FLOSS Project Planets

KnackForge: How to update Drupal 8 core?

Planet Drupal - Sat, 2018-03-24 01:01
How to update Drupal 8 core?

Let's see how to update your Drupal site between 8.x.x minor and patch versions. For example, from 8.1.2 to 8.1.3, or from 8.3.5 to 8.4.0. I hope this will help you.

  • If you are upgrading to Drupal version x.y.z

           x -> is known as the major version number

           y -> is known as the minor version number

           z -> is known as the patch version number.

Sat, 03/24/2018 - 10:31
Categories: FLOSS Project Planets

Ian Boston: Ultrasonic Antifouling

Planet Apache - Tue, 2017-05-23 03:02

The board design went off to PCBWay via web browser and 5 days later 5 boards arrived by DHL from China. The whole process was unbelievably smooth. This was the first time I had ordered boards using the output of KiCad so I was impressed with both KiCad and PCBWay. The boards were simple, being 2 layer, but complex being large with some areas needing to carry high amps. So how did I do ?

I made 1 mistake on the footprints. The 2 terminal connectors for the 600v ultrasound output didn’t have pads on both sides. This didn’t matter as being through hole the connectors soldered ok. Other than that PCBWay did exactly what I had instructed them to. Even the Arduino Mega footprint fitted perfectly.

How did it perform ?

Once populated the board initially appeared to perform well. Random frequency from 20KHz to 150KHz worked. The drive waveform from the Mostfet drivers into the Mosfet was near perfect with no high frequency ringing on the edges with levels going from 0-12v and back in much less than 1us. However I noticed some problems with the PWM control. There was none. With PWM pulses at 10% the MOSFETS would turn on for 90% of the time and drive a wildly resonant waverform through the coil. Rather like a little hammer hitting a bit pendulum and having it feedback into resonance. On further investigation the scope showed that when the Mosfet tried to switch off the inductor carried on producing a flyback voltage causing the MostFet to continue conducting till the opposing mosfet turned on. Initially I thought this was ringing, but it turned out a simple pair of 1A high frequency Schottky diodes across each winding of the primary coil returned the energy to the the 12V line eliminating the fly back. Now I had ringing, at 10MHz, but control over the power output via a digital pot. I could leave it at that, but this 10MHz would probably transmit and cause problems with other equipment on the boat.

I think the difference between the red and blue signals is due to slightly different track lengths on each Mosfet. The shorter track not ringing nearly as much shown in the blue signal. The longer track with more capacitance ringing more and inducing a parasitic ring in the blue track. To eliminate this 2 things were done. Traditional Snubber RC networks had little or no impact. So a 100nF cap as close as possible to the Drain and Source on each Mosfet (RPF50N6) eliminated some of the high frequency, and a 100uF cap on the center tap to store the energy returned to the 12V line by flyback. This reduced the peak current.

There is still some ringing, but now the frequency is less and it is less violent. The ripple on the 12V line is now less than 0.2v and filtered out by decoupling caps on the supply pins to the Ardiono Mega. All of these modifications have been accommodated on the underside of the board.

The board now produces 60W per transducer between 20 and 150 KHz at 50% PWM drawing 5A from the supply. This is very loud on my desk and far louder than the Ultrasound Antifouling installed in Isador, which seems to work. I will need to implement a control program that balances power consumption against noise levels against effectiveness, but that is all software. There are sensors on board for temperature, current and voltage so it should be possible to have the code adapt to its environment.

Board Layout mistakes

Apart from the circuit errors, I made some mistakes in the MoSFET power connections. Rev2 of the board will have the MosFETS placed as close to the primary of the transformer with identical track lengths. Hopefully this will eliminate the ringing seen on the red trace and made both line the blue trace.

I have 4 spare unpopulated PCBs. If I do a rev2 board, I will use PCBWay again. Their boards were perfect, all the mistakes were mine.



Categories: FLOSS Project Planets

Agiledrop.com Blog: AGILEDROP: DrupalCon session about Coding and Development

Planet Drupal - Tue, 2017-05-23 01:13
Last time, we gathered together DrupalCon Baltimore sessions about Project Management. Before that, we explored Case Studies. We promised that we will also look in some other areas. Therefore, we will this time see, which sessions were present in the area of Coding and Development. Code Standards: It's Okay to be Yourself, But Write Your Code Like Everyone Else by Alanna Burke from Chromatic In this session, attendees learned both formatting standards for their code and documentation standards, as well as some specifics for things like Twig, and object-oriented programming in Drupal 8. The… READ MORE
Categories: FLOSS Project Planets

Steve Loughran: Dissent is a right: Dissent is a duty. @Dissidentbot

Planet Apache - Mon, 2017-05-22 18:52
It looks like the Russians interfered with the US elections, not just from the alleged publishing of the stolen emails, or through the alleged close links with the Trump campaign, but in the social networks, creating astroturfed campaigns and repeating the messages the country deemed important.

Now the UK is having an election. And no doubt the bots will be out. But if the Russians can do bots: so can I.

This then, is @dissidentbot.

Dissident bot is a Raspbery Pi running a 350 line ruby script tasked with heckling politicans

It offers:
  • The ability to listen to tweets from a number of sources: currently a few UK politicians
  • To respond pick a random responses from a set of replies written explicitly for each one
  • To tweet the reply after a 20-60s sleep.
  • Admin CLI over Twitter Direct Messaging
  • Live update of response sets via github.
  • Live add/remove of new targets (just follow/unfollow from the twitter UI)
  • Ability to assign a probability of replying, 0-100
  • Random response to anyone tweeting about it when that is not a reply (disabled due to issues)
  • Good PUE numbers, being powered off the USB port of the wifi base station, SSD storage and fanless naturally cooled DC. Oh, and we're generating a lot of solar right now, so zero-CO2 for half the day.
It's the first Ruby script of more than ten lines I've ever written; interesting experience, and I've now got three chapters into a copy of the Pickaxe Book I've had sitting unloved alongside "ML for the working programmer".  It's nice to be able to develop just by saving the file & reloading it in the interpreter...not done that since I was Prolog programming. Refreshing.

Without type checking its easy to ship code that's broken. I know, that's what tests are meant to find, but as this all depends on the live twitter APIs, it'd take effort, including maybe some split between Model and Control. Instead: broken the code into little methods I can run in the CLI.

As usual, the real problems surface once you go live:
  1. The bot kept failing overnight; nothing in the logs. Cause: its powered by the router and DD-WRT was set to reboot every night. Fix: disable.
  2. It's "reply to any reference which isn't a reply itself" doesn't work right. I think it's partly RT related, but not fully tracked it down.
  3. Although it can do a live update of the dissident.rb script, it's not yet restarting: I need to ssh in for that.
  4. I've been testing it by tweeting things myself, so I've been having to tweet random things during testing.
  5. Had to add handling of twitter blocking from too many API calls. Again: sleep a bit before retries.
  6. It's been blocked by the conservative party. That was because they've been tweeting 2-4 times/hour, and dissidentbot originally didn't have any jitter/sleep. After 24h of replying with 5s of their tweets, it's blocked.
The loopback code is the most annoying bug; nothing too serious though.

The DM CLI is nice, the fact that I haven't got live restart something which interferes with the workflow.
Because the Pi is behind the firewall, I've no off-prem SSH access.

The fact the conservatives have blocked me, that's just amusing. I'll need another account.

One of the most amusing things is people argue with the bot. Even with "bot" in the name, a profile saying "a raspberry pi", people argue.

Overall the big barrier is content.  It turns out that you don't need to do anything clever about string matching to select the right tweet: random heckles seems to blend in. That's probably a metric of political debate in social media: a 350 line ruby script tweeting random phrases from a limited set is indistinguishable from humans.

I will accept Pull Requests of new content. Also: people are free to deploy their own copies. without the self.txt file it won't reply to any random mentions, just listen to its followed accounts and reply to those with a matching file in the data dir.

If the Russians can do it, so can we.
Categories: FLOSS Project Planets

NumFOCUS: NumFOCUS Awards Small Development Grants to Projects

Planet Python - Mon, 2017-05-22 17:52
This spring the NumFOCUS Board of Directors awarded targeted small development grants to applicants from or approved by our sponsored and affiliated projects. In the wake of a successful 2016 end-of-year fundraising drive, NumFOCUS wanted to direct the donated funds to our projects in a way that would have impact and visibility to donors and […]
Categories: FLOSS Project Planets

Kate 17.04.1 available for Windows

Planet KDE - Mon, 2017-05-22 15:03

Installers for Kate 17.04.1 are now available for download!

This release includes, besides bug-fixing and features, an update to the search in files plugin. The search-while-you-type in the current file should not “destroy” your last search in files results as easily as previously. The search-combo-box-history handling is also improved.

Grab it now at download.kde.org:  Kate-setup-17.04.1-KF5.34-32bit or Kate-setup-17.04.1-KF5.34-64bit

Categories: FLOSS Project Planets

Gunnar Wolf: Open Source Symposium 2017

Planet Debian - Mon, 2017-05-22 13:21

I travelled (for three days only!) to Argentina, to be a part of the Open Source Symposium 2017, a co-located event of the International Conference on Software Engineering.

This is, all in all, an interesting although small conference — We are around 30 people in the room. This is a quite unusual conference for me, as this is among the first "formal" academic conference I am part of. Sessions have so far been quite interesting.
What am I linking to from this image? Of course, the proceedings! They managed to publish the proceedings via the "formal" academic channels (a nice hard-cover Springer volume) under an Open Access license (which is sadly not usual, and is unbelievably expensive). So, you can download the full proceedings, or article by article, in EPUB or in PDF...
...Which is very very nice :)
Previous editions of this symposium have also their respective proceedings available, but AFAICT they have not been downloadable.
So, get the book; it provides very interesant and original insights into our community seen from several quite novel angles!

AttachmentSize oss2017_cover.png84.47 KB
Categories: FLOSS Project Planets

Drupal Modules: The One Percent: Drupal Modules: The One Percent — Footermap (video tutorial)

Planet Drupal - Mon, 2017-05-22 12:54
Drupal Modules: The One Percent — Footermap (video tutorial) NonProfit Mon, 05/22/2017 - 11:54 Episode 28

Here is where we bring awareness to Drupal modules running on less than 1% of reporting sites. Today we'll investigate Footermap, a module which renders the results expanded menus in a block.

Categories: FLOSS Project Planets

Valuebound: How to set the right expectations for project delivery?

Planet Drupal - Mon, 2017-05-22 12:46

Setting a clear list of expectation to the client for a project delivery goes a long way to great client relationships. A mismatched and misunderstood project goal and target always leads to dissatisfaction among team members, account head, and all other stakeholders.

I manage a team of a few developers who build web applications in Drupal. While working on projects with my team, I have had the chance to practice a few of the points that I have mentioned in the article. It has not only kept us on track but also kept people happy and motivated.

What should you do? Be involved from the beginning

When you begin a project makes sure that you and your team members are involved in the project from the beginning. There are times when the team would expand…

Categories: FLOSS Project Planets

Colm O hEigeartaigh: Security advisories issued for Apache CXF Fediz

Planet Apache - Mon, 2017-05-22 12:23
Two security advisories were recently issued for Apache CXF Fediz. In addition to fixing these issues, the recent releases of Fediz impose tighter security constraints in some areas by default compared to older releases. In this post I will document the advisories and the other security-related changes in the recent Fediz releases.

1) Security Advisories

The first security advisory is CVE-2017-7661: "The Apache CXF Fediz Jetty and Spring plugins are vulnerable to CSRF attacks.". Essentially, both the Jetty 8/9 and Spring Security 2/3 plugins are subject to a CSRF-style vulnerability when the user doesn't complete the authentication process. In addition, the Jetty plugins are vulnerable even if the user does first complete the authentication process, but only the root context is available as part of this attack.

The second advisory is CVE-2017-7662: "The Apache CXF Fediz OIDC Client Registration Service is vulnerable to CSRF attacks". The OIDC client registration service is a simple web application that allows the creation of clients for OpenId Connect, as well as a number of other administrative tasks. It is vulnerable to CSRF attacks, where a malicious application could take advantage of an existing session to make changes to the OpenId Connect clients that are stored in the IdP.

2) Fediz IdP security constraints

This section only concerns the WS-Federation (and SAML-SSO) IdP in Fediz. The WS-Federation RP application sends its address via the 'wreply' parameter to the IdP. For SAML SSO, the address to reply to is taken from the consumer service URL of the SAML SSO Request. Previously, the Apache CXF Fediz IdP contained an optional 'passiveRequestorEndpointConstraint' configuration value in the 'ApplicationEntity', which allows the admin to specify a regular expression constraint on the 'wreply' URL.

From Fediz 1.4.0, 1.3.2 and 1.2.4, a new configuration option is available in the 'ApplicationEntity' called 'passiveRequestorEndpoint'. If specified, this is directly matched against the 'wreply' parameter. In a change that breaks backwards compatibility, but that is necessary for security reasons, one of 'passiveRequestorEndpointConstraint' or 'passiveRequestorEndpoint must be specified in the 'ApplicationEntity' configuration. This ensures that the user cannot be redirected to a malicious client. Similarly, new configuration options are available called 'logoutEndpoint' and 'logoutEndpointConstraint' which validate the 'wreply' parameter in the case of redirecting the user after logging out, one of which must be specified.

3) Fediz RP security constraints

This section only concerns the WS-Federation RP plugins available in Fediz. When the user tries to log out of the Fediz RP application, a 'wreply' parameter can be specified to give the address that the Fediz IdP can redirect to after logout is complete. The old functionality was that if 'wreply' was not specified, then the RP plugin instead used the value from the 'logoutRedirectTo' configuration parameter.

From Fediz 1.4.0, 1.3.2 and 1.2.4, a new configuration option is available called 'logoutRedirectToConstraint'. If a 'wreply' parameter is presented, then it must match the regular expression that is specified for 'logoutRedirectToConstraint', otherwise the 'wreply' value is ignored and it falls back to 'logoutRedirectTo'. 
Categories: FLOSS Project Planets

Appnovation Technologies: The Future of Drupal

Planet Drupal - Mon, 2017-05-22 12:04
The Future of Drupal *Cross-posted from Millwood Online.  Over the past month there has been a lot of focus on Drupal, the community. More recently it seems people are back to thinking about the software. Dave Hall and David Hernandez both posted eye opening posts with thoughts and ideas of what needs doing and how we can more forward. A one line summary of those posts would be "...
Categories: FLOSS Project Planets

Curtis Miller: The End of the Honeymoon: Falling Out of Love with quantstrat

Planet Python - Mon, 2017-05-22 11:00
Introduction I spent good chunks of Friday, Saturday, and Sunday attempting to write another blog post on using R and the quantstrat package for backtesting, and all I have to show for my work is frustration. So I’ve started to fall out of love with quantstrat and am thinking of exploring Python backtesting libraries from…Read more The End of the Honeymoon: Falling Out of Love with quantstrat
Categories: FLOSS Project Planets

Semaphore Community: Continuous Deployment of a Python Flask Application with Docker and Semaphore

Planet Python - Mon, 2017-05-22 10:09

This article is brought with ❤ to you by Semaphore.


In this tutorial, we'll go through the continuous integration and deployment of a dockerized Python Flask application with Semaphore. We'll deploy the application to Heroku.

Continuous integration and deployment help developers to:

  • Focus on developing features rather than spending time on manual deployment,
  • Be certain that their application will work as expected,
  • Update existing applications or rollback features by versioning applications using Git, and
  • Eliminate the it works on my machine issue by providing a standardized testing environment.

Docker is an application containerization tool that allows developers to deploy their applications in a uniform environment. Here are some of the benefits of using Docker:

  • Collaborating developers get to run their applications in identical environments that are configured in the same way,
  • There is no interference between the OS environment and the application environment,
  • Application portability is increased, and
  • Application overhead is reduced by providing only the required environment features, and not the entire OS, which is the case with virtual environments.

Docker works by utilizing a Dockerfile to create images. Those images are used to spin up containers that host and run the application. The application can then be exposed by using an IP address, so it can be accessed from outside the container.


Before you begin this tutorial, ensure the following is installed to your system:

  • Python 2.7 or 3.x,
  • Docker, and
  • A git repository to store your project and track changes.
Setting Up a Flask Application

To start with, we're going to create a simple Flask todo list application, which will allow users to create todos with names and descriptions. The application will then be dockerized and deployed via Semaphore to a host of our choice. It will have the following directory structure:

app/ ├── templates/ │ └── index.html ├── tests/ │ └── test_endpoints.py ├── app.py ├── Dockerfile ├── docker-compose.yml ├── requirements.txt

The app.py file will be the main backend functionality, responsible for the routing and view rendering of HTML templates in the templates folder.

First, we'll set up a Python environment following this guide, and create a virtual environment, activate it and install the necessary requirements. A virtual environment in Python applications allows them to have their own runtime environment without interfering with the system packages.

$ virtualenv flask-env $ . flask-env/bin/activate $ pip install -r requirements.txt Creating Application Tests

Test Driven Development (TDD) makes developers consider the structure and the functionality of their application in different situations. Also, writing tests reduces the amount of time a developer needs to spend manually testing their application by enabling them to automate the process.

We'll set up the test environment using the setUp(self) and tearDown(self) methods. They allow our tests to run independently without being affected by other tests. In this scenario, every time a test runs, we create a Flask test application. We also clean the database after every test in the tearDown(self) method. This ensures that the data stored by the previous test does not affect the next test.

# tests/test_endpoints.py from app import app, db from flask import url_for import unittest class FlaskTodosTest(unittest.TestCase): def setUp(self): """Set up test application client""" self.app = app.test_client() self.app.testing = True def tearDown(self): """Clear DB after running tests""" db.todos.remove({})

In this section, we'll write tests for our endpoints and HTTP methods. We'll first try to assert that when a user accesses the default homepage(/) they get an OK status(200), and that they are redirected with a 302 status after creating a todo.

# tests/test_endpoints.py class FlaskTodosTest(unittest.TestCase): # ..... setup section..... def test_home_status_code(self): """Assert that user successfully lands on homepage""" result = self.app.get('/') self.assertEqual(result.status_code, 200) def test_todo_creation(self): """Assert that user is redirected with status 302 after creating a todo item""" response = self.app.post('/new', data=dict(name="First todo", description="Test todo") ) self.assertEqual(response.status_code, 302) if __name__ == '__main__': unittest.main()

The tests can be run using nosetests -v.

Creating the Actual Application

The application uses MongoDB hosted on mlab, which can be changed in the configuration. It provides two routes. The first one, default/index route(/), displays the available todos by rendering a HTML template file. The second route, (/new), accepts only POST requests, and is responsible for saving todo items in the database, and then redirecting the user back to the page with all todos.

# app.py import os from flask import Flask, redirect, url_for, request, render_template from pymongo import MongoClient app = Flask(__name__) # Set up database connection. client = MongoClient( "mongodb://username:password@database_url:port_number/db_name") db = client['db_name'] @app.route('/') def todo(): _items = db.todos.find() items = [item for item in _items] # Render default page template return render_template('index.html', items=items) @app.route('/new', methods=['POST']) def new(): item_doc = { 'name': request.form['name'], 'description': request.form['description'] } # Save items to database db.todos.insert_one(item_doc) return redirect(url_for('todo')) if __name__ == "__main__": app.run(host='', debug=True)

We can then run the application with python app.py, and access it in our browser localhost If no other port ID is provided, Flask uses port 5000 as the default port. To run the application on a different port, set the port number as follows:

app.run(host='', port=port_number, debug=True) Dockerizing the Application

Docker is used to create the application image from the provided Dockerfile configuration. If this is your first time working with Docker, you can follow this step-by-step tutorial to learn more about installing Docker and setting up the environment.


FROM python:2.7 ADD . /todo WORKDIR /todo EXPOSE 5000 RUN pip install -r requirements.txt ENTRYPOINT ["python", "app.py"]

The Dockerfile dictates the environmental requirements and application structure.

The application will run in a Python 2.7 environment. A folder named todo is created and set as our work directory.

Since the Flask application is running on port 5000, this port will be exposed for mapping to the external environment. Application requirements are installed within the container. The application will be run using python app.py command, as specified by the ENTRYPOINT directive.

All of the above happens within the Docker container environment, without interference with the OS environment.

Docker Compose is a tool for defining and running multi-container Docker applications. The docker-compose file is used to configure application services by specifying the directory with the Dockerfile, container name, port mapping, and many others. Those services can then be started with a single command.

web: build: . container_name: flock ports: - "5000:5000" volumes: - .:/todo

The build command directs Compose to build the application image using the Dockerfile in the current folder, and map the application port 5000 in the container to port 5000 of the OS. We then build and run our application in a Docker container.

$ docker-compose build $ docker-compose up

Docker downloads the necessary dependencies, builds up the image, and starts the application in a container accessible at

Continuous Integration and Deployment (CI/CD)

With CI/CD, developers set up a pipeline for testing and deployment. This allows them to concentrate on developing the features, since the application is automatically built, tested, and deployed from a CI server whenever some changes are made.

To create a new project, log into your Semaphore account, click on Create new, and choose Project on the drop down list.

On the next page, choose whether your project repository is hosted on GitHub or Bitbucket.

Select the project repository by searching for it in the provided filter.

Next, select which branch to load:

After you've selected the project owner, Semaphore will analyze the repository and detect the platform:

Analyzing repository

Detecting Platform

Semaphore automatically detects Docker projects and recommends using the Docker platform for the application. You then need to provide project settings in order to define the commands that should be run. Semaphore automatically runs the commands to build an image, and runs the tests before deployment. This ensures that an application version is deployed only if it passes all the tests.

After the build and the tests have completed, the application can be deployed to the chosen platform.

Click on Set Up Deployment and choose the deployment platform.

A complete deployment to Heroku looks as follows:

You can choose to have automatic deployment on subsequent changes. Every time any changes are pushed to GitHub, a build is triggere, and automatic deployment occurs. However, for the first deployment we will need to do it manually.

The application is finally launched on Heroku.


The advantages of continuous integration range from reducing the amount of work done by developers to automatic updates and reduced errors in the application pipeline. Docker enhances this by allowing the provision of uniform environments for running applications.

In this tutorial, we explored how you can create a Flask application and run it using Docker. We also learned how to use Semaphore to create a pipeline that automates running the tests and the necessary build commands, as well as deploying the application to Heroku.

You can check out the demo of this application on Heroku and the source code.

Feel free to leave any comments or questions in the section below.

Want to continuously deliver your applications made with Docker? Check out Semaphore’s Docker platform.

This article is brought with ❤ to you by Semaphore.

Categories: FLOSS Project Planets

PyBites: Code Challenge 20 - Object Oriented Programming Fun

Planet Python - Mon, 2017-05-22 09:10

Hi Pythonistas, a new week, a new 'bite' of Python coding! This week we will let you experiment with Object Oriented Programming, an important skill and fundamental building block of (everthing-is-an-object) Python. Enjoy!

Categories: FLOSS Project Planets

Doug Hellmann: string — Text Constants and Templates — PyMOTW 3

Planet Python - Mon, 2017-05-22 09:00
The string module dates from the earliest versions of Python. Many of the functions previously implemented in the module have been moved to methods of str objects. The string module retains several useful constants and classes for working with str objects, and this discussion will concentrate on them. Read more… This post is part of … Continue reading string — Text Constants and Templates — PyMOTW 3
Categories: FLOSS Project Planets

PyBites: Code Challenge 19 - Post to Your Favorite API - Review

Planet Python - Mon, 2017-05-22 09:00

This week was pretty busy due to PyCon, but what an amazing conference! A lot to absorb which we will digest in the upcoming articles. First our regular schedule though: review of last week's challenge: post to your favorite API.

Categories: FLOSS Project Planets

Ci vediamo a QtDay 2017?

Planet KDE - Mon, 2017-05-22 08:58

With an apology to English-speaking audiences

Anche quest’anno KDAB partecipa a QtDay, la conferenza italiana interamente dedicata a Qt. Giunta oramai alla sua sesta edizione, QtDay continua a crescere. Quest’anno QtDay si articola in 3 giorni: il primo dedicato a un training su QML, seguito da due giorni di conferenza vera e propria.

Durante la conferenza terrò due interventi:

  • Venerdì 23 giugno parteciperò ad una tavola rotonda sul come contribuire allo sviluppo di Qt;
  • Sabato 24 giugno

The post Ci vediamo a QtDay 2017? appeared first on KDAB.

Categories: FLOSS Project Planets

Mike Driscoll: PyDev of the Week: Harrison Kinsley

Planet Python - Mon, 2017-05-22 08:30

This week’s PyDev of the Week is Harrison Kinsley. Harrison is the creator of a popular Python Youtube tutorial channel. He also maintains a website that is kind of a text version of his video tutorials here: https://pythonprogramming.net/. Let’s take a few moments to get to know Harrison better!

Can you tell us a little about yourself (hobbies, education, etc):

As cliche as it will sound, my biggest hobby is programming without a doubt. That said, I also enjoy running, scuba diving, and performance driving. There are various tracks (think: F1 racing) that you can take your street car to, some are actual F1 tracks. I tend to track my car (Honda S2000) once or twice a month over the weekend.

As for education, I have no formal CS or related education. I double majored in Philosophy and Criminal Justice.

I am married, live in Texas, and have a couple large dogs.

Why did you start using Python?

It’s funny, I actually disliked programming for a long time. I had wanted to learn to program since I was about 12 years old, I kept trying, but I just hated it. Too tedious, too annoying, too confusing.

Fast forward to college, by this point I had a few online businesses, but was always just paying developers to work for me. This time, my idea was to track sentiment for stocks for investing/trading. I didn’t know anyone who could do that for me, so I revisited programming yet again with this goal in mind. I tried quite a few languages again, was left pretty bummed out overall, but then a friend of mine mentioned that a programming language called Python had a natural language processing library called Natural Language Toolkit (NLTK). I quickly found their book on nltk.org/book, and it was perfect for me, since it was exactly what I wanted. I went through the book, and that’s how I learned python and begun my journey. That project still exists today as sentdex.com (sentdex = sentiment+index), and that’s also how my “Sentdex” e-name was formed.

What other programming languages do you know and which is your favorite?

I’ve done a bit of javascript and C++, but I am really nothing special in either, probably the language I know the most of besides Python would be SQL if I’m allowed to claim that language.

I’ve also poked into Go and Swift. I would like to learn more C++ and Javascript for the future. Mainly C++ to augment Python, where a relevant library might not yet exist for a task I am doing in Python. I find myself relying too much on other people to have made wrappers for me, which is fine when people have done it, but, when something doesn’t exist yet, I am stuck, and that’s always a bummer!

Javascript more for my web development purposes. My favorite language, however, is of course Python! The main reason I haven’t learned C++ any more in depth, for example, is because it’s just not as exciting to work with for me as Python is. I would describe Python as an “exciting” language to work with, just simply due to the rapid development capability for me personally.

What projects are you working on now?

Most recently, I have been working on self-driving cars in Grand Theft Auto 5. As I am writing this, I have been training a deep learning model for about 5 days straight while out of town. I am excited to get home and see how the model has done, I’m like a kid waiting for Christmas morning. I just hope it’s not coal.

For anyone interested in tracking the series’ tutorials: https://pythonprogramming.net/game-frames-open-cv-python-plays-gta-v/

The project is also open sourced at: https://github.com/sentdex/pygta5/

You can also view the livestreams of the AI: https://www.twitch.tv/Sentdex

Which Python libraries are your favorite (core or 3rd party)?

Pandas is probably my number 1 vote, just based on how much value I have gotten from it over the years, but probably Numpy should take #1, it just isn’t as often recognized for all the work it’s doing in the background for such a huge variety of libraries.

I also like Flask a lot due to the simplicity of working with it, and how easily you can customize it to do whatever you want. Flask has enabled me to share my work with others in a way no other library has afforded me.

Where do you see Python going as a programming language?

I think the main power behind Python is the community. There are other languages that are fairly similar in ease and general-purpose-ness, such as Ruby or Julia. The difference I personally see between Python and Ruby/Julia is the actual community behind them. With Python, you really can do just about everything. I think the only real weak point for Python these days is for something like game development/mobile development, along with anything where the latency between a wrapper is still too costly. Something like millisecond-frequency-trading.

Fundamentally, I can easily see Python being here in the next 20+ years, but a lot will depend on the community. The still-existing forking of the community between version 2 and 3 is a great example of how, despite an initially great community, you can chop it right in half. It seems like some people think the 2 vs 3 stuff is behind us, but I really don’t see that. It’s certainly becoming uncool to admit you work with Python 2 online, but it’s still very much a reality in practice

How did you get started doing Youtube videos about Python?

I actually was just trying to market Sentdex.com at first. I was doing some videos about sentiment analysis and a few with using Python for some associated tasks. People seemed to really appreciate the tutorials, so I just kept sharing things that I had learned. It just kept growing until pretty quickly the channel had really nothing to do with sentdex.com anymore, but the name couldn’t be changed. Now it’s very clear that, marketing-wise, the term “Sentdex” is more associated with Python programming education, and not sentiment analysis.

What advice can you give to someone who wants to teach using Youtube or similar?

Don’t worry be crappy! The overwhelming majority of the responses I got, even from the early days when I was pretty bad at coding AND teaching, were super positive. Even if you’re not considering teaching, I suggest you still try it. It doesn’t need to be YouTube, just a blog or something similar. The return for doing it is just insane. First, as you’re attempting to teach things, it only solidifies what you know, and quickly shines a light on what you don’t know. Trying to explain something is just a great way to learn it.

Next, once you put something out there, you get other eyes on it, you’ll get tips, suggestions, and just tons of general help. It’s basically a form of peer review.

Finally, if you’re seeking employment, having a blog with proof of work/passion is something that most employers seem to appreciate.

Is there anything else you’d like to say?

Thanks for considering me a pydev of the week!

Categories: FLOSS Project Planets

EuroPython: EuroPython 2017 Keynote: Aisha Bello & Daniele Procida

Planet Python - Mon, 2017-05-22 07:48

We are pleased to announce our next keynote speakers for EuroPython 2017: Aisha Bello & Daniele Procida

About Aisha

Aisha currently serves as vice chair for the Python Nigeria community. She has helped co-organized and support a number of Django Girls workshops in Namibia & Nigeria. She also is a co-organizer for PyLadies Nigeria. She is an ardent Tech and Python community enthusiast with a strong desire and passion for social change, women’s tech education and empowerment in Africa. In 2016 she won the Django Software Foundation Malcolm Tredinnick Memorial prize for her contributions to the community. Currently she works as an Associate Systems Engineer for Cisco Systems.

About Daniele

Daniele is an avid contributor to open source software and its communities. He has been a core developer of Django for over three years and recently joined the Django Software Foundation board. He works at Divio, where he helps support and develop open source Django products. Daniele is a veteran community builder. His contribution as part of the organising committee of PyCon Namibia has been key in establishing a successful Python community in Namibia.

The Keynote: The Encounter: Python’s adventures in Africa

A genuine encounter changes both parties. In this talk Daniele and Aisha will report on the dialogue opened up by recent PyCons and other Python events in Africa. They’ll discuss Python’s impact in countries including Namibia, Nigeria and Zimbabwe, and what open-source software means for Africa at large - and what the encounter means for Python too.


EuroPython 2017 Team
EuroPython Society
EuroPython 2017 Conference

Categories: FLOSS Project Planets

Michal Čihař: HackerOne experience with Weblate

Planet Debian - Mon, 2017-05-22 06:00

Weblate has started to use HackerOne Community Edition some time ago and I think it's good to share my experience with that. Do you have open source project and want to get more attention of security community? This post will answer how it looks from perspective of pretty small project.

I've applied with Weblate to HackerOne Community Edition by end of March and it was approved early in April. Based on their recommendations I've started in invite only mode, but that really didn't bring much attention (exactly none reports), so I've decided to go public.

I've asked for making the project public just after coming from two weeks vacation, while expecting the approval to take some time where I'll settle down things which have popped up during vacation. In the end that was approved within single day, so I was immediately under fire of incoming reports:

I was surprised that they didn't lie - you will really get huge amount of issues just after making your project public. Most of them were quite simple and repeating (as you can see from number of duplicates), but it really provided valuable input.

Even more surprisingly there was second peak coming in when I've started to disclose resolved issues (once Weblate 2.14 has been released).

Overall the issues could be divided to few groups:

  • Server configuration such as lack of Content-Security-Policy headers. This is certainly good security practice and we really didn't follow it in all cases. The situation should be way better now.
  • Lack or rate limiting in Weblate. We really didn't try to do that and many reporters (correctly) shown that this is something what should be addressed in important entry points such as authentication. Weblate 2.14 has brought lot of features in this area.
  • Not using https where applicable. Yes, some APIs or web sites did not support https in past, but now they do and I didn't notice.
  • Several pages were vulnerable to CSRF as they were using GET while POST with CSRF protection would be more appropriate.
  • Lack of password strength validation. I've incorporated Django password validation to Weblate hopefully avoiding the weakest passwords.
  • Several issues in authentication using Python Social Auth. I've never really looked at how the authentication works there and there are some questionable decisions or bugs. Some of the bugs were already addressed in current releases, but there are still some to solve.

In the end it was really challenging week to be able to cope with the incoming reports, but I think I've managed it quite well. The HackerOne metrics states that there are 2 hours in average to respond on incoming incidents, what I think will not work in the long term :-).

Anyway thanks to this, you can now enjoy Weblate 2.14 which more secure than any release before, if you have not yet upgraded, you might consider doing that now or look into our support offering for self hosted Weblate.

The downside of this all was that the initial publishing on HackerOne made our website target of lot of automated tools and the web server was not really ready for that. I'm really sorry to all Hosted Weblate users who were affected by this. This has been also addressed now, but the infrastructure really should have been prepared before on this. To share how it looked like, here is number of requests to the nginx server:

I'm really glad I could make Weblate available on HackerOne as it will clearly improve it's security and security of hosted offering we have. I will certainly consider providing swag and/or bounties on further severe reports, but that won't be possible without enough funding for Weblate.

Filed under: Debian English SUSE Weblate

Categories: FLOSS Project Planets
Syndicate content