FOSS Daily - Linux, Privacy & Open Source on FOSS Daily!

Privacy Tools and Why They Matter

Fri, 12 Jun 2026 00:00:00 +0000

Tools and recommendations get updated over time, services change hands, get acquired, get audited (or stop publishing audits), so check the date above and don’t treat this as gospel six months from now.

This page covers the privacy tools we recommend, what each one actually protects against, and more importantly what it doesn’t.

What is a “privacy tool,” really?

A privacy tool reduces the amount of information you leak to a specific observer: your ISP, the website you’re visiting, an advertiser (i see you Google, RIP “don’t be evil”), or a government. No single tool protects against all of these at once, and using the wrong tool for your actual threat model can give you a false sense of security while doing nothing useful.

HTTP/2 Bomb: One Client Can Kill Your Server in 10 Seconds

Fri, 05 Jun 2026 00:00:00 +0000

The HTTP/2 Bomb dropped this week. CVE-2026-49975 chains two decade-old attack techniques into something nastier than the sum of its parts. An AI coding assistant helped find it. Your server is probably vulnerable right now.

How It Works

HTTP/2 has a header compression scheme called HPACK. The Bomb abuses it by inserting a tiny header into the dynamic table, then referencing it thousands of times via one-byte indices.

One byte in. Thousands of bytes allocated. Envoy hits 5,700:1 amplification. Apache manages 4,000:1. This is just the first punch.

Colorado Open Source Exemption Could Save Linux From Age Verification Rules

Fri, 24 Apr 2026 00:00:00 +0000

Colorado almost forced age verification on your Linux laptop. That actually happened.

Lawmakers tried to shove corporate surveillance tech into every computing device, treating Debian like TikTok. Open source projects don’t have compliance departments. They don’t have lawyers on retainer. They would have simply disappeared from Colorado, or more likely, stopped existing entirely. This was legislative malware targeting the wrong software.

How System76 Actually Did Something

Carl Richell, CEO of System76, didn’t just tweet about this. He met with Senator Matt Ball, co-author of SB26-051. Face to face. In person.

Wine 11: NTSYNC Delivers 678% Gaming Performance Gains

Sun, 19 Apr 2026 00:00:00 +0000

The Numbers First

Wine 11 shipped in January 2026 with NTSYNC support—a kernel-level rewrite of how Wine handles Windows thread synchronization. The performance gains are real and measurable:

Game	Before	After	Gain
Dirt 3	110.6 FPS	860.7 FPS	678%
Resident Evil 2	26 FPS	77 FPS	196%
Call of Juarez	99.8 FPS	224.1 FPS	124%
Tiny Tina’s Wonderlands	130 FPS	360 FPS	177%
Call of Duty: Black Ops I	Unplayable	Playable	N/A

Benchmark source: XDA Developers testing comparing NTSYNC-enabled Wine against vanilla Wine (no fsync/esync).

Shelly-ALPM: Making Arch Linux Actually Accessible

Sat, 18 Apr 2026 00:00:00 +0000

Look, we all know the deal with Arch Linux. It’s powerful, it’s got the latest software, and the Arch Wiki is basically the gold standard for Linux documentation. But let’s be honest for most people, the idea of managing their system through pacman commands is pretty intimidating. That’s been the trade-off for years: you want cutting-edge Arch goodness? Better get comfortable with the terminal.

Shelly-ALPM is trying to change that, and it’s doing it in a way that’s actually interesting.

Securing your homelab with UFW (the right way)

Fri, 03 Apr 2026 00:00:00 +0000

Running services at home without a firewall is like leaving your front door wide open and hoping nobody walks in. UFW (Uncomplicated Firewall) is the easiest way to fix that on Debian-based systems, and it’s a lot more capable than most people think once you go past the basics.

Let’s actually do this right.

Install and set defaults

Most Debian-based systems already have it:

sudo apt install ufw

Before enabling anything, set your default policies. This is the most important step and most people skip it:

Colorado's SB26-051 Would Require Your Operating System to Collect Your Age

Tue, 24 Feb 2026 00:00:00 +0000

Colorado is considering a bill that would require your operating system to ask your age before you can use it. Not a website. Not an app. Your OS. The whole foundation your device runs on.

Senate Bill 26-051, “Age Attestation on Computing Devices,” was introduced on January 27, 2026 and is currently in committee. It is not law yet.

How It Works

When you set up a new phone or computer in Colorado, the OS would be required to collect your birthdate or age during account creation. That data gets turned into an “age signal,” sorted into one of four brackets: under 13, 13 to 16, 16 to 18, or 18 and above.

Google is Killing Android's Open Ecosystem (And How to Fight Back)

Sun, 22 Feb 2026 00:00:00 +0000

Disclaimer: All factual claims in this post are sourced and linked. Editorial analysis and opinions are the author’s own. Nothing here constitutes legal advice.

Your phone is about to betray you. Google has declared war on every app it didn’t approve and by September 2026, your device could refuse to install them. Every privacy tool, every independent app, every FOSS project you depend on could become inaccessible.

Not just Play Store apps. Every app.

Beginner Distros Are Holding You Back

Fri, 20 Feb 2026 00:00:00 +0000

There’s a persistent myth in the Linux community that you need to start with Ubuntu or Mint before you’re “ready” for something real. It sounds reasonable on the surface. Ease people in, lower the barrier, get more users on Linux. Noble goals. Wrong execution. What these distros actually do is teach you to depend on them, not on your own understanding of the system underneath.

The abstraction trap

Ubuntu and its derivatives are built on a philosophy of hiding complexity. That sounds user-friendly until you realize the complexity isn’t going away, it’s just being hidden from you. The moment something breaks, and it will break, you’re standing in front of a wall with no idea what’s behind it.

BeyondTrust Gets Hit Again: Pre-Auth RCE in Remote Support Tools

Fri, 13 Feb 2026 00:00:00 +0000

BeyondTrust Remote Support and Privileged Remote Access have a critical pre-authentication RCE bug. No login needed, no user interaction, just send a crafted WebSocket request and you’re executing OS commands as the site user.

This is CVE-2026-1731. CVSS 9.9. And it’s in the exact same endpoint that got exploited by Chinese state actors three months ago.

What Happened

The vulnerability is a command injection in the thin-scc-wrapper script. This script handles WebSocket connections at /nw and reads a version number from the client. The problem? That version number gets used in a Bash arithmetic comparison without proper validation.

Frigate NVR Command Injection Bug Allowed Admin-Level RCE (CVE-2026-25643)

Thu, 12 Feb 2026 00:00:00 +0000

Frigate has long been positioned as a privacy-first, self-hosted camera solution. However, CVE-2026-25643 shows how a single input validation flaw can undermine that model.

CVE-2026-25643 stems from insufficient input validation in Frigate’s integration of go2rtc’s exec: stream feature.

What Actually Happened

Frigate versions before 0.16.4 let you inject OS commands straight into the config.yaml file through the exec: directive. The go2rtc streaming service would then execute the supplied command without sufficient validation. Many deployments run Frigate in privileged Docker mode to enable hardware acceleration.

Microsoft's Notepad Got Pwned (They Added AI To It, So...)

Wed, 11 Feb 2026 00:00:00 +0000

Remember when Notepad was just… Notepad? A simple text editor nobody asked to be modernized?

Yeah, Microsoft didn’t care either. They bolted on Markdown support and AI features anyway. And now we’ve got CVE-2026-20841. Remote code execution. Via a text file. This is the kind of thing that makes you go “oh come on, really?”

What actually happened with CVE-2026-20841

Someone at Microsoft thought “what if Notepad could execute commands?” and shipped it enabled by default. Attackers can now trick users into opening a malicious .md file, you click a link, and BAM, code runs with your full permissions. Full system compromise. It’s that bad.

About

Sun, 01 Feb 2026 00:00:00 +0000

About foss-daily.org

Tech blog about free software, Linux, and privacy tools. No corporate BS, no ads, no donations.

The $ in the logo? That’s a shell prompt, not bitcoin or money. This site has nothing to do with crypto or cash.

What You’ll Find

Guides, distro reviews, and opinions on software that doesn’t spy on you. Focus on stuff that actually works without bloat.

How It’s Built

Hugo static site on AlmaLinux. I recently ditched cloudflare due to some privacy concerns what i had with it.

Setting up an Arch Linux mirror (2026)

Thu, 22 Jan 2026 00:00:00 +0000

Ever get annoyed by slow download speeds because mirrors near you are shit? And you’ve got a homeserver or VPS just sitting there?

Yeah, me too. So let’s set up your own Arch mirror.

Getting the mirror files

First thing you gonna do is make a directory for it:

mkdir -p /var/www/mirrors/archlinux/

Now you gonna want to grab a tier 1 mirror (since others suck) from https://archlinux.org/mirrors/tier/1/

Pick one and run this:

Best Private Email Providers: Why You Should Ditch Gmail

Mon, 12 Jan 2026 00:00:00 +0000

Why?

In today’s days you can’t avoid email’s you need one for every service on internet.

But hold on foss-daily? Why would i want switch from GMail to another email provider? Well..

You can use GMail for example accounts on sites but its not very recommended, for communicating with other people you don’t have any privacy on GMail since they don’t encrypt your emails and recently Google made it that their own ai can read your emails. Source

Contribute to FOSS Daily

Sat, 10 Jan 2026 00:00:00 +0000

Why It Matters

FOSS isn’t just software it’s the only thing standing between users and total corporate control over computing. Without it, we’d all be locked into proprietary ecosystems, our data harvested, our workflows dictated by what’s profitable rather than what works.

Every guide you write, every tool you document, every setup you share that’s one more person who might escape the walled gardens. One more admin who can build infrastructure they actually control. One more dev who learns there’s an alternative to surrender.