L'urgence de la souveraineté numérique pour échapper à la merdification

Le triste exemple de YouTube

Je n'ai plus de compte Google depuis plusieurs années. Je me suis rendu compte que j'évite autant que possible de cliquer sur un lien YouTube, car, à chaque vidéo, je dois passer par le chargement d'une page qui surcharge mon ordinateur pourtant récent, je dois tenter de lancer la vidéo, attendre plusieurs secondes qu'un énorme popup l'interrompe. Puis je dois faire en sorte de trouver le son original et non pas une version automatiquement générée en français. Une fois tout ça terminé, il faut encore se taper des publicités de parfois plusieurs minutes.

Tout ça pour voir une vidéo qui pourrait potentiellement contenir une information qui m'intéresse. Et encore, ce n'est pas du tout certain.

• De la merdification des choses (ploum.net)

Alors, oui il y a des moyens de contourner ces merdifications, mais c'est un travail permanent et qui ne fonctionne pas toujours. Donc, en gros, je ne clique sur les liens YouTube que quand je suis vraiment obligé. Genre avant je regardais les clips vidéos des groupes de métal que recommandait Alias. Désormais, j'utilise Bandcamp (j'y achète même des albums) quand il le mentionne ou je cherche ailleurs.

• Rock et metal progressifs, science-fiction, jeu de rôle et divagations de vieux gauchiste; maison fondée en 2002 (erdorin.org)

Vous croyez que votre vidéo doit être sur YouTube, car « tout le monde y est », mais, au moins dans mon cas, vous avez perdu de l'audience en étant uniquement sur YouTube.

Une merdification totalement assumée

Le pire, c'est de se rendre compte que la merdification est vraiment assumée de l'intérieur. Comme le souligne Josh Griffiths, YouTube encourage les créateurs à tourner des vidéos dont le scénario est généré par leur IA. YouTube rajoute des pubs sans le consentement du créateur.

• YouTube is Awful. I'm Not Posting There Anymore. (joshgriffiths.site)

Toujours dans son blog post, il décrit comment YouTube utilise votre historique vidéo pour déterminer votre âge et bloquer toutes les vidéos qui ne seraient pas appropriées. C'est tellement effrayant de stupidité que ça pourrait être dans une de mes nouvelles.

• Stagiaire au spatioport Omega 3000 (pvh-editions.com)

Une chose est certaine : en me connectant sur YouTube sans compte et sans historique, YouTube me propose spontanément des dizaines de vidéos sur les nazis, sur la Seconde Guerre mondiale, sur les fusils utilisés par les nazis, etc. Je n'ai jamais regardé ce genre de choses. Au vu du titre, certaines vidéos me semblaient à la limite de la théorie du complot ou du négationnisme. Pourquoi me les recommander ? L'hypothèse la plus effrayante serait que ce soit les recommandations par défaut !

Parce que ce n'est pas comme si YouTube ne savait pas comment effacer les vidéos qui ne lui plaisent pas !

• YouTube Erased 700 Videos of Israeli Human Rights Violations (theintercept.com)

Si vous réalisez des vidéos et que vous souhaitez les partager à des humains, par pitié, postez-les également ailleurs que sur YouTube! Personne ne vous demande d'abandonner votre « communauté », vos likes, vos 10 centimes de revenus publicitaires qui tombent tous les mois. Mais postez également votre vidéo ailleurs. Par exemple sur Peertube !

• What is PeerTube? (joinpeertube.org)

De la dépendance politique aux technologies merdifiées

Comme le dit très bien Bert Hubert, le problème de la dépendance aux monopoles américains n'est pas tant technique que culturel. Et les gouvernements européens devraient être les premiers à montrer l'exemple.

• Keynote opening Digital Commons EDIC: Moving beyond the Digital Uncommons (berthub.eu)

Je pense qu'il illustre parfaitement la profondeur du problème, car, dans sa conférence qui décrit la dépendance technologique de l'UE envers les USA et la Chine, il pointe vers des vidéos explicatives… sur YouTube. Et Bert Hubert ne semble même pas en réaliser l'ironie alors qu'il recommande Peertube un peu plus loin. Il héberge d'ailleurs ses projets personnels sur Github. Github appartient à Microsoft et son monopole sur les projets Open Source a des impacts dramatiques.

• How Github monopoly is destroying the open source ecosystem (ploum.net)

J'ai déjà noté à quel point l'Europe développe des solutions technologiques importantes, mais que personne ne semble s'en apercevoir parce que, contrairement aux USA, nous développons des technologies qui offrent de la liberté aux utilisateurs : le Web, Linux, Mastodon, le protocole Gemini.

• Pourquoi n'y a-t-il pas de Google européen ? (ploum.net)

À cette liste, j'aimerais rajouter VLC, LibreOffice et, bien entendu, PeerTube.

Les solutions européennes qui ont du succès font partie des communs. Elles sont tellement évidentes que beaucoup n'arrivent plus à les voir. Ou à les prendre au sérieux, car « pas assez chères ».

Le problème de l'Europe n'est pas le manque de solutions. C'est simplement que les politiciens veulent « un Google européen ». Les politiciens sont incapables de voir qu'on ne lutte pas contre les monopoles américains en créant, avec 20 ans de retard, un sous-monopole européen.

C'est un problème purement culturel. Il suffirait que quelques députés européens aient le courage de dire : je supprime mes comptes X, Facebook, Whatsapp, Google et Microsoft pour un mois. Un simple mois durant lequel ils accepteraient que, oui, les choses sont différentes, il faut s'adapter un peu.

Ce n'est pas comme si le problème n'était pas urgent : tous nos services informatiques officiels, tous nos échanges, toutes nos données sont aux mains d'entreprises qui collaborent ouvertement avec l'armée américaine. Vous croyez vraiment que les militaires américains n'ont pas exploité toutes les données Google/Microsoft/Whatsapp des politiciens vénézuéliens avant de lancer leur raid ? Et encore, le Venezuela est un des rares pays qui tentait officiellement de se passer des solutions américaines.

L'honnêteté de considérer une solution

Quitter les services merdifiés est difficile, mais pas impossible. Cela peut se préparer, se faire petit à petit. Si, pour certains, c'est actuellement strictement impossible pour des raisons professionnelles, pour beaucoup d'entre nous, c'est surtout que nous refusons d'abandonner nos habitudes. Se plaindre, c'est bien. Agir, c'est difficile et nécessite d'avoir le temps et l'énergie à consacrer à une période de transition.

• Dire au revoir aux GAFAM : journal d'une ancienne instagrammeuse (www.24joursdeweb.fr)

Bert Hubert prend l'exemple du mail. En substance, il dit que le mail n'est plus un bien commun, que les administrations ne peuvent pas utiliser un mail européen, car Microsoft et Google vont arbitrairement rejeter une partie de ces emails. Pourtant, la solution est évidente : il suffit de considérer que la faute est chez Google et Microsoft. Il suffit de dire « Nous ne pouvons pas utiliser Microsoft et Google au sein des institutions officielles européennes, car nous risquons de ne pas recevoir certains emails ».

Le problème n'est pas l'email, le problème est que nous nous positionnons en victimes. Nous ne voulons pas de solution ! Nous voulons que ça change sans rien changer !

Beaucoup de problèmes de l'humanité ne proviennent pas du fait qu'il n'y a pas de solutions, mais qu'en réalité, les gens aiment se plaindre et ne veulent surtout pas résoudre le problème. Parce que le problème fait désormais partie de leur identité ou parce qu'ils ne peuvent pas imaginer la vie sans ce problème ou parce qu'en réalité, ils bénéficient de l'existence de ce problème (on appelle ces derniers des « consultants » ).

Il y a une technique assez simple pour reconnaître ce type de situation : c'est, lorsque tu proposes une solution, de te voir immédiatement rétorquer les raisons pour lesquelles cette solution ne peut pas fonctionner. C'est clair, à ce moment, que la personne en face ne cherche pas une solution. Elle n'a pas besoin d'un ingénieur, mais d'un psychologue (rôle que prennent cyniquement les vendeurs).

• Du désir profond de se faire arnaquer (ploum.net)

Une personne qui cherche réellement à résoudre son problème va être intéressée par toute piste de solutions. Si la solution n'est pas adaptée, elle va réfléchir à comment l'améliorer. Elle va accepter certains compromis. Si elle rejette une solution, c'est après une longue investigation de cette dernière, car elle a réellement l'espoir de résoudre son problème.

La solution du courage politique

Pour les gouvernements aujourd'hui, il est techniquement assez simple de dire « Nous voulons que nos emails soient hébergés en Europe par une infrastructure européenne, nous voulons diffuser nos vidéos via nos propres serveurs et faire nos annonces officielles sur un site que nous contrôlons. » C'est même trivial, car des milliers d'individus comme moi le font pour un coût dérisoire. Et il y a même des tentatives claires, comme en Suisse.

• New Open Source law in Switzerland (joinup.ec.europa.eu)

Les seules raisons pour lesquelles il n'y a même pas de réflexion poussée à ce sujet sont, comme toujours, la malveillance (oui, Google et Microsoft font beaucoup de cadeaux aux politiciens et sont capables de déplacer des montagnes dès qu'une alternative à leur monopole est considérée) et l'incompétence.

Malveillance et incompétence n'étant pas incompatibles, mais plutôt complémentaires. Et un peu trop fréquentes en politique à mon goût.

• Image postée par Tibolalu sur Mastodon

07 Jan 2026 6:54am GMT

How Github monopoly is destroying the open source ecosystem

I teach a course called "Open Source Strategies" at École Polytechnique de Louvain, part of the University of Louvain.

As part of my course, students are required to find an open source project of their choice and make a small contribution to it. They send me a report through our university Gitlab. To grade their work, I read the report and explore their public interactions with the project: tickets, comments, pull requests, emails.

This year, during my review of the projects of the semester, Github decided to block my IP for one hour. During that hour, I simply could not access Github.

Github telling me I made too many requests

It should be noted that, even if I want to get rid of it, I still have a Github account and I was logged in.

• We need to talk about your Github addiction (ploum.net)

The block happened again the day after.

This gave me pause.

I wondered how many of my students' projects were related to projects hosted on Github. I simply went into the repository and counted 238 students reports in the last seven years:

ls -l projects_*/*.md | wc -l
238

Some reports might be missing. Also, I don't have the reports before 2019 in that repository. But this is a good approximation.

Now, let's count how many reports don't contain "github.com".

grep -L github.com projects_*/*.md | wc -l
7

Wow, that's not a lot. I then wondered what those projects were. It turns out that, out of those 7, 6 students simply forgot to add the repository URL in their report. They used the project webpage or no URL at all. In those 6 cases, the repository happened to be hosted on Github.

In my course, I explain at great length the problem of centralisation. I present alternatives: Gitlab, Codeberg, Forgejo, Sourcehut but also Fossil, Mercurial, even Radicle.

• Radicle: peer-to-peer collaboration with Git (lwn.net)
• From Git to Fossil (lucio.albenga.es)

I literally explain to my students to look outside of Github. Despite this, out of 238 students tasked with contributing to the open source project of their choice, only one managed to avoid Github.

The immediate peril of centralisation

As it was demonstrated to me for one hour, the immediate peril of centralisation is that you can suddenly lose access to everything. For one hour, I was unable to review any of my students' projects. Not a great deal, but it serves as a warning. While writing this post, I was hit a second time by this block.

A few years ago, one of my friends was locked out of his Google account while travelling for work at the other end of the world. Suddenly, his email stopped working, most of the apps on his phone stopped working, and he lost access to all his data "in the clouds". Fortunately, he still had a working email address (not on Google) and important documents for his trip were on his laptop hard drive. Through personal connections at Google, he managed to recover his account a few weeks later. He never had any explanations.

• Et si vos comptes disparaissaient demain ? (ploum.net)

More recently, Paris Buttfield-Addison experienced the same thing with his Apple account. His whole online life disappeared, and all his hardware was suddenly bricked. Being heavily invested in Apple doesn't protect you.

• 20 Years of Digital Life, Gone in an Instant, thanks to Apple (hey.paris)

I'm sure the situation will be resolved because, once again, we are talking about a well-connected person.

But this happens. All the time. Institutions are blindly trusting monopolies that could lock you out randomly or for political reasons as experienced by the French magistrate Nicolas Guillou.

• The Judge at the End of Europe (www.project-syndicate.org)

Worst: as long as we are not locked out, we offer all our secrets to a country that could arbitrarily decide to attack yours and kidnap your president. I wonder how much Venezuelan sensitive information was in fact stored on Google/Microsoft services and accessed by the US military to prepare their recent strike.

Big institutions like my Alma Mater or entire countries have no excuse to still use American monopolies. This is either total incompetence or corruption, probably a bit of both.

The subtle peril of centralisation

As demonstrated by my Github anecdote, individuals have little choice. Even if I don't want a Github account, I'm mostly forced to have one if I want to contribute or report bugs to projects I care about. I'm forced to interact with Github to grade my students' projects.

237 out of 238 is not "a lot." It's everyone. There's something more than "most projects use Github."

According to most of my students, the hardest part of contributing to an open source project is finding one. I tell them to look for the software they use every day, to investigate. But the vast majority ends up finding "something that looks easy."

That's where I realised all this time my students had been searching for open source projects to contribute to on Github only. It's not that everything is on Github, it is that none of my students can imagine looking outside of Github!

The outlier? The one student who contributed to a project not on Github? We discussed his needs and I pointed him to the project he ended up choosing.

Github's centralisation invisibilised a huge part of the open source world. Because of that, lots of projects tend to stay on Github or, like Python, to migrate to Github.

The solution

Each year, students come up with very creative ways not to do what I expect while still passing. Last year, half of the class was suddenly committing reports with broken encoding in the file path. I had never seen that before and I asked how they managed to do it. It turns out that half the class was using VS Code on Windows to do something as simple as "git commit" and they couldn't use the git command line.

This year, I forced them to use the command line on an open source OS, which solved the previous year's issue. But a fair number of the reports are clearly ChatGPT-generated, which was less obvious last year. This is sad because it probably took them more effort to write the prompt and, well, those reports are mostly empty of substance. I would have preferred the prompt alone. I'm also sad they thought I would not notice.

But my main mistake was a decade-long one. For all those years, I asked my students to find a project to contribute to. So they blindly did. They didn't try to think about it. They went to Github and started browsing projects.

For all those years, I involuntarily managed to teach my students that Open Source was a corner of the web, a Microsoft-managed repository of small software one can play with. Nothing serious.

This is all my fault.

I know the solution. Starting this year, students will be forced to contribute to a project they use, care about or, at the very least, truly want to use in the long term. Not one they found randomly on Github.

If they think they don't use open source software, they should take a better look at their own stack.

And if they truly don't use any open source software at all and don't want to use any, why do they want to follow a course about the subject in the first place?

07 Jan 2026 6:54am GMT

A developer named Martin DeVido gave Claude complete control over a living tomato plant that he named Sol. This might be the coolest agentic experiment I've seen. You can follow along live at autoncorp.com/biodome.

Every 30 minutes or so, Claude wakes up to check temperature, humidity, CO₂, and soil moisture, then decides when to turn on the grow light, heat mat, fan, or water pump. No human backup.

It also watches the plant through a camera. Just earlier, it looked at Sol and observed "healthy bushy foliage, no wilting, turgid leaves, 6-8 compound leaves visible. Sol looks great!".

This plant seems to be living its best life. And Claude clearly seems pleased with itself.

Most AI interactions are fast and fleeting. You prompt, it answers, and you close the session. Regular AI tools branching into the real world to control a slow, messy process feels like a glimpse of what is next. A tomato plant is innocent enough. But it's not hard to imagine what comes next.

Either way, I'd love to experiment with similar, innocent ideas. If you have any, let me know.

07 Jan 2026 6:54am GMT

Thinking about who I am addressing is a challenge, but it is an important one. As I write, I realize I'm speaking to three distinct groups: my friends and family who are new to the world of tech, newcomers eager to join programs like Outreachy, and the technical experts who maintain and sustain the projects I work on.

What is FOSS anyway?

To my friends and family: Free and Open Source Software (FOSS) refers to software that anyone can freely use, modify, and share. Think of it as a community garden, instead of one company owning the "food," people from all over the world contribute, improve, and maintain it so everyone can benefit from it for free.

To the Aspiring Contributors

Contributing to an open source project isn't just about writing code. It could involve going over a ton of documentation and understanding a specific coding style. You have to set up your environment and learn to treat documentation as a "source of truth," even if it's something you help modify and improve later.

Where I come from, this world is fairly unknown, and it seemed quite scary at first. However, I've learned that asking questions and communicating are your best tools. Don't be afraid to do your part by investigating and reading, but remember that the community is there to help you grow.

Why Quality Matters

For the past few weeks, I've seen the importance of checking software quality before a release.

Imagine you download a new desktop environment, try to open the calculator or the clock, and it crashes or refuses to start. How annoying is that? Or worse, you download software and can't even install it successfully. My work on creating tests for Debian using openQA is aimed at preventing these experiences. We simulate real user actions to make sure that when someone clicks "Open," the application actually works.

Closing Thoughts

In general, FOSS has empowered people to access and build technology freely. Whether you are here to use the software or you have the expertise to modify and explore it, there is a place for you in this community.

I'm writing this for you, whichever audience you belong to, to show that complex systems become less intimidating when you begin by asking questions.

05 Jan 2026 10:46pm GMT

Hello world . I am an intern at Outreachy and contributing to the Debian Images Testing project since October 2025. This project is Open Source and everyone can contribute to it in any way. The project uses Open QA to automatically install Operating System Images and test them . We have a community here of contributors that is always ready to help out. The mentors and project maintainers are very open to contributions. They listen to any innovative ideas and point out what they have been doing so far.

So far contributions have been in terms of:

• Documentation - Adding to install guides
• Pseudo Tests - Suggesting an idea after finding an error or idea
• Pointing out bugs / errors when trying out tests
• Work on tests
• Contribute towards the wider community / help out other contributors
• Heck, you can even create a screen-cast video doing the set up and add it to the guide / docs
• Developers with further understanding can try to work with the maintainers on packages

Contributing to this project requires some knowledge of Linux commands and Operating Systems. What we will learn later as we go on will be :

• Images / Operating System Installation through dual booting
• More Linux commands
• Images / Operating System Installation and testing on Virtual Machine
• Git commands
• Writing testing documentation
• Writing Pseudo Tests
• Writing test modules / code using Perl
• Working on configuration

Before any contribution begins, we would want to first try out the project and run a couple of tests. Get to understand what we are doing first. Let's say you are starting out as a Windows or MacOS user and you want to start contributing. I would recommend dual partitioning your device first. Do enough research and prepare the resources. The network install image just needs at-least 4 GB USB flash drive for dual booting. You will use Debian as the second operating system. Give enough space to Debian, I recommend around 150 GB or more. Also assign at-least 1 GB space to the /boot/efi directory to prevent the low space warnings after a while.This will be a way good way to learn about image installation which is part of the work . I do not recommend Virtual Box because it will hinder full use of system resources. This process will take a day or two.

After dual booting. We log into our Debian System . The next step of instructions will take you through how we set up and run our tests. These instructions have many Linux commands. You will be learning if you are a newbie as you go through the steps. Try to understand these commands and do not blindly copy and paste. You can start your contributions here if you have a suggestion to add to the install docs. Run some tests then log in the Web UI as per the instructions to view your tests progress. Green means they've passed. Blue means its still running. Red means failed.

Kudos if you have reached this point. The community of contributors will help if you are stuck. We get to try out our own variations of tests using variables. We will also rely on documentation to understand the configurations / test commands like these

openqa-cli api -X POST isos ISO=debian-13.1.0-amd64-netinst.iso DISTRI=debian VERSION=stable FLAVOR=netinst-iso ARCH=x86_64 BUILD=1310 #This is the test you will run on the guide

openqa-cli api -X POST isos ISO=debian-13.1.0-amd64-netinst.iso DISTRI=debian VERSION=stable FLAVOR=netinst-iso ARCH=x86_64 BUILD=1310 TEST=cinnamon #I have added a TEST variable that runs only cinnamon test suite

You can check specific test suites from the WebUI :

We get some failures at times. Here are some failed tests from a build I was working on.

Here we find the cinnamon test failed at locale module. Click on any module above and it will lead us to needles and point to the where the test failed. You can check the error or try to add a needle if its needle failure.

Try editing a test module and test your changes. Try out some ideas. Read the documentation folder and write some pseudo code. Interact with the community. Try working on some tasks from the community . Create your tests and add them to the configuration. There is a lot of stuff that can you can work on in this community.

It may seem hard to grasp at first as a newbie to Open Source. The community will help you through out even if the problem seems small. We are very friendly and the code maintainers have extensive knowledge. Get to sit with us during one of our meetings and you will learn so much about the project. Learning , networking and communicating is part of contributing to the broader community.

05 Jan 2026 6:41pm GMT

About 95% of my Debian contributions this month were sponsored by Freexian.

You can also support my work directly via Liberapay or GitHub Sponsors.

Python packaging

I upgraded these packages to new upstream versions:

• aiosmtplib
• astroid (fixing a build failure with Python 3.14, as I wrote about recently in Preparing a transition in Debusine)
• billiard (fixing a syntax warning with Python 3.14)
• celery (contributed follow-up fix upstream)
• cloudpickle (fixing a build failure with Python 3.14)
• csvkit
• deepdiff (fixing a build failure with Python 3.14)
• django-auditlog
• django-phonenumber-field
• flake8-builtins
• flufl.lock
• kombu
• peewee
• psycopg2
• pydantic-extra-types
• pygments (prepared transition in Debusine with diff-cover, pydata-sphinx-theme, pymdown-extensions, python-readme-renderer, and python-stack-data; contributed python-stack-data fix upstream)
• pylint (fixing a build failure with Python 3.14)
• pymdown-extensions
• python-aiojobs (fixing a build failure)
• python-aiostream
• python-asttokens (fixing a build failure with astroid 4)
• python-auditwheel
• python-blockbuster
• python-boolean.py
• python-confluent-kafka
• python-django-crispy-forms
• python-django-pgbulk
• python-django-pgtransaction
• python-django-pgtrigger (fixing a build failure with mkdocstrings-python-handlers >= 2)
• python-evalidate
• python-exchangelib (fixing a build failure with Python 3.14)
• python-holidays
• python-lsp-server
• python-lz4
• python-mashumaro (fixing many build failures in other packages with Python 3.14)
• python-moto
• python-persistent
• python-pytest-run-parallel
• python-roman
• python-rx (fixing a build failure with Python 3.14)
• python-telethon
• python-uvicorn (fixing a test failure with current uvloop)
• python-wheezy.template
• python-wslink
• rpds-py
• sphinx-autoapi
• sqlparse
• zope.testing (fixing a build failure with Python 3.14)

Python 3.14 is now a supported version in unstable, and we're working to get that into testing. As usual this is a pretty arduous effort because it requires going round and fixing lots of odds and ends across the whole ecosystem. We can deal with a fair number of problems by keeping up with upstream (see above), but there tends to be a long tail of packages whose upstreams are less active and where we need to chase them, or where problems only show up in Debian for one reason or another. I spent a lot of time working on this:

• actdiag's autopkgtests failed when there are multiple supported Python versions
• khard: FTBFS: dh_auto_test: error: pybuild -test -i python{version} -p "3.14 3.13" returned exit code 13 (contributed upstream)
• pydantic-settings: FTBFS: example.py: error: unrecognized arguments: -bad-arg (forwarded upstream and cherry-picked their fix)
• pydantic: FTBFS: dh_auto_test: error: pybuild -test -test-pytest -i python{version} -p "3.14 3.13" returned exit code 13
• pygame: FTBFS with Python 3.14: sys.getrefcount() AssertionError
• python-auditwheel: FTBFS: dh_auto_test: error: pybuild -test -test-pytest -i python{version} -p "3.14 3.13" returned exit code 13 (contributed upstream)
• python-charset-normalizer could silently build without support for some supported Python versions
• python-confluent-kafka: FTBFS with Python 3.14: Segmentation fault in test_create_topics_api (forwarded upstream and fixed after a debugging hint from them)
• python-django: FTBFS with Python 3.14 (also fixing many build failures in other packages)
• python-memray: FTBFS with Python 3.14: Segmentation fault (some initial debugging; upstream has since got a lot further)
• python-telethon: FTBFS: dh_auto_test: error: pybuild -test -test-pytest -i python{version} -p "3.14 3.13" returned exit code 13 (contributed upstream)
• python-typing-extensions: FTBFS: dh_auto_test: error: pybuild -test -i python{version} -p "3.14 3.13" returned exit code 13
• python-wheezy.template: FTBFS with Python 3.14 (contributed upstream, although they opted for doing it a bit differently)
• storm (made an upstream release with Python 3.14 support)
• twisted: Autopkgtests fail with Python 3.14: builtins.RuntimeError: There is no current event loop in thread 'MainThread' (forwarded upstream and cherry-picked their fix)
• zope.proxy and zope.security had a bootstrapping loop when adding new supported Python versions; I broke this loop so it shouldn't bother us again in the future.

Fixes for pytest 9:

• celery (contributed upstream)
• pytest-pylint (contributed upstream)
• python-expandvars (contributed upstream)
• python-inline-snapshot

I filed lintian: Report Python egg-info files/directories to help us track the migration to pybuild-plugin-pyproject.

I did some work on dh-python: Normalize names in pydist lookups and pyproject plugin: Support headers (the latter of which allowed converting python-persistent and zope.proxy to pybuild-plugin-pyproject, although it needed a follow-up fix).

I fixed or helped to fix several other build/test failures:

• dpath-python
• flask-bcrypt: FTBFS: E ValueError: password cannot be longer than 72 bytes, truncate manually if necessary (e.g. my_password[:72])
• python-aiosmtpd
• python-aiostream
• python-auditwheel on i386 (contributed upstream)
• python-auditwheel on riscv64 (contributed upstream)
• python-bcrypt: Accept pyo3 0.27
• python-django-crum
• python-django-guid
• python-inline-snapshot
• python-laspy
• python-mnemonic
• python-ncls on 32-bit architectures (contributed upstream)
• python-papermill
• python-phonenumbers
• python-pluggy
• python-pycddl: Accept pyo3 0.27
• python-sphinx-autodoc2 (contributed upstream)
• python-structlog
• python-wikkid: FTBFS: AttributeError: 'TestBaseParent' object has no attribute 'assertEquals' (contributed follow-up fix upstream)
• python-wslink

Other bugs:

• python-bcrypt: ValueError: password cannot be longer than 72 bytes, truncate manually if necessary
• python-notify2: Directly Build-Depends on dbus
• python-packaging: Mark python3-packaging Multi-Arch: foreign
• python-pyproject-parser: python3-pyproject-parser needs a dependency on python3-consolekit
• sphinx: Please backport upstream's fix on roman-numerals

Other bits and pieces

• db1-compat: Please remove/replace usage of dh_movetousr
• debmirror: Refresh mirror_size documentation
• groff: FTBFS randomly
• openssh: Misleading verbose output for local-to-local or standard remote-to-remote copies (upstreamed an improved version of a patch we've been carrying since 2008)
• pcmciautils: Please remove/replace usage of dh_movetousr

Code reviews

• openssh: Fix binary name in ssh-askpass-gnome.desktop (still in discussion)
• python-lsp-server: Increase tests timeout further
• rope: New upstream version 1.14.0 (merged and uploaded)
• trn4: Update/add Catalan po-debconf translation (merged)

05 Jan 2026 1:08pm GMT

New projects:

• asdf-dependency-traverser - Easily traverse and collect ASDF dependencies recursively. - zlib
• calendar-times - A calendar times library on top of local-time - MIT
• champ-lite - A lightweight implementation of persistent functional maps and iteration-safe mutable tables using Michael Steindorfer's CHAMP data structure. - Unlicense
• cl-avro - Implementation of the Apache Avro data serialization system. - GPLv3
• cl-chise - CHISE implementation based on Common Lisp - LGPL
• cl-double-metaphone - Common Lisp implementation of the Double Metaphone phonetic algorithm. - Apache 2.0
• cl-freelock - lock-free concurrency primitives, written in pure Common Lisp. - MIT
• cl-inix - cl-inix is a flexible library for .INI/.conf file parsing - BSD-2 Clause
• cl-jsonpath - JSONPath implementation for Common Lisp with 99% test coverage and complete RFC 9535 compliance. Supports cl-json, jonathan, and jzon backends with advanced features including arithmetic expressions, recursive descent, and bracket notation in filters. - MIT
• cl-ktx2 - An implementation of the Khronos KTX Version 2 image file format - zlib
• cl-match-patterns - Describe cl-match-patterns here - BSD-2 Clause
• cl-minifloats - Minifloats (minifloat < single-float) support for Common Lisp - BSD-2 Clause
• cl-sanitize-html - OWASP-style HTML sanitization library for Common Lisp - MIT
• cl-tbnl-gserver-tmgr - Hunchentoot pooled multi-threaded taskmanager based on cl-gserver. - MIT
• cl-tuition - A Common Lisp library for building TUIs - MIT
• cl-turbojpeg - An up-to-date bindings library for the JPEG Turbo C library - zlib
• cl-version-string - Generate version strings. - MIT
• cl-win32-errors - A library for translating Windows API error codes. - MIT
• cleopter - Minimalist command-line parser - MIT
• clq - clq is a package that allows the definition and development of quantum circuits in Common Lisp and to export them to OpenQASM v2.0. - MIT
• collidxr - A collection of syntax sugar and conveniences extending cl-collider, a Common Lisp interface to the SuperCollider sound synthesis server. - MIT
• copimap - IMAP client/sync library - MIT
• dual-numbers - A library for dual numbers in Common Lisp - MIT
• fold - FOLD-LEFT and FOLD-RIGHT - MIT
• function - Higher order functions. - MIT
• generic-arithmetic - A library for generic arithmetic operations - MIT
• hunchentoot-recycling-taskmaster - An experiment to improve multithreading performance of Hunchentoot without any additional dependencies. - BSD 2-Clause
• imagine - A general image decoding and manipulation library - zlib
• json-to-data-frame - This repository provides a Common Lisp library to convert JSON data into a data frame using the `json-to-df` package. The package leverages the `yason` library for JSON parsing and `dfio` for data frame operations. - MIT
• live-cells-cl - A reactive programming library for Lisp - BSD 3-Clause
• named-let - Named LET special form. - MIT
• netaddr - A library for manipulating IP addresses, subnets, ranges, and sets. - MIT
• pantry - Common Lisp client for Pantry JSON storage service: https://getpantry.cloud - BSD
• pira - Unofficial AWS SDK for Common Lisp - MIT
• smithy-lisp - Smithy code generator for Common Lisp - MIT
• star - Štar: an iteration construct - MIT
• trinsic - Common Lisp utility system to aid in extrinsic and intrinsic system construction. - MIT
• trivial-inspect - Portable toolkit for interactive inspectors. - BSD-2 Clause
• trivial-time - trivial-time allows timing a benchmarking a piece of code portably - BSD-2 Clause

Updated projects: 3d-math, 3d-matrices, 3d-quaternions, 3d-spaces, 3d-transforms, 3d-vectors, action-list, adhoc, anypool, array-utils, async-process, atomics, babel, binary-structures, bp, cambl, cari3s, cephes.cl, cffi, cffi-object, chain, chipi, chirp, chunga, cl+ssl, cl-algebraic-data-type, cl-all, cl-batis, cl-bmp, cl-charms, cl-collider, cl-concord, cl-cxx, cl-data-structures, cl-dbi, cl-dbi-connection-pool, cl-decimals, cl-def-properties, cl-duckdb, cl-enchant, cl-enumeration, cl-fast-ecs, cl-fbx, cl-flac, cl-flx, cl-fond, cl-gamepad, cl-general-accumulator, cl-gltf, cl-gobject-introspection-wrapper, cl-gog-galaxy, cl-gpio, cl-html-readme, cl-i18n, cl-jingle, cl-just-getopt-parser, cl-k8055, cl-ktx, cl-las, cl-lc, cl-ledger, cl-lex, cl-liballegro, cl-liballegro-nuklear, cl-libre-translate, cl-markless, cl-migratum, cl-mixed, cl-modio, cl-monitors, cl-mpg123, cl-naive-tests, cl-oju, cl-opengl, cl-opus, cl-out123, cl-protobufs, cl-pslib, cl-qoa, cl-rcfiles, cl-resvg, cl-sf3, cl-soloud, cl-spidev, cl-steamworks, cl-str, cl-svg, cl-transducers, cl-transmission, cl-unification, cl-utils, cl-vorbis, cl-wavefront, cl-wavelets, cl-who, cl-xkb, cl-yacc, cl-yahoo-finance, clad, classimp, classowary, clast, clath, clazy, clingon, clip, clith, clog, clohost, closer-mop, clss, clunit2, clustered-intset, clws, clx, cmd, coalton, cocoas, colored, com-on, com.danielkeogh.graph, concrete-syntax-tree, conduit-packages, consfigurator, crypto-shortcuts, damn-fast-priority-queue, data-frame, data-lens, datafly, datamuse, declt, deeds, defenum, deferred, definer, definitions, deploy, depot, dexador, dfio, dissect, djula, dns-client, doc, documentation-utils, dsm, easy-audio, easy-routes, eclector, esrap, expanders, f2cl, feeder, file-attributes, file-finder, file-lock, file-notify, file-select, filesystem-utils, flare, float-features, flow, font-discovery, for, form-fiddle, format-seconds, fset, functional-trees, fuzzy-dates, fuzzy-match, fxml, gendl, genhash, glfw, glsl-toolkit, graph, harmony, helambdap, hsx, http2, hu.dwim.asdf, hu.dwim.util, hu.dwim.walker, humbler, iclendar, imago, in-nomine, incless, inkwell, inravina, invistra, iterate, journal, jpeg-turbo, jsonrpc, khazern, knx-conn, lack, lambda-fiddle, language-codes, lass, legit, lemmy-api, letv, lichat-ldap, lichat-protocol, lichat-serverlib, lichat-tcp-client, lichat-tcp-server, lichat-ws-server, linear-programming-glpk, lisa, lisp-chat, lisp-interface-library, lisp-stat, lla, local-time, log4cl-extras, logging, lquery, lru-cache, luckless, lunamech-matrix-api, machine-measurements, machine-state, maiden, manifolds, math, mcclim, memory-regions, messagebox, mgl-pax, misc-extensions, mito, mito-auth, mk-defsystem, mmap, mnas-path, modularize, modularize-hooks, modularize-interfaces, multilang-documentation, multiposter, mutility, mutils, named-readtables, neural-classifier, new-op, nodgui, nontrivial-gray-streams, north, numerical-utilities, oclcl, omglib, one-more-re-nightmare, ook, open-location-code, open-with, osicat, overlord, oxenfurt, pango-markup, parachute, parse-float, pathname-utils, peltadot, perceptual-hashes, periods, petalisp, phos, physical-quantities, piping, plot, plump, plump-sexp, plump-tex, postmodern, precise-time, promise, punycode, py4cl2-cffi, qlot, qoi, quaviver, queen.lisp, quickhull, quilc, quri, qvm, random-sampling, random-state, ratify, reblocks, reblocks-websocket, redirect-stream, rove, sc-extensions, scriptl, sel, serapeum, shasht, shop3, si-kanren, simple-inferiors, simple-tasks, slime, sly, softdrink, south, speechless, spinneret, staple, statistics, studio-client, sxql, sycamore, system-locale, terrable, testiere, text-draw, tfeb-lisp-hax, timer-wheel, tooter, trivial-arguments, trivial-benchmark, trivial-download, trivial-extensible-sequences, trivial-indent, trivial-main-thread, trivial-mimes, trivial-open-browser, trivial-package-locks, trivial-thumbnail, trivial-toplevel-prompt, trivial-with-current-source-form, type-templates, uax-14, uax-9, ubiquitous, uncursed, usocket, vellum, verbose, vp-trees, wayflan, websocket-driver, with-contexts, wouldwork, xhtmlambda, yah, zippy.

Removed projects: cl-vhdl, crane, dataloader, diff-match-patch, dso-lex, dso-util, eazy-project, hu.dwim.presentation, hu.dwim.web-server, numcl, orizuru-orm, tfeb-lisp-tools, uuidv7.lisp.

To get this update, use (ql:update-dist "quicklisp")

Enjoy!

01 Jan 2026 5:27pm GMT

Here are some simple puzzles to exercise your brain.

1. Write partial-apply-left, a function that takes a binary function and the left input of the binary function and returns the unary function that takes the right input and then applies the binary function to both inputs.

For example:

  ;; Define *foo* as a procedure that conses 'a onto its argument.
  > (defvar *foo* (partial-apply-left #'cons 'a))

  > (funcall *foo* 'b)
  (A . B)

  > (funcall *foo* 42)
  (A . 42)

2. Write distribute, a function that takes a binary function, a left input, and a list of right inputs, and returns a list of the results of applying the binary function to the left input and each of the right inputs. (Hint: Use partial-apply-left)

For example:

  > (distribute #'cons 'a '( (b c d) e 42))
  ((A B C D) (A . E) (A . 42))

3. Write removals, a function that takes a list and returns a list of lists, where each sublist is the original list with exactly one element removed.

For example:

  > (removals '(a b c))
  ((B C) (A C) (A B))

Hint:

• One removal is the CDR of the list.
• Other removals can be constructed by (distributed) consing the CAR onto the removals of the CDR.

4. Write power-set, a function that takes a list and returns the power set of that list (the set of all subsets of the original list).

For example:

  > (power-set '(a b c))
  (() (C) (B) (B C) (A) (A C) (A B) (A B C))

Hint:

Note how the power set of a list can be constructed from the power set of its CDR by adding the CAR to each subset in the power set of the CDR.

5. Write power-set-gray that returns the subsets sorted so each subset differs from the previous subset by a change of one element (i.e., each subset is equal to the next subset with either one element added or one element removed). This is called a Gray code ordering of the subsets.

For example:

  > (power-set-gray '(a b c))
  (() (C) (B C) (B) (A B) (A B C) (A C) (A))

Hint:

When appending the two halves of the power set, reverse the order of the second half.

31 Dec 2025 7:31pm GMT

Retro (?) Computing in Common Lisp: the CL3270 Library

Come the Winter Holidays and, between too much and a lot of food, I do some hacking and maintainance of my libraries.

Some time ago, I wrote a CL library to set up a server accepting and managing "applications" written for a IBM 3270 terminal.

Why did I do this? Because I like to waste time hacking, and because I got a (insane) fascination with mainframe computing. On top of that, on the Mainframe Enthusiasts Discord channel, Matthew R. Wilson posted a recently updated version of my inspiration, the go3270 GO library.

Of course, I had to fall in the rabbit..., ahem, raise to the occasion, and updated the CL3270 library. This required learing a lot about several things, but rendering the GO code in CL is not difficult, once you undestrand how the GO creators applied Greenspun's Tenth Rule of Programming.

Of course there were some quirks that had to be addressed, but the result is pretty nice.

Screenshots

Here are a couple of screenshots.

"Example 3": The Time Ticker

Yes, it works as advertised.

This is how the server is started from **CL** (Lispworks in this case).

... and this is how the c3270 connects and interacts with the server.

"Example 4": The Mock Database

This example has many panels which fake a database application. The underlying implementation use "transactions", that is, a form of continuations.

Starting the server...

... and two of the screens.

It has been fun developing the library and keeping up with the talented Matthew R. Wilson.

Download the CL3270 library (the development branch is more up to speed) and give it a spin if you like.

---

'(cheers)

26 Dec 2025 5:24pm GMT

The room formally known as "Lightning Talks" is now known as /dev/random. After 25 years, we say goodbye to the old Lightning Talks format. In place, we have two new things! /dev/random: 15 minute talks on a random, interesting, FOSS-related subject, just like the older Lightning Talks New Lightning Talks: a highly condensed batch of 5 minute quick talks in the main auditorium on various FOSS-related subjects! Last year we experimented with running a more spontaneous lightning talk format, with a submission deadline closer to the event and strict short time limits (under five minutes) for each speaker. The experiment舰

09 Dec 2025 11:00pm GMT

With great pleasure we can announce that the following project will have a stand at FOSDEM 2026! ASF Community BSD + FreeBSD Project Checkmk CiviCRM Cloud Native Computing Foundation + OpenInfra & the Linux Foundation: Building the Open Source Infrastructure Ecosystem Codeberg and Forgejo Computer networks with BIRD, KNOT and Turris Debian Delta Chat (Sunday) Digital Public Goods Dolibar ERP CRM + Odoo Community Association (OCA) Dronecode Foundation + The Zephyr Project Eclipse Foundation F-Droid and /e/OS + OW2 FOSS community / Murena degooglized phones and suite Fedora Project Firefly Zero Foreman FOSS United + fundingjson (and FLOSS/fund) FOSSASIA Framework舰

15 Nov 2025 11:00pm GMT

Submit your proposal for the FOSDEM main track before it's too late! The deadline for main track submissions is earlier than it usually is (16th November, that's in a couple of days!), so don't be caught out. For full details on submission information, look at the original call for participation.

13 Nov 2025 11:00pm GMT