Free, Libre, and Open Source Software Leftovers

posted by Roy Schestowitz on Dec 18, 2025

• Thunderbird ☛ Thunderbird Monthly Development Digest: November/December 2025 - The Thunderbird Blog

  Hello again from the Thunderbird development team as we start to wind down for the holidays! Over the past several weeks, our sprints have been focused on delivery and consolidation to clear our plates for a fresh start in the New Year.

  Following our successful in-person work-week to discuss all things protocol, we’ve brought Exchange support (EWS) to our Monthly release channel, completed much of the final phases of the Account Hub experience, and laid the groundwork for what comes next. Alongside this feature work, the team has spent a significant amount of time adapting to upstream platform changes and supported our Services colleagues as we prepared for wider rollout. It’s been a period of steady progress, prioritization, and planning for the next major milestones.

• Linuxiac ☛ VLC 3.0.23 Media Player Released With Windows Fixes and Security Updates

  The new version focuses primarily on fixes rather than new functionality. Most of the changes target Windows, where the update resolves issues related to image display, security warnings, and OpenGL rendering. Alongside these platform-specific corrections, the release also introduces a minor enhancement to the reporting of audio codec information.

  On the security side, while VLC 3.0.22 already stood out as the release with the most security fixes in the project’s history, version 3.0.23 addresses additional security issues discovered since then.

• Wouter Groeneveld ☛ Properly Preparing Tea While Shaving An Emacs Yak

  Hey wow I’m typing this from Emacs! For the first time in more than a decade I decided to see if my beloved Sublime Text could be superseded with software that’s more than twice as old. It’s day four so far, and I’ve been nothing but confused in trying to get it up and running to my tastes, but the journey has kept me on my toes. I’ve disabled Evil mode for now, I don’t think I’m ready for that yet.

• PowerDNS ☛ PowerDNS in 2025: New products and two milestone anniversaries

  The first milestone came during the first half of 2025. We celebrated a remarkable achievement that speaks volumes about the quality of our software: in over 10 years, we have not received a single Severity 1 support case from our customers. This achievement highlights the stability, security, and performance of our solutions. In network security and infrastructure, a reliable, high-performance DNS solution is critical for ensuring smooth, secure, and uninterrupted operations.

• It's FOSS ☛ FOSS Weekly #25.51: Pop OS 24.04 Release, Fresh Editor, eBPF Tools, Cinnamon 6.6, NTFSPlus and More GNU/Linux Stuff

  There is a new editor which is easier than Nano as well.

• Events

  • FSF ☛ FSF Blogs: FSD meeting recap 2025-12-12

    Check out the important work our volunteers accomplished at Friday's Free Software Directory (FSD) IRC meeting.

• Web Browsers/Web Servers

  • University of Toronto ☛ Fake "web browsers" and their (lack of) HTTP headers: some notes

    It's hopefully not news to people that there is a plague of disguised web crawlers that are imitating web browsers (and not infrequently crawling from residential IPs, through various extremely questionable methods). However, many of these crawlers have only a skin-deep imitation of browsers, primarily done through their HTTP User-Agent header. This creates a situation where some of these crawlers can currently be detected (and blocked) because they either lack entirely or have non-browser values for other HTTP headers. I've been engaged in a little campaign to reduce the crawler presence here on Wandering Thoughts, so I've been experimenting with a number of HTTP header checks.

    Headers I'm currently looking at include: [...]

  • Mozilla

    • Mozilla ☛ Mozilla Addons Blog: Presenting 2025 Firefox Extension Developer Award Recipients

      Extensions have long been at the heart of the Firefox — providing users with powerful options to personalize their browsing experience. Nearly half of all Firefox users have installed at least one extension. These incredible tools and features are built by a community of more than 10,000 developers. While all developers contribute to the depth and diversity of our ecosystem, some of the most popular extensions provide significant global impact.

      Today we celebrate our first cohort of notable developers.

    • Linuxiac ☛ Mozilla’s New Leadership Will Prioritize Transparent AI and User Control

      Anthony Enzor-DeMeo formally took over as CEO of Mozilla Corporation, outlining a strategy that places trust, transparency, and user control at the center of the company’s next phase, with AI set to play a significant but tightly governed role.

    • Mozilla ☛ Mozilla Localization (L10N): Contributor Spotlight: Andika

      About You

      My name is Andika. I’m from Indonesia, and I speak Indonesian, Javanese, and English. I’ve been contributing to Mozilla localization for a long time, long enough that I don’t clearly remember when I started. I mainly focus on Firefox and Thunderbird, but I also contribute to many other open source projects.

• SaaS/Back End/Databases

  • Leon Mika ☛ Some Caution on Using ROWIDs for Primary Keys in Sqlite 3

    I’ve noticed that relying on ROWIDs for primary keys in Sqlite 3 tables can result in IDs being reused. If you insert a row that is given a ROWID of 1, delete it, then insert another row, that second row will also be given a ROWID of 1. At first I thought it was just the Go port I was using, but I also tried a package that uses the C library and I observed the same thing. It’s reproducable using the sqlite3 CLI tool: [...]

  • Evan Schwartz ☛ Short-Circuiting Correlated Subqueries in SQLite

    I recently added domain exclusion lists and paywalled content filtering to Scour. This blog post describes a small but useful SQL(ite) query optimization I came across between the first and final drafts of these features: using an uncorrelated scalar subquery to skip a correlated subquery (if you don't know what that means, I'll explain it below).

    Scour searches noisy sources for content related to users' interests. At the time of writing, it ingests between 1 and 3 million pieces of content from over 15,000 sources each month. For better and for worse, Scour does ranking on the fly, so the performance of the ranking database query directly translates to page load time.

• Content Management Systems (CMS) / Static Site Generators (SSG)

  • Justin Duke ☛ Site 2026

    Let me explain why I moved away from my previous generator, Eleventy (11ty, 11ty, three months later). While I still like and recommend Eleventy, I encountered two main issues: [...]

• FSF / Software Freedom

  • Andy Wingo ☛ in which our protagonist dreams of laurels

    When I reflect back on what inspired me about free software 25 years ago, it was much more political than technical. The idea that we should be able to modify our own means of production and share those modifications was a part of a political project of mutual care: we should be empowered to affect the systems that surround us, to the extent that they affect us.

• Standards/Consortia

  • Inside Towers ☛ Lawmakers Discuss How to Get the Nation Transitioned to NG911

    Much of the nation’s 911 call centers are still using legacy technology from the ‘60s and ‘70s. Some are beginning to transition to Next Generation 911 (NG911), which will enable first responders to send and receive images, texts and more to each other, and to hospital emergency rooms, for example. NG911 is a cloud-based system that would enable first responders, fire departments, police and others to send and receive data, according to witnesses who testified before a House Energy and Communications subcommittee hearing yesterday.

• Entrapment (Microsoft GitHub) and Security

  • The Register UK ☛ GitHub walks back plan to charge for self-hosted runners

    Following publication of our original article, GitHub reversed its decision. The Microsoft-owned developer site has taken to X to admit it might have made a mistake by unilaterally announcing plans to charge people for using their own hardware to host runners.

  • LWN ☛ Security updates for Wednesday

    Security updates have been issued by Debian (node-url-parse), Fedora (assimp, conda-build, mod_md, util-linux, and webkitgtk), Oracle (firefox), SUSE (chromium, librsvg, poppler, python311, qemu, strongswan, webkit2gtk3, wireshark, and xen), and Ubuntu (linux-azure, linux-azure-5.4, linux-azure-5.15, linux-azure-fips, and linux-raspi, linux-raspi-realtime, linux-xilinx).

  • SANS ☛ Maybe a Little Bit More Interesting React2Shell Exploit, (Wed, Dec 17th)

    I have already talked about various React2Shell exploit attempts we have observed in the last weeks.