Technology Tales

Mozilla's Thunderbird email client has transitioned to using OAuth2 with PKCE as the default authentication method for Yahoo, AOL and ATT accounts, enhancing security and enabling access to calendars and contact lists. Users with a single account can log in with their email and password, granting Thunderbird access to their data, while those with multiple accounts must adjust hidden preferences to ensure compatibility.

The OAuth2 process involves verifying identity through username, password and optional confirmation steps, resulting in an access token stored by Thunderbird for future use. Users encountering issues with sign-in attempts may need to enable cookies, update authentication settings to OAuth2, or resolve account-specific restrictions imposed by providers. Additional steps include importing Yahoo contacts via an LDIF file and configuring calendar access through Yahoo's support resources. Troubleshooting typically involves verifying password validity, ensuring cookies and JavaScript are enabled and confirming correct authentication settings, with further assistance available through Mozilla's support forums.

XenForo is a community platform designed to facilitate customer engagement, data security and user interaction through features such as forums, media management, resource organisation and enhanced search capabilities. It allows businesses to create spaces for customers to share experiences, provide feedback and access knowledge bases, while maintaining control over data and customising the platform's appearance and functionality to align with brand identity. Additional tools like the Media Gallery and Resource Manager support content management and collaboration and the platform's architecture enables integration with custom systems or third-party add-ons. Regular updates and a focus on user notifications, content discovery and flexible permissions further enhance its utility for managing online communities, with clients across various industries utilising it to foster engagement and streamline operations.

QGIS 4.0 introduces significant updates and enhancements, offering advanced cartographic design tools, robust digitising and construction features, comprehensive analysis capabilities and extensive support for data formats and web services. Available across multiple platforms, it enables users to create high-quality maps, produce detailed reports and share results through cloud and mobile integration. As a free and open-source project, it relies on community contributions and collaboration, with a strong emphasis on accessibility and interoperability. The software also includes tools for spatial analysis, customisable forms and automated workflows, supported by a global network of user groups and organisations. Related projects such as QMapShack provide additional functionality for GPS data management and outdoor mapping, catering to both professional and recreational users.

Coding An HTML 5 Layout From Scratch

Here is an article that demonstrates how to build a functional layout using HTML5 and CSS3 despite both specifications being works in progress at the time. In doing so, the author advocates for progressive enhancement and graceful degradation techniques to ensure compatibility across browsers. Building on this foundation, the tutorial walks through creating a blog-style layout featuring semantic HTML5 elements such as header, nav, section, article, aside, figure and footer, integrated with microformats for enhanced semantic meaning. In practice, the markup eschews traditional div-heavy structures in favour of more meaningful tags, whilst the styling employs CSS3 properties like border-radius, text-shadow and advanced selectors including pseudo-classes and attribute selectors.

Microsoft offers a range of development tools tailored to different needs, with Visual Studio serving as a comprehensive integrated development environment primarily for large-scale software projects, particularly those within the .NET ecosystem, though it also supports other languages and platforms through extensions. It is designed for enterprise applications, desktop software and complex solutions, featuring advanced debugging, testing and integration with Microsoft services. In contrast, Visual Studio Code is a lightweight, cross-platform code editor with a vast extension ecosystem, suitable for a wide array of programming languages and workflows, emphasising speed and flexibility. Its web-based counterpart, often referred to as Visual Studio Code Online, provides a browser-based environment ideal for quick edits or cloud-based development but with limitations in local system access and extension availability. Each tool caters to distinct scenarios, from heavy enterprise development to agile, multi-language projects and remote collaboration, reflecting a spectrum of approaches within the software development landscape.

yEd is a free, cross-platform desktop application designed for creating and editing high-quality diagrams, supporting manual creation or data import from formats such as Excel or XML. It features automatic layout algorithms for arranging complex data sets efficiently and allows exporting to common graphic formats like PNG, SVG and PDF. Available on Windows, macOS and Linux, the tool is suitable for both personal and commercial use, with a focus on usability through an intuitive interface. Based on the yFiles diagramming library, it supports a wide range of diagram types, including flowcharts, BPMN and UML and integrates with platforms like Atlassian Confluence. User testimonials highlight its effectiveness and ease of use, with many praising its value as a free tool for professional and academic purposes.

SolarWinds has issued security updates to address four critical vulnerabilities in its Serv-U file transfer software, which could allow attackers to gain root access on unpatched servers. The most severe flaw, CVE-2025-40538, involves a broken access control issue that enables the creation of system admin users and arbitrary code execution under high-privilege conditions. Additional vulnerabilities include type confusion and an insecure direct object reference flaw, though exploitation typically requires existing administrative access. While over 12,000 Serv-U servers are exposed online according to Shodan, Shadowserver estimates fewer than 1,200 are actively accessible. The software has historically been a target for cybercriminals and state-sponsored groups, with past exploits linked to ransomware campaigns and zero-day attacks. CISA currently tracks nine active SolarWinds-related security flaws, underscoring the ongoing risk posed by unpatched systems.

ModPageSpeed

ModPageSpeed 2.0 is a self-hosted web optimisation tool designed to enhance site performance without relying on external services such as proxies or CDNs. Supported by We-Amp B.V., it builds on the original mod_pagespeed project but introduces a new architecture that processes optimisations outside the main request path, reducing latency and ensuring content remains on the user’s servers. Key features include automatic image transcoding into multiple formats and resolutions, heuristic-based critical CSS extraction and sub-millisecond cache hits using a zero-copy memory-mapped system.

It supports any HTTP-based origin server and operates with minimal configuration, requiring only a licence key for activation. Unlike the older mod_pagespeed 1.x version, which is no longer actively maintained, ModPageSpeed 2.0 includes modern capabilities such as AVIF support and container integration while maintaining a conservative approach to optimisations to prevent site disruptions. The tool is available for a monthly subscription fee, with a free trial period and is positioned as a secure, GDPR-compliant alternative to cloud-based optimisation solutions.

Hackers believed to be working for the Chinese government compromised the popular open-source editor Notepad++ between June and December 2025, delivering malicious updates to users through a hijacked update mechanism. The attackers exploited vulnerabilities in the shared hosting server where the Notepad++ domain was hosted, redirecting certain users to a malicious server that delivered compromised software versions. Security researchers identified the perpetrators as Lotus Blossom, an espionage group known to target government, telecommunications, aviation, critical infrastructure and media organisations, with victims in this campaign being primarily those with interests in East Asia.

The developer, Don Ho, discovered that attackers gained hands-on access to victim computers through the tainted software, though the precise method of the initial server breach remains under investigation. After fixing the vulnerability in November and terminating hacker access in December, Ho urged users to download the latest version containing security fixes, whilst apologising for the incident that affected software that has had tens of millions of downloads over its two-decade history.

Altova recently highlighted three key capabilities in their software products for users who purchased XMLSpy 2022. MapForce now offers PDF data extraction through a visual interface where users can search for specific words to locate and extract tables or other content, which proves particularly valuable when working with large documents or repetitive elements in data mapping workflows. XMLSpy has introduced a graphical BSON editor that displays binary JSON documents in a readable grid format, allowing developers to view, modify and convert between BSON and formats like JSON and YAML without struggling with the inherently unreadable binary format. The company has also developed an XBRL Tagging solution for European Single Electronic Format reporting, enabling business users to visually tag financial statements in familiar PDF or HTML formats using their mouse and searchable menus, which then generates compliant iXBRL reports without requiring deep technical expertise in XBRL standards.