meI’m Chandni, currently working as a UX Designer at Neomore, where I create user experiences for SAP applications. My work begins with understanding workflows through user research and interviews. From there, I create wireframes, prototypes, and user flows, collaborating closely with consultants, developers, and stakeholders to ensure that every design is both technically feasible and genuinely user-friendly. Starting my career in the IT field My career began as a software developer, which gave me a strong foundation in how digital products are built. Over time, I realized that what truly fascinated me was the human side of technology, the way people interact with systems, and how design can make that interaction possible. Being naturally people-oriented, I transitioned into UX design to focus on understanding users’ needs and creating experiences that make complex systems user-friendly and enjoyable. Chandni Sharma, Consultant, UX & Application Innovation, Neomore My Background I earned my Bachelor of Technology degree in India. Later, I moved to Finland when my husband was relocated here, and I quickly fell in love with the country. What started as a visit soon became a long-term decision to build both my life and career here. When I first arrived, it was a challenging time to find a job. It was right after Nokia’s major economic decline, and many experienced professionals had entered the job market. Each time I applied, I often got a reply that the position had been filled by someone who had just left Nokia. Being young and less experienced, it was difficult to compete. Instead of giving up, I decided to focus on learning. I pursued a bachelor’s degree in user experience at Haaga-Helia and later completed my master’s in computer science at Aalto University, specializing in Service Design and UX. These studies not only deepened my technical knowledge but also boosted my confidence. They helped me successfully transition from software development to becoming a UX designer and researcher, an expert in creating meaningful user experiences. My path to Neomore When I was studying, I had heard of SAP but didn’t really understand what the field was about. Later, while searching for jobs, I came across openings for UX roles in SAP and became curious to know how user experience fits into SAP. I decided to apply, and during the interviews, the team explained the work in detail. I realized it would be both a challenging and rewarding learning journey. That’s how I joined Neomore. I had some prior experience from another company, and now, this December, I’ll be completing three years at Neomore. Working at NeomoreWhat truly motivates me to go to the office every day is the people and the culture at Neomore. The supportive and inspiring environment they’ve built makes a huge difference, which keeps me motivated no matter how challenging a project or task might be. I have to admit, it’s the people and the culture that make Neomore such a great place to work. Enjoying my work The best part of my job is the constant learning that comes with working in the SAP industry. Every day, I gain new insights into different processes and how our clients operate, areas I never imagined I’d explore. For example, I’ve learned how manufacturing works, what kinds of machines are used in woodworking, and the challenges people face in their daily routines. Understanding these real-world contexts and discovering how technology can help them is both motivating and exciting. This continuous learning keeps me energized, no matter how challenging the work gets. The necessary skills in the IT fieldProblem-solving and curiosity are some of the most important skills to have. In my work, curiosity drives me to ask questions and explore different perspectives. When I listen to people, my curious nature helps me go deeper into their stories and uncover hidden insights. I’m not afraid to ask questions—though I’m always mindful of how and when to ask them. This openness allows me to gather valuable answers, identify the real problems, and map out effective solutions. Ultimately, curiosity and the courage to ask are key to meaningful problem-solving in any field. Other important skills to have are good communication skills, being empathetic towards users, and having knowledge of software development. Being skilled in technology, I can bridge the technology and human needs into something that can really make a difference. Overcoming challengesTo overcome challenges, I’ve learned that having patience with oneself is essential. You need to give time to keep yourself updated on technologies so that you can level up with developers, stakeholders, and users. To keep yourself up-to-date, you must embrace continuous learning to help yourself bridge the gaps, and I’m grateful that Neomore strongly supports professional growth. They regularly encourage us to learn and discuss ways to develop further. For me, patience and lifelong learning are the keys to overcoming challenges in this field. The key to solving problemsWhenever I get stuck on a problem and cannot find a solution, I pause for a moment instead of forcing myself to continue. At the office, we have a pool table, so I often take a short break to play a quick game, sometimes alone, sometimes with a colleague. That brief change of focus helps clear my mind. It is a simple routine, but it really helps me get back into the right state of mind to solve the problems effectively. Sources of energyI get a lot of energy by being surrounded by people, either friends or family. This has been a good source of energy for me. After becoming a mother, my children became my greatest source of energy. Playing with my kids, listening to their stories, and doing whatever they want to do brings my mind to balance and provides me with a lot of energy to continue and thrive in any situation I am in. Always Start with WhyStart with Why, written by Simon Sinek, has had a profound impact on my work and, more broadly, on my life. For example, when I talk to a client, I listen to their needs and always ask why they want to have what they want. This allows me to go deeper into their needs, and I get a clearer idea of what they are requesting, which helps me to help them get their solutions. About the impact of AII strongly believe that AI is a powerful tool designed to help us. There’s a saying that the only constant in life is change, and AI is a part of that change. Instead of fearing it, we should learn, understand, and use it to our advantage. Every technology has both positive and negative sides, and AI is no different. The key is to understand both aspects and use them responsibly. Personally, I actively explore and learn from different AI tools, finding ways they can support my work and growth. While some worry that AI might take jobs or have negative effects, I see it as an opportunity to evolve and work smarter. Note: Between the time of writing this blog post and publishing it, Chandni Sharma’s employment at Neomore ended. Neomore, Chandni and Women in Tech decided to publish this blog post regardless since Chandni will always be a role model to our communities. The post Role Model Blog: Chandni Sharma, Neomore first appeared on Women in Tech Finland.

by: Theena Kumaragurunathan Wed, 12 Nov 2025 07:21:41 GMT In my last column, Ownership is an illusion, unless you self-host, I encouraged readers to go down the self-hosting path. My thesis was simple: ownership of digital assets (movies, music, games, books, software) is an illusion, and that the only way to move away from this make-believe was to embrace self-hosting. For people like me, non-programmer types, this is easier said than done: Free and Open Source (FOSS) can seem intimidating because often (not always) FOSS asks you to embrace granular control over convenience and ease-of-use. The author's server, a repurposed 14 year old ThinkPad, ©Theena Kumaragurunathan, 2025When non-tech people see my server (an old ThinkPad T420) nestled in my book-shelf, running ‘bpytop’ of all things, they assume that I am engaged in some hackery: ‘What is this Matrix shit?’, a friend once wondered. When I told him that it was nothing more than a file-server for my media (movies, music and books), and then showed him my Jellyfin instance running inside my browser, I could see he was having a lightbulb moment: ‘Can you do this for me?’ Sure, I told him, but I offered him a better choice: ‘I’ll show you what you need to know in order to do this yourself, and then we will create a media server for you together.’ Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime, right? That journey with my friend took us from basics Linux commands to installation of Plex/Jellyfin, which is well beyond the scope of this article (let us know if that is something you are interested in, non-techie/programmer readers). Instead in this column, I will offer an abdridged version. Ask yourself why you need thisI had a clear motivation to go down this path during the pandemic: I wanted to backup my media collection of music and run it off Plex Server. My friend wanted to self-host his movies so that he didn’t have to wade through his hard-disks when selecting a movie to watch. What is your motivation? What you need to get started on the homelab bandwagonAn old computer or laptop. This needs to be in working order. Mine is an old ThinkPad T420 (which is 14 years old, and I am its 3rd owner). Anything from the last decade and a half ought to do. You can also get a Raspberry Pi. I would also prefer an older machine with an ethernet port; connection stability is better when your server has a wired connection to your network in my experience. Pick an operating system: I chose Debian server. You can host many of the applications listed below on a Windows install too, but your mileage may vary. If you want an even easier way, try the YunoHost Linux distro. The author's self-hosting stack, ©Theena Kumaragurunathan, 2025Start your homelab by self-hosting these softwareYou don't have to deploy all the recommendations. Think about which one would fit your requirements the most. Select it and then deploy it. Once that is successful, try next. One project at a time. 📋I am not going to include installation and set-up instructions. Those things may differ based on the choice of your operating system as well as hardware. These are just the recommendations to put you on the right track.Jellyfin: Your own NetflixEnjoying local movies on TV with JellyfinJellyfin is your home theater. It organizes movies and shows, fetches artwork, and streams to TV, browser, and phone. I chose Jellyfin media server software because setup is simple. On Debian or Ubuntu, you can use the official guide, or run it with Docker and point it at your media folders. It has no subscriptions and no tracking. 💡Keep your server on wired ethernet for stable playback, and enable hardware transcoding only if your CPU or GPU supports it.Kavita: Your own Kindle libraryThe author's instance of Kavita running on his local server, ©Theena Kumaragurunathan, 2025 Kavita is a self hosted library for books, PDFs, comics, and manga. It has a fast reader, rich metadata, OPDS, and good user management. I use it to keep my EPUBs and essays in one place with clean reading progress across devices. 💡Sort files into clear folders, let Kavita watch those folders, and enable OPDS if you read on third party apps.Nextcloud: Your own Google driveNextcloud is your personal file cloud. Sync your files, share links, and extend it with Notes, Calendar, and Contacts. It feels like a private Dropbox that runs on your hardware. The server has regular releases and clear upgrade docs. If you are new, use the web installer or Docker and start with Files before adding apps. 💡Keep it simple. Install Files first, set up the desktop client, and only add one or two apps after you are comfortable.Immich: Your own Google PhotosImmich is a private photo and video backup with mobile apps on Android and iOS. It does face recognition, search, albums, and multi user support. It is fast and designed for large libraries. Installation is straightforward with Docker Compose. Begin with the official site, then the server and apps. 💡Turn on automatic mobile backup, keep originals on the server, and use albums for curation.Navidrome: Your own SpotifyNavidrome turns your music collection into a streaming service. It indexes quickly, supports Subsonic clients, and runs well on modest hardware. You can use a single binary or Docker and attach your music folder. 💡Install ffmpeg for transcoding, clean your tags for better library browsing, and test a few clients until one fits your flow.Putting It TogetherA practical starter map looks like this. Jellyfin for movies and shows. Kavita for books and PDFs. Nextcloud for files and sharing. Immich for your photos. Navidrome for music. Run all five on Debian server or YunoHost or on Docker if you prefer containers. Keep your server on wired Ethernet. Back up the data folders in your home network. Start with one service, get comfortable, then add another. The point is not perfection. It is owning your library and making it available to the people you care about, without asking permission from a platform that can lock you out at a whim. Enjoy your home lab 🏠🥼

by: Sourav Rudra Tue, 11 Nov 2025 17:23:36 GMT D7VK is a new Vulkan-based translation layer for Direct3D 7. It relies on DXVK’s Direct3D 9 backend and works with Wine on Linux. The project is open source and actively maintained. The developer behind it is WinterSnowfall, who has also worked on D8VK between 2023 and 2024. That project has since been merged into the larger DXVK project that's extensively used by Linux users. You have to understand that D7VK is not meant to run every Direct3D 7 game. Titles that mix D3D7 with older DirectDraw or GDI calls may fail to launch or show graphical glitches. So, compatibility is experimental and limited. It works by translating Direct3D 7 calls to Direct3D 9 through DXVK, allowing Vulkan-based 3D application rendering on Linux. Sadly, there is no official list of supported games yet. Some games work well, others have issues. Missing textures, crashes, and black screens are common. The issues page on the project's GitHub repo shows which games are behaving poorly. It is a good way to see what currently works. 📋PCGamingWiki's list of Direct3D 2-7 games is also a handy resource to have if you want to test a specific Direct3D 7 game.What’s nice is how the developer sets expectations right from the start. They are upfront about the experimental nature of the project. This clarity makes it easier to test games without getting disappointed. For fans of late 90s and early 2000s games, D7VK could be handy. It won’t fix everything, but it opens the door to running older Direct3D 7 games on Linux. Want to Check it Out?The D7VK GitHub repository has the source code. You can manually compile it and place it in your Wine prefix directory to try it out. D7VK supports a HUD overlay and frame rate limiting through DXVK. These features will help you track performance and debug graphical issues. D7VK (GitHub)Suggested Read 📖 Is Linux Ready For Mainstream Gaming In 2025?Linux is quietly gaining ground on Windows in the gaming space. But how well does it actually perform? Here’s what I experienced.It's FOSSSourav Rudra

by: Umair Khurshid Tue, 11 Nov 2025 20:03:47 +0530 Networking problems rarely announce themselves clearly. A deployment fails, a pod cannot reach its database, or a service responds intermittently. The logs look clean, yet something feels wrong. Most engineers eventually learn one painful truth: when everything else seems fine, it is usually the network. From misrouted traffic to invisible firewalls, let me walk you through the most frequent networking issues that DevOps engineers encounter in Linux environments. I also explain how to investigate, diagnose, and fix each class of problem using real commands and reasoning. All this comes from the experience I have gained after spending years. The same experience also yielded this Linux networking microcourse that you should definitely check out. Linux Networking at ScaleMaster advanced networking on Linux — from policy routing to encrypted overlays.Linux HandbookUmair KhurshidIt’s Almost Always the NetworkWhen an application behaves unpredictably, the first instinct is to look at the code. Developers dig through logs, restart containers, or roll back deployments. In many cases, the application is not the culprit and it's the network.  Early in my career, I used to dread these moments as application logs would show nothing but retries and timeouts. The developers would swear nothing changed and the operations team would swear they touched nothing. Yet packets were vanishing into the void and that is how I began to take networking seriously not because I wanted to, but because I had to. A good troubleshooting approach begins by proving that connectivity works at every layer. Start simple: ping -c 4 8.8.8.8 ping -c 4 example.com If the first command succeeds but the second fails, DNS is the culprit. If both fail, it is a routing or firewall issue. This baseline test should always come before looking into application-level logs. Then, verify whether the local host can reach its gateway and whether packets are returning: ip route show traceroute 8.8.8.8The Routing Rabbit HoleRouting problems are deceptively subtle as traffic flows one way but not the other, or only some destinations are reachable. The root cause often hides in Linux’s routing tables or in policies added by container frameworks. Start by displaying the active routes: ip routeThis shows the kernel’s routing decisions. For more detailed analysis, especially in multi-interface or container setups, check which route a particular destination would take: ip route get 1.1.1.1If a host has multiple network interfaces or is part of a VPN or overlay, verify that the correct table is being used. Linux supports multiple routing tables, and policy routing determines which one applies. Check the rules: ip rule showMisconfigured rules can cause asymmetric routing, where packets leave through one interface but return on another. Firewalls often drop these replies because they appear invalid. One reliable fix is to assign separate routing tables for each interface and use ip rule add with from or fwmark selectors to control the path. For example, to route traffic from 192.168.10.0/24 through a specific gateway: ip route add default via 192.168.10.1 dev eth1 table 10 ip rule add from 192.168.10.0/24 table 10Always check for reverse path filtering: cat /etc/resolv.conf Set it to 2 (loose mode) on multi-homed hosts to prevent dropped packets due to asymmetric routes. Routing issues rarely announce themselves clearly. The key is to map how packets should travel, then prove it with ip route get, traceroute, and tcpdump. DNS: The Eternal SuspectNo other component gets blamed as frequently or incorrectly as DNS. Even the recent AWS outage that took down half of the internet was reportedly caused by DNS. When an application cannot reach its dependency, the first guess is always “maybe DNS is broken.” Sometimes it is, but often the problem is caching, misconfiguration, or unexpected resolution order. Start by checking the configured resolvers: cat /etc/resolv.conf Most distros these use systemd-resolved, the file may point to a stub resolver at 127.0.0.53. To see the active DNS servers: resolvectl statusIf resolution is inconsistent between services, the problem may be namespace isolation. Containers often have their own /etc/resolv.conf, copied at startup. If the host’s DNS changes later, containers keep using outdated resolvers. Test resolution directly: dig example.com dig @8.8.8.8 example.comCompare responses from the default resolver and a public one. If only the latter works, the issue lies in internal DNS or local caching. A subtle but common failure arises from nsswitch.conf. The order of resolution methods (files dns myhostname) determines whether /etc/hosts entries or mDNS override DNS queries. In container-heavy environments, this can lead to confusing name collisions. 💡DNS problems are not always network failures, but they produce identical symptoms. That is why verifying DNS resolution early saves hours of debugging.Even when DNS works, it can still mislead you. I remember spending an hour debugging a connection issue that turned out to be caused by an unexpected IPv6 AAAA record. The application preferred IPv6 but the route to that subnet was broken. The fix was as simple as setting precedence ::ffff:0:0/96 100 in /etc/gai.conf. MTU and Fragmentation HeadachesThe Maximum Transmission Unit or MTU defines how large a packet can be before it needs fragmentation. When this number mismatches between interfaces, tunnels, or virtual networks, packets vanish without trace. You get intermittent timeouts, partial uploads, and mysterious hangs in SSH sessions. To check the MTU on an interface: ip link show eth0To test path MTU discovery, use ping with increasing packet sizes: ping -s 1472 8.8.8.8Regular ICMP echoes may succeed even when TCP traffic fails. To detect MTU issues, you need to force the “do not fragment” flag: ping -M do -s 1472 8.8.8.8If it fails, lower the size until it succeeds. The MTU equals payload plus 28 bytes (ICMP and IP headers). In virtualized or overlay environments (VXLAN, WireGuard, GRE, eBPF), encapsulation overhead reduces the effective MTU. For example, VXLAN adds 50 bytes. Setting MTU to 1450 instead of 1500 avoids fragmentation. Adjust interface MTU safely: ip link set dev eth0 mtu 1450Applications sensitive to latency often experience erratic behavior because of hidden fragmentation. Once MTU mismatches are corrected, those mysterious slowdowns vanish. In container environments, MTU mismatches become especially painful. Overlay networks such as Flannel or Calico encapsulate packets inside UDP tunnels, reducing available space. If the MTU is not adjusted inside the container, performance plummets. A single missing ip link set dev eth0 mtu 1450 can make a cluster look broken. Overlay Networks and Ghost PacketsModern clusters rely on overlays to connect containers across hosts. VXLAN, WireGuard, and similar technologies encapsulate traffic into tunnels, creating virtual networks. They are convenient but introduce new failure modes that look invisible to traditional tools. A common symptom is “ghost packets” which is traffic that appears to leave one node but never arrives at another. The tunnel endpoint logs nothing, yet connectivity fails. The first step is to confirm that the tunnel interfaces exist and are up: ip link show type vxlanCheck if the remote endpoint is reachable outside the tunnel: ping <remote_host_ip>If that fails, the problem is not the overlay but the underlay, the physical or cloud network below it. Next, verify that encapsulated traffic is not filtered. VXLAN uses UDP port 4789 by default, and WireGuard uses 51820. Ensure that firewalls on both ends allow those ports. To inspect whether encapsulation is functioning: tcpdump -i eth0 udp port 4789If packets appear here but not on the remote host, NAT or routing between the nodes is rewriting source addresses in a way that breaks return traffic. WireGuard adds its own layer of complexity. Its peers are identified by public keys, not IP addresses, so if the endpoint’s IP changes (for example, in cloud autoscaling), you must update its Endpoint in the configuration: wg set wg0 peer <public-key> endpoint <new-ip>:51820 Overlay debugging requires seeing both worlds at once, the logical (tunnel) and physical (underlay) networks. Always verify that encapsulated packets can travel freely and that MTU accommodates the overhead. Most ghost packets die because of either firewall drops or fragmentation within the tunnel. When Firewalls and Conntrack Betray YouFirewalls are supposed to protect systems, but when they fail silently, they create some of the hardest problems to diagnose. Linux’s connection tracking layer (conntrack) manages the state of every connection for NAT and stateful inspection. When its table fills or rules conflict, packets disappear with no visible error. Start by checking the current number of tracked connections: cat /proc/sys/net/netfilter/nf_conntrack_count cat /proc/sys/net/netfilter/nf_conntrack_maxI have debugged a number of microservice cluster where outbound connections failed intermittently and the culprit is overloaded conntrack table. Each NAT-ed connection consumes an entry, and the table silently drops new connections once full. The solution to this issue is simply increasing the limit: sysctl -w net.netfilter.nf_conntrack_max=262144For persistent tuning, add it to /etc/sysctl.conf. State timeouts can also cause intermittent loss and long lived connections often expire in conntrack while still active on the application side. Adjust the TCP established timeout: sysctl -w net.netfilter.nf_conntrack_tcp_timeout_established=3600Firewalls configured with nftables or iptables can complicate debugging when NAT or DNAT rules are applied incorrectly. Always inspect the active NAT table: nft list table natMake sure destination NAT and source NAT are paired correctly because Asymmetric NAT produces connection resets or silence. In high-throughput environments, offloading some rules to nftables sets with maps improves performance and reduces conntrack pressure. This is one of the areas where modern Linux firewalls significantly outperform legacy setups. Conntrack issues are often invisible until you look directly into its state tables. Once you learn to monitor them, many “random” connectivity problems turn out to be predictable and fixable. Lessons I Wish I Learned EarlierEvery engineer eventually learns that networking failures tend to follow recognizable patterns, and identifying those patterns early can save hours of unnecessary panic. 1. Always check the local host first. Half of network incidents begin with something as simple as a down interface, a missing route, or an outdated /etc/resolv.conf. 2. Validate one layer at a time. Use ping for reachability, dig for DNS, traceroute for routing, tcpdump for packet visibility, and nft list ruleset for firewalls and never skip steps. 3. Document assumptions. When debugging, write down what you believe should happen before testing. Networking surprises often come from assumptions no one verified. 4. Monitor the invisible. Connection tracking, queue lengths, and interface drops are invisible in standard metrics. Expose them to your monitoring system to catch silent failures early. 5. Learn how Linux really routes. Most complex issues trace back to misunderstood routing tables, policy rules, or namespaces. Understanding these mechanisms transforms troubleshooting from guessing to knowing. Wrapping UpThe more you troubleshoot Linux networking, the more you realize it is not about memorizing commands. It is about building mental models of how packets move, how policies influence paths, and how the kernel’s view of the network differs from yours. For DevOps engineers managing modern infrastructure, from bare metal to Kubernetes that understanding becomes essential. Once you have fixed enough DNS loops, routing asymmetries, and conntrack overflows, the next logical step is to study how Linux handles these problems at scale: multiple routing tables, virtual routing instances, nftables performance tuning, encrypted overlays, and traffic shaping. The Linux Networking at Scale course builds directly on these foundations. It goes deeper into policy routing, nftables, overlays, and QoS, the exact skills that turn network troubleshooting into design. I highly recommend checking it out. Linux Networking at ScaleMaster advanced networking on Linux — from policy routing to encrypted overlays.Linux HandbookUmair Khurshid

by: Sourav Rudra Tue, 11 Nov 2025 14:22:16 GMT Having a reliable help desk solution is a must for any consumer-facing business in today's digital age. Whether you handle customer emails, support tickets, or live chat, a good help desk system keeps your communication organized and your customers happy. Sadly, many companies take advantage of this need. They push users into walled gardens where access to basic features can change on a whim and key tools get locked behind paywalls. Help Scout's pricing as of November 11, 2025.One such case has been of Help Scout, which switched to a more expensive pricing plan. After customer backlash, the company reverted to a revised plan that was slightly cheaper than the one that sparked the outrage. But, what if I told you there was an alternative that does not make you anxious about sudden pricing changes? Something that lets you build your own setup, keep your data close, and pay only for what you actually need. FreeScout Doesn't Lock You InFreeScout is an open source help desk and shared mailbox built with PHP and Laravel. It is licensed under AGPL 3.0, which means the code is freely available, and you can self-host it on your own server without having to pay any user-based costs. You only pay for hosting and optional paid modules that expand functionality. Modules cover integrations, push notifications, and specialized features. Everything else, from ticket handling to automation, works out of the box once you install FreeScout. Other than the usual help desk features like shared inboxes, agent collision detection, canned responses, and user management, FreeScout offers flexibility that few platforms can match. FreeScout goes a step further with self-hosting, custom domains, API access, and full database control. You decide how your data is stored, backed up, and secured. For organizations that care about privacy and sovereignty, this makes a real difference. It also supports mobile apps for Android and iOS. Push notifications require a paid server-side module, but once configured, your team can manage tickets directly from their phones with no extra cloud dependencies. If you want integrations, FreeScout connects with Slack, Telegram, and other services. There are modules for CRM tools, customer portals, and even AI-assisted responses (via Community modules). Some Things to Keep in MindRunning FreeScout does need some technical setup. You will manage hosting, updates, and backups. Adding advanced features like AI-powered replies or analytics will take extra configuration and can add costs over time. Depending on your setup, you may still rely on FreeScout modules or community support. That means moving away later could take planning, though you always keep your data since it lives on your own server. In contrast, Help Scout and Zendesk provide everything under a single roof. They handle hosting, maintenance, and scaling for you but limit backend customization and control. You use what they provide within their rules. Overall, what FreeScout offers beats any walled garden solution, especially for people running small businesses or larger teams that value data ownership and predictable costs over convenience that comes with lock-in. Want to Deploy It?You can try FreeScout in your browser using its live demo. If you would like hosting it yourself, the official installation guide covers every step for various kinds of setups. Plus, there are apps for both Android and iOS. However, in order to for them to work with your FreeScout instance, you must do some additional config work. FreeScout🚀Run your own instance of FreeScout effortlessly in the cloud with PikaPods! Start free with $5 welcome credit 😎If you are considering a move from another help desk like Help Scout or Zendesk, you should check out the official migration guide, and if you are interested in the source code, then you can visit the project's GitHub repository. Suggested Read 📖 5 Signs Your Proprietary Workflow Is Stifling Your Creativity (And What You Can Do About It)If these signs feel familiar, your creativity may be stifled by proprietary constraints.It's FOSSTheena Kumaragurunathan

by: Abhishek Prakash Tue, 11 Nov 2025 11:07:18 GMT Imagine that one of the most prestigious open source software websites starts showing up in top results for "pornhub downloader". This is actually happening with Flathub, the official web-based app store for Flatpak packages. Here's a demo I made while risking to spoil my relationship with Google: 0:00 /0:20 1× And no, I was not particularly looking for a one-handy utility like this 👼 I was using Ahrefs, a SEO tool used for monitoring web rankings, among other things. This is when I noticed that FlatHub was ranking for terms it should not have been. Flathub ranking for words it wouldn't wantNot just that, out of the top 10 ranked pages, at least 2 of them are NSFW tag pages. Top ranking pages are not something Flathub would be proud ofShady developer piggybacking on Flathub's reputationThis would have been one innovative, fun way to make more people use open source software only the application that uses these tags is not open source software at all. There are actually three of these applications, all of which were created by the same developer, called Warlord Software. I am not going to link out to this website out of spite. Similar kinds of apps, from the same developerIf you visit the Flathub page of these applications, nothing seems extra ordinary, just a regular downloader app for Linux. Seems like a regular downloader app until it is notBut when you scroll down to the tag section, this is where you see the root cause of the problem. All three apps are using those NSFW tags. This is a deliberate act of exploiting the good reputation of Flathub to get more people to dowload these applications before getting them on the paid version. Yes, all these three apps have premium licenses as well. Before you say that this is all no-issue and there is nothing wrong with offering an app for downloading videos from adult websites, let me tell you that you will find no such tags or words mentioned anywhere on the developer's website: No NSFW words on developer's own website where these apps are offeredHere's what's going on...See, it is nearly impossible for a new website or application to rank for popular but highly competitive keywords like 'xyz downloader'. There are numerous websites and tools that let you download online videos from x number (orn XXX number) of websites. So this developer created a few downloader apps that have no special features, offered Flatpak versions for Linux users, published them on Flathub and tagged them with the NSFW keywords. With verified tag, the app looks more legit and tempting to download. It is easy for a highly reputed website like Flathub to rank highly for those terms. This way, a shrewd developer who would have never been able to get even 100 downloads on his own got more than 250,000 downloads. There are tons of good downloader applications for Linux. They can also use these keywords, but we only have apps made by a certain developer doing this. This is pure exploitation of the Flathub ecosystem. Flathub is not to be blamed hereIt's not entirely their fault that someone added NSFW words and used it to sell shady properitary apps. Although they should be more careful about such clear exploitation of their web reputation. Now, it may seem like I am making an issue out of nothing. Perhaps. I actually noticed this a few months ago. I wanted to write about it but then I decided to ignore a 'non-issue'. Few months later, Flathub was still ranking for all kind of this-hub, that-tube, xyz-hamster downloaders, and I could not tolerate it anymore. Lovely folks at Flatpak/Flathub/Fedora, please take note. My rant ends here.

by: Chris Coyier Mon, 10 Nov 2025 18:00:39 +0000 It’s interesting to me to think about during a lot of the web’s evolution, there were many different browser engines (more than there are now) and they mostly just agreed-on-paper to do the same stuff. We focus on how different things could be cross-browser back then, which is true, but mostly it all worked pretty well. A miracle, really, considering how unbelievably complicated browsers are. Then we got standards and specifications and that was basically the greatest thing that could have happened to the web. So we put on our blue beanies and celebrate that, which also serves as a reminder to protect these standards. Don’t let browsers go rogue, people! Then, still later, we actually got tests. In retrospect, yes, obviously, we need tests. These are now web-platform-tests (WPT), and they help all the browser engines make sure they are all doing the right thing. Amazing. (Side note: isn’t it obnoxious how many billions of dollars goes into newfangled browsers without any of them contributing or funding actual browser engine work?) I only recently just saw browserscore.dev by Lea Verou as well. Yet another tool to keep browsers honest. Frankly I’m surprised how low all browsers score on those tests. I read in one of Lea’s commit messages “We’re not WPT, we’re going for breadth not depth.” which I found interesting. The Browser Score tests run in the browser and pretty damn fast. I haven’t run them myself, but I have a feeling WPT tests take… a while. How can we improve on all this? Well a gosh-darn excellent way to do it is what the companies that make browsers have already been doing for a number of years: Interop. Interop is a handshake deal from these companies that they are going to get together and pick some great things that need better testing and fixed up implementations and then actually do that work. Interop 2025 looks like it went great again. It’s that time again now, and these browser companies are asking for ideas for Interop 2026. If you have something that bugs you how it works cross-browser, now is a great time to say so. Richard has some great ideas that seem like perfect fits for the task. Godspeed, ya’ll. We can’t all be like Keith and just do it ourselves.

by: Neeraj Mishra Mon, 10 Nov 2025 16:40:16 +0000 Creating and updating geo targeted APIs may seem easy, but there are countless challenges involved. Every country, every city, and every mobile network can respond differently and will require distinct adjustments. When pricing endpoints contain location-based compliance features and payment options, testing them will require more than one physical location. Proxies are a crucial part of the developer’s toolkit–they enable you to virtually “stand” in another country to observe what the users see. Developers encounter many problems when it comes to testing geo targeted APIs and it is the use of proxies that addresses this concern. In this article, we will outline the proxy use case and its benefits, the different proxy types, and potential challenges. We will maintain a practical approach so that you can pass it to a QA engineer or a backend developer and they will be able to use it directly. What Are Geo Targeted APIs and Why Do They Matter? A geo targeted API is an API that customizes its response according to clients’ geographical location. Such locations are primarily determined by an IP address, sometimes by headers, and in specific situations by account data. Streaming services provide different content to different countries, hotel booking systems adjust prices based on geographical location, ride-hailing apps change currency according to local clientele, and fintech apps restrict viewable payment services based on geographical payment regulations. Why are developers so focused on this? Such APIs also need to be consistent, compliant, and predictable, and for good reason. When users in Poland see prices in USD instead of the local PLN, or people in the UK see services that are not legally available to them, there are likely customer dissatisfaction, transaction failures, or, in the worst case, regulatory issues to deal with. Ensuring that geo logic is accurately tested is not optional; for anything that concerns money, content, or the law, it is essential built-in QA. If a team is based in a single location, it is predictable that all requests that they attempt are from that location. Mock the API is an option, but that will not give you enough information about what the real upstream service will return, and that’s critical information. A way to disguise requests as if they come from a different geographical location is necessary, that is the function of a proxy in this situation. Why Proxies Are the Easiest Way to Test Location-Based Responses? A proxy server acts as an intermediary that conveys your request to the target API and returns the response. One important element is the API only sees the proxy’s IP address and not yours. Assuming the proxy is in Germany, the API will think the request is coming from Germany; the same applies to Brazil, the API will see Brazil. A developer can use a good proxy pool to send an API request from 10 different countries and check if the API is working correctly. You also don’t have to set up test infrastructure in different regions. No cloud instances have to be set up in various geographies every time you want to test. You don’t have to rely on colleagues from different countries to participate in “just a check” test. Simply route the request through a different IP address and analyze the results. Another reason for the popularity of proxies in this task is that they work on the network level. There is no need to alter the API code itself, only the API caller needs to be changed. This enables QA engineers and backend developers to test production-like behavior without changing the production logic. Typical Workflow: How Developers Actually Use Proxies in Testing Let’s break down a realistic workflow you’d see in a team that regularly tests geo targeted APIs. Define the geo scenarios First, the team decides which locations they need to test: EU vs US, specific countries like UK, Canada, Germany, UAE, or mobile-only markets. This list often mirrors business logic in the API. Choose or rotate proxies for those locations The tester/developer picks proxy endpoints that match those locations. A good provider will offer a large choice of countries so you don’t have gaps in testing. Send the same API request through different proxies The team sends the same endpoint call – say, /v1/pricing?product=123 – but with the client configured to use different proxy IPs. The API should return different currencies, prices, availability, language, or content depending on the location. Capture and compare responses Responses are saved and compared either manually or with automated tests. If Germany and France receive the same content but they were supposed to be different, that’s a bug. Automate for regression Once the pattern is confirmed, the team bakes it into CI/CD or scheduled tests. Every time the API is deployed, the test suite calls it from multiple countries via proxies to ensure nothing broke. That’s the core idea: same request, different exit IP, compare output. Which Types of Proxies Are Best for Geo API Testing? Not all proxies are equal, and developers learn this quickly once they start hitting real services. Some APIs are strict, some are lenient, and some are downright suspicious of automated traffic. So choosing the right proxy type matters. Here is a simple comparison to help decide: Proxy TypeBest Use CaseProsConsDatacenter proxiesFast functional testing across many countriesHigh speed, good for automation, cheaperSome services detect them as non-residentialResidential proxiesTesting real-user conditions and stricter APIsHigh trust, looks like normal user trafficSlower, often more expensiveMobile proxiesTesting mobile-only features and app endpointsSeen as mobile users, great for app testingMost expensive, limited availabilityRotating proxiesLarge-scale multi-geo automated testingIP freshness, less blocking over many callsHarder to debug single fixed IP behaviour For most backend teams, datacenter proxies are enough to verify logic: does the API return EUR to a German IP and GBP to a UK IP? For QA teams testing production-like flows, residential or mobile proxies are better, because many modern APIs personalise content or apply security rules based on the perceived “realness” of the IP. If you need a flexible source of geo IPs for dev and QA, using a provider like proxys.io is convenient because you can pick locations on demand and plug them into your scripts without overcomplicated setup. Key Things Developers Test with Proxies Developers don’t use proxies for fun; they use them to answer very specific questions about how a geo targeted API behaves. Here are the most common areas they validate: Currency and localisation (USD vs EUR vs GBP, date formats, language headers) Regional availability (is this product/service actually shown in this market?) Compliance-based hiding (is restricted content hidden in specific countries?) Pricing tiers (do high-income regions get different price ladders?) Payment gateways (is a certain payment method visible in that country?) Feature flags tied to geography (e.g. features rolled out in 3 markets only) By running the exact same call through 5–10 different country proxies, the developer immediately sees if business rules are correctly encoded in the API. One Practical List: Best Practices for Using Proxies in API Testing Use HTTPS for all proxy traffic to avoid tampering and to mirror real-world usage. Keep a mapping of “country → proxy endpoint” in your test repo so tests are reproducible. Log the IP and country used for each test run – it makes debugging much easier. Don’t rely on just one IP per country; some APIs will cache responses per IP. Add assertions per country in automated tests (“if country=DE, expect currency=EUR”). Rotate or refresh proxies periodically to avoid stale or blocked IPs. Document test coverage so product owners know which countries are actually being tested. This is the kind of hygiene that turns proxies from an ad-hoc trick into a stable part of your QA pipeline. How to Integrate Geo Proxy Testing into Automated Pipelines A lot of teams start by testing manually with a proxy in Postman, Insomnia, or curl. That’s fine for discovery, but not enough for long-term reliability. The real win is when you add multi-geo tests into CI/CD so every deployment checks location-based behaviour automatically. The pattern is straightforward: Your test suite has a list of target countries. For each country, the test runner sets the proxy configuration. The runner calls the API and captures the response. The test compares the response to the expected shape/content for that country. If even one country fails (for example, Canada doesn’t get CAD), the pipeline fails. When proxies provide a simplified network-level interface, it is compatible with virtually any language or testing framework, be it JavaScript (Axios, node-fetch), Python (requests), Java (HttpClient), Go (http.Client with transport), or even a cURL-based Bash script. It is a matter of setting the proxy for each request.  This is extremely useful for teams implementing progressive geo-release features. Suppose the marketing team wants to release a feature in the UK and Germany, but not in the US. Your continuous integration system could enforce this rule. If the US suddenly gets the feature, the build fails. That is control. Common Pitfalls and How to Avoid Them While proxy-based testing is simple in principle, developers do hit some recurring issues: 1. API uses more than IP to detect location Some APIs also look at Accept-Language, SIM/Carrier data (for mobile), or account settings. If you only change IP, you might not trigger all geographic branches. Solution: mirror headers and user profile conditions where possible. 2. Caching hides differences If the upstream service caches by URL only (not by IP), you might get the same response even when changing country. Solution: add cache-busting query params or ensure the API is configured to vary by IP. 3. Using free or low-quality proxies Unreliable proxies cause false negatives – timeouts, blocked IPs, or wrong countries. For testing business logic, stable and correctly geo-located IPs matter more than saving a dollar. 4. Forgetting about time zones Some services couple geo logic with local time. If you test only the IP but not the time window, you might think the feature is missing. Document time-based rules separately. 5. Not logging proxy usage When someone reports “Germany didn’t get the right prices”, you need to know which IP you used. Always log the proxy endpoint and country for traceability. Avoiding these mistakes makes geo testing with proxies extremely reliable. Why Proxies Beat Manual Remote Testing You could ask a colleague in Spain to click your link. You could set up cloud instances in 12 regions. You could even travel. But those options are slow, expensive, and not repeatable. Proxies, on the other hand: Work instantly from your current location Scale to as many countries as your provider supports Can be run in CI/CD, not just manually Are independent from your personal device or IP Are easy to rotate if one IP is blocked From an engineering point of view, they’re simply the most automatable way to emulate different user geographies. Conclusion: Proxies Turn Geo Testing into a Repeatable Process There are geo-targeted APIs everywhere – commerce, content, fintech, mobility, gaming, SaaS. Any product you operate in multiple countries will eventually have to solve the question, “What does this look like for users in X?” Proxies give the cleanest way for developers to programmatically answer this question.  Developers can check whether prices, currencies, languages, availability, and compliance rules behave as expected by changing the same API call to use different country IPs. With a good proxy provider, you can turn this from a one-off debugging technique into a standard check in your testing process. The conclusion is straightforward: If the API logic is based on the user’s location, so must the testing be. Proxies are the way to achieve this from your desk. The post How Developers Use Proxies to Test Geo Targeted APIs? appeared first on The Crazy Programmer.

by: Sourav Rudra Mon, 10 Nov 2025 14:59:22 GMT Humble Bundle has a Linux collection (partner link) running right now that's kind of hard to ignore. Twenty-two books covering everything from "how do I even install this" to Kubernetes orchestration and ARM64 reverse engineering. All from Apress and Springer; this means proper technical publishers, not some random self-published stuff. Humble Tech Book Bundle: Linux for Professionals by Apress/SpringerUnlock essential resources for Linux—get a professional edge on the competition with a little help from the experts at Apress & Springer!Humble BundleIf you decide to go ahead with this bundle, your money will go to support Room to Read, a non-profit that focuses on girls' literacy and education in low-income communities. ⏲️ The last date for the deal is November 24, 2025. 📋This article contains affiliate links. Please read our affiliate policy for more information.So, What's in The Bundle?First off, the "Zero to SysAdmin" trilogy. Using and Administering Linux: Volume 1 covers installation and basic command line usage. Volume 2 goes into file systems, scripting, and system management. Volume 3 focuses on network services like DNS, DHCP, and email servers. The Kubernetes coverage includes three books. Deploy Container Applications Using Kubernetes covers microk8s and AWS EKS implementations. Ansible for Kubernetes by Example shows cluster automation. Kubernetes Recipes provides solutions for common deployment scenarios. Plus Certified Kubernetes Administrator Study Companion if you're prepping for the CKA exam. systemd for Linux SysAdmins explains the init system and service manager used in modern distributions. It covers unit files, service management, and systemd components. For low-level work, there's Assembly Language Reimagined for Intel x64 programming on Linux. Foundations of Linux Debugging, Disassembling, and Reversing covers x64 architecture analysis. Foundations of ARM64 Linux Debugging, Disassembling, and Reversing does the same for ARM64. Linux Containers and Virtualization covers container implementation using Rust. Oracle on Docker explains running Oracle databases in containers. Supercomputers for Linux SysAdmins covers HPC cluster management and hardware. Yocto Project Customization for Linux is for building custom embedded Linux distributions. Pro Bash is a shell scripting reference. Introduction to Ansible Network Automation covers network device automation. The Enterprise Linux Administrator and Linux System Administration for the 2020s both cover current sysadmin practices. Practical Linux DevOps focuses on building development labs. CompTIA Linux+ Certification Companion is exam preparation material. Linux for Small Business Owners covers deploying Linux in small business environments. What Do You Get for Your Money?All 22 books are available as eBooks in PDF and ePub formats. They should work on most modern devices, ranging from computers and smartphones to tablets and e-readers. Here's the complete collection. 👇 Column 1 Column 2 CompTIA Linux + Certification Companion Introduction to Ansible Network Automation Certified Kubernetes Administrator Study Companion Pro Bash Yocto Project Customization for Linux Linux Containers and Virtualization Using and Administering Linux: Volume 1 Foundations of ARM64 Linux Debugging, Disassembling, and Reversing Using and Administering Linux: Volume 2 Foundations of Linux Debugging, Disassembling, and Reversing Using and Administering Linux: Volume 3 Deploy Container Applications Using Kubernetes systemd for Linux SysAdmins Ansible for Kubernetes by Example Assembly Language Reimagined Linux for Small Business Owners Kubernetes Recipes Linux System Administration for the 2020s Oracle on Docker Practical Linux DevOps Supercomputers for Linux SysAdmins The Enterprise Linux Administrator There are three pricing tiers here: $1 tier: Two books: Linux System Administration for the 2020s and Practical Linux DevOps. Both focus on current practices. Not bad for a dollar. $18 tier: Adds three more books covering Kubernetes, Ansible automation, and DevOps stuff. Five books total. $25 tier: All 22 books. This is where you get the whole bundle. These books are yours to keep with no DRM restrictions. Head over to Humble Bundle (partner link) to grab the collection before the deal expires. Get The Deal (partner link)

by: Geoff Graham Mon, 10 Nov 2025 14:44:13 +0000 A few links about headings that I’ve had stored under my top hat. “Page headings don’t belong in the header” Martin Underhill: A classic conundrum! I’ve seen the main page heading (<h1>) placed in all kinds of places, such as: The site <header> (wrapping the site title) A <header> nested in the <main> content A dedicated <header> outside the <main> content Aside from that first one — the site title serves a different purpose than the page title — Martin pokes at the other two structures, describing how the implicit semantics impact the usability of assistive tech, like screen readers. A <header> is a wrapper for introductory content that may contain a heading element (in addition to other types of elements). Similarly, a heading might be considered part of the <main> content rather than its own entity. So: <!-- 1️⃣ --> <header> <!-- Header stuff --> <h1>Page heading</h1> </header> <main> <!-- Main page content --> </main> <!-- 2️⃣ --> <main> <header> <!-- Header stuff --> <h1>Page heading</h1> </header> <!-- Main page content --> </main> Like many of the decisions we make in our work, there are implications: If the heading is in a <header> that is outside of the <main> element, it’s possible that a user will completely miss the heading if they jump to the main content using a skip link. Or, a screenreader user might miss it when navigating by landmark. Of course, it’s possible that there’s no harm done if the first user sees the heading prior to skipping, or if the screenreader user is given the page <title> prior to jumping landmarks. But, at worst, the screenreader will announce additional information about reaching the end of the banner (<header> maps to role="banner") before getting to the main content. If the heading is in a <header> that is nested inside the <main> element, the <header> loses its semantics, effectively becoming a generic <div> or <section>, thus introducing confusion as far as where the main page header landmark is when using a screenreader. All of which leads to Martin to a third approach, where the heading should be directly in the <main> content, outside of the <header>: <!-- 3️⃣ --> <header> <!-- Header stuff --> </header> <main> <h1>Page heading</h1> <!-- Main page content --> </main> This way: The <header> landmark is preserved (as well as its role). The <h1> is connected to the <main> content. Navigating between the <header> and <main> is predictable and consistent. As Martin notes: “I’m really nit-picking here, but it’s important to think about things beyond the visually obvious.” Read article “Fluid Headings” Donnie D’Amato: To recap, we’re talking about text that scales with the viewport size. That usually done with the clamp() function, which sets an “ideal” font size that’s locked between a minimum value and a maximum value it can’t exceed. .article-heading { font-size: clamp(<min>, <ideal>, <max>); } As Donnie explains, it’s common to base the minimum and maximum values on actual font sizing: .article-heading { font-size: clamp(18px, <ideal>, 36px); } …and the middle “ideal” value in viewport units for fluidity between the min and max values: .article-heading { font-size: clamp(18px, 4vw, 36px); } But the issue here, as explained by Maxwell Barvian on Smashing Magazine, is that this muffs up accessibility if the user applies zooming on the page. Maxwell’s idea is to use a non-viewport unit for the middle “ideal” value so that the font size scales to the user’s settings. Donnie’s idea is to calculate the middle value as the difference between the min and max values and make it relative to the difference between the maximum number of characters per line (something between 40-80 characters) and the smallest viewport size you want to support (likely 320px which is what we traditionally associate with smaller mobile devices), converted to rem units, which . .article-heading { --heading-smallest: 2.5rem; --heading-largest: 5rem; --m: calc( (var(--heading-largest) - var(--heading-smallest)) / (30 - 20) /* 30rem - 20rem */ ); font-size: clamp( var(--heading-smallest), var(--m) * 100vw, var(--heading-largest) ); } I couldn’t get this working. It did work when swapping in the unit-less values with rem. But Chrome and Safari only. Firefox must not like dividing units by other units… which makes sense because that matches what’s in the spec. Anyway, here’s how that looks when it works, at least in Chrome and Safari. CodePen Embed Fallback Read article Style :headings Speaking of Firefox, here’s something that recently landed in Nightly, but nowhere else just yet. Alvaro Montoro: :heading: Selects all <h*> elements. :heading(): Same deal, but can select certain headings instead of all. I scratched my head wondering why we’d need either of these. Alvaro says right in the intro they select headings in a cleaner, more flexible way. So, sure, this: :heading { } …is much cleaner than this: h1, h2, h3, h4, h5, h6 { } Just as: :heading(2, 3) {} …is a little cleaner (but no shorter) than this: h2, h3 { } But Alvaro clarifies further, noting that both of these are scoped tightly to heading elements, ignoring any other element that might be heading-like using HTML attributes and ARIA. Very good context that’s worth reading in full. Read article Headings: Semantics, Fluidity, and Styling — Oh My! originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

by: Sourav Rudra Mon, 10 Nov 2025 12:35:00 GMT Microsoft's proprietary formats like .doc and .docx dominate the office productivity landscape. Most people and organizations rely on these formats for daily document work. This creates a predatory situation where vendor lock-in is the norm and compatibility issues are taken as a omen that moving away from Microsoft Office is a bad idea. OpenDocument Format (ODF) offers an open alternative. It is an ISO-standard XML-based format for text documents, spreadsheets, presentations, and graphics. ODF works across multiple office suites, including LibreOffice, Collabora Online, and Microsoft Office itself. The format operates under the OASIS Open umbrella, a nonprofit consortium that develops open standards and open source projects. It brings together individuals, organizations, and governments to solve technical challenges through collaboration. Coming after four years of development work, OASIS Open has introduced ODF 1.4, marking a major milestone during ODF's 20th anniversary as an OASIS Standard. ODF 1.4 Packs in Many UpgradesThe development involved contributions from multiple organizations. Engineers from Collabora, The Document Foundation, IBM, Nokia, Microsoft, and KDE participated. Community members from the LibreOffice project also made significant contributions. As for the major improvements of this release, tables can now be placed inside shapes, breaking free from the textbox-only limitation. This bridges a compatibility gap with Microsoft's OOXML and other file formats, making cross-format workflows smoother. Accessibility gets meaningful upgrades through decorative object marking. Images and shapes can be flagged as decorative, instructing screen readers to skip them. This eliminates clutter for assistive technology users navigating complex documents. A new overlap prevention property helps manage document layout. Anchored objects can now specify whether they need to avoid sitting on top of other elements. This gives users finer control over how images and shapes interact on a page. Text direction support improves with 90-degree counter-clockwise rotation. Content can now flow left to right, then top to bottom, in this rotated orientation. The addition complements the existing clockwise direction commonly used for Japanese text layouts. Michael Stahl, Senior Software Engineer at Collabora Productivity, explained the development approach: Over the last four years, since ODF 1.3 was approved, engineers from Collabora Productivity and LibreOffice community members have worked with the Technical Committee to standardise many important interoperability features.The feature freeze for ODF 1.4 was over two years ago, so while the list of changes is extensive the focus here is not on ‘new’ features that contemporary office suite users haven’t seen before, but improvements to bring ODF more in-line with current expectations.For a Closer LookThe complete ODF 1.4 specification is available on the OASIS Open documentation website. The specification consists of four numbered documents covering different aspects of the standard. Part 1 provides the introduction and master table of contents. Part 2 defines the package format language. Part 3 contains the XML schema definitions. Part 4 specifies the formula language for spreadsheet calculations. ODF 1.4Suggested Read 📖 Ownership of Digital Content Is an Illusion—Unless You Self‑HostPrices are rising across Netflix, Spotify, and their peers, and more people are quietly returning to the oldest playbook of the internet: piracy. Is the golden age of streaming over?It's FOSSTheena Kumaragurunathan

by: Roland Taylor Mon, 10 Nov 2025 05:30:39 GMT If you love working in the terminal or just want something fast and lightweight for calendar management, Calcurse gives you a full organiser you can use right in your shell. As its name suggests, Calcurse uses ncurses to deliver a complex command-line interface that rivals some GUI apps in features and efficiency. 0:00 /1:05 1× If you don't need automated reminders and/or the overhead of a database, it's great for keeping track of your appointments and to-do lists. Being lightweight, it works well in server environments over SSH, and is a great candidate for those using low-powered devices. Understanding Calcurse at a glanceThe standard Calcurse interface in actionCalcurse is written in C, and boasts robust support for scripting and helper tools. It supports many of the features you'd expect in a GUI calendar app, including iCalendar (.ics) import/export, as well as some you may never have thought of. It should bring back some nostalgia if you were around during the early days of computing (DOS, early Unix, etc), where text-based user interface (TUI) apps were predominant, and complex, keyboard-driven interfaces were actually the norm. 📋I can't cover everything about Calcurse here, since it's got way too many features for a single article. If you're interested in trying it out, check out the documentation.Calcurse operates in three main forms: An interactive ncurses interface: the standard Calcurses interface that you get by running the calcurses command with no arguments or flags.A non-interactive TUI: prints output according to parameters, and exits. Called by passing flags like --status.A background daemon: must first be enabled from the ncurses interface or run with --daemon, can be ended by starting the interactive interface or by using pkill calcurse.Most actions are a single keystroke away, with on-screen prompts and a simple help/config menu when you need it. Once the shortcuts click, navigation is quick and predictable. Where most calendar apps store your data in a database, Calcurse uses plain text files on the backend. This choice keeps it snappy, easy to back up, and instantly responsive to your changes. At this time, Calcurse can only show one calendar per instance, so if you'd like to have multiple calendars, you'll need to run different instances, each connected to a different calendar file (with -c) and data directory (with -D). Notifcations and sync? Check!Calcurse supports notifications within its ncurses UI or by running a custom command (such as your system's mailer or your desktop environment's own notification system). By default, Calcurse does not run as a daemon (background process), so as long as you're not actively running it, it uses no additional system resources. However, being as versatile as it is, you can enable daemon mode so Calcurse can deliver notifications even after you quit the UI. Launching the UI typically stops the daemon to avoid conflicting instances, unless using the --status flag. To avoid this, you can run Calcurse as a separate instance or query it using the appropriate flags without bringing up the UI. If you'd prefer a more hands-on approach, you can set up cron jobs and scripting to interact with the non-interactive mode for the same purposes. iCalendar import/export is built into the native app itself and can be invoked with "i" (for import) or "x" (for export). CalDAV sync is also supported, but requires a third-party helper (calcurse-caldav). It's still considered alpha-quality software, and does require its own database, so syncing between Calcurse instances may be a little trickier here. Going deeper on syncingPerhaps one of the coolest parts of using a tool like Calcurse is that since everything is kept in plain text, you can use version control for just about everything: from configurations to schedules. If you have a certain schedule you'd like to sync between your devices, you'd just need to store your ~/.config/.calcurse~ and ~/.local/share/calcurse folders in a Git repo or your personal Nextcloud server, for instance. You could have the actual folder stored in your sync location and have Calcurse read from a symlink. This way, you could manually edit your configuration from anywhere, and have it automatically sync to every device where you use Calcurse. Pretty handy for power users with many devices to manage. Customisation and quality-of-lifeCustomizing the colour theme in Calcurse is easyWith how many advanced features Calcurse offers, you may not be too surprised to learn that it supports a degree of customisation (in interactive mode), accessible through the config menu. You can change the colours and layout, or choose the first day of the week. You can also enable various quality of life features, like autosave and confirmations. If you don't like the standard key bindings, you can set your own, which is quite handy for those who may have certain preferences. For example, you can bind a custom key for jumping between views. If you're running Calcurse in a terminal emulator under Wayland, it's especially useful. You won't need to worry about running into conflicts over hotkeys in your desktop environment. Changing viewsCalcurse with the calendar in week viewIf you'd like to change how the calendar is displayed, you can change the appearannce.calendarview option in the config between monthly and weekly. In weekly view, the number of the week is shown in the top right-corner of the calendar. There's no way to enable this in the monthly view, it shows the day of the year instead. Creating an appointment with the calendar in month viewIf you'd like to show notifications in Calcurse itself, you can toggle the notification bar with the appearance.notifybar option. I didn't test notifications in this way, as I'd prefer to set up system integration. Where Calcurse might not be for youOf course, as powerful as it is, Calcurse does have some quirks and shortcomings that may be an issue for some users. For instance, it does not support any fancy views or month-grid editing like many GUI calendar tools. To be fair, the default interface is simple enough to be comfortable to use once you get used to it, but if you need these additional features, you're out of luck. One other quirk is that the 12-hour time format is not globally supported throughout the app. The interactive list uses the hh:mm format, whereas the notification bar and CLI output can be switched to the 12 hr format. The rest of the app displays its time in the 24 hr format. Changing the format where you are allowed to isn't trivial, so be prepared to consult the documentation for this one. The format quirks also show up in how you choose certain display units for dates. Unless you're well versed in these, you might find yourself consulting the documentation often. This could be off-putting for some users, even terminal lovers who prefer the TUI over everything else. It's also inconsistent in this way, since format.inputdate uses simple numbers in the config, whereas format.dayheading uses the less familiar "%-letter" format. Overall, even if you like working on the command-line, the learning curve for Calcurse can be a little steep. That said, once you get acclimated, the key-driven TUI is actually comfortable to work with, and the high range of features would make it a great tool for those who like to build custom solutions on top of headless apps. Getting Calcurse on your distroCalcurse is packaged for many distros, including Debian/Ubuntu, Arch, Fedora, and others, as well as their derivatives, of course. You can search for calcurse in your software manager (if it supports native packages) or use your standard installation commands to install it: Debian/Ubuntu/Mint: sudo apt install calcurse Fedora: sudo dnf install calcurseArch: sudo pacman -S calcurseHowever, if you're looking to build from source, you can grab up-to-date source releases from the Calcurse downloads page, pull the latest code from the project's GitHub page. 📋Calcurse does not track releases on its GitHub page. If you pull from Git, you're essentially pulling the development branch.ConclusionCalcurse is a rare gem: a powerful, straightforward TUI calendar management app with support for iCal import/export, CalDAV sync, and scriptable reports. If you live in the shell, manage servers over SSH, or want plain-text data you can version, it's a reasonable solution. Sure, there are real trade-offs: no month-grid, a slight learning curve, and 12-hour time relegated to the notification bar and output. For terminal-first users, it is an easy recommendation.

by: Theena Kumaragurunathan Sun, 09 Nov 2025 03:44:40 GMT Privacy is a practice. I treat it like tidying my room. A little attention every weekend keeps the mess from becoming a monster. Here are seven wins you can stack in a day or two, all with free and open source tools. 1. Harden your browserFirefox is still the easiest place to start. Install uBlock Origin, turn on strict tracking protection, and only whitelist what you truly need. Add NoScript if you want to control which sites can run scripts. Why it matters: Most tracking starts in the browser. Blocking it reduces profiling and drive‑by nasties.How to do it: In Firefox settings, set Enhanced Tracking Protection to Strict. Install uBlock Origin. If you’re comfortable, install NoScript and allow scripts only on trusted sites.Trade‑off: Some pages break until you tweak permissions. You’ll learn quickly which sites respect you.2. Search without surveillanceShift your default search to privacy‑respecting frontends and engines. SearXNG is a self‑hostable metasearch. Startpage, if you want something similar to Google, although excessive ads on their search page is a turn-off. Why it matters: Your searches reveal intent and identity. Reducing data capture lowers your footprint.How to do it: Set your browser’s default search to DuckDuckGo or Startpage or a trusted SearXNG instance. Consider hosting SearXNG later if you enjoy tinkering.Trade‑off: Results can feel slightly different from Google. For most queries, they’re more than enough.📋The article contains some partnered affiliate links. Please read our affiliate policy.3. Block ads and trackers on your networkA Pi‑hole or AdGuard Home (partner link) box filters ads for every device behind your router. It’s set‑and‑forget once configured. AdGuard is not open source but a trusted mainstream service. Why it matters: Network‑level filtering catches junk your browser misses and protects smart TVs and phones.How to do it: Install Pi‑hole or AdGuard Home on a Raspberry Pi or a spare machine. Point your router’s DNS to the box.Trade‑off: Some services rely on ad domains and may break. You can whitelist specific domains when needed.Photo by Matthew Henry / Unsplash4. Private DNS and a lightweight VPNEncrypt DNS with DNS‑over‑HTTPS and use WireGuard for a fast, modern VPN. Even if you only use it on public Wi‑Fi, it’s worth it. Why it matters: DNS queries can expose your browsing. A VPN adds another layer of transport privacy.How to do it: In Firefox, turn on DNS‑over‑HTTPS. Set up WireGuard with a reputable provider or self‑host if you have a server.Trade‑off: A tiny speed hit. Misconfiguration can block certain services. Keep a fallback profile handy.5. Secure messaging that respects youSignal is my default for personal chats. It’s simple, secure, and widely adopted. The desktop app keeps conversations synced without drama. Why it matters: End‑to‑end encryption protects content even if servers are compromised.How to do it: Install Signal on your phone, then link the desktop app. Encourage your inner circle to join.Trade‑off: Not everyone will switch. That’s fine. Use it where you can.6) Passwords and 2FA, properlyStore strong, unique passwords in KeePassXC and use time‑based one‑time codes. You’ll never reuse a weak password again. Use ProtonPass if you want a more mainstream option. Why it matters: Credential stuffing is rampant. Unique passwords and 2FA stop it cold.How to do it: Create a KeePassXC vault, generate 20‑plus character passwords, and enable TOTP for accounts that support it. Back up the vault securely.Trade‑off: A small setup hurdle. After a week, it becomes second nature.Top 6 Best Password Managers for Linux [2024]Linux Password Managers to the rescue!It's FOSSAnkush Das7) Email with privacy in mindUse ProtonMail for personal email. Add aliasing to keep your main address clean. For newsletters, pipe them into an RSS reader so your inbox isn’t a tracking playground. Why it matters: Email carries identity. Aliases cut spam, and RSS limits pixel tracking.How to do it: Create a Proton account. Use aliases for sign‑ups. Subscribe to newsletters via RSS feeds if available or use a privacy‑friendly digest service.Trade‑off: Some newsletters force email only. Accept a separate alias or unsubscribe.Good, Better, BestBrowser Good: Firefox with uBlock Origin. Better: Add NoScript and tweak site permissions. Best: Harden about:config and use containers for logins.Search Good: Startpage as default. Better: Use a trusted SearXNG instance. Best: Self‑host SearXNG and monitor queries.Network filtering Good: Pi‑hole or AdGuard Home on a spare device. Better: Add curated blocklists and per‑client rules. Best: Run on a reliable server with automatic updates and logging.DNS and VPN Good: Browser DNS‑over‑HTTPS. Better: System‑wide DoH or DoT. Best: WireGuard with your own server or a vetted provider.Messaging Good: Signal for core contacts. Better: Encourage groups to adopt. Best: Use disappearing messages and safety numbers.Passwords and 2FA Good: KeePassXC vault and TOTP for key accounts. Better: Unique passwords everywhere and hardware‑encrypted backups. Best: Hardware tokens where supported plus KeePassXC.Email Good: Proton for personal mail. Better: Aliases per service. Best: RSS for newsletters and strict filtering rules.Time to implementQuick wins: Browser hardening, search swap, Signal setup. About 60 to 90 minutes.Medium: KeePassXC vault, initial 2FA rollout. About 90 minutes.Weekend projects: Pi‑hole or AdGuard Home, WireGuard. About 3 to 5 hours depending on your comfort.ConclusionStart with what you control. The browser, your passwords, your default search. Privacy is cumulative. One small change today makes the next change easier tomorrow. If you keep going, the internet feels calmer, like you finally opened a window in a stuffy room.

by: Abhishek Prakash Sat, 08 Nov 2025 17:52:50 +0530 Learn by doing, not just reading or watching. Pen-testing can’t be mastered by watching videos or reading blogs alone. You need to get your hands dirty. Pentora Box turns each Linux Handbook tutorial into a self-try exercise. Every lab gives you a realistic, safe environment where you can explore reconnaissance, scanning, exploitation, and post-exploitation, step by step. How to use it?Curious how you can get started with ethical hacking and pen-testing for free with these hands-on labs? It's easy. Here's what you need to do: Step 1: Pick a lab to practiceChoose from a curated list of hands-on pen-testing exercises, from OSINT to exploitation. The labs are not in a particular order but it would be a good practice to follow: 🧭 Reconnaissance Track: To scout the target for attack surface and vulnerabilities⚔️ Exploitation Track: Simulate attack after finding vulnerabilities.🛡️ Defense Track: Monitor your system and network and harden up your defenses.Step 2: Set up locallyEach lab includes setup instructions. It's good to use Kali Linux, as it often includes the required tools. You can also use Debian or Ubuntu based distributions, as the package installation command will work the same. Sure, you can try it on any Linux distro as long as you manage to install the packages. Labs are safe to perform as they are performed on VulnHub, a platform dedicated for pen-testing exercises. Step 3: Execute and learnRun commands, observe output, fix errors, and build muscle memory, the hacker way. The tutorials explain the output so that you can understand what's going on and what you should be focusing on after running the commands. 💡Each lab is designed for localhost or authorized test targets. No external attacks. Always hack responsibly.Before you start: Setting up your practice environmentYou don’t need a dedicated server or paid sandbox to begin. All labs can be practiced on your Linux system or a virtual machine. Recommended Setup: 🐧 Kali Linux/ParrotOS/Debian/Ubuntu + tools🐳 Docker (for local vulnerable targets)⚙️ VS Code or terminal-based editor🔒 Good ethics: always test in legal environments🚧These labs are designed for educational use on local or authorized environments only. Never attempt to exploit real systems without permission. Always respect the principles of responsible disclosure and digital ethics.Stay in touch for future labsNew labs are added regularly. Subscribe to get notified when a new tool, challenge, or lab goes live. You can also share your results or request new topics in our community forum or newsletter.

by: Abhishek Prakash Fri, 07 Nov 2025 18:12:51 +0530 After publishing the Linux Networking at Scale, while we work on the new course, I am proud to present a super long but immensely helpful hands-on guide that shows you the steps from creating an open source project to submitting it to CNCF. The guide is accesible to members of all levels. Building and Publishing an Open Source Project to CNCFA hands-on guide to creating, documenting, and submitting an open source project to the CNCF Landscape.Linux HandbookSachin H RSachin, author of our Kubernetes Operators course, faced the lack of organized document when he worked on his project, Kubereport. He shared his personal notes in the form of a guide with some sample codes. Please note that this is more suitable for Kubernetes and Cloud Native projects. Here's why you should get LHB Pro membership: ✅ Get access to Linux for DevOps, Docker, Ansible, Systemd and other text courses ✅ Get access to Kubernetes Operator and SSH video course ✅ Get 6 premium books on Bash, Linux and Ansible for free ✅ No ads on the website Get Pro Membership       This post is for subscribers only Subscribe now Already have an account? Sign in

by: Sachin H R Fri, 07 Nov 2025 17:49:50 +0530 The idea for a practical guide to build an open source project and publishing it to CNCF came to me when I was working on KubeReport, an open source tool that automatically generates PDF/CSV deployment reports from your Kubernetes cluster. It is designed for DevOps teams, QA, and managers. It can auto-email reports, integrate with Jira, and track exactly what got deployed and when. I noticed that there were not clear enough documentation on how to create a project that adheres to CNCF standards. And thus I created this guide from the experience I gained with KubeReport. 💡I have created a small project, KubePRC (Pod Restart Counter), for you to practice hands-on Kubernetes concepts before building your own open-source products in any programming language. I presume that you are familiar with some sort of coding and GitHub. Explaining those things are out of scope for this guide.Step 0: Ask yourself first: Why are you building the project?Before you start building anything, be clear about why are you doing it? Think about these three points: market gap market trendlong-term vision.Let me take the example of my existing project KubeReport again. 🌉 Market Gap - Automatic reports post deploymentIn fast-moving environments with 40–50 clients, deployments happen every day. After deployment, we often rely on manual smoke tests before involving QA. But issues like: Missed service failuresNo track of deployment countNo visibility into images or teams involved...often surface only after clients report problems. This is not just a company-specific issue. These gaps are common across the DevOps world. KubeReport fills that gap. It provides a centralized, auditable report after every deployment — in the form of downloadable PDFs or CSVs — sent automatically to managers, clients, Jira tickets and email groups. 📈 Market Trend – Rising demand for AI-driven automationAs DevOps matures, there's an increasing demand for: Lightweight, CLI-based tools integrated into pipelinesImmediate post-deployment health visibilityIntelligent automation and alerting systems🤖 Future Scope – AI-powered task automationIn the long term, the goal is to reduce manual intervention by integrating AI to: Detect anomalies in restart counts based on historical deployment trendsAutomatically classify failures (e.g., infra-related vs. app-related)Generate intelligent deployment health reportsRecommend or trigger self-healing actions (like auto-restart, scaling, or rollback)These enhancements will empower teams to act faster with minimal manual input — reducing human error and increasing confidence in every release. This is how I outlined it before creating the KubeReport tool. You get the gist. You should build a tool that not only solves real problems but also has a future scope for improvements. 🔍 Step 1: Check if your idea already existsBefore building KubeReport, we asked: Is there already something like this out there?If an idea already exists — for example, a MySQL Operator — you have three options: Don’t build itBuild a better versionSolve it for a different target (e.g., MongoDB or Postgres)In our case, there was no specific open-source tool that automated Kubernetes deployment reports like this — so we started building. 💻 Step 2: Language & tech stack selectionKubernetes is written in Go, which makes it a strong choice for any native integration. Our goals were: Fast performanceAccess to client librariesEase of deploymentSo we used: Go for core logicKubernetes APIs to fetch pod/deployment dataGo PDF/CSV libraries for report generation📋You can adapt your stack based on your needs. Choose what offers good performance, community support, and personal comfort.🧩 Step 3: Design the ArchitectureIf your project has multiple components (like frontend, backend, APIs, and DB), architecture diagrams can be very useful. I recommend: Miro or Whimsical for quick architecture and flow diagramsWeekly planning: what to build this week, next, and this monthBreaking down work into phases keeps the project manageable. 🛠️ Step 4: Start Small – "Hello World" FirstAlways begin with a small, functional unit. For example, the first version of KubeReport: Listed pods from KubernetesGenerated a simple PDFThat was it. Later, we added: CSV formatDeployment filtersAuto-email featureCloud storage✅ One step at a time. Build a small working thing, then grow. Let's see all this with a sample project. Feel free to replicate the steps. Building kubeprc (Kube Pod Restart Counter)Let’s take kubeprc as an example project for hands-on practice. kubeprc (short for Kube Pod Restart Counter) is a lightweight open source tool that scans your Kubernetes cluster and reports on pod restart counts. It’s ideal for DevOps and SRE teams who need to monitor crash loops and container stability — either in real-time or as part of automated checks. Why are we building this?As part of early discovery (Step 1 & Step 2), we identified a clear market gap: There was no simple, focused tool that: Counted pod restarts across a clusterWorked both locally and in-clusterCould be deployed cleanly via HelmWas lightweight and customizableWhile 2–3 similar tools exist, they either lack flexibility or are too heavy. Our aim is to build: A focused tool with a clean CLIExtra features based on real-world DevOps use casesA Helm chart for seamless integration in CI/CD pipelines or monitoring stacksFeature Planning I used Miro for feature plans layout. You can use any project management tool of your choice. Tech StackKubernetes is written in Go, so client libraries and API access are very well supported. Go offers great performance, concurrency, and portability. Tool Purpose Go Core CLI logic & Kubernetes client Docker Containerization for portability Helm Kubernetes deployment automation Minikube / Cloud (Azure/GCP/AWS) Local & cloud testing environments       This post is for subscribers only Subscribe now Already have an account? Sign in

by: Geoff Graham Thu, 06 Nov 2025 15:57:49 +0000 Here’s something you’ll spot in the wild: <div class="btn" role="button">Custom Button</div> This is one of those code smells that makes me stop in my tracks because we know there’s a semantic <button> element that we can use instead. There’s a whole other thing about conflating anchors (e.g., <a class="btn">) and buttons, but that’s not exactly what we’re talking about here, and we have a great guide on it. A semantic <button> element makes a lot more sense than reaching for a <div> because, well, semantics. At least that’s what the code smell triggers for me. I can generically name some of the semantical benefits we get from a <button> off the top of my head: Interactive states Focus indicators Keyboard support But I find myself unable to explicitly define those benefits. They’re more like talking points I’ve retained than clear arguments for using <button> over <div>. But as I’ve made my way through Sara Soueidan’s Practical Accessibility course, I’m getting a much clearer picture of why <button> is a best practice. Let’s compare the two approaches: CodePen Embed Fallback Did you know that you can inspect the semantics of these directly in DevTools? I’m ashamed to admit that I didn’t before watching Sara’s course. There’s clearly a difference between the two “buttons” and it’s more than visual. Notice a few things: The <button> gets exposed as a button role while the <div> is a generic role. We already knew that. The <button> gets an accessible label that’s equal to its content. The <button> is focusable and gets a click listener right out of the box. I’m not sure exactly why someone would reach for a <div> over a <button>. But if I had to wager a guess, it’s probably because styling <button> is tougher that styling a <div>. You’ve got to reset all those user agent styles which feels like an extra step in the process when a <div> comes with no styling opinions whatsoever, save for it being a block-level element as far as document flow goes. I don’t get that reasoning when all it take to reset a button’s styles is a CSS one-liner: CodePen Embed Fallback From here, we can use the exact same class to get the exact same appearance: CodePen Embed Fallback What seems like more work is the effort it takes to re-create the same built-in benefits we get from a semantic <button> specifically for a <div>. Sara’s course has given me the exact language to put words to the code smells: The div does not have Tab focus by default. It is not recognized by the browser as an interactive element, even after giving it a button role. The role does not add behavior, only how it is presented to screen readers. We need to give it a tabindex. But even then, we can’t operate the button on Space or Return. We need to add that interactive behavior as well, likely using a JavaScript listener for a button press to fire a function. Did you know that the Space and Return keys do different things? Adrian Roselli explains it nicely, and it was a big TIL moment for me. Probably need different listeners to account for both interactions. And, of course, we need to account for a disabled state. All it takes is a single HTML attribute on a <button>, but a <div> probably needs yet another function that looks for some sort of data-attribute and then sets disabled on it. Oh, but hey, we can slap <div role=button> on there, right? It’s super tempting to go there, but all that does is expose the <div> as a button to assistive technology. It’s announced as a button, but does nothing to recreate the interactions needed for the complete user experience a <button> does. And no amount of styling will fix those semantics, either. We can make a <div> look like a button, but it’s not one despite its appearances. Anyway, that’s all I wanted to share. Using semantic elements where possible is one of those “best practice” statements we pick up along the way. I teach it to my students, but am guilty of relying on the high-level “it helps accessibility” reasoning that is just as generic as a <div>. Now I have specific talking points for explaining why that’s the case, as well as a “new-to-me” weapon in my DevTools arsenal to inspect and confirm those points. Thanks, Sara! This is merely the tip of the iceberg as far as what I’m learning (and will continue to learn) from the course. Explaining the Accessible Benefits of Using Semantic HTML Elements originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

by: Theena Kumaragurunathan Thu, 06 Nov 2025 10:56:15 GMT The internet of the early 2000s—what I once called the revelatory internet—felt like an endless library with doors left ajar. Much of that material circulated illegally, yes. I am not advocating a return to unchecked piracy. But the current licensing frameworks are failing both artists and audiences, and it’s worth asking why—and what a better model could look like. Hands up if you weren’t surprised to see streaming services plateauing or shedding subscribers. Prices are rising across Netflix, Spotify, and their peers, and more people are quietly returning to the oldest playbook of the internet: piracy. Is the golden age of streaming over? To answer that, I’ll step back. Sailing the High Seas Over the YearsInternet piracy is as old as the modern internet. It began in scrappy bulletin boards and FTP servers where cracked software and MP3s slipped between hobbyists. When A&M Records v. Napster met at the Ninth Circuit, the court drew an early line in the sand: Napster was liable for contributory and vicarious infringement. That is when we learnt that convenience was not a defense. I was 18 when I went down a musical rabbit hole that I am still burrowing through today. Napster’s fall didn’t slow me or other curious music lovers. What started as single-track scavenging evolved into long, obsessive dives where I would torrent entire discographies of artists. Between roughly 2003 and 2011, the height of my period of music obsessiveness, I amassed over 500GB of music—eclectic, weird, and often unreleased in mainstream catalogs—that I would never have discovered without the internet. The collection doesn’t sound huge today, but it is meticulously curated and tagged. It includes artists who refuse to bend to the logic of Spotify or the market itself, rarities from little known underground heavy metal scenes in countries you would never associate with heavy metal, alongside music purchased directly from artists, all sans DRM. Then came a funny detour: in the first months of the pandemic, I made multiple backups of this library, bought an old ThinkPad, and set up a Plex server (I use Jellyfin as well now). That one decision nudged me into Linux, then Git, then Vim and Neovim, and finally into wonderful and wierd world of Emacs. You could argue that safeguarding those treasures opened the door to my FOSS worldview. The act of keeping what I loved pushed me toward tools I could control. It also made me view convenience with suspicion. The Golden Era of StreamingAs broadband matured, piracy shifted from downloads to streams. Cyberlockers, link farms, IPTV boxes, and slick portals mimicked legitimate convenience. Europe watched closely. The EUIPO’s work shows a simple pattern: TV content leads piracy categories, streaming is the main access path, and live sports piracy surged after earlier declines. The lesson is simple. Technology opens doors. Law redraws boundaries. Economics decide which doors people choose. When lawful access is timely, comprehensive, and fairly priced, piracy ebbs. When it isn’t, the current finds its old channels. The Illusion of OwnershipHere’s the pivot. Over the last decade I’ve “bought” movies, games, ebooks—only to have them vanish. I’ve watched albums grey out and films disappear from paid libraries. Ownership, in the mainstream digital economy, is legal fiction unless you control the files, formats, keys, and servers. Most of us don’t. We rent access dressed up as possession. The Rental EconomyThe dominant model today is licensing. You don’t buy a movie on a platform; you buy a license to stream or download within constraints the platform sets. Those constraints are enforced by DRM, device policies, region locks, and revocation rights buried in terms of service. If a platform loses rights, changes its catalog, or retires a title, your “purchase” becomes a broken link. The vocabulary is revealing: platforms call catalog changes “rotations,” not removals. This is not a moral judgment; it’s an operational one. Licensing aligns incentives with churn, not permanence. Companies optimize for monthly active users, not durable collections. If you are fine with rentals, this works. If you care about ownership, it fails. Two quick examples illustrate the point. First, music that is available today can be replaced tomorrow by a remaster that breaks playlists or metadata (not everyone likes remasters). Second, film libraries collapse overnight due to regional rights reshuffles or cost-cutting decisions. Both reveal a fundamental truth to this illusion of ownership: your access is contingent, not guaranteed. The interface encourages the illusion of permanence; the contract denies it. What Ownership Means in 2025Given that reality, what does it mean to own digital content now? Files: You keep the data itself, not pointers to it. If the internet vanished, you’d still have your collection.Open formats: Your files should be playable and readable across decades. Open or well-documented formats are your best bet.Keys: If encryption is involved, you control the keys. No external gatekeeper can revoke your access.Servers: You decide where the content lives and how it’s served—local storage, NAS, or self-hosted services—so policy changes elsewhere don’t erase your library.Ownership, in 2025, is the alignment of all four. If you lose any one pillar, you re-enter the rental economy. Files without open formats risk obsolescence. Open formats without keys are moot if DRM blocks you. Keys without servers mean you’re still dependent on someone else’s uptime. Servers without backups are bravado that ends in loss. Self-Hosting as ResistanceSelf-hosting is the pragmatic response to the rental economy—not just for sysadmins, but for anyone who wants to keep the things that matter. My pandemic Plex story is a case study. I copied and verified my music library. I set up an old ThinkPad as a lightweight server. I learned enough Linux to secure and manage it, then layered in Git for configuration, Vim and Neovim for editing, and eventually Emacs for writing and project management. The journey wasn’t about becoming a developer; it was about refusing impermanence as the default. A minimal self-hosting stack looks like this: Library: Organize, tag, and normalize files. Consistent metadata is half the battle.Storage: Redundant local storage (RAID or mirrored drives) plus offsite backups. Assume failure; plan for recovery.Indexing: A service (Plex, Jellyfin, or similar) that scans and serves your library. Keep your index portable.Access: Local-first, with optional secure remote access. Your default should be offline resilience, not cloud dependency.Maintenance: Occasional updates, integrity checks, and rehearsed restore steps. If you can redeploy in an afternoon, you own it.Self-hosting doesn’t require perfection. It asks for intent and a few steady habits. You don’t need new hardware; you need a small tolerance for learning and the patience to patch. A Pragmatic ModelNot everything needs to be owned. The point is to decide deliberately what you keep and what you rent. A tiered model helps: Local-first files: Irreplaceable work, personal archives, and media you care about—stored locally with backups. Think original recordings, purchased DRM-free releases, research materials, and family photos.Sync-first files: Active documents that benefit from multi-device access—synced across trusted services but maintained in open formats with local copies. If sync breaks, you still have a working file.Self-hosted services: Media servers, note systems, photo galleries, and small web tools that you want available on your terms. Prioritize services with export paths and minimal complexity.Cloud rentals: Ephemeral consumption—new releases, casual viewing, niche apps. Treat these as screenings, not acquisitions. Enjoy them and let them go.To choose, ask three questions: Is it mission-critical or meaningful beyond a season?Can I store it in an open format without legal encumbrances?Will I regret losing it?If the answers skew yes, pull it into local-first or self-hosted. If not, rent with clear eyes. Costs and Trade-OffsThe price of ownership is maintenance. Time to learn basics, time to patch, time to back up. There is risk—drives fail, indexes corrupt, formats change. But with small routines, the costs are manageable, and the upside is real: continuity. The trade-offs can be framed simply: Time: A few hours to set up; a few minutes a month to check.Money: Modest hardware (used laptop, external drives) and, optionally, a NAS. The cost amortizes over years.Complexity: Start with one service. Document your steps. Prefer boring tools. Boring is dependable.Risk: Reduce with redundancy and rehearsed restores. Test a recovery once a year.The payoff is permanence. You own what you can keep offline. You control what you can serve on your own terms. You protect the work and the art that shaped you. Self-Hosting, in old and new ways ©Theena Kumaragurunathan, 2025Bringing the Arc TogetherHistory matters because it explains behavior over time. When lawful access is timely, comprehensive, and fairly priced, piracy ebbs. When it isn’t, the current returns to old channels. The platforms call this leakage. I call it correction. People seek what isn’t offered—availability, completeness, fairness—and they will keep seeking until those needs are met. My own path tracks that arc. I learned to listen curiously in the torrent years, built a personal library, then chose to keep it. The choice pushed me toward free and open-source software, not as ideology but as practice: the practice of retaining what matters. If streaming’s golden age is ending, it is only because its economics revealed themselves. Rentals masquerading as purchases do not create trust; they teach caution. What NextA better way respects both artists and audiences. It looks like more direct purchase channels without DRM, fair global pricing, and clear catalog guarantees. It looks like platforms that treat permanence as a feature, not a bug. It looks like individuals who decide, calmly, what to keep and what to rent. You don’t own what you can’t keep offline. You only rent the right to forget. Owning is choosing to remember—files, formats, keys, servers—held together by the patience to maintain them.

by: Abhishek Prakash Thu, 06 Nov 2025 07:12:58 GMT I recently upgraded to Fedora 43 and one thing I noticed was that image thumbnails were not showing up in the Nautilus files manager. Not just the recent file formats like webp or AVIF, it was not even showing up for classic image file formats like png and jpeg. Image thumbnails not showing upAs you can see in the screenshot above, thumbnails for video files were displayed properly. Even PDF and EPUB files displayed thumbnails. Actually, the behvaior was weirdly inconsistent, as it did show thumbnails for some of the older images, and I am these thumbnails were there before I upgraded to Fedora 43 from version 42. Thumbnails displayed for some images but not for all🔑 The one line solution: I fixed the issue to display image previews in the file explorer again with one line of command: sudo dnf install glycin-thumbnailerIf you are facing the same issue in Fedora, you can try that and get on with your life. But if you are curious, read on why the issue occurred in the first place and how the command above fixed it. Knowing these little things add to your knowledge and help you improve as a Linux user. The mystery of the missing thumbnailsI looked for clues in Fedora forum, the obvious hunting ground for such issues. There were advices to clear the thumbnail cache and restart the Nautilus. My gray cells were hinting that that it was a futile exercise, and it indeed was. It changed nothing. Cleaning the thumbnail cache resulted into losing all image preview. This gave me a hint that something did change between Fedora 42 and Fedora 43, as the images from the Fedora 42 time were displaying thumbnails earlier. No thumbnailer for imagesI checked the thumbnailer to see what kind of thumbnailers were in use on my system: ls /usr/share/thumbnailers/And it showed me six thumbnailers and none of them were meant to work with images. Various thumbnailers present on my system, none for imagesEvince is for documents, gnome-epub for EPUB files, totem for video files, and few more for fonts, .mobi files and office files. Most distributions use the pixbuf library for image files and clearly, there were no thumbnailer from gdk-pixbuf2 in my system. abhishek@fedora:~$ ls /usr/share/thumbnailers/ evince.thumbnailer gnome-font-viewer.thumbnailer gsf-office.thumbnailer gnome-epub-thumbnailer.thumbnailer gnome-mobi-thumbnailer.thumbnailer totem.thumbnailer I found it weird because I checked and saw that was properly installed and yet there were no thumbnailers installed from it. I did reinstall gdk-pixbuf2: sudo dnf reinstall gdk-pixbuf2But even then, it didn't install the thumbnailer: abhishek@fedora:~$ dnf list --installed | grep -i thumbnailer evince-thumbnailer.x86_64 48.1-1.fc43 <unknown> gnome-epub-thumbnailer.x86_64 1.8-3.fc43 <unknown> totem-video-thumbnailer.x86_64 1:43.2-6.fc43 <unknown> I was tempted to explicitly install gdk-pixbuf2-thumbnailer but then I thought to investigate further on why it was gone missing in the first place. Thankfully, this investigation yielded the correct result. Fedora 43 switched to new image loaderI came across this discussion that hinted that Fedora is now moving towards glycin, a Rust-based, sandboxed, and extendable image loading framework. Interesting but when I checked the installed DNF packages, it showed me a few glycin packages but no thumbnailers. dnf list --installed | grep -i glycin glycin-libs.i686 2.0.4-1.fc43 <unknown> glycin-libs.x86_64 2.0.4-1.fc43 <unknown> glycin-loaders.i686 2.0.4-1.fc43 <unknown> glycin-loaders.x86_64 2.0.4-1.fc43 <unknown>And thus I decided to install glycin-thumbnailer: sudo dnf install glycin-thumbnailerAnd this move solved the case of missing image previews. Closed the file manager and opened it again, and voila! All the thumbnails came back to life, even for WebP and AVIF files. Image thumbnails now properly displayedPersonally, I feel that glycin is a bit slow in generating thumbnails. I hope I am wrong about that. 📋If you want to display thumbnails for RAW image files, you need to install libopenraw first.I hope this case file helps you investigate and solve the mystery of missing image previews on your system as well. The solution is a single command, a missing package, but how I arrived at that conclusion is the real fun, just like reading an Agatha Christie novel 🕵️

by: Abhishek Prakash Thu, 06 Nov 2025 03:17:40 GMT AI and bots are everywhere. YouTube is filled with AI generated, low-quality videos; Facebook and other social media are no different. What is more concerning is the report that more than 50% of the internet traffic is by bots. Gone are the days when the Internet connected humans. Are we heading towards the death of the internet? Theena explores what the world could look like in the near future. The Internet is Dying. We Can Still Stop ItAlmost 50% of all internet traffic are non-human already. Unchecked, it could lead to a zombie internet.It's FOSS NewsTheena KumaragurunathanLet's see what else you get in this edition of FOSS Weekly: GitHub's 2025 report.A new Tor Browser released and so did systemd-free Debian in the form of Devuan.Flatpak app center reviewed.Proton's new dark web monitoring tool.Debian/Ubuntu's APT package manager will have Rust code soon.And other Linux news, tips, and, of course, memes!This edition of FOSS Weekly is supported by Internxt. SPONSORED You cannot ignore the importance of cloud storage these days, especially when it is encrypted. Internxt is offering 1 TB of lifetime, encrypted cloud storage for a single payment. Make it part of your 3-2-1 backup strategy and use it for dumping data. At least, that's what I use it for. Get Internxt Lifetime Cloud Storage 📰 Linux and Open Source NewsTor Browser 15.0 is here with some impressive upgrades.Whether you like it or not, Rust is coming to Debian's APT.Devuan 6.0 looks like a solid release with all its refinements.FFmpeg has received some much-needed support from India's FLOSS/fund.Proton has launched the Data Breach Observatory to track dark web activity.Proton VPN's new CLI client is finally here (a beta version), and it is looking promising.Terminal Geeks Rejoice! Proton VPN’s Long-Awaited Linux CLI is Finally HereStill in beta but there is progress. Manage Proton VPN from the command line on Ubuntu, Debian, and Fedora.It's FOSS NewsSourav Rudra🧠 What We’re Thinking AboutGitHub's Octoverse 2025 report paints a great picture of the state of open source in 2025. GitHub’s 2025 Report Reveals Some Surprising Developer Trends630 million repositories and 36 million new developers mark GitHub’s biggest year.It's FOSS NewsSourav Rudra🧮 Linux Tips, Tutorials, and LearningsFSearch is a quick file search application for Linux that you should definitely check out. I Found Everything Search Engine Alternative for Linux UsersA GUI app for searching for files on your Linux system? Well, why not? Not everyone likes the dark and spooky terminal.It's FOSSPulkit ChandakNetflix who? Meet your personal streaming service. 😉 What is a Media Server Software? Why You Should Care About it?Kodi, Jellyfin, Plex, Emby! You might have heard and wondered what those are and why people are crazy about them. Let me explain in this article.It's FOSSAbhishek PrakashMaster the workspace feature in Ubuntu with these tips. Ubuntu Workspaces: Enabling, Creating, and SwitchingUbuntu workspaces let you dabble with multiple windows while keeping things organized. Here’s all you need to know.It's FOSSSreenath👷 AI, Homelab and Hardware CornerThe Turris Omnia NG is an OpenWrt-powered Wi-Fi router that is upgradeable. But that pricing is a dealbreaker 💔 This OpenWrt-Based Router Has Swappable Wi-Fi Modules for Future UpgradesThe Turris Omnia NG promises lifetime updates and a modular design for a real long-term use.It's FOSS NewsSourav RudraIBM Granite 4.0 Nano is here as IBM's smallest AI model yet. 🛍️ Linux eBook bundleThis curated library of courses includes Supercomputers for Linux SysAdmins, CompTIA Linux+ Certification Companion, Using and Administering Linux: Volume 1-2, and more. Plus, your purchase supports the Room To Read initiative! Explore the Humble offer here✨ Project HighlightsI have found an interesting Flatpak app store. Wrote about it in an article as well as made a video review to understand what it's all about. The (Almost) Perfect Linux Marketplace App for Flatpak LoversA handy, feature-rich, marketplace app for the hardcore Flatpak lovers.It's FOSSAbhishek PrakashSwitching to terminal now. See how you can use Instagram straight from the terminal. I Used Instagram from the Linux Terminal. It’s Cool Until It’s Not.The stunts were performed by a (supposedly) professional. Don’t try this in your terminal.It's FOSSPulkit Chandak📽️ Videos I Am Creating for YouFastfetch is super expandable and you can customize to give it a different look and display information of your choice or even images of your loved ones. Explore Fastfetch features in the latest video. Subscribe to It's FOSS YouTube Channel Linux is the most used operating system in the world. but on servers. Linux on desktop is often ignored. That's why It's FOSS made it a mission to write helpful tutorials and guides to help use Linux on their personal computer. We do it all for free. No venture capitalist funds us. But you know who does? Readers like you. Yes, we are an independent, reader supported publication helping Linux users worldwide with timely news coverage, in-depth guides and tutorials. If you believe in our work, please support us by getting a Plus membership. It costs just $3 a month or $99 for a lifetime subscription. Join It's FOSS Plus 💡 Quick Handy TipThe Ubuntu system settings offer only limited settings to tweak the appearance of desktop icons. In fact, the desktop icons that come pre-installed in Ubuntu are achieved through an extension. So, if you have GNOME Shell Extensions installed in Ubuntu, then you can access a lot more tweaking options for the desktop icons. After installing it, open it and click on the cogwheel button near the "Desktop Icons NG (DING)" system extension. As you can see in the screenshot above, other Ubuntu features like Window Tiling, AppIndicators, etc. can also be tweaked from here. 🎋 Fun in the FOSSverseThe spooky never stops, even after Halloween is over. Can you match up spooky project names with their real names? Spooky Tech Match-Up Challenge [Puzzle]Test your tech instincts in this Halloween-themed quiz! Match spooky project names to their real identities — from eerie browsers to haunted terminals.It's FOSSAbhishek Prakash🤣 Meme of the Week: Things can get complicated very easily. 🫠 🗓️ Tech Trivia: On November 4, 1952, CBS News used the UNIVAC computer to predict the U.S. presidential election. Early data pointed to an easy win for Dwight D. Eisenhower, but skeptical anchors delayed announcing it. When the results came in, UNIVAC was right, marking the first time a computer accurately forecast a national election. 🧑‍🤝‍🧑 From the Community: Regular FOSSer Rosika has come up with a download script for It's FOSS Community topics. This can be really handy if you want to keep a backup of any interesting topics. Enhanced Download Script for It’s FOSS Community TopicsHi all, 👋 this is a follow-up tutorial to I wrote a download script for itsfoss community content (which I published last November). I´ve been working together with ChatGPT for 3 days (well, afternoons, actually) to concoct a script which caters for bulk-downloading selected ITSFoss forum content. It´s the umpteenth version of the script, and it seems to work perfectly now. 😉 In case anyone might be interested in it I thought it would be a good idea to publish it here. Perh…It's FOSS CommunityRosika❤️ With lovePlease share it with your Linux-using friends and encourage them to subscribe (hint: it's here). Share the articles in Linux Subreddits and community forums. Follow us on Google News and stay updated in your News feed. Opt for It's FOSS Plus membership and support us 🙏 Enjoy FOSS 😄

by: Chris Coyier Wed, 05 Nov 2025 23:15:47 +0000 Shaw and Chris are on the show to talk about the thinking and challenges behind upgrading these rather important bits of technology in our stack. We definitely think of React version upgrades and Next.js version upgrades as different things. Sometimes they are prerequisites. The Next.js ones are a bit more important as 1) the docs for the most recent version tend to be the best and 2) it involves server side code which is important for security reasons. Never has any of it been trivially easy. Time Jumps 00:15 p.s. we’re on YouTube 01:09 Do we need to upgrade React? NextJS? 08:46 Next 15 requires React 19 11:38 What’s our TypeScript situation? 17:49 Next 16 upgrade and Turbopack woes 34:57 Next’s MCP server

by: Roland Taylor Wed, 05 Nov 2025 11:20:44 GMT With recent developments, such as the introduction of a reference operating system, the GNOME project has clearly positioned itself as a full, top-to-bottom computing platform. It has one of the fastest-growing app ecosystems in the Linux and open-source world as a whole and even has an Incubator, providing a path for some apps to join Core via the Release Team. GNOME-adjacent, community-led projects like Phosh build on this robust ecosystem to deliver their unified vision to other form factors. Yet, one of the jarringly obvious things the GNOME platform lacks right now is a dedicated office suite that follows its Human Interface Guidelines (HIG) and uses its native technologies. This brings us to the question: Is it time for a resurrection? GNOME Office of the pastFor those who aren't familiar, it's probably best if we take a step back in history and look at what exactly GNOME Office was — and, technically, still "is" in a loose sense. Abiword 3.0.7 editing a .docx fileBack in the days of GNOME 2, circa the early 2000s, there was a loose effort to establish an open-source, GTK-based office suite from the sum of existing parts. The 1.0 release (September 15, 2003) consisted of AbiWord 2.0, Gnumeric 1.2.0, and GNOME-DB 1.0. This was a strategy to give the GNOME desktop environment an office suite of its own, easing the transition for users migrating from platforms where the idea of a dedicated office suite was more or less an expectation. Gnumeric 1.12.59 with the built-in calendar templateWhile there was never any subsequent release, in the years that followed, the GNOME Office wiki (now archived) would come to include other applications under this umbrella, including Evolution (for mail and groupware), Evince (for document viewing), Inkscape (for vector graphics), and Ease (for presentations, but now abandoned), to name a few. Evince the former document viewer for GNOMEAll the applications listed there have historically used some version of GTK for their interface and variably used GNOME-associated libraries, such as the now-deprecated Clutter. However, none of them were created for inclusion in any official "GNOME Office suite". Rather, they were adopted under this label once it was recognised that they could serve this purpose. That said, times have changed dramatically since 2003, and with GNOME increasingly pushing for a place among the larger platforms, now might be a great time for a second look. As it stands, two decades later, GNOME has a mature design system (libadwaita), a clear path for inclusion in the core project, and a solid foundation for a mobile operating system. Yet, except for AbiWord and Gnumeric, which do not fit its current vision, it still lacks robust native applications to fill this niche. The case for a revivalPlatform coherence is one of the strongest drivers of user loyalty, and a powerful argument for a GNOME-native office suite. Not only would it follow the GNOME HIG and use familiar libadwaita widgets, but it would also integrate with portals and GNOME Online Accounts (GOA). A native GNOME Office suite would be mobile-ready, able to scale to phones and tablets on Phosh, thereby delivering the same visual language and behaviours as Files, Settings, and the rest of GNOME Core. This mirrors how macOS has achieved loyalty through consistent UI/UX patterns, despite lacking the broader market dominance of Windows. As GNOME seeks to secure and protect its vision, an initiative of this kind would encourage distro vendors to bundle more tightly integrated, GNOME-native applications in their default application line-ups. Furthermore, a dedicated office suite would fill the gaps currently existing in this platform. For example, GNOME has Papers (the replacement for Evince) for viewing documents, and Document Scanner (formerly Simple Scan) for scanning. However, there are no official apps for editing documents. Document Scanner (Simple Scan)The situation is even worse for other common office formats like spreadsheets and presentations. Without a third-party suite of applications, there are no official GNOME apps for viewing these documents on a standard GNOME desktop. Most distros resolve this by shipping LibreOffice, which works fine, but is notably heavier and does not fit the GNOME aesthetic. Sure, users could use AbiWord (which is still maintained, believe it or not), or Gnumeric, but neither of these is aligned to the modern GNOME platform. Both Gnumeric and AbiWord use GTK 3, which is under maintenance, not the modern GTK 4/libadwaita stack. This also doesn't solve the problem of a missing presentation solution. LibreOffice works, but it is not designed to be a "GNOME" application. We'll get into the deeper details of why this matters shortly. All these things considered, there's great benefit to having a lightweight, native suite that not only looks at home, but plays well with its existing office-related apps, including Calendar, Contacts, Loupe (the image viewer) and Document Scanner. Why now?In the past, the GNOME project was, for the most part, just a desktop environment - a collection of applications and related libraries that provide a defined and reproducible setup for desktop users. Today, the GNOME project is a lot more than this; it prescribes everything from how applications should look and operate to what system libraries and init systems should be used. There's even an official reference GNOME distribution, GNOME OS, which brings the project from environment to platform. At this point, having its own office suite is no longer a fancy "nice-to-have" idea. It's almost essential. An official GNOME reference suite would serve as guidance for other applications looking to target the platform. Aren't existing FOSS office suites good enough?LibreOffice writer is a powerful, fully-featured document editor, but doesn't fit GNOME's minimalist lookIt's only fair to ask this question, and the answer is a mix of yes and no. Both LibreOffice and ONLYOFFICE provide solid experiences, and the features needed by the average student or professional who may need to do professional work on a modern Linux desktop. Plus, in terms of compatibility with other office suites, like the market-dominant Microsoft Office, both office suites are, for the most part, more than good enough. They are highly compatible with Microsoft's older proprietary formats, and support the ISO open-standard Office Open XML (OOXML)-based formats. LibreOffice even has (limited) support for Excel macros. However, both suites are designed independently of the GNOME vision, and as such, do not adhere to its HIG, and do not always play well within the desktop environment. Furthermore, while LibreOffice is the most popular of the two, the user experience with its default interface is, to this day, a matter of controversy. To be fair, the same could be said for ONLYOFFICE, as it follows Microsoft's UI design more closely. It really depends on who you ask. ONLYOFFICE is powerful and efficient, but not aligned with GNOME's designBetween the two, LibreOffice is the most widely used across most distros. However, it uses the VCL toolkit for its interface, which has GTK 3/4 backends, but often has notable deficiencies. Work on a GTK 4 plugin for VCL is still ongoing, and the experience using it in GNOME can vary from distro to distro. Furthermore, its interface is admittedly more complex than most GNOME applications and doesn't follow the minimalist guidance that most of them do. For these reasons, a lightweight, GNOME-focused office suite would actually be better aligned with the project's vision and provide users with a more streamlined experience. It would also allow distributions seeking a purist experience to build upon this vision. For mobile users, it would give them an office suite that's designed for their devices (thanks to libadwaita's strong support for responsive designs). The goal here isn’t to replace LibreOffice or ONLYOFFICE, but rather to complement them with a GNOME-native option that integrates tightly with the platform’s HIG, portals, and mobile ambitions. What would it take?There are two possible avenues for this potential revival, should it ever happen: Reviving mature code: Upgrading AbiWord and Gnumeric to use modern libraries and changing their interfaces to match.Using the Incubator: Creating/adopting new applications to fill these roles within the GNOME project.Both have their benefits and setbacks, but only one would likely serve the best interests of the project at this time. While converting AbiWord and Gnumeric to GTK4 and libadwaita apps is a possible pathway, the effort involved might be more than it's worth. Not only would both applications need to have their codebases heavily refactored, but their interfaces would need to be changed dramatically. Transitions like these often leave existing users in limbo, and many often don't respond well to removed tools or changed workflows. This is why the best possible pathway toward a stable GNOME Office platform is to create or adopt new applications into GNOME Core. Under this strategy, a focused trio of applications could enter the GNOME Incubator and, if successful, graduate into the Core with the blessing of the Release Team. Already, there is at least one application that could be a candidate for a future GNOME Office's word processor/document editor: Letters. Written in Python, this application was recently released to Flathub, supports the Open Document Text (ODT) format, and follows GNOME's minimalist design. Letters is a new, but promising word processor for the GNOME desktopLike Calligra Words, the word processor from KDE's office suite, it does not support the full gamut of features available with ODT, but for the purpose of providing basic functionality, it's at least sufficient. Also, to be fair, the app is rather new, having been released in October of this year (2025). From a technical standpoint, it uses the Pandoc library, which means it can support a vast array of text documents without any extra dependencies. Calligra Words, KDE's word processorAt this time, there seem not to be any equivalent applications for presentations or spreadsheets, but in theory, these applications could be swiftly built on existing libraries. For instance, a presentation editor could be built on GTK4 and libadwaita using odfpy and python-pptx for providing file format support. A spreadsheet editor could be created on top of the same UI libraries and use liborcus and ixion for providing file format support and the underlying logic. Alternatively, GNOME Office already has useful libraries for building office applications: libgsf handles structured document I/O (ZIP/OLE2, streams, metadata), while GOffice provides charting and spreadsheet-oriented utilities (the same stack Gnumeric builds on). Together, they could prove a solid core beneath a GTK4/libadwaita interface. If these (theoretical) apps were to be written in a popular and accessible language like Python, as with Letters, it's even more likely that the community would be able to take over if, at any time, development were to slow down. Neither app would need to support the full features of their relevant formats. All that the average user needs is to be able to produce simple presentations and spreadsheets with what they have on their system. For those who need full functionality, there's always the option to install and use a fully-featured suite like LibreOffice or ONLYOFFICE. ConclusionNow that GNOME has everything in place to serve as a full platform, it's well-positioned to have first-party answers for documents, spreadsheets, and presentations that fit the GNOME way. A small, native GNOME Office would not replace LibreOffice or ONLYOFFICE. It would sit beside them and cover the basics with a clean, touch-friendly, libadwaita interface that works on laptops, tablets, and phones. The building blocks already exist. At this point, all that is missing is a focused push to turn them into real apps and bring them through the Incubator.