Language Selection

English French German Italian Portuguese Spanish


Syndicate content FOSS Post
An independent publishing about Linux and open source software
Updated: 1 week 1 day ago

Snaps Are Quite Fantastic, For Some Use Cases

Sunday 31st of January 2021 06:14:34 PM
75% of users are still depending on traditional package mangers (APT, DNF… etc) instead of using Snaps or Flatpaks, but this is gradually starting to change, as larger organizations and development communities start to use the latter instead of the former. Some people like Snaps, some people hate them, which is fine, just like most […]

8 Must-Try Open Source ERP Systems

Tuesday 19th of January 2021 06:40:00 PM
ERP is an abbreviation for “Enterprise resource planning”. They are software systems used to do the work that the company needs from day to day. You can think of it as the software responsible for managing the companies activities. It is very useful to allow various units and sectors in companies and organizations do their […]

Best Linux Distribution of 2020: Linux Mint 20

Saturday 2nd of January 2021 07:14:44 PM
Each year, the FOSS Post team does an extensive research on choosing the best Linux desktop distribution of the year. There’s of course no “universal best”, as the criteria is different from one person to another. For our selection, we search for distributions which may be suitable for the dominant majority of Linux desktop users, […]

Telegram to Start Putting Ads in Public Channels in 2021

Wednesday 23rd of December 2020 03:03:12 PM
Telegram has been known for its good user experience that it provides for users wishing to have a WhatsApp alternative. With its many user-friendly features and being ad-free, millions of users migrated to it away from Facebook Messenger and WhatsApp, but that migration could start to face some issues in the future. Today, Telegram’s product […]

Announcing FOSS Quiz: Quiz Platform For Open Source

Tuesday 22nd of December 2020 12:43:45 PM
At FOSS Post, we are very happy today to release our newest project: FOSS Quiz. When any new user enters the open source world, he/she will discover that there are so many details, so much information and tons of software to learn a lot about. Users wishing to dive deeper in the field may find […]

Contributing to Open Source For Dummies

Friday 18th of December 2020 07:50:04 AM
Many users of open source software may feel the need of giving something back to the community that gave them all of these benefits they are enjoying, but my face an obstacle of being unexperienced. Average users may not know how to code or design, and hence, may just give up on contributing anything back […]

GTK 4.0 Released, One Month After GIMP Finally Switched to GTK 3.X

Wednesday 16th of December 2020 08:05:30 PM
The GTK development team has just announced GTK 4.0; The latest stable version of the popular graphical user interfaces development toolkit. After 4 years of continuous work, the GTK 4.0 series brings tremendous changes over the GTK 3.X branch. You can read more about these changes in details from the official GTK blog post, which […]

The CentOS Project Just Committed Suicide

Wednesday 9th of December 2020 10:05:26 AM
In shocking news the CentOS project announced today that they are shifting their Linux distribution to be based on the beta (non-stable) branch of Red Hat Enterprise Linux, rather than the stable branch. And that they are terminating CentOS 8 updates at the 31st of December, 2021. The CentOS project will now release something named […]

OpenOffice Still Gets +1.5 Million Downloads Per Month, Despite Being Discontinued

Sunday 29th of November 2020 07:40:43 AM
OpenOffice started as the open source version of “StarOffice” by Sun Microsystems in 1999. It continued to be a the mainstream Microsoft Office alternative through the 2000s and kept improving over time, until a community fork happened in 2011 after Oracle acquired Sun. The community feared that Oracle would shut down the project due to […]

Open Source/Linux Communities To Join and Enjoy

Thursday 26th of November 2020 05:53:07 PM
Looking for user communities and online forums is one of the very first things any new open source user would normally do after making the switch. These communities can be useful either to provide technical help or just general discussion about various topics in the open source world. People simply like to share their thoughts […]

Interesting Linux Distributions To Enlighten Your 3rd Quarantine

Wednesday 18th of November 2020 08:18:42 AM
The 3rd wave of Coronavirus is here, and hence many countries around the world are starting to impose new lockdowns in order to limit the spread of the virus. So what to do in this long time of quarantine? A Linux user answer to that question would be simply trying a bunch of interesting Linux […]

Why Companies Can Benefit From Open Source

Tuesday 17th of November 2020 08:36:14 PM
Many people think that open source software are just beneficial for end-users, and that there isn’t any much benefit for corporations or enterprises in using them. But that is absolutely not right. In fact, companies can be one of the most benefiting entities from open source, due to many reasons and factors which we’ll be […]

How Many Users Can Open Source Zoom Alternatives Handle?

Friday 13th of November 2020 07:10:32 PM
Zoom has been a boom since Coronavirus started, it seemed to be one of the very few software in the world capable of handling the planet’s digital transfer of most face-to-face communication since people were forced to stay in their homes during the quarantine. Governments, schools, universities, hospitals, companies, enterprises… All of them went to […]

Never Go For AMD Gaming on Linux Without CoreCtrl

Friday 13th of November 2020 08:36:53 AM
AMD is starting to become the mainstream option for gamers nowadays with their CPUs & GPUs, allowing on-budget gamers to enjoy great performance for mostly half the price of the other vendors in the market like Intel and NVIDIA. Sadly AMD does not provide its AMD Radeon software for Linux (The controlling program responsible of […]

Things To Do After Installing Fedora 33

Thursday 5th of November 2020 08:34:00 PM
Fedora releases a new version in approximately every 6 months. Each now version is supported with updates for 13 months in total. The distribution is a good place to get the latest stable software and technologies consistently. The latest stable version is currently Fedora 33, you can download it from the Fedora official website. If […]

Kick Google Play Outside Your Smartphone With AuroraStore

Tuesday 3rd of November 2020 04:05:21 PM
More than 90% of all smartphones around the world are powered by android, which comes with the Google Play store by default for downloading various apps and programs. While Google Play is great and all, it is still a proprietary software, and requires a Google account with an active login to use it. Moreover, all […]

More in Tux Machines

today's leftovers

  • mintCast 355.5 – McKnight in Shining Armor

    1:49 Linux Innards 27:06 Vibrations from the Ether 51:29 Check This Out 58:45 Announcements & Outro In our Innards section, we talk to community member Mike! And finally, the feedback and a couple suggestions

  • The small web is beautiful

    About fifteen years ago, I read E. F. Schumacher’s Small is Beautiful and, despite not being interested in economics, I was moved by its message. Perhaps even more, I loved the terse poetry of the book’s title – it resonated with my frugal upbringing and my own aesthetic.

    I think it’s time for a version of that book about technology, with a chapter on web development: The Small Web is Beautiful: A Study of Web Development as if People Mattered. Until someone writes that, this essay will have to do.

    There are two aspects of this: first, small teams and companies. I’m not going to talk much about that here, but Basecamp and many others have. What I’m going to focus on in this essay is small websites and architectures.

  • PS2 Emulation Gets Even Nicer With Custom Textures

    PCSX2 has long been a fantastic PS2 emulator, but a recent advance has made it all the more appealing for anyone playing on a PC: the ability to swap textures in games. While the famous Dolphin emulator for the GameCube has long supported this feature, PCSX2 has only just brought it in, and it’ll allow modders to improve any kind of texture they want in an old PS2 game. In the example video below by someother1ne, we can see everything from the road in Gran Turismo to the helmets and jerseys in NFL2K5 get swapped out.

  • Epic Games is buying Fall Guys creator Mediatonic

    According to the blog posts and FAQs detailing the announcement, Fall Guys will remain available on Steam for the time being, and the developer is still bringing the game to both the Xbox and Nintendo Switch platforms. Epic and Mediatonic say there are no plans right now to make the game (which currently costs $19.99) free-to-play, as Epic did with Rocket League. Epic later confirmed it plans to make the PC version of Fall Guys available on the Epic Game Store.

today's howtos

  • Kushal Das: Get a TLS certificate for your onion service

    For a long time, I wanted to have a certificate for the onion address of my blog. Digicert was the only CA who was providing those certificates with an Extended Validation. Those are costly and suitable for an organization to get, but not for me personally, especially due to the cost.

  • How To Install Nano Text Editor on CentOS 8 - idroot

    In this tutorial, we will show you how to install Nano Text Editor on CentOS 8. For those of you who didn’t know, Nano comes with many powerful features and allows you to edit and create various files on your computer or server. It includes all the basic functionality same as other text editors such as UTF-8 encoding, syntax highlighting, search and replace with regular expression support, multiple buffers, spellchecking, and more. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the Nano Text Editor on CentOS 8.

  • How to Install Terraform in Linux Distributions

    Terraform is a popular cloud orchestration tool in the world of automation, which is used to deploy your infrastructure through the IAC (Infrastructure as code) approach. Terraform is built by Hashicorp and released under Mozilla Public License. It supports public, private as well as hybrid cloud, as of now Terraform supports 145 providers, which includes popular providers like AWS, Azure cloud, GCP, Oracle cloud, and many others. Terraform architecture is very simple. All you need is to download the terraform binary to your local/server machine which is going to act as your base machine. We have to mention the provider to work within our syntax file. Terraform will download the plugin for that particular provider automatically and will authenticate with provider API to execute the plan.

Programming Leftovers

  • How to Deploy a Node.js App – From Server Setup to Production

    In this tutorial, we are going to learn everything we need to know before deploying a Node app to a production server. We will start by renting a server on Digital Ocean. Then we'll configure this server, connect to it, install Nginx and configure it, pull or create our Node app, and run it as a process. As you can see, there is a lot to do and it will be an action-packed tutorial. So let's get started without wasting any time.

  • React Tutorial – Learn React and JavaScript Programming Basics with Example Code

    React is an open-source JavaScript library that helps you build user interfaces. It's a component-based, declarative, "learn once and write anywhere" tool.

  • How to Build a Solid To-Do App with React

    In this tutorial you will learn how to create a basic Solid to-do app. But what is Solid – not to be confused with SOLID? Well, it's a set of conventions and tools used to build decentralized apps. So what do I mean by decentralized? Currently, all our data is centralized in a few web platforms: Facebook, Google, and others. This has various consequences for privacy that we're all aware of, but it also endangers the principle of universality of the web: the web must be accessible to everyone.

  • Working with RESTful Web Services in JavaScript - Creating your First Web Service

    Some developers consider themselves to be server-side specialists, while others focus most of their efforts on client-side coding. The departments of IT shops often reflect those tendencies. However, that need not be the case. Thanks to the emergence of technologies like Node.js, you can write both the server and client components using essentially the same language. In this series on RESTful Web services we'll cover how to to do it all using JavaScript. Today's installment will focus on setting up a basic Web service using Node.js and the Express framework.

  • How to Install R Programming Language Tools on Linux Mint 20

    By following today’s tutorial, you will be able to install the “R” programming language on your Linux Mint 20 system instantly. However, as soon as you feel like you do not want to work with this language anymore, you can conveniently uninstall it from your system to free up your resources.

  • Using Delve to debug Go programs on Red Hat Enterprise Linux - Red Hat Developer

    Delve is now available on Red Hat Enterprise Linux (RHEL). Starting in the RHEL 8.2 and devtools-2020.2 releases, the Go language debugger Delve will be installed with the Go toolchain itself via the go-toolset package. Being tailored specifically for Go, Delve has intricate knowledge of the Go runtime and provides features and an environment not available in other debuggers. The tool aims for simplicity of use, staying out of your way as you figure out what’s going wrong with your program. Delve also offers powerful features that let you debug your Go programs as quickly as possible.

  • Python's datetime Module – How to Handle Dates in Python

    In this quick guide to Python's datetime module, you'll learn how to parse dates, extract meaningful information from dates, handle timedelta objects and much more. So without further ado let's start counting time with Python! Most programming languages provide libraries for easy handling of dates. Python offers the powerful datetime module with its many functions and lucid documentation which makes parsing dates easy.

  • Elegant bash conditionals

    The if-statement is a very basic thing, not just in bash, but in all of programming. I see them used quite a lot in shell scripts, even though in many cases they can be replaced with something much more elegant.

    In this rather short article, I'll show how control operators can be used instead. Many probably know about this, but don't realize how to use them nicely. This will help you write cleaner shell scripts in the future.

  • How to write a function in bash

    When you are writing a complex bash script (or any complex program for that matter), subdividing the functional logic of the script in smaller modules and writing/testing each module is often an effective coding strategy. A modularized bash script not only makes the script easier to understand, but also makes individual modules re-usable. In bash, such modular programming is achieved with bash functions. Even if you have little coding experience, you are probably familiar with the notion of a function in programming. A function is basically a self-contained block of code that performs a specific task via well-defined input/output interfaces. Let's find out how a bash function is written and how to use a function in bash. This bash tutorial will specifically cover how to create a bash function, how to pass arguments to a bash function, how to call a bash function, how to return a bash function, etc.

  • 5 signs you might be a Rust programmer

    I'm a fairly recent convert to Rust, which I started to learn around the end of April 2020. But, like many converts, I'm an enthusiastic evangelist. I'm also not a very good Rustacean, truth be told, in that my coding style isn't great, and I don't write particularly idiomatic Rust. I suspect this is partly because I never really finished learning Rust before diving in and writing quite a lot of code (some of which is coming back to haunt me) and partly because I'm just not that good a programmer. But I love Rust, and so should you. It's friendly—well, more friendly than C or C++; it's ready for low-level systems tasks—more so than Python, it's well-structured—more than Perl; and, best of all, it's completely open source from the design level up—much more than Java, for instance. Despite my lack of expertise, I noticed a few things that I suspect are common to many Rust enthusiasts and programmers. If you say "yes" to the following five signs (the first of which was sparked by some exciting recent news), you, too, might be a Rust programmer.

  • What Every Developer Must Know About Encoding and Unicode

    If you are coding an international app that uses multiple languages, you'll need to know about encoding. Or even if you're just curious how words end up on your screen – yep, that's encoding, too. I'll explain a brief history of encoding in this article (and I'll discuss how little standardisation there was) and then I'll talk about what we use now. I'll also cover some Computer Science theory you need to understand.

OpenSSH 8.5

OpenSSH 8.5 was released on 2021-03-03. It is available from the
mirrors listed at

OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:

Future deprecation notice

It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K.

In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1
hash algorithm in conjunction with the RSA public key algorithm.
OpenSSH will disable this signature scheme by default in the near

Note that the deactivation of "ssh-rsa" signatures does not necessarily
require cessation of use for RSA keys. In the SSH protocol, keys may be
capable of signing using multiple algorithms. In particular, "ssh-rsa"
keys are capable of signing using "rsa-sha2-256" (RSA/SHA256),
"rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last of
these is being turned off by default.

This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs that is still
enabled by default.

The better alternatives include:

 * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
   algorithms have the advantage of using the same key type as
   "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
   supported since OpenSSH 7.2 and are already used by default if the
   client and server support them.

 * The RFC8709 ssh-ed25519 signature algorithm. It has been supported
   in OpenSSH since release 6.5.

 * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
   have been supported by OpenSSH since release 5.7.

To check whether a server is using the weak ssh-rsa public key
algorithm, for host authentication, try to connect to it after
removing the ssh-rsa algorithm from ssh(1)'s allowed list:

    ssh -oHostKeyAlgorithms=-ssh-rsa user@host

If the host key verification fails and no other supported host key
types are available, the server software on that host should be

This release enables the UpdateHostKeys option by default to assist
the client by automatically migrating to better algorithms.

[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
    Application to the PGP Web of Trust" Leurent, G and Peyrin, T


 * ssh-agent(1): fixed a double-free memory corruption that was
   introduced in OpenSSH 8.2 . We treat all such memory faults as
   potentially exploitable. This bug could be reached by an attacker
   with access to the agent socket.

   On modern operating systems where the OS can provide information
   about the user identity connected to a socket, OpenSSH ssh-agent
   and sshd limit agent socket access only to the originating user
   and root. Additional mitigation may be afforded by the system's
   malloc(3)/free(3) implementation, if it detects double-free

   The most likely scenario for exploitation is a user forwarding an
   agent either to an account shared with a malicious user or to a
   host with an attacker holding root access.

 * Portable sshd(8): Prevent excessively long username going to PAM.
   This is a mitigation for a buffer overflow in Solaris' PAM username
   handling (CVE-2020-14871), and is only enabled for Sun-derived PAM
   implementations.  This is not a problem in sshd itself, it only
   prevents sshd from being used as a vector to attack Solaris' PAM.
   It does not prevent the bug in PAM from being exploited via some
   other PAM application. GHPR#212

Potentially-incompatible changes

This release includes a number of changes that may affect existing

 * ssh(1), sshd(8): this release changes the first-preference signature
   algorithm from ECDSA to ED25519.

 * ssh(1), sshd(8): set the TOS/DSCP specified in the configuration
   for interactive use prior to TCP connect. The connection phase of
   the SSH session is time-sensitive and often explicitly interactive.
   The ultimate interactive/bulk TOS/DSCP will be set after
   authentication completes.

 * ssh(1), sshd(8): remove the pre-standardization cipher It is an alias for aes256-cbc before
   it was standardized in RFC4253 (2006), has been deprecated and
   disabled by default since OpenSSH 7.2 (2016) and was only briefly
   documented in ssh.1 in 2001.

 * ssh(1), sshd(8): update/replace the experimental post-quantum
   hybrid key exchange method based on Streamlined NTRU Prime coupled
   with X25519.

   The previous method is
   replaced with Per its
   designers, the sntrup4591761 algorithm was superseded almost two
   years ago by sntrup761.

   (note this both the updated method and the one that it replaced are
   disabled by default)

 * ssh(1): disable CheckHostIP by default. It provides insignificant
   benefits while making key rotation significantly more difficult,
   especially for hosts behind IP-based load-balancers.

Changes since OpenSSH 8.4

New features

 * ssh(1): this release enables UpdateHostkeys by default subject to
   some conservative preconditions:
    - The key was matched in the UserKnownHostsFile (and not in the
    - The same key does not exist under another name.
    - A certificate host key is not in use.
    - known_hosts contains no matching wildcard hostname pattern.
    - VerifyHostKeyDNS is not enabled.
    - The default UserKnownHostsFile is in use.

   We expect some of these conditions will be modified or relaxed in

 * ssh(1), sshd(8): add a new LogVerbose configuration directive for
   that allows forcing maximum debug logging by file/function/line

 * ssh(1): when prompting the user to accept a new hostkey, display
   any other host names/addresses already associated with the key.

 * ssh(1): allow UserKnownHostsFile=none to indicate that no
   known_hosts file should be used to identify host keys.

 * ssh(1): add a ssh_config KnownHostsCommand option that allows the
   client to obtain known_hosts data from a command in addition to
   the usual files.

 * ssh(1): add a ssh_config PermitRemoteOpen option that allows the
   client to restrict the destination when RemoteForward is used
   with SOCKS.

 * ssh(1): for FIDO keys, if a signature operation fails with a
   "incorrect PIN" reason and no PIN was initially requested from the
   user, then request a PIN and retry the operation. This supports
   some biometric devices that fall back to requiring PIN when reading
   of the biometric failed, and devices that require PINs for all
   hosted credentials.

 * sshd(8): implement client address-based rate-limiting via new
   sshd_config(5) PerSourceMaxStartups and PerSourceNetBlockSize
   directives that provide more fine-grained control on a per-origin
   address basis than the global MaxStartups limit.


 * ssh(1): Prefix keyboard interactive prompts with "(user@host)" to
   make it easier to determine which connection they are associated
   with in cases like scp -3, ProxyJump, etc. bz#3224

 * sshd(8): fix sshd_config SetEnv directives located inside Match
   blocks. GHPR#201

 * ssh(1): when requesting a FIDO token touch on stderr, inform the
   user once the touch has been recorded.

 * ssh(1): prevent integer overflow when ridiculously large
   ConnectTimeout values are specified, capping the effective value
   (for most platforms) at 24 days. bz#3229

 * ssh(1): consider the ECDSA key subtype when ordering host key
   algorithms in the client.

 * ssh(1), sshd(8): rename the PubkeyAcceptedKeyTypes keyword to
   PubkeyAcceptedAlgorithms. The previous name incorrectly suggested
   that it control allowed key algorithms, when this option actually
   specifies the signature algorithms that are accepted. The previous
   name remains available as an alias. bz#3253

 * ssh(1), sshd(8): similarly, rename HostbasedKeyTypes (ssh) and
   HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms.

 * sftp-server(8): add missing documentation
   and advertisement in the server's SSH2_FXP_VERSION hello packet.

 * ssh(1), sshd(8): more strictly enforce KEX state-machine by
   banning packet types once they are received. Fixes memleak caused
   by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078).

 * sftp(1): allow the full range of UIDs/GIDs for chown/chgrp on 32bit
   platforms instead of being limited by LONG_MAX. bz#3206

 * Minor man page fixes (capitalization, commas, etc.) bz#3223

 * sftp(1): when doing an sftp recursive upload or download of a
   read-only directory, ensure that the directory is created with
   write and execute permissions in the interim so that the transfer
   can actually complete, then set the directory permission as the
   final step. bz#3222

 * ssh-keygen(1): document the -Z, check the validity of its argument
   earlier and provide a better error message if it's not correct.

 * ssh(1): ignore comments at the end of config lines in ssh_config,
   similar to what we already do for sshd_config. bz#2320

 * sshd_config(5): mention that DisableForwarding is valid in a
   sshd_config Match block. bz3239

 * sftp(1): fix incorrect sorting of "ls -ltr" under some
   circumstances. bz3248.

 * ssh(1), sshd(8): fix potential integer truncation of (unlikely)
   timeout values. bz#3250

 * ssh(1): make hostbased authentication send the signature algorithm
   in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
   This make HostbasedAcceptedAlgorithms do what it is supposed to -
   filter on signature algorithm and not key type.


 * sshd(8): add a number of platform-specific syscalls to the Linux
   seccomp-bpf sandbox. bz#3232 bz#3260

 * sshd(8): remove debug message from sigchld handler that could cause
   deadlock on some platforms. bz#3259

 * Sync contrib/ssh-copy-id with upstream.

 * unittests: add a hostname function for systems that don't have it.
   Some systems don't have a hostname command (it's not required by
   POSIX). The do have uname -n (which is), but not all of those have
   it report the FQDN.


 - SHA1 (openssh-8.5.tar.gz) = 04cae43c389fb411227c01219e4eb46e3113f34e
 - SHA256 (openssh-8.5.tar.gz) = 5qB2CgzNG4io4DmChTjHgCWqRWvEOvCKJskLdJCz+SU=

 - SHA1 (openssh-8.5p1.tar.gz) = 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
 - SHA256 (openssh-8.5p1.tar.gz) = 9S8/QdQpqpkY44zyAK8iXM3Y5m8FLaVyhwyJc3ZG7CU=

Please note that the SHA256 signatures are base64 encoded and not
hexadecimal (which is the default for most checksum tools). The PGP
key used to sign the releases is available from the mirror sites:

Please note that the OpenPGP key used to sign releases has been
rotated for this release. The new key has been signed by the previous
key to provide continuity.

Reporting Bugs:

- Please read
  Security bugs should be reported directly to
Read more