FOSS Weekly #24.14: Homelab Special Edition (and Discussing XZ Backdoor in Linux)

Intriguing story on how almost all Linux servers were about to be compromised.
Warp Terminal

This is a special FOSS Weekly edition as it focuses on Homelab. Wondering what is a homelab? Basically, it's a dedicated computer(s) set up which resides in your home and serves various open source software on your local network. So, you run your own cloud storage, media server and a lot more.

What is a Homelab and Why Should You Have One?
Having a homelab setup has multiple advantages. Learn what it is and why you should consider a homelab for yourself.

That's the simplest of the homelab. There is no limit to what you can do with a homelab. Just browse through the r/homelab subreddit and you'll be amazed at what your peers are doing with their homelab.

In my opinion, when you have been using Linux on your personal computer for long and start wondering what should I do next, the homelab is the answer. Not only you get control over your data, you also enhance your skills. It could also help you reduce electronic waste by putting older hardware to some good use.

We are already covering tutorials on Raspberry Pi and local AI set up. You'll be seeing more educational material on homelabs regularly on It's FOSS.

Based on the feedback I received from the previous newsletter, it seems a good majority of It's FOSS readers want regular recommendation on Android FOSS apps.

💬 Let's see what else you get in this edition:

  • The XZ Utils backdoor almost causing havoc.
  • Proxmox wasting no time in saving users from VMware.
  • And other Linux news, videos and, of course, memes!
  • This edition of FOSS Weekly is supported by Netdata.

✨ Netdata: Tailored Monitoring Solutions for Home Lab Environments

Netdata is on a mission to revolutionize observability & make it universally accessible. Whether you are a startup or a multinational corporation, a business or a home lab user.

Benefit from the Homelab plan, where for the cost of a beer per month, you can get access to all Business features. Empower your projects with Netdata's best.

Netdata: Monitoring and troubleshooting transformed
Netdata is a distributed real-time, health monitoring platform for systems, hardware, containers & applications, collecting metrics. Zero configuration needed.

🏠💻 Homelab! Sweet Homelab!

By now, you have some idea about what a homelab is. How do you get started with setting your own?

If you can spend some money, you can get Raspberry Pi or any other single board computer. However, recently, I got an excellent 'plug and play' Homelab device in the form of ZimaBoard.

ZimaBoard Turned My Dream of Owning a Homelab into Reality
Get control of your data by hosting open source software easily with this plug and play homelab device.

If you don't have the budget, you can use older computers and servers for this purpose. If you have one lying around in your house, good. Otherwise, you may try getting a used one from eBay like websites in your country.

Once you have got the hardware, it's time for the operating system. Now, you may install lightweight Linux distributions or simply go with server distros. But I think it will be easier if you try an operating system specially crafted for Homelab. Here are my recommendations:

If you are a bit experienced, you can have a rather advanced homelab setup using virtualization tools like Proxmox. My colleague Helder prefers this method. Here's a good learning resource on Proxmox, if you are interested.

Getting Started With Proxmox
A tutorial searies that covers everything from installing and upgrading Proxmox to using it for creating and managing VMs.

When you are running too many services in your homelab, it may become difficult to manage them. This is where dashboard software come into the picture.

Dashy | Dashy
Dashy, the self-hosted dashboard app for your homelab

You have enough information now to plan your own homelab (if you want it). Happy homelabbing 😄


📰 Linux news


🧠 What we’re thinking about

Talk of this week/month/year/decade is the very sophisticated supply chain attack to install a backdoor in XZ utility to compromise Linux servers running SSH.

How? The attacker gained trust by contributing to the project and became one of the main developers. He pushed some hidden malicious code which gets activated only in certain cases and impacts the SSH connections. And thus compromising the integrity of a Linux server.

The thing is that since it was all open source and hence it got detected by a Microsoft Engineer who noticed a 0.5 second delay with SSH.

Intriguing, isn't it? Imagine if XZ Utils was a proprietary tool. This would have probably never been discovered.

The XZ Utils Backdoor in Linux: How it Happened
It was just moments before a disastrous security incident happened.

📹 What we are watching

Kenny sums up the recent xz backdoor fiasco.


✨ Project highlights

Thorium, a Chromium fork that claims to be “the fastest browser on Earth”.

Thorium: The Fastest Open Source Chromium-based Browser?
Fast like Lightning McQueen?

🧩 New quiz unit

Time for some (web) development.

Open-Source Web Dev Tools: Quiz
Are you a web developer or want to be one? Check out some open-source tools that you’re going to come across in your journey.

💡 Quick handy tip

You can name Brave/Chrome browser windows to identify its purpose.

Right-Click on any empty space on the toolbar area and then select the “Name Window” option. Now, type the name you need and click “OK”.

These windows will now be alphabetically shown on Brave/Chrome, when you hover over the icon on the taskbar.


🤣 Meme of the week

The XZ backdoor fiasco also resulted in a memefest


🗓️ Tech Trivia

On April 1,2004. Gmail was launched as an invitation-only mail service that many thought was an April Fool's prank. On that note, did you check out our recent prank?

Microsoft Decides to Promote Ubuntu to Windows 10 Users
What a day to be alive!

🧑‍🤝‍🧑 FOSSverse corner

Many FOSSers, including me, have been discussing the extent of the xz backdoor. You are encouraged to give your opinions too!

Xz utility had backdoor
Some of you might have come across the current hot topic in Linux world right now. The compression utility xz was backdoored in the recent versions and that too by one of its developers. He even tried pushing for the backdoored version to be included in the upcoming Ubuntu 24.04 and Fedora 41.

❤️ With love

Share it with your Linux-using friends and encourage them to subscribe (hint: it's here).

Share the articles in Linux Subreddits and community forums.

Follow us on Google News and stay updated in your News feed.

Opt for It's FOSS Plus membership and support us 🙏

Enjoy using Linux 😄

About the author
Abhishek Prakash

Abhishek Prakash

Created It's FOSS 11 years ago to share my Linux adventures. Have a Master's degree in Engineering and years of IT industry experience. Huge fan of Agatha Christie detective mysteries 🕵️‍♂️

Become a Better Linux User

With the FOSS Weekly Newsletter, you learn useful Linux tips, discover applications, explore new distros and stay updated with the latest from Linux world

itsfoss happy penguin

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to It's FOSS.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.