FLOSS Project Planets

cowbuilder can call lintian via hook script, but piuparts needs to be run under privilege, then failed. umm... 

We conducted a large study about strength and weakness of file managers in may 2013. In this article we present first results, discuss issues and questions that occur during the study, and present the schedule for the statistical analysis.

Introduction

In may 2013 we asked users about their preferences for file managers (FM). The online survey did not contain questions regarding Dolphin specifically, but addresses file managers in general to be able compare usability and user experience of different tools. Out of 1310 users that started the questionnaire, 749 finished the first part with questions about the When and What (42% drop-out) and 669 finished the second part with ratings on the chosen file manager (10% drop out). The last part with demographics was finished by 651 probands (2% drop-out).

First results

Most participants (56%) use Dolphin (which is KDE’s default), followed by Nautilus (10%), CLI (8%), Thunar (5%), Konqueror (4%), and Krusader (3%). The predominance of KDE / Qt within the study is also shown  in one of the last questions about the OS. It’s a pity that we weren’t able to attract more users of other OS with the survey.

Results of the user study: Usage of file managers.

Two third of all users chose their FM deliberately. Most prioritize functionality (31%) and efficiency (18%). This result is according to developers expectations (cf. Quo vadis, Dolphin? Results from the developers study).

Results of the user study: Reasons to chose the FM.

And at a first glance the users are satisfied with their FM: 31 report low values (1 for displeased and 2) while 627 report high ratings (5 and 6 as fully satisfied).

Discussion

The rather high quote of drop-outs probably comes from to ‘strange’ questions and a more complex study design in contrast to simple ‘Like’ polls. The basic idea is that software in general is applied by a person (individual aspects were asked in the demographics section), in a certain situation, and with a specific purpose (both asked in the first part of the study). We admit that the particular situation in which a tool is being used, needs some reflection. Of course, FM’s are used to copy files, to add or remove folders, and to manage properties. But if you think about the situation in which you apply a tool you might come to the conclusion that sometimes a command line interface (CLI) fits better and sometimes it is nice to have a GUI with browsing functions. And perhaps you generally prefer an orthodox FM like Krusader because of its familiarity but use Dolphin when browsing through files.

Furthermore we received some criticism concerning the depending questions about the rating. The most simple approach for an analysis is to count ‘likes’. We believe in more elaborated methods and statistical evaluation that exceeds those introspection. In terms of usability the ISO 9241-110 ‘Ergonomic requirements for office work with visual display terminals’ defines seven different dialog principles. The question is whether or not users who expect efficiency from their chosen FM also state high values on the efficiency scale, and at the same time report low values on other scales. For instance, the ISO demands ‘learnability’ for a good usability, i.e. the usage of a dialog is guided or at least supported, or alternate interaction is proposed by tool-tips or the like. But nobody does expect those features from a CLI, which we assume to be efficient primarily. However, it is worth to discuss the norm in general as users are barely able to answer the plain (yet not simple) questions based on the wording of the norm.

Schedule

Most interesting are analyses in relation to FMs, OS, or user’s personal preferences. Some ideas:

• Are there differences in the satisfaction for different FMs? And if so: On what basis?
• Do Gnome users expect more simplicity from their FM compared to KDE users?
• Which part of Dolphin needs most attention for the future development?

And some questions with a rather academic background:

• Can we predict future changes due to age effect, i.e. do elder people request different features (except from accessibility)?
• Are motifs useful to predict expectations? E.g. high values in prestige goes along with more individualization. (cf. LibreOffice user research – Summary).

We will conduct those statistics within the next days and will report the results on this channel. If you have more questions in advance feel free to comment.

Lucky number 13? Maybe! Tomorrow "Luminosity" will get its thirteenth installment.

• Why we work together, and why we sometimes don't: In Free software, forking used to be seen as a really bad thing reserved for unfixable situations. These days it happens all the time. Duplication of  effort was usually met with "Why?" rather than "Why not?", and typically reserved for the "beginner's application topic" (Was text editors, then irc (or mud!) clients, then media players, ..) Have we forgotten culturally the benefits of working together? Have new priorities shifted the playing field? When does it make sense to I'll try to make the case for less diversity than we have now, or at least a more responsible investment of effort.
• Open Build Service: We'll be looking at one of the coolest tools out there for people building software, images and operating system distributions: Open Build Service. We'll look at how it works, how it can be extended and at some self-hosting options.
• Q&A: If you have a burning question to ask, do so in the comments here or on G+ and I'll do my best to get to it in the show. Or you can ask live on irc ...

You can join live tomorrow on G+ or Youtube at 18:00 UTC, with live chat on irc.freenode.net in #luminosity, or catch the show later on my Youtube channel. See you there!

More and more projects today are using CSS preprocessors, with Sass being one of the most popular out there. What exactly is a CSS preprocessor? It is a scripting language based on CSS that lets you do amazing things with your CSS. We have a new series out, Learning Sass and Compass, to get you up to speed on this new cool tool for front-end development.

This year is going to be the third CamelOne, and its going to be quite different from previous CamelOne conferences.
Firstly the we have a new host, Red Hat who have kindly agreed to host CamelOne at the Hynes Convention Center, at the same time as JudCon and Red Hat Developer Exchange. This means people attending will be able to move between these different events and pick n' mix what they go to.It also means there will be a chance for attendees to mingle - and see what's happening on both sides of the open source fence. 
The second thing you'll notice, is that is going to be a very strong emphasis on open source projects. I've no doubt the occasional product may get a mention, but the aim of CamelOne this year is to educate and share experiences of using the best open source integration software out there.  If you look at the agenda, you will see there's a real mix of customer experience stories and best way to use the Apache projects to be successful.
Thirdly, the overall theme is going to show how you the direction integration projects from the ASF (Apache Camel, ActiveMQ, CXF, Karaf, ServiceMix) are taking to address the integration needs for the next five years: The internet of things, the proliferation of cloud API's, and mobile. Attendees will also see the direction that the Fuse Engineering team inside Red Hat are developing for future projects, in particular better management and  Cloud-based Integration.
This is going to be the best CamelOne yet - we are expecting record attendance - and I look forward to seeing you there!

Finally arrived at LinuxTag after an extended flight delay.

Turns out that speakers get 5 free tickets and I have no idea what to do with them. If you want to visit my talk or just need a free ticket, please poke me on IRC or by email. First come, first served.

I wanted to throw a little light on a feature that just landed in the Calligra repositories: A distraction-free writing mode for Calligra Author and Calligra Words.

The distraction-free mode means that we disable most UI elements and lets the user focus totally on the contents. This was one of the most asked-for features when I did a little survey half a year ago and asked which features that our potential users wanted. I say 'potential' because this was before the first release of Calligra Author and we didn't have any users at all by then.


A few brave souls that are building their own version from the source code have already used it and they report back good results. Here is a picture of a novel being written by Dan Leinir Turthra Jensen using the distraction-free mode.

The feature was developed by Mojtaba "moji" Shahi in a short time, taking a break from developing support for annotations.

As a side note, it's getting time to do a new feature survey. We have almost implemented everything that we got asked for in the first survey. Hot candidates right now are support for Master Documents and we got a feature request for making it easy to insert section separators (from leinir, actually).

Sooner, not later, you will end up in the Issue Queue on d.o. Its practically unavoidable if you want to get the most out of your relation with Drupal.

The more involved you get, particularly as a code developer or themer, you will find that you spend more and more of your time working on and jumping around between issues. The list of issues you are active in and/or monitoring is constantly growing.

At this point you have turned the issues queue into: Your Workplace!

Read the full "Our Drupal Workplace: The Issue Queue" post on www.tsvenson.com

Sometimes it happens that for one reason or another there's a need to use a proprietary application (read: can not be modified due to its licence) that contains bashisms. Since the application can not be modified and it might not be desirable to change the default /bin/sh, dealing with such applications can be a pain. Or not.

The switchsh program (available in Debian) by Marco d'Itri can be used to execute said application under a namespace where bash is bind-mounted on /bin/sh. The result:

$ sh --help
sh: Illegal option --
$ switchsh sh --help | head -n1
GNU bash, version 4.1.5(1)-release-(i486-pc-linux-gnu)

Simple, yet handy.

Here's a quick video recap from Drupalcon Portland - Tuesday, May 21st. 

The hook_requirements (API Doc) hook allows you to define custom requirements for modules. The hook can be used to simply notify a site builder with an alert, this is how the Update manager module works. If you have the Update manager module installed and it discovers an out of date module, it'll display an alert that certain modules need updating.

As another example, in the past I've used the hook to display an alert if API login credentials were not available.

You can also define very strict requirements where the installation of a module is aborted when requirements are not met.

In this article we'll look at how to use the hook for install requirements that aborts an installation if the requirements are not met. Then we'll look at how to display an alert, similar to how the Update manager displays alerts.

Two days, two conferences. The first was a local, business oriented one, Kasvu Open Forum. The second, Djangocon Finland 2012, focused mainly on technology. I gave two talks in the latter one. It was very nice to experience both events and meet some new people and a few old acquaintances.

Kasvu Open ForumKasvu Open is a competition of sorts aimed for Finnish growth ventures. This is the second year they are organizing it so things are just about to get rolling. They have two series, one for ideas and one for established companies. Me and my business partner participated in the former one this year with an entry.

We didn't make it to the finals and weren't impressed by the quality of the feedback given. This event totally made up for it. This is definitely something they can improve on the next year. The last thing you want to do is to discourage some potential idea or company. After all Kasvu Open is in the business of creating new business.
You might expect business conferences such as this to be really boring. This wasn't the case here. Each talk given gave some unique view to growth venturing. For instance it was particularly interesting to see how different the mindsets of a venture capitalist and a business angel can be. Former focuses on profit while the latter thinks in more long term and uses a different kind of investment strategy.
I also enjoyed the talk of Jouni Hynynen. He represented The Foundation of Finnish Inventions and explained how immaterial rights relate to business and what is their worth in practice. Even though I'm somewhat categorically opposed to concepts such as software patents, the talk gave some nice insight to the subject.
Overall it seems like there is some positive buzz going on in the Jyväskylä area. It might not be the Silicon Valley and we might be missing the scale benefits. I wouldn't be surprised if something really interesting emerged from the area within the next decades.

Djangocon Finland 2012This was the first time I visited the Finnish version of Djangocon. I think there were around forty people or so participating the event. The talks were primarily technically oriented. There were a couple of longer talks and several lightning talks.
I actually met a reader of this blog (apparently there are those) at the conference. That was quite a pleasant surprise to be honest. It's small things such as this that make it all worth it.

Thoughts on "Kaleva.fi - how we replaced 10 years of legacy code in one year"It was particularly interesting to see what Kaleva.fi looks like from "outside" in terms of DevOps. I participated in the project as a software designer during the past year for a period of a few months. So I got to know certain bits of it quite well. I never really looked into the overall infrastructure (too busy staring at my code :) ), though.

There were many interesting tidbits in Markus' talk. Especially the bits on scaling the service were interesting. It's quite different to develop a service used by hundreds of thousands than something that has only a few users. You get a lot of new problems to solve.

Thoughts on other talksThere was this one guy that made Django act like PHP. Django Home Pages is a terrible abomination that simply should not exist. I guess that was kind of the point, though. He created it just in order to see if it can be done.
Leo Honkanen discussed about classy Django applications. I think the main gist here was that with some effort you can provide namespaced url lookups for your templates. Essentially you have to deal with routing using a proxy class that implements urls using a property. The proxy class contains the name of the namespace as a class level attribute. I believe it is possible to implement this as a class method so you can avoid instantiating the whole thing at your url definition.
I'm not entirely sure if one should abuse classes this way. There might be a neater functional solution around to be found. If I ever need to namespace my urls somehow, I'll keep this in mind.
There were a couple of lightning talks as well. The BDD one was semi-interesting. I couldn't see myself writing that amount of code anytime soon, though. There must be some nicer way to describe stories.
bongaus.fi - Spotting Service Powered by DjangoMy first talk had to do with a service me and my business partner developed during the Spring. We did the development of bongaus.fi in a few distinct phases. The idea of the talk was to give some insight how we created the service and what kind of lessons we learned while doing it. I hope the people got something out of it! You can examine the slides below (probably not visible in RSS):bongaus.fi - Spotting Service Powered by Django
View more presentations from Juho VepsäläinenIf there is something you should pick out from the talk I believe it is the importance of developing a Minimum Viable Product (MVP). The only way to know if your product is on the right track is to give it for your users to test. Developing a MVP is an effective way to do this. Besides, it is really fast to get one done since you don't need to get stuck on the details.

In development of bongaus.fi we noticed Pareto principle applies quite well here. It takes only perhaps 20% or so time to get the relevant bits done. The rest is just tweaking and dealing the corner cases. And boy that sure can take time.

Another important thing to pick out is the value of pivots. Even if you are doing something and going to a certain direction, doesn't mean you should be going there indefinitely. It can pay off to adjust the trajectory and try something perhaps a bit different. I believe the willingness to pivot is one of the key attributes of startups that become successful.

SpeccerMy second, really brief talk, had to do with Speccer. It is a small testing tool I developed ages ago to make using unittest bearable. To quote myself "unittest provides testing for masochists while Speccer is meant for the rest of us". I hope the slides below give you the gist of it:Speccer
View more presentations from Juho Vepsäläinen Essentially the tool just transforms the light Pythonish syntax (you can mix Python with it) to code using unittest. This means you get to enjoy from the benefits of the both. You get the robust output provided by unittest's test runner while get to use a lighter syntax.

ConclusionAt times I feel like I'm slowly drifting away from a pure development role and more into business. These kind of conferences seem to confirm this. It takes a lot more than just technical skill to make things work in a real world.
Overall it seems like a good idea to be active. You get a lot of new contacts that in turn might prove to be valuable longer term (applies both ways). In addition these sort of events give you a nice extra burst of motivation and helps you to validate some of the work you have done. Sometimes it is a good idea to step out of your role a bit and try something different (ie. a business conf :) ).

Thanks to the release team ACK, I've started uploading Xfce 4.10 to unstable yesterday. For now, I've only pushed Xfce 4.10.1 desktop components, which means people using xfce4 + xfce4-goodies in unstable won't be able to upload at once.

That's because panel plugins have a quite hard dependency on the running xfce4-panel, and the communication protocol has changed between Xfce 4.8 and 4.10. So all panel plugins need to be rebuild against the new xfce4-panel. I'll start uploading new releases or packages revisions this evening, and binNMUs will be scheduled for the rest, but it'll take some days.

In the meantime, you can safely wait before upgrading xfce4. If you don't use external panel plugins, then you can accept to remove xfce4-goodies and the various xfce4-*-plugins and upgrade to xfce4 4.10.

There's no need to report a bug about that situation, we're already aware of it and it's somehow intended, things will settle in a few days.

Zato | home page

Zato is an ESB (Enterprise Service Bus) which is written in Python. It is free and open source (LGPL).

http://en.m.wikipedia.org/wiki/Enterprise_service_bus

Tibco was one of the first ESB products and Mule is an open source one.

According to the Zato site:

It supports HTTP, JSON, SOAP, Redis, JMS WebSphere MQ, ZeroMQ, FTP, SQL.

It has a web admin GUI, a CLI and an API.

Documentation and commercial support are available.

I got to know about Zato recently from the main  developer, Dariusz Suchojad, who had earlier written to me  regarding my blog post about PyMQI:

PyMQI, Python interface to IBM WebSphereMQ (formerly IBM MQSeries):

http://jugad2.blogspot.com/2013/02/pymqi-python-interface-to-ibm.html

Dariusz was a maintainer of PyMQI and also a developer on Spring Python, which is sort of a port of the Java Spring framework to Python.

Zato docs (quite detailed):

https://zato.io/docs/index.html

Part 1 of a basic Zato tutorial:

https://zato.io/docs/tutorial/01.html

I took a look at the tutorial. Broadly, it shows how to install Zato, create a simple Zato service in Python, that talks to PostgreSQL and Redis, and deploy it. Two servers get created, behind a load-balancer, and the service gets hot-deployed to the servers. Then curl is used to access the service. (This tutorial does not create a real client; curl is used to simulate one.)

Zato looks interesting and powerful (and somewhat complex, but that is to be expected for a product like an ESB).

I will check it out more and then report on my findings.

- Vasudev Ram
dancingbison.com

Vasudev Ram

Tweet Widget Facebook Like Google Plus One Linkedin Share Button

On a recent large Drupal project we were finding that the variable table was holding around 4 MB of data. The issue of course with this is that this is loaded into memory on each page request regardless of whether or not you use it. Another issue is that the variable table holds serialized data, and there is an additional CPU overhead of actually de-serializing the data as well.

Introducing Variable debug

So I wrote a module Variable debug that is a straight forward and simple module that attempts to do only two things (at the moment):

1. A list of the highest memory usage variables stored in the {variable} table sorted by highest to lowest. There is also a list of links to Drupal.org issues to help resolve some known high usage offenders. If you know of an issue that exists that aims to resolve in-efficient usage of the variable table, please raise a new issue in the issue queue for this module.

2. A list of all suspected orphaned variables in the variable table. This is determined by whether or not the variable is:

   1. Not a variable provided by Drupal core
   2. Does not start with an enabled module name

   This can help you find and remove potential abandoned variables that are of no use to you and your site.

Symptoms of rogue variables

Sometimes Drupal contributed modules use the variable table as a dumping ground for large variables that really should be stored in dedicated tables. Here is an example from one of our websites using the SQL query:

SELECT LENGTH(value) AS length, name FROM variable ORDER BY length ASC;

And the end of the result:

| 534 | hs_config_taxonomy-17 | | 551 | subscription_mail_status_activated_body | | 561 | hs_config_taxonomy-13 | | 573 | googleanalytics_custom_var | | 580 | article_import_known_columnists | | 600 | menu_masks | | 617 | order_completion_text_digital_auth | | 620 | menu_default_active_menus | | 622 | order_completion_text_corporate_auth | | 626 | user_mail_register_no_approval_required_body | | 638 | menu_minipanels_hover | | 660 | field_bundle_settings_node__page | | 666 | article_import_known_agencies | | 700 | field_bundle_settings_node__collection | | 702 | field_bundle_settings_node__article | | 733 | order_completion_text_print_auth | | 781 | field_bundle_settings_node__promotion | | 869 | order_completion_text_digital | | 903 | subscription_activation_text_unverified | | 939 | order_completion_text_print | | 955 | order_completion_text_corporate | | 991 | field_bundle_settings_node__subscription | | 1012 | subscription_activation_text_pending | | 1073 | field_bundle_settings_commerce_product__subscription_product | | 1278 | entityreference:base-tables | | 1783 | high_risk_districts | | 1988 | commerce_enabled_currencies | | 2356 | metered_useragent_whitelist | | 2515 | rules_empty_sets | | 2796 | apachesolr_index_last | | 3178 | memcache_wildcard_flushes | | 3673 | drupal_js_cache_files | | 7804 | features_codecache | | 14840 | drupal_css_cache_files | | 852329 | imagefield_crop_info | +--------+-----------------------------------------------------------------+ 1207 rows in set (0.02 sec)

Anything over several hundred bytes in the variable table really has to take a step back any look at better utilising cache tables.

Integration with Drupal.org issues

The next feature I added to the module was known large variables, and links to Drupal.org issue queue items that contain patches to resolve the large memory usage.

Here is a screenshot showing the functionality.

Questions

Let me know in the comments if this helps you, also if you have any other known rogue variables that have Drupal.org issues, that would also be welcome.

Tags drupal drupalplanet debugging code development Source Variable debug Category Tutorial

Cancún, Mexico - Auditorio Principal, Universidad Tecnológica de Cancún Carretera Cancún-Aeropuerto, Km. 11.5, S.M. 299, Mz. 5, Lt 1 Cancún, Quintana Roo, C.P. 77500

Richard Stallman hablará sobre las metas y la filosofía del movimiento del Software Libre, y el estado y la historia del sistema operativo GNU, el cual junto con el núcleo Linux, es actualmente utilizado por decenas de millones de personas en todo el mundo.

Esa charla de Richard Stallman no será técnica y será abierta al público; todos están invitados a asistir.

Favor de rellenar este formulario, para que podamos contactarle acerca de eventos futuros en la región de Cancún.

Cancún, Mexico - Auditorio Principal, Universidad Tecnológica de Cancún Carretera Cancún-Aeropuerto, Km. 11.5, S.M. 299, Mz. 5, Lt 1 Cancún, Quintana Roo, C.P. 77500

Richard Stallman hablará sobre las metas y la filosofía del movimiento del Software Libre, y el estado y la historia del sistema operativo GNU, el cual junto con el núcleo Linux, es actualmente utilizado por decenas de millones de personas en todo el mundo.

Esa charla de Richard Stallman no será técnica y será abierta al público; todos están invitados a asistir.

Favor de rellenar este formulario, para que podamos contactarle acerca de eventos futuros en la región de Cancún.

AltOS 1.2.1 — TeleBT support, bug fixes and new AltosUI features

Bdale and I are pleased to announce the release of AltOS version 1.2.1.

AltOS is the core of the software for all of the Altus Metrum products. It consists of cc1111-based micro-controller firmware and Java-based ground station software.

The biggest new feature for AltOS is the addition of support for TeleBT, our ground station designed to operate with Android phones and tablets. In addition, there’s a change in the TeleDongle radio configuration that should improve range, some other minor bug fixes and new features in AltosUI

AltOS Firmware — Features and fixes

There are bug fixes in both ground station and flight software, so you should plan on re-flashing both units at some point. However, there aren’t any incompatible changes, so you don’t have to do it all at once.

New features:

• TeleBT support.

• Improved radio sensitivity. The TeleDongle receiver parameters have been tweaked to provide better reception.

• TeleMini now completely resets all radio parameters in recovery mode (with the two outer debug pins connected) — 434.550MHz, N0CALL, factory radio cal.

Bug fixes:

• USB device fixes. This improves operation with Windows, avoiding hangs and errors in many cases.

• Correct the Kalman filter error covariance matrix; the old parameters were built assuming continuous measurements.

AltosUI — Easier to use

AltosUI has also seen quite a bit of work for the 1.2.1 release. It’s got several fun new features and a few bug fixes.

New Graph UI features:

• Show tool-tips with the value near the cursor.

• Make the set of displayed values configurable. Add all of the available data values just in case you want to see them.

• Added a Map tab showing the ground track of the whole flight.

• The flight summary tab now includes the final GPS position. This lets you figure out where your rocket landed without replaying the whole flight.

Other new AltosUI features:

• TeleBT support, including Bluetooth connections (Linux-only, at present).

• Shows the callsign in the Monitor Idle and other command-mode windows so that you can tell what callsign is being used.

• Show the block number when downloading flight data. This lets you see something happen even for longer flights.

• Make the initial position of the AltosUI configurable so that you can position it out of the way of the rest of you desktop.

• Distribute Mac OS X in .dmg format (Mac OS Disk Image); this means you don’t need to explicitly unpack the bits.

Bug fixes:

• Deal with broken networking while downloading map tiles. Tiles are now always downloaded asynchronously so that the UI doesn’t freeze when the network is slow.

We just launched Zact, one of our largest design projects to date at Chapter Three. We designed nearly 200 comps, including an e-commerce workflow, a customer dashboard that mirrors the functionality of the phone’s software, a Support section built on ZenDesk, and a consumer-facing website.

A disruptive new cell phone provider, Zact is a new company looking to redefine how customers purchase mobile services by making your plan 100% customizable right from your phone with no overage fees or contracts. They even give you a refund every month for any unused minutes, texts or data.

Helping Zact overcome business hurdles
As a new company in a major market, Zact turned to Chapter Three to help them solve some of their immediate business hurdles online.

• Establishing brand trust
  To overcome lack of brand recognition and to educate new customers about the key advantages of the service, we created the “Why we're different” and “How it works” sections as a way for new customers to get to know us.
• Paying full price for the phone
  To educate customers about the long term savings of buying the phone at full price, we created an interactive Savings Calculator. The calculator allows customers to compare various plan and phone options to their current bill to show their dollar amount saved over a two year period.
• Buying a phone online
  Without the ability to physically touch the phone customers are buying, we needed to build in extra guarantees to make customers feel comfortable purchasing a device online. We featured a “satisfaction guarantee” statement prominently throughout the site, promising a refund within 30 days if the customer did not like the phone.

Herculean feats of UX strength
The complexity of interactions across the site gave us an opportunity to flex our UX chops. We collaborated with Zact’s usability specialist, incorporating feedback from weekly usability tests to iteratively improve our designs.

• Customer dashboard
  To provide the functionality of the phone’s software on the website, we designed a web-specific interpretation of the phone software that empowers customers to access and control the full breadth of Zact’s service offerings. Because the software was being developed in parallel with our web design, we adopted an agile design approach to iterate in sync with the development team.
• E-commerce
  Our team worked with Zact’s usability specialist to implement a checkout flow pulling from best practices across the web. We delivered a solution that pushes the capabilities of Drupal Commerce and its ability to integrate with third-party systems.

Agile design
An agile design process was critical in the success of this project. We needed to be flexible as requirements and scope were changing daily. We met with the client daily via WebEx with new design deliverables for review, which allowed us to gather feedback often and respond quickly. For any given page, we were able to explore a number of options on a high level before focusing on a more final solution.

In fact, some of the best ideas on the project came directly from the client, as a result of organic discussion during those meetings. The Savings Calculator, which allows users to more visually understand how they will save money over time with Zact, grew out of a conversation we facilitated.

Our first iterations of the Savings Calculator were pretty skeletal and didn’t quite feel right; the user had to fill out the form and click a button before seeing results. After further discussion, the client suggested that we make the actual dollar savings visible and dynamic throughout the page, so that as you interact with the form you can directly see how your savings are affected. This minor design change immediately made the page more engaging and an effective tool in communicating why Zact is a viable alternative to a traditional phone contract.

Starting up in Silicon Valley with Drupal
One of the most exciting and challenging parts of the project was the rapid pace of startup culture. The level of expertise and web savvy amongst Zact’s staff allowed for a flourishing partnership where we were able to push boundaries and do great work together. So far, the site has been covered by some major press outlets, including Gizmodo, Engadget, Forbes and TechCrunch.

The site is finally live, but our work isn’t over yet. We’re continuing to evaluate and optimize the usability of the site and will continue to roll out design updates over the coming weeks. We look forward to working further with Zact and seeing how users will react to the new site.

Background

A question came up on the Stack Exchange site Unix & Linux in which I wrote up a pretty good answer, that describes some of the mechanics of how a process deals with its user credentials, so I’m adding my writeup to the blog.

It really comes down to what makes up a process in Unix. A process can come into existence in one of 2 ways. Either via the fork() function or through one of the exec() functions in C.

fork()

fork() basically just makes a copy of the current process, but assigns it a new process ID (PID). It’s a child of the original process. You can see this relationship in the output of @ps@:

1 2 3 4 5 6 7 $ ps axjf PPID PID PGID SID TTY TPGID STAT UID TIME COMMAND 1 5255 1964 1964 ? -1 Sl 500 0:39 gnome-terminal 5255 5259 1964 1964 ? -1 S 500 0:00 \_ gnome-pty-helper 5255 18422 18422 18422 pts/1 18422 Ss+ 500 0:01 \_ bash 5255 30473 30473 30473 pts/4 30473 Ss+ 500 0:00 \_ bash 30473 782 782 30473 pts/4 30473 Sl 500 1:14 | \_ evince s.pdf

Here you can see that gnome-terminal is the parent process (PID = 5255) and that bash is it’s child (PID = 18422, PPID = 5255).

When a process forks from its parent, it “inherits” certain things, such as copies of all the file descriptors that the parent currently has for open files and the parent’s user and group IDs.

NOTE1: PPID = Parent Process ID.
NOTE2: The last 2 are what identify what file and group permissions this process will have when accessing the file system.

So if a process just inherits its user and group ID from its parent, then why isn’t everything just owned by root or a single user? This is where exec() comes in.

exec() Part #1

The exec() family of functions, specifically execve(), “replace” a current process image with a new process image. The terminology “process image” is really just a file, i.e. an executable on disk. So this is how a bash script can execute a program such as /usr/bin/time.

So what about the user ID and group ID? Well to understand that let’s first discuss the concept of “Persona”.

Persona

At any time, each process has an effective user ID, an effective group ID, and a set of supplementary group IDs. These IDs determine the privileges of the process. They are collectively called the [persona of the process]1, because they determine “who it is” for purposes of access control.

exec() Part #2

So in addition to being able to swap out the “process image”, exec() can also change the user & group IDs from the original “real” ones to “effective” ones.

An example

For this demonstration I’m going to show you what happens when we start out in a shell as our default UID/GID, and then spawn a child shell using one of my supplementary GIDs, making it the child shell’s effective GID.

To perform this I’m going to make use of the unix command newgrp. newgrp allows you to spawn a new shell passing it the supplementary group that I’d like to make my effective GID.

For starters:

1 2 $ id -a uid=500(saml) gid=501(saml) groups=501(saml),502(vboxusers),503(jupiter)

We can see that this shell is currently configured with my default UID/GID of saml & saml. Touching some files shows that this is the case as well:

1 2 3 4 5 6 $ touch afile1 $ touch afile2 $ ls -l total 0 -rw-rw-r-- 1 saml saml 0 May 21 23:47 afile1 -rw-rw-r-- 1 saml saml 0 May 21 23:47 afile2

Now we make our supplementary group jupiter the effective GID:

1 2 3 $ newgrp jupiter $ id -a uid=500(saml) gid=503(jupiter) groups=501(saml),502(vboxusers),503(jupiter)

Now if we touch some files:

1 2 3 4 5 6 7 8 $ touch afile3 $ touch afile4 $ ls -l total 0 -rw-rw-r-- 1 saml saml 0 May 21 23:47 afile1 -rw-rw-r-- 1 saml saml 0 May 21 23:47 afile2 -rw-r--r-- 1 saml jupiter 0 May 21 23:49 afile3 -rw-r--r-- 1 saml jupiter 0 May 21 23:49 afile4

We see that the shell’s effective GID is jupiter, so any interactions with the disk result in files being created with jupiter rather than my normal default group of saml.

References

• fork() man page
• exec() man page
• execve() man page
• credentials man page
• newgrp man page
• The GNU C Library
• The GNU C Library – 26.4 Creating a Process
• The GNU C Library – 26.5 Executing a File
• GID, current, primary, supplementary, effective and real group IDs?