FLOSS Project Planets

Reproducible Builds: Reproducible Builds in February 2024

Planet Debian - Sat, 2024-03-09 11:53

Welcome to the February 2024 report from the Reproducible Builds project! In our reports, we try to outline what we have been up to over the past month as well as mentioning some of the important things happening in software supply-chain security.

Reproducible Builds at FOSDEM 2024

Core Reproducible Builds developer Holger Levsen presented at the main track at FOSDEM on Saturday 3rd February this year in Brussels, Belgium. However, that wasn’t the only talk related to Reproducible Builds.

However, please see our comprehensive FOSDEM 2024 news post for the full details and links.


Maintainer Perspectives on Open Source Software Security

Bernhard M. Wiedemann spotted that a recent report entitled Maintainer Perspectives on Open Source Software Security written by Stephen Hendrick and Ashwin Ramaswami of the Linux Foundation sports an infographic which mentions that “56% of [polled] projects support reproducible builds”.


Three new reproducibility-related academic papers

A total of three separate scholarly papers related to Reproducible Builds have appeared this month:

Signing in Four Public Software Package Registries: Quantity, Quality, and Influencing Factors by Taylor R. Schorlemmer, Kelechi G. Kalu, Luke Chigges, Kyung Myung Ko, Eman Abdul-Muhd, Abu Ishgair, Saurabh Bagchi, Santiago Torres-Arias and James C. Davis (Purdue University, Indiana, USA) is concerned with the problem that:

Package maintainers can guarantee package authorship through software signing [but] it is unclear how common this practice is, and whether the resulting signatures are created properly. Prior work has provided raw data on signing practices, but measured single platforms, did not consider time, and did not provide insight on factors that may influence signing. We lack a comprehensive, multi-platform understanding of signing adoption and relevant factors. This study addresses this gap. (arXiv, full PDF)


Reproducibility of Build Environments through Space and Time by Julien Malka, Stefano Zacchiroli and Théo Zimmermann (Institut Polytechnique de Paris, France) addresses:

[The] principle of reusability […] makes it harder to reproduce projects’ build environments, even though reproducibility of build environments is essential for collaboration, maintenance and component lifetime. In this work, we argue that functional package managers provide the tooling to make build environments reproducible in space and time, and we produce a preliminary evaluation to justify this claim.

The abstract continues with the claim that “Using historical data, we show that we are able to reproduce build environments of about 7 million Nix packages, and to rebuild 99.94% of the 14 thousand packages from a 6-year-old Nixpkgs revision. (arXiv, full PDF)


Options Matter: Documenting and Fixing Non-Reproducible Builds in Highly-Configurable Systems by Georges Aaron Randrianaina, Djamel Eddine Khelladi, Olivier Zendra and Mathieu Acher (Inria centre at Rennes University, France):

This paper thus proposes an approach to automatically identify configuration options causing non-reproducibility of builds. It begins by building a set of builds in order to detect non-reproducible ones through binary comparison. We then develop automated techniques that combine statistical learning with symbolic reasoning to analyze over 20,000 configuration options. Our methods are designed to both detect options causing non-reproducibility, and remedy non-reproducible configurations, two tasks that are challenging and costly to perform manually. (HAL Portal, full PDF)


Mailing list highlights

From our mailing list this month:


Distribution work

In Debian this month, 5 reviews of Debian packages were added, 22 were updated and 8 were removed this month adding to Debian’s knowledge about identified issues. A number of issue types were updated as well. […][…][…][…] In addition, Roland Clobus posted his 23rd update of the status of reproducible ISO images on our mailing list. In particular, Roland helpfully summarised that “all major desktops build reproducibly with bullseye, bookworm, trixie and sid provided they are built for a second time within the same DAK run (i.e. [within] 6 hours)” and that there will likely be further work at a MiniDebCamp in Hamburg. Furthermore, Roland also responded in-depth to a query about a previous report


Fedora developer Zbigniew Jędrzejewski-Szmek announced a work-in-progress script called fedora-repro-build that attempts to reproduce an existing package within a koji build environment. Although the projects’ README file lists a number of “fields will always or almost always vary” and there is a non-zero list of other known issues, this is an excellent first step towards full Fedora reproducibility.


Jelle van der Waa introduced a new linter rule for Arch Linux packages in order to detect cache files leftover by the Sphinx documentation generator which are unreproducible by nature and should not be packaged. At the time of writing, 7 packages in the Arch repository are affected by this.


Elsewhere, Bernhard M. Wiedemann posted another monthly update for his work elsewhere in openSUSE.


diffoscope

diffoscope is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues. This month, Chris Lamb made a number of changes such as uploading versions 256, 257 and 258 to Debian and made the following additional changes:

  • Use a deterministic name instead of trusting gpg’s –use-embedded-filenames. Many thanks to Daniel Kahn Gillmor dkg@debian.org for reporting this issue and providing feedback. [][]
  • Don’t error-out with a traceback if we encounter struct.unpack-related errors when parsing Python .pyc files. (#1064973). []
  • Don’t try and compare rdb_expected_diff on non-GNU systems as %p formatting can vary, especially with respect to MacOS. []
  • Fix compatibility with pytest 8.0. []
  • Temporarily fix support for Python 3.11.8. []
  • Use the 7zip package (over p7zip-full) after a Debian package transition. (#1063559). []
  • Bump the minimum Black source code reformatter requirement to 24.1.1+. []
  • Expand an older changelog entry with a CVE reference. []
  • Make test_zip black clean. []

In addition, James Addison contributed a patch to parse the headers from the diff(1) correctly [][] — thanks! And lastly, Vagrant Cascadian pushed updates in GNU Guix for diffoscope to version 255, 256, and 258, and updated trydiffoscope to 67.0.6.


reprotest

reprotest is our tool for building the same source code twice in different environments and then checking the binaries produced by each build for any differences. This month, Vagrant Cascadian made a number of changes, including:

  • Create a (working) proof of concept for enabling a specific number of CPUs. [][]
  • Consistently use 398 days for time variation rather than choosing randomly and update README.rst to match. [][]
  • Support a new --vary=build_path.path option. [][][][]


Website updates

There were made a number of improvements to our website this month, including:


Reproducibility testing framework

The Reproducible Builds project operates a comprehensive testing framework (available at tests.reproducible-builds.org) in order to check packages and other artifacts for reproducibility. In February, a number of changes were made by Holger Levsen:

  • Debian-related changes:

    • Temporarily disable upgrading/bootstraping Debian unstable and experimental as they are currently broken. [][]
    • Use the 64-bit amd64 kernel on all i386 nodes; no more 686 PAE kernels. []
    • Add an Erlang package set. []
  • Other changes:

    • Grant Jan-Benedict Glaw shell access to the Jenkins node. []
    • Enable debugging for NetBSD reproducibility testing. []
    • Use /usr/bin/du --apparent-size in the Jenkins shell monitor. []
    • Revert “reproducible nodes: mark osuosl2 as down”. []
    • Thanks again to Codethink, for they have doubled the RAM on our arm64 nodes. []
    • Only set /proc/$pid/oom_score_adj to -1000 if it has not already been done. []
    • Add the opemwrt-target-tegra and jtx task to the list of zombie jobs. [][]

Vagrant Cascadian also made the following changes:

  • Overhaul the handling of OpenSSH configuration files after updating from Debian bookworm. [][][]
  • Add two new armhf architecture build nodes, virt32z and virt64z, and insert them into the Munin monitoring. [][] [][]

In addition, Alexander Couzens updated the OpenWrt configuration in order to replace the tegra target with mpc85xx [], Jan-Benedict Glaw updated the NetBSD build script to use a separate $TMPDIR to mitigate out of space issues on a tmpfs-backed /tmp [] and Zheng Junjie added a link to the GNU Guix tests [].

Lastly, node maintenance was performed by Holger Levsen [][][][][][] and Vagrant Cascadian [][][][].


Upstream patches

The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of such patches, including:


If you are interested in contributing to the Reproducible Builds project, please visit our Contribute page on our website. However, you can get in touch with us via:

Categories: FLOSS Project Planets

Iustin Pop: Finally learning some Rust - hello photo-backlog-exporter!

Planet Debian - Sat, 2024-03-09 08:30

After 4? 5? or so years of wanting to learn Rust, over the past 4 or so months I finally bit the bullet and found the motivation to write some Rust. And the subject.

And I was, and still am, thoroughly surprised. It’s like someone took Haskell, simplified it to some extents, and wrote a systems language out of it. Writing Rust after Haskell seems easy, and pleasant, and you:

  • don’t have to care about unintended laziness which causes memory “leaks” (stuck memory, more like).
  • don’t have to care about GC eating too much of your multi-threaded RTS.
  • can be happy that there’s lots of activity and buzz around the language.
  • can be happy for generating very small, efficient binaries that feel right at home on Raspberry Pi, especially not the 5.
  • are very happy that error handling is done right (Option and Result, not like Go…)

On the other hand:

  • there are no actual monads; the ? operator kind-of-looks-like being in do blocks, but only and only for Option and Result, sadly.
  • there’s no Stackage, it’s like having only Hackage available, and you can hope all packages work together well.
  • most packaging is designed to work only against upstream/online crates.io, so offline packaging is doable but not “native” (from what I’ve seen).

However, overall, one can clearly see there’s more movement in Rust, and the quality of some parts of the toolchain is better (looking at you, rust-analyzer, compared to HLS).

So, with that, I’ve just tagged photo-backlog-exporter v0.1.0. It’s a port of a Python script that was run as a textfile collector, which meant updates every ~15 minutes, since it was a bit slow to start, which I then rewrote in Go (but I don’t like Go the language, plus the GC - if I have to deal with a GC, I’d rather write Haskell), then finally rewrote in Rust.

What does this do? It exports metrics for Prometheus based on the count, age and distribution of files in a directory. These files being, for me, the pictures I still have to sort, cull and process, because I never have enough free time to clear out the backlog. The script is kind of designed to work together with Corydalis, but since it doesn’t care about file content, it can also double (easily) as simple “file count/age exporter”.

And to my surprise, writing in Rust is soo pleasant, that the feature list is greater than the original Python script, and - compared to that untested script - I’ve rather easily achieved a very high coverage ratio. Rust has multiple types of tests, and the combination allows getting pretty down to details on testing:

  • region coverage: >80%
  • function coverage: >89% (so close here!)
  • line coverage: >95%

I had to combine a (large) number of testing crates to get it expressive enough, but it was worth the effort. The last find from yesterday, assert_cmd, is excellent to describe testing/assertion in Rust itself, rather than via a separate, new DSL, like I was using shelltest for, in Haskell.

To some extent, I feel like I found the missing arrow in the quiver. Haskell is good, quite very good for some type of workloads, but of course not all, and Rust complements that very nicely, with lots of overlap (as expected). Python can fill in any quick-and-dirty scripting needed. And I just need to learn more frontend, specifically Typescript (the language, not referring to any specific libraries/frameworks), and I’ll be ready for AI to take over coding 😅…

So, for now, I’ll need to split my free time coding between all of the above, and keep exercising my skills. But so glad to have found a good new language!

Categories: FLOSS Project Planets

This week in KDE: a deluge of new features

Planet KDE - Sat, 2024-03-09 01:26

The floodgates are fully open and developers have started landing juicy features for Plasma 6.1!

But not just that… we asked for bug reports and you folks gave us bug reports! Usually we get 30-50 per day, but now we’re up to 150-200. It’s kind of crazy.

Now, this doesn’t mean the software is actually really buggy. It means that people are using the software! Most of the bug reports actually not about KDE issues at all: graphics driver issues, bugs in themes, and bugs in 3rd-party apps. And many are duplicates of existing known issues, or really weird exotic issues only reproducible with specific combinations of off-by-default settings.

Of course some are more significant, but at this point I think we’ve got most of them fixed. There are still a couple open–such slow login and black lock screens with certain setups–but both have open merge requests to fix them, so I expect those to be fixed pretty soon too.

New Features

You can now split embedded terminal views in Kate horizontally or vertically (Akseli Lahtinen, Kate 24.05. Link)

You can now configure whether the magnifier in Spectacle’s Rectangular Region mode is always on, always off, or only on while holding down the Shift key (Noah Davis, Spectacle 24.05. Link)

There are now “edge barrier” and “corner barrier” features when you’ve using a multi-screen setup. These barriers add virtual spacing between screens, so that it’s easier for you to click on the pixels touching shared screen edges. Why would you want to do this? For example to make auto-hide panels between screens possible, and to make it easy to click the close button of a maximized window with another screen next to it. Note that these features are Wayland-only. And yes, you can turn these features off if you don’t like them, and also adjust the size of the barrier’s virtual space (Yifan Zhu, Plasma 6.1):

You can now hide the Web Browser widget’s navigation bar, making it suitable for cases where it’s simply monitoring the same web page you never navigate away from (Shubham Arora, Plasma 6.1. Link)

Manual session saving now works on Wayland. Note that until real session restore is added, this will be hooking into the “real fake session restore” feature I blogged about a few weeks ago (David Edmundson, Plasma 6.1. Link)

UI Improvements

When you have Spectacle configured to not take a screenshot when launched, the window that appears on launch now gives you the opportunity to take a screen recording too (Noah Davis, 24.05. Link)

Search results for pages in System Settings now better prioritize exact name matches (Alexander Lohnau, Plasma 6.0.1. Link)

Using a keyboard shortcut to activate the Calculator widget on a Panel now passes focus to it correctly so you can start typing to calculate things immediately (Akseli Lahtinen, Plasma 6.0.2. Link)

When using the Kicker Application Menu launcher, you can now do calculation and unit conversion, and find the power and session actions by searching for them (me: Nate Graham, Plasma 6.1. Link)

The new “Shake cursor to find it” effect is now enabled by default (Vlad Zahorodnii, Plasma 6.1. Link)

The new Printers page in System Settings now does a better job of helping you figure out what to do next when it finds a driverless network printer that doesn’t have the right drivers installed (yes, that sounds like a contradiction, but such is life) (Mike Noe, Plasma 6.1. Link)

Panel widgets’ popups now close when you click on an empty area of the Task Manager (David Edmundson, Plasma 6.1. Link)

By default, XWayland apps are now allowed to listen for non-alphanumeric keypresses, and shortcuts using modifier keys. This lets any global shortcut features they may have work with no user intervention required, while still not allowing arbitrary listening for alphanumeric keypresses which could potentially be used maliciously (me: Nate Graham, Plasma 6.1. Link)

Bluetooth connection failures are now additionally mentioned in the widget pop-up itself, right next to the thing you clicked on to try the connection which is where your eyeballs were probably still looking (Kai Uwe Broulik, Plasma 6.1. Link)

The width of the clipboard history popup that appears when you press Meta+V now has a width that’s capped at a lower, more sane level when you’re using a ultrawide screen (Dominique Hummel, Plasma 6.1. Link)

Bug Fixes

Gwenview no longer crashes when opening certain FITS image files (Albert Astals Cid, Gwenview 24.02.1. Link)

Minimizing a Dolphin window no longer causes all of its panels to get hidden (Nicolas Fella, Dolphin 24.02.1. Link)

Fixed a glitch with multi-line text selection in Okular (Okular 24.02.1. Link)

While dragging a file in Dolphin, if it happens to pass over other files and linger there for a bit, the other files no longer get immediately opened (Akseli Lahtinen, Dolphin 24.05. Link)

Plasma no longer crashes when you open Kickoff or Kicker while uninstalling an app that’s in the Favorites list (Marco Martin, Plasma 6.0.1. Link)

Launching/activating items with the Enter key in the Kicker Application Menu once again works (Marco Martin, Plasma 6.0.1. Link)

“Get [app name]” search results from KRunner once again work (Nicolas Fella, Plasma 6.0.1. Link)

Fixed a regression with System Tray icon support that caused some apps’ tray icons to show the wrong icon (Nicolas Fella, Plasma 6.0.1. Link)

When you drag multiple files from Dolphin onto the desktop, they no longer stack on top of one another until Plasma is restarted (Marco Martin, Plasma 6.0.1. Link)

Discover no longer crashes when you search for various fairly common terms, including “libreoffice” (Aleix Pol Gonzalez, Plasma 6.0.2. Link)

Fixed the “Move to Desktop > All Desktops” titlebar menu item on X11 (Nicolas Fella, Plasma 6.0.2. Link)

Fixed a case where Plasma could exit (not crash) with a Wayland protocol error after turning screens off and back on again (Vlad Zahorodnii, Plasma 6.0.2. Link)

Fixed a case where KWin could crash when a window was opened on a secondary screen plugged into a secondary GPU (Xaver Hugl, Plasma 6.0.2. Link)

Our previous fix for VLC and MPV not being able to maximize turned out not to be enough, so we beefed it up, and now it should actually always work (Łukasz Patron, Plasma 6.0.2. Link 1 and link 2)

Fixed a bug that could cause Night Color to not work on systems with certain graphics hardware (Xaver Hugl, Plasma 6.0.2. Link)

The first search result in the Kicker Application Menu is no longer sometimes covered up by the search field (Marco Martin, Plasma 6.0.2. Link)

When you drag a window off the left side of the screen, the cursor no longer moves unexpectedly (Yifan Zhu, Plasma 6.0.2. Link)

Setting your system language to “C” on System Settings’ Region & Language page no longer mangles the text of the previews for individual formats (Han Young, Plasma 6.0.2. Link)

Fixed a case where Discover could crash on launch when its Flatpak backend is active (David Redondo, Plasma 6.1. Link)

When you have a Panel at the top of the screen, showing its config dialog no longer overlaps the global Edit Mode Toolbar; instead, the toolbar jumps down to the bottom of the screen where there’s plenty of space for it (Niccolò Venerandi, Plasma 6.1. Link)

Downloading items in the “Get New [thing]” dialogs that only have a single file available once again works (Akseli Lahtinen, Frameworks 6.1. Link)

Various actions throughout KDE apps that open the default terminal app–such as Dolphin’s “Open Terminal Here” menu item–once again work (Nicolas Fella, Frameworks 6.1. Link)

“Horizontal bars” graphs in various System Monitor widgets now use the right colors (Arjen Hiemstra, Frameworks 6.1. Link)

Menu items in context menus for text fields in QtQuick-based apps are now translated (Evgeny Chesnokov, Frameworks 6.1. Link)

Made a bunch of places icons in the Breeze icon theme respect the accent color, just like their compatriots (Someone going by the pseudonym “leia uwu”, Frameworks 6.1. Link)

Other bug information of note:

Performance & Technical

Fixed a source of lag and frame drops on some systems with certain graphics hardware (Xaver Hugl, Plasma 6.0.1. Link)

Automation & Systematization

Wrote a tutorial for how to set up automatic publishing of your KDE app to KDE’s F-Droid repository (Ingo Klöcker, Link)

Updated the tutorial for how to write a System Settings page (KCM) to reflect modernity (Akseli Lahtinen, Link)

Added an autotest ensuring that a special feature of KConfig and desktops files works (David Faure, Link)

…And Everything Else

This blog only covers the tip of the iceberg! If you’re hungry for more, check out https://planet.kde.org, where you can find more news from other KDE contributors.

How You Can Help

Please help with bug triage! The Bugzilla volumes are extraordinary right now and we are overwhelmed. I’ll be doing another blog post on this tomorrow; for now, if you’re interested, read this.

Otherwise, visit https://community.kde.org/Get_Involved to discover other ways to be part of a project that really matters. Each contributor makes a huge difference in KDE; you are not a number or a cog in a machine! You don’t have to already be a programmer, either. I wasn’t when I got started. Try it, you’ll like it! We don’t bite!

As a final reminder, 99.9% of KDE runs on labor that KDE e.V. didn’t pay for. If you’d like to help change that, consider donating today!

Categories: FLOSS Project Planets

Krita Monthly Update – Edition 13

Planet KDE - Fri, 2024-03-08 19:00

Welcome to all krita artists, this monthly zine is curated for you by the Krita-promo team.

Development report
  • Changes to KDE Binary Factory - Krita Next and Krita Plus builds

    Nightly builds for Windows and Linux have been moved to GitLab. Binary Factory is now decommissioned. Due to this change the nightly build service is temporarily discontinued. The developers are working on getting the build up again.

  • New Krita website is released.

    The work for the new website was ongoing for some time so we are glad to announce that it is live now. The new website offers a light and dark theme. It is cleaner and the translation to other languages is much easier now. We are always working to improve the website so if you find any rough edges please let us know.

  • Internal Roadmap for Krita

    The developers had an online meeting on 26th February to discuss the future path for Krita development. Stay tuned for an upcoming blog post here for more details about this meeting. In the meantime, enjoy these meeting highlights. The agenda for the meeting was:

    • How to handle social networks and having a social media strategy.

      Krita’s social media presence was handled by the developers earlier, but since they are busy with Krita’s development, we can request volunteers to help us. Krita-Artists group of volunteers can be asked to handle social media posting and any volunteers are welcome to join the group.

    • Challenges and feasibility of keeping the support for Android version.

      The person who was handling the support for the Android version has gotten busy with life so currently there is no one to look after it. The builds are also stopped due to our build server getting decommissioned. Dmitry is looking into the automated build issue but the team needs a way to keep the support up. There may be close to 500,000 users of Krita on this platform. Volunteers are more than welcome to join us in this endeavour.

    • Various other aspects related to development

      • The developers discussed some features that can be implemented such as audio waveform support in the animation timeline and the future path for creating a mobile UI.
      • A Strategy for porting Krita to the next version of Qt (Qt is the underlying base that is used to build Krita).
      • Areas where GPU computation can help. Artists who joined the meeting said that filters and transform masks were slow in krita. Our Liquify tool also needs a performance boost. So GPU utilisation in this area is welcome.
      • Tiar will be investigating how to do AI assisted Inking. Disclaimer - this doesn’t mean we will be using the popular AI models out there. We intend to do this ethically and as this is still in the initial investigation stage, the developers are still discussing various aspect about how to approach this subject.
      • How to handle PS style clipping mask - Deif Lou has done an awesome job in researching and investigating the clipping mask, layer effects and blending mode technicalities. The team intends to look into this and tackle this feature together.
  • New features that got merged this month

    • Close Gap in fill tool is finally here!

      YRH created a gap-closing patch for the fill tool and that patch has been accepted to master. In this post, YRH points out that Dmitry and Krita users on this forum were instrumental in getting this done. You can read these latest comments and get the test builds from this post.

      There should have been a video here but your browser does not seem to support it. (Video created by David Revoy)

    • Text tool on-canvas basic rich text editing

      Wolthera has been busy with text tool for some time now. You can tell by the text tool update thread that she is merging really exciting things one after the other. This month, Krita got support for on-canvas text editing with basic rich text support. As kaichi1342 reports on the forum, currently common shortcuts like Ctrl B, I, U for bold italics and underline are working, full and partial color change of text works on canvas.

      There should have been a video here but your browser does not seem to support it. (Video created by Wolthera)

    • Docker support added to popup palette

      Freyalupen implemented docker support in the right click popup palette which can be of immense help for people who work on minimal canvas-only mode or for people using Krita on tablets. You can now use various dockers like the layer docker, brush preset history, etc., right from the right click popup palette.

      There should have been a video here but your browser does not seem to support it. (Video created by freyalupen)

Community report Monthly Art Challenge

Krita-Artists’ Monthly Art Challenge is a great way to stretch your skills and learn more about Krita.

February’s Art Challenge theme was Architectural/Urban, designed by Elixiah. We had a full slate of submissions to vote on at the end of the month. Mythmaker won the challenge with this image:

The challenge for this month is Marvellous Metal. Why not join in? It’s a friendly competition where we even share tips and help each other with challenge submissions on the WIP thread.

YouTube Growth

The Krita YouTube channel has reached 80,000 subscribers. That’s a gain of 17,000 subs in just over a year. Ramon’s most recent video, 5.2.2 New Features, has already had more than 86,000 views over the last month.

Featured artwork Introducing “Best of Krita-Artists” Featured Artwork Nomination Process

Great news: Members Hall and the nomination process is now open to all Krita-Artists members. Everyone has the opportunity to nominate artwork for the featured gallery. Monthly submission threads will open on the 15th of each month. We’ll use your submissions to create a poll which will determine the top four. The winning images will be added to the featured gallery.

The current instructions and submission thread explains everything you need to know in order to nominate artwork that you feel represents the best of Krita-Artists. In January, we’ll create an annual poll to vote for the very best from 2024.

Noteworthy plugin

Shortcut Composer v1.5.0 Released (this update requires Krita 5.2.2 or higher)

Highlights of new features:

  • New action: Rotate brush which rotates the brush tip of the current preset
  • New action: Rotate canvas
  • Tooltips with additional info that appear when hovering over settings

Tutorial of the month

From David Revoy: Grayscale to Color – Character Design “A commented step-by-step guide and advice on how to paint an original fantasy character design from scratch in Krita.”

Notable changes in code

This section has been compiled by [freyalupen]. (Feb 5 - Mar 5, 2024)

Stable branch (5.2.2+): Bugfixes:

Stable branch (5.2.2+) backports from Unstable: Bugfixes:

Unstable branch (5.3.0-prealpha): Features:

  • [Text Tool] Implement basic rich text editing in the on-canvas text tool. This includes changing the color with the color selectors, setting bold/italic/underline with keyboard shortcuts, and rich text copy/paste. (merge request, Wolthera van Hövell)
  • [Fill Tool] Implement 'Close Gap' option in the Fill Tool and Contiguous Selection Tool. This allows the unleaked filling of gapped lineart by treating gaps of a configured size as if they were closed. (merge request, Maciej Jesionowski)
  • [Popup Palette, Dockers] Add ability to show dockers, such as the Layers docker, in the Popup Palette's side panel. The On-Canvas Brush Editor that was in this panel is now a docker. (merge request, Freya Lupen)
  • [Brush Engines] Add Photoshop-like brush texturing modes where Strength affects the texture instead of the dab, enabled with the 'Soft texturing' checkbox in the brush Pattern Options. (merge request, Deif Lou)
  • [File Formats: JPEG-XL] Update libjxl and add options to export JPEG-XL with CICP profile and lossless alpha. (merge request, Rasyuqa A H (Kampidh))
  • [Grids and Guides Docker] Add button to delete all guides. (merge request, reinold rojas)
  • [Animation: Onion Skins Docker] Add Reset option for Onion Skins' opacity in a right-click menu, to reset them to the default values. (WISHBUG:466977) (commit, Emmet O'Neill)

Bugfixes:

These changes are made available for testing in the latest development builds:

(macOS and Android builds will be available in the future.)

Ways to help Krita

Krita is a Free and Open Source application, mostly developed by an international team of enthusiastic volunteers. Donations from Krita users to support maintenance and development is appreciated. Join the Development Fund with a monthly donation. Or make a one-time donation here.

Categories: FLOSS Project Planets

Seth Michael Larson: Regex character “$” doesn't mean “end-of-string”

Planet Python - Fri, 2024-03-08 19:00
Regex character “$” doesn't mean “end-of-string” AboutBlogNewsletterLinks Regex character “$” doesn't mean “end-of-string”

Published 2024-03-09 by Seth Larson
Reading time: minutes

This article is about a bit of surprising behavior I recently discovered using Python's regex module (re) while developing SBOM tooling for CPython.

Folks who've worked with regular expressions before might know about ^ meaning "start-of-string" and correspondingly see $ as "end-of-string". So the pattern cat$ would match the string "lolcat" but not "internet cat video".

The behavior of ^ made me think that $ was similar, but they aren't always symmetrical and the behavior is platform-dependent. Specifically for Python with multiline mode disabled the $ character can match either the end of a string or a trailing newline before the end of a string.

So if you're trying to match a string without a newline at the end, you can't only use $ in Python! My expectation was having multiline mode disabled wouldn't have had this newline-matching behavior, but that isn't the case.

Next logical question is how does one match the end of a string without a newline in Python?

After doing more research on Python and other regular expression syntaxes I also found \z and \Z as candidates for "end-of-string" characters.

Multi-line mode is enabled with re.MULTILINE in Python, the docs have the following to say:

When re.MULTILINE is specified the pattern character '$' matches at the end of the string and at the end of each line (immediately preceding each newline). By default, '$' only matches at the end of the string and immediately before the newline (if any) at the end of the string.

Let's see how these features work together across multiple platforms:

Pattern matches "cat\n"? "cat$" multiline "cat$" no multiline "cat\z" "cat\Z" PHP ✅ ✅ ❌ ✅ ECMAScript ✅ ❌ ⚠️ ⚠️ Python ✅ ✅ ⚠️ ❌ Golang ✅ ❌ ❌ ⚠️ Java 8 ✅ ✅ ❌ ✅ .NET 7.0 ✅ ✅ ❌ ✅ Rust ✅ ❌ ❌ ⚠️
  • ✅: Pattern matches the string "cat\n"
  • ❌: Pattern does not match the string "cat\n"
  • ⚠️: Pattern is invalid or character not supported.

Summarizing the above table, if matching a trailing newline is acceptable then $ with multiline mode works consistently across all platforms, but if we wanted to not match a trailing newline then things get more complicated.

To not match a trailing newline, use \z on all platforms except Python and ECMAScript where you'll need to use \Z or $ without multiline mode respectively. Hope you learned something about regular expressions today!

Note: The table of data was gathered from regex101.com, I didn't test using the actual runtimes.

Thanks for reading! ♡ Did you find this article helpful and want more content like it? Get notified of new posts by subscribing to the RSS feed or the email newsletter.

This work is licensed under CC BY-SA 4.0

Categories: FLOSS Project Planets

Valhalla's Things: Elastic Neck Top Two: MOAR Ruffles

Planet Debian - Fri, 2024-03-08 19:00
Posted on March 9, 2024
Tags: madeof:atoms, craft:sewing, FreeSoftWear

After making my Elastic Neck Top I knew I wanted to make another one less constrained by the amount of available fabric.

I had a big cut of white cotton voile, I bought some more swimsuit elastic, and I also had a spool of n°100 sewing cotton, but then I postponed the project for a while I was working on other things.

Then FOSDEM 2024 arrived, I was going to remote it, and I was working on my Augusta Stays, but I knew that in the middle of FOSDEM I risked getting to the stage where I needed to leave the computer to try the stays on: not something really compatible with the frenetic pace of a FOSDEM weekend, even one spent at home.

I needed a backup project1, and this was perfect: I already had everything I needed, the pattern and instructions were already on my site (so I didn’t need to take pictures while working), and it was mostly a lot of straight seams, perfect while watching conference videos.

So, on the Friday before FOSDEM I cut all of the pieces, then spent three quarters of FOSDEM on the stays, and when I reached the point where I needed to stop for a fit test I started on the top.

Like the first one, everything was sewn by hand, and one week after I had started everything was assembled, except for the casings for the elastic at the neck and cuffs, which required about 10 km of sewing, and even if it was just a running stitch it made me want to reconsider my lifestyle choices a few times: there was really no reason for me not to do just those seams by machine in a few minutes.

Instead I kept sewing by hand whenever I had time for it, and on the next weekend it was ready. We had a rare day of sun during the weekend, so I wore my thermal underwear, some other layer, a scarf around my neck, and went outside with my SO to have a batch of pictures taken (those in the jeans posts, and others for a post I haven’t written yet. Have I mentioned I have a backlog?).

And then the top went into the wardrobe, and it will come out again when the weather will be a bit warmer. Or maybe it will be used under the Augusta Stays, since I don’t have a 1700 chemise yet, but that requires actually finishing them.

The pattern for this project was already online, of course, but I’ve added a picture of the casing to the relevant section, and everything is as usual #FreeSoftWear.

  1. yes, I could have worked on some knitting WIP, but lately I’m more in a sewing mood.↩︎

Categories: FLOSS Project Planets

Louis-Philippe Véronneau: Acts of active procrastination: example of a silly Python script for Moodle

Planet Debian - Fri, 2024-03-08 18:15

My brain is currently suffering from an overload caused by grading student assignments.

In search of a somewhat productive way to procrastinate, I thought I would share a small script I wrote sometime in 2023 to facilitate my grading work.

I use Moodle for all the classes I teach and students use it to hand me out their papers. When I'm ready to grade them, I download the ZIP archive Moodle provides containing all their PDF files and comment them using xournalpp and my Wacom tablet.

Once this is done, I have a directory structure that looks like this:

Assignment FooBar/ ├── Student A_21100_assignsubmission_file │   ├── graded paper.pdf │   ├── Student A's perfectly named assignment.pdf │   └── Student A's perfectly named assignment.xopp ├── Student B_21094_assignsubmission_file │   ├── graded paper.pdf │   ├── Student B's perfectly named assignment.pdf │   └── Student B's perfectly named assignment.xopp ├── Student C_21093_assignsubmission_file │   ├── graded paper.pdf │   ├── Student C's perfectly named assignment.pdf │   └── Student C's perfectly named assignment.xopp ⋮

Before I can upload files back to Moodle, this directory needs to be copied (I have to keep the original files), cleaned of everything but the graded paper.pdf files and compressed in a ZIP.

You can see how this can quickly get tedious to do by hand. Not being a complete tool, I often resorted to crafting a few spurious shell one-liners each time I had to do this1. Eventually I got tired of ctrl-R-ing my shell history and wrote something reusable.

Behold this script! When I began writing this post, I was certain I had cheaped out on my 2021 New Year's resolution and written it in Shell, but glory!, it seems I used a proper scripting language instead.

#!/usr/bin/python3 # Copyright (C) 2023, Louis-Philippe Véronneau <pollo@debian.org> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. """ This script aims to take a directory containing PDF files exported via the Moodle mass download function, remove everything but the final files to submit back to the students and zip it back. usage: ./moodle-zip.py <target_dir> """ import os import shutil import sys import tempfile from fnmatch import fnmatch def sanity(directory): """Run sanity checks before doing anything else""" base_directory = os.path.basename(os.path.normpath(directory)) if not os.path.isdir(directory): sys.exit(f"Target directory {directory} is not a valid directory") if os.path.exists(f"/tmp/{base_directory}.zip"): sys.exit(f"Final ZIP file path '/tmp/{base_directory}.zip' already exists") for root, dirnames, _ in os.walk(directory): for dirname in dirnames: corrige_present = False for file in os.listdir(os.path.join(root, dirname)): if fnmatch(file, 'graded paper.pdf'): corrige_present = True if corrige_present is False: sys.exit(f"Directory {dirname} does not contain a 'graded paper.pdf' file") def clean(directory): """Remove superfluous files, to keep only the graded PDF""" with tempfile.TemporaryDirectory() as tmp_dir: shutil.copytree(directory, tmp_dir, dirs_exist_ok=True) for root, _, filenames in os.walk(tmp_dir): for file in filenames: if not fnmatch(file, 'graded paper.pdf'): os.remove(os.path.join(root, file)) compress(tmp_dir, directory) def compress(directory, target_dir): """Compress directory into a ZIP file and save it to the target dir""" target_dir = os.path.basename(os.path.normpath(target_dir)) shutil.make_archive(f"/tmp/{target_dir}", 'zip', directory) print(f"Final ZIP file has been saved to '/tmp/{target_dir}.zip'") def main(): """Main function""" target_dir = sys.argv[1] sanity(target_dir) clean(target_dir) if __name__ == "__main__": main()

If for some reason you happen to have a similar workflow as I and end up using this script, hit me up?

Now, back to grading...

  1. If I recall correctly, the lazy way I used to do it involved copying the directory, renaming the extension of the graded paper.pdf files, deleting all .pdf and .xopp files using find and changing graded paper.foobar back to a PDF. Some clever regex or learning awk from the ground up could've probably done the job as well, but you know, that would have required using my brain and spending spoons... 

Categories: FLOSS Project Planets

Python Morsels: List slicing in Python

Planet Python - Fri, 2024-03-08 17:16

In Python, slicing looks like indexing with colons (:). You can slice a list (or any sequence) to get the first few items, the last few items, or all items in reverse.

Table of contents

  1. Getting the first N elements from a list
  2. Slicing makes a new list
  3. The start index is inclusive but the stop index is exclusive
  4. Default slice start/stop values
  5. Why the stop index isn't included in slices
  6. Negative indexes work too
  7. Out-of-bounds slicing is allowed
  8. The slice step value
  9. Slicing works on all sequences
  10. The most common uses for slicing in Python
  11. Use slicing to get "slices" of sequences in Python

Getting the first N elements from a list

Let's say we have a fruits variable that points to a list:

>>> fruits = ['watermelon', 'apple', 'lime', 'kiwi', 'pear', 'lemon', 'orange'] >>> fruits ['watermelon', 'apple', 'lime', 'kiwi', 'pear', 'lemon', 'orange']

We can get an item from this list by indexing it:

>>> fruits[3] 'kiwi'

If we put a colon and another number inside the square brackets, we'll slice this list instead of indexing it:

>>> fruits[0:3] ['watermelon', 'apple', 'lime']

Slicing a list gives us back a new list. We're getting a list of the first three items within our original list.

Slicing makes a new list

Note that the original list …

Read the full article: https://www.pythonmorsels.com/slicing/
Categories: FLOSS Project Planets

Aten Design Group: Drupal Web Projects Leveled Up with Mercury Editor

Planet Drupal - Fri, 2024-03-08 15:39
Drupal Web Projects Leveled Up with Mercury Editor jenna Fri, 03/08/2024 - 13:39 Mercury Editor Process Drupal

Not all choices are created equal. On a web development project, leaders are faced with thousands of decisions, but only a handful of those fundamentally impact the entire project and post-launch success of the website. As a digital project manager, I serve clients by focusing their attention on highly impactful choices and offering informed guidance to achieve their goals. One key choice on every Drupal website redesign project is how editors will build pages on the new website, and my consistent guidance is to go with Mercury Editor.

What is Mercury Editor?

Mercury Editor is a drag-and-drop content editing module that we built for Drupal 9 and 10 websites. It allows Drupal site managers the freedom to implement anything from standardized, form-like content types to blank canvas pages with dozens of component options.

Video file Video demonstration of publishing content on a Drupal websiteWhy is Mercury Editor the best option for Drupal projects? What you see is what you get

Have you ever had to work through sheer guesswork? Trying to envision in your mind’s eye how something is going to line up, but never able to see it happening in real time? If you manage content in a Drupal site, the answer is probably yes! Mercury Editor finally gives editors a way to see what they’re building as they’re building it, on both desktop and mobile scales. Honestly, if the list ended here, it would still be enough for Mercury to be my go-to recommendation.

It’s easy to learn

Clients commonly underestimate how much effort is required to get their new site’s content ready for launch – it is truly a second major project running in parallel to the site build itself. Not only does it take time for a team to create, translate, and build dozens, hundreds, or even thousands of pages of content, but it also asks the client team to learn a new page-building tool at the same time.

Mercury Editor relieves this pressure simply by being easy to learn. Once you see how to add any new component, that immediately scales up to any other component on any content type. Using the plus button to add new components or dragging them around the page just makes sense. Choosing an intuitive tool means that instead of struggling to know how to do their important work before launch, they can just focus on doing it.

It creates a sustainable post-launch site

Mercury has little-to-no ongoing maintenance needs, no licensing fees or restrictions, no limits on pages created, and it removes the need for developers to help make new pages or page edits down the road. A single, non-technical user can realistically maintain an entire website’s content after a short primer on how to use Mercury.

Flexible or formulaic – it supports the right level of complexity for you

A robust technical application like Drupal needs a page-building tool that can hang with it. Mercury offers a lot of knobs we can dial up or down to give different teams the level of flexibility that is right for them. Want to avoid decision paralysis or differing layouts across similar types of content? Go simpler. Want to give more creative freedom to editors? Expand the options. Mercury can do both within a single design philosophy.

For large teams that want a consistent look across editors, Mercury Editor allows us to:

  • create predefined layout templates as an instant starting point for editors
  • dial back on multi-column layout options
  • restrict which components can be placed on a content type

For small teams that want more creative freedom, Mercury allows us to:

  • create different components for use in different contexts
  • let editors select rules and filters for dynamic components within the interface without needing a developer
  • offer complex section and multi-column options
  • use components in unexpected ways without breaking the look and feel of the site
Streamline your Drupal project with Aten

I’m a project manager. I know how choices impact the time, budget, and success of a website redesign project. Choosing a page-building tool that the Aten team is intimately familiar with is going to save your project time and money and will result in a design that leans into the tool used to implement it in the end.

Our team speaks Mercury – Aten’s clients benefit from our team’s experience working with this Drupal editor, and they begin to learn the editing experience themselves early in the project. Our design team knows what Mercury can do and how to create the best post-launch editor experience from the very first conversation of the project.

It’s a reflection of Aten’s values

Values matter to our clients, and they matter to us. My colleague Kathryn Sutton spoke about Aten’s organizational values in a recent webinar. Mercury Editor is another manifestation of those values in tangible, product form. It obviously embodies values like creative, productive, and collaborative. A tool that enables creative page editors to build to their vision is a natural, almost inevitable, conclusion to Aten’s core values.

What may be less obvious at first glance is how Mercury is shaped by other values like trustworthy and thoughtful. Mercury Editor is not just a tool but a commitment from Aten to the Drupal community – to support and grow Mercury Editor for years to come, with plans through Drupal 12 and beyond. By adopting this module, you adopt the assurance that we have your back.

We are not mercurial when it comes to Mercury. It matters to us, we stand behind it, and we invest heavily in its accessibility, reliability, and constant improvement.

As for the final Aten value, eager? We made Mercury Editor, and we would love to make it work for you. Get in touch about your next Drupal project, and we’ll make it happen.

Jake Douma, PMP
Categories: FLOSS Project Planets

PSA: enable 3D acceleration in your VirtualBox VMs

Planet KDE - Fri, 2024-03-08 12:07

It’s come to our attention that some changes made for KWin in Plasma 6 aren’t compatible with the old and outdated software-rendering graphics drivers in VirtualBox. Thankfully there’s a solution: enable 3D acceleration in the machine settings. It not only resolves the issue, but also enables all the fancy graphical effects you would expect to see on a bare-metal installation. This is especially important if you’re using a VM for a review, screenshots, or videos of Plasma 6!

I’ve reached out to the VirtualBox devs regarding the possibility of making this happen automatically. But in case that doesn’t happen, it’s up to VirtualBox users to manually enable 3D acceleration in their machine settings.

Categories: FLOSS Project Planets

Kubuntu Community Update – March 2024

Planet KDE - Fri, 2024-03-08 11:53

Greetings, Kubuntu enthusiasts! It’s time for our regular community update, and we’ve got plenty of exciting developments to share from the past month. Our team has been hard at work, balancing the demands of personal commitments with the passion we all share for Kubuntu. Here’s what we’ve been up to:

Localstack & Kubuntu Joint Press Release


We’re thrilled to announce that we’ve been working closely with Localstack to prepare a joint press release that’s set to be published next week. This collaboration marks a significant milestone for us, and we’re eager to share the details with you all. Stay tuned!

Kubuntu Graphic Design Contest

Our Kubuntu Graphic Design contest, initiative is progressing exceptionally well, showcasing an array of exciting contributions from our talented community members. The creativity and innovation displayed in these submissions not only highlight the diverse talents within our community but also contribute significantly to the visual identity and user experience of Kubuntu. We’re thrilled with the participation so far and would like to remind everyone that the contest remains open to applicants until the 31st of March, 2024. This is a wonderful opportunity for designers, artists, and enthusiasts to leave their mark on Kubuntu and help shape its aesthetic direction. If you haven’t submitted your work yet, we encourage you to take part and share your vision with us. Let’s continue to build a visually stunning and user-friendly Kubuntu together

Kubuntu Wiki Support Forum


Our search for a new home for the Kubuntu Wiki Support Forum is progressing well. We understand the importance of having a reliable and accessible platform for our users to find support and share knowledge. Rest assured, we’re on track to make this transition as smooth as possible.

New Donations Platforms


In our efforts to ensure the sustainability and growth of Kubuntu, we’re in the process of introducing new donation platforms. Jonathan Riddell is at the helm, working diligently to align our financial controls and operations. This initiative will help us better serve our community and foster further development.

Collaboration with Kubuntu Focus


Exciting developments are on the horizon as we collaborate with Kubuntu Focus to curate a new set of developer tools. While we’re not ready to divulge all the details just yet, we’re confident that this partnership will yield invaluable resources for cloud software developers in our community. More information will be shared soon.

Kubuntu Matrix Communication


We’re happy to report that our efforts to enhance communication within the Kubuntu community have borne fruit. We now have a dedicated Kubuntu Space on Matrix, complete with channels for Development, Discussion, and Support. This platform will make it easier for our community to connect, collaborate, and provide mutual assistance.

A Word of Appreciation


The past few weeks have been a whirlwind of activity, both personally and professionally. Despite the challenges, the progress we’ve made is a testament to the dedication and hard work of everyone involved in the Kubuntu project. A special shoutout to Scarlett Moore, Aaron Rainbolt, Rik Mills and Mike Mikowski for their exceptional contributions and to the wider community for your unwavering support. Your enthusiasm and commitment are what drive us forward.

As we look towards the exciting release of Kubuntu 24.04, we’re filled with anticipation for what the future holds. Our journey is far from over, and with each step, we grow stronger and more united as a community. Thank you for being an integral part of Kubuntu. Here’s to the many achievements we’ll share in the days to come!

Stay connected, stay inspired, and as always, thank you for your continued support of Kubuntu.

— The Kubuntu Team

Categories: FLOSS Project Planets

The Drop Times: Inspiring Inclusion: Celebrating the Women in Drupal | #1

Planet Drupal - Fri, 2024-03-08 11:24
The DropTimes is proud to present a new initiative highlighting the remarkable contributions of women in the Drupal community as part of our "Women in Drupal" campaign. This initiative aligns with inspiring inclusion; throughout March, we will be dedicating our platform to showcase these influential figures' unique perspectives and achievements.

As we delve into the stories of women like Rachel Lawson, AmyJune Hineline, Fei Lauren, Sinduri Guntupalli, Stella Power and Krishna R P, The DropTimes aims to shed light on the diverse voices and talents that enrich the Drupal community. Join us throughout March as we explore their journeys, challenges, and insights, offering inspiration and advocating for greater inclusion within the tech industry and beyond.
Categories: FLOSS Project Planets

PyCharm: PyCharm 2024.1 EAP 8: Enhanced Support for Terraform

Planet Python - Fri, 2024-03-08 10:37

PyCharm 2024.1 EAP 8 is now available, providing a sneak peek into some exciting new features planned for the next major release. A notable update of this build is enhanced support for Terraform.

You can download the new version from our website, update directly from the IDE or via the free Toolbox App, or use snaps for Ubuntu.

Download PyCharm 2024.1 EAP

Enhanced Terraform support

In the upcoming 2024.1 update, we are excited to announce significant improvements in support for infrastructure as code development for Terraform, aimed at developers, Site Reliability Engineers (SREs), and DevOps. This update includes a series of new features and enhancements, specifically designed to simplify the process of creating, managing, and scaling your infrastructure. 

Suggestion to run terraform init

To initialize the working directory with Terraform code files, running terraform init is necessary. This is often overlooked, leading to error messages from Terraform itself, as well as incomplete code autocompletion and partial documentation display. To avoid this, the IDE now explicitly and simply suggests doing so.

Support for third-party providers from the Terraform Registry

PyCharm now offers extended code completion capabilities for the range of more than 3900 third-party Terraform providers, making it easier for developers to write code efficiently. Additionally, you’ll find the latest documentation for each of these providers, along with their specific versions, directly within the IDE. 

This allows for the exploration of new Terraform providers and faster learning of their capabilities without leaving the IDE.

Support for Terraform Template Language (tftpl)

In our latest update, we’re excited to unveil support for the Terraform Template language (tftpl), enhancing your workflow with configuration files, scripts, or any program code, such as web server, network, or service configurations. Templating just got easier! Now, you can dynamically fill in values within your templates at runtime, streamlining the process of rendering templates for specific uses.

By default, files with the *.tftpl extension are recognized as plain text with templating capabilities. However, if your requirements are more specific, we’ve added the option to seamlessly integrate with your preferred programming language. Simply right-click the file, select Change plain text template to data language and choose the language that matches your tftpl files. This feature is designed to enhance your templating experience, making it more flexible and powerful than ever before.

The TFTPL language supports not just variable templating, control flow elements but also encompasses lists and maps, along with the ability to generate JSON and YAML formats.

Version control systems  Visual indicators for pending GitHub updates

We’ve introduced visual indicators to hint about pending updates within your code review workflow. When there are changes requiring your attention, a blue dot badge will appear on the tool window icon. Additionally, unseen pull requests will be marked with a blue dot, ensuring you don’t miss updates in your code review process.

These are the most notable updates brought by this week’s EAP build. For a comprehensive overview of all the implemented changes, please refer to the release notes

We highly value your feedback on the new features since your insights play an essential role in molding the final version of the release. Feel free to share your thoughts in the comments below or via X (formerly Twitter). Should you encounter any bugs, please submit a report via our issue tracker

Categories: FLOSS Project Planets

Drupal Association blog: Contributor guide: Maximizing Impactful Contributions

Planet Drupal - Fri, 2024-03-08 09:48

As I have mentioned in the past, many people and companies have communicated to me in the past their willingness to know how they could make their contribution more impactful to Drupal and the Drupal association. The Bounty program has proved success, and we are exploring and getting new ideas to extend it. However we don't want to stop here.

That’s why we are publishing today this list of strategic initiatives, and list of issues and modules where your contribution should be more impactful.

Additionally we may want at some point to grant extra credits to some those issues. For now, if you are not sure where to contribute but you want to make sure that your contribution makes a difference, have a look at this list and take your pick. 

And have in mind that this is a work in progress or a living document. Some sections will need proposals that we will start populating after internal review, and depending on the feedback received on the usefulness of this document.

Strategic Initiatives

Strategic initiatives are where some of the most important innovations in Drupal happen. These are often big picture ideas to add major new features to Drupal that range from improving major apis, to adding better page building, to improving the total cost of ownership by adding quality of life features, and much more. 

Participating in a strategic initiative can be challenging but also rewarding. It is not a place for a drive-by contribution - it's a place to join if you have dedicated time to devote, are willing to listen and learn from the existing contributors and initiative leads before you jump in, and have a strong background in related areas.

Find here more information about the current Strategic Initiatives.

Issues

Contributing to individual issues can be less of a long-term commitment than participating in Strategic Initiatives, but it can also be overwhelming because of the sheer number of issues on Drupal.org. It's also very important to follow the issue etiquette guidelines when contributing to issues. Most of all - listen to and respect the project maintainer and their guidance when contributing to issues on their project. It's better to help solve existing issues to show your willingness to help before opening any new ones.

Modules and projects

Drupal is built on the back of a powerful ecosystem of extensions, modules, themes, distributions, etc. These extensions are crucial for supporting the vast variety of industry use cases that Drupal is used for, and oftentimes some of the most important innovations in Drupal begin as contributed extensions. 

These are just a few projects that could use contribution support to help advance Drupal.

Top used patches
  • Would it be amazing to have a list of most used patches, and propose those as priorities to get fixed? We are working on extracting that list. COMING SOON
  • Would you like to propose a patch or patches on this section? Send me your suggestions and why it would make a difference to: alex.moreno@association.drupal.org
Easy picks

Issues that are easy to fix or just need a little push

Ideas/others?

Contact me: alex.moreno@association.drupal.org

Educational resources for contribution

We offer some detailed resources that we recommend everyone review when learning to first contribute: 

Resource #1: A video introduction to contribution:

https://www.youtube.com/watch?v=lu7ND0JT-8A

Resource #2: A slide deck which goes into greater depth about contribution:

https://docs.google.com/presentation/d/1jvU0-9Fd4p1Bla67x9rGALyE7anmzjhQ4vPUbf4SGhk/edit 

Resource #3: The First Time Contributors Workshop from DrupalCon Global:

https://www.youtube.com/watch?v=0K0uIgKaVNQ

Avoid contribution behavior that seems motivated just to 'game the system'

It's unfortunate, but we do sometimes see contributors who appear and disappear on single issues on small, repetitive tasks that could just as easily be handled by automated tools. These issues are generally not eligible for credit anyway, and often cause frustration for Project Maintainers. It's not good for you or your company's reputation to contribute in this way.

Resource #4: Abuse of the credit system

These guidelines help clarify what kinds of contributions are not considered acceptable for marketplace credit.

https://www.drupal.org/drupalorg/docs/marketplace/abuse-of-the-contribution-credit-system

We did see some recent examples of issues being opened for individual phpcs issues, when we prefer to see all phpcs issues fixed in a single issue, for example. 

Categories: FLOSS Project Planets

Droptica: Why is Drupal a Perfect CMS for Higher Education? 8 Reasons

Planet Drupal - Fri, 2024-03-08 09:00

Universities need a solid online presence to attract students, connect with stakeholders, provide valuable information, and foster collaboration among different departments. Choosing the right content management system is therefore crucial so that you can easily develop a user-friendly, attractive, and informative website. This article will explore why Drupal is the ideal CMS for higher education institutions.

Categories: FLOSS Project Planets

Real Python: The Real Python Podcast – Episode #195: Building a Healthy Developer Mindset While Learning Python

Planet Python - Fri, 2024-03-08 07:00

How do you get yourself unstuck when facing a programming problem? How do you develop a positive developer mindset while learning Python? This week on the show, Bob Belderbos from Pybites is here to talk about learning Python and building healthy developer habits.

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

Categories: FLOSS Project Planets

Web Review, Week 2024-10

Planet KDE - Fri, 2024-03-08 06:06

Let’s go for my web review for the week 2024-10.

KDE Neon shows that the Plasma 6 Linux distro is something truly special | ZDNET

Tags: tech, kde, foss

Another nice review for Plasma 6. Looks like it’s getting mostly very positive reviews. So glad!

https://www.zdnet.com/article/kde-neon-shows-that-the-plasma-6-linux-distro-is-something-truly-special/


CACM Is Now Open Access – Communications of the ACM

Tags: tech, science, research

This is great news, more scientific papers from the past decades will be accessible to everyone.

https://cacm.acm.org/news/cacm-is-now-open-access-2/


French Court Issues Damages Award for Violation of GPL – Copyleft Currents

Tags: tech, copyright, foss, law

This is a nice ruling about GPL violation in France. Gives some more weight to the GPL.

https://heathermeeker.com/2024/02/17/french-court-issues-damages-award-for-violation-of-gpl/


European crash tester says carmakers must bring back physical controls | Ars Technica

Tags: tech, automotive, ux

This is an important request. It has safety implications. It is non-binding request of course, but the insurance companies pay attention to it and so could have an impact.

https://arstechnica.com/cars/2024/03/carmakers-must-bring-back-buttons-to-get-good-safety-scores-in-europe/


Progressive Web Apps in EU will work fine in iOS 17.4

Tags: tech, apple, law, criticism

Looks like enough people complained that they had to change course. Good, until the next bad move…

https://appleinsider.com/articles/24/03/01/apple-reverses-course-on-death-of-progressive-web-apps-in-eu


Nvidia bans using translation layers for CUDA software

Tags: tech, nvidia, computation, vendor-lockin

This was only a matter of time before we’d see such a move. This doesn’t bode well for things like ZLUDA.

https://www.tomshardware.com/pc-components/gpus/nvidia-bans-using-translation-layers-for-cuda-software-to-run-on-other-chips-new-restriction-apparently-targets-zluda-and-some-chinese-gpu-makers


Generative AI’s environmental costs are soaring — and mostly secret

Tags: tech, ai, machine-learning, gpt, water, energy, ecology

This is one of the main problems with using those generative models as currently provided. It’s time for the legislators to step up, we can’t let a couple of players hoard energy and water for themselves.

https://www.nature.com/articles/d41586-024-00478-x


We’re told AI neural networks ‘learn’ the way humans do. A neuroscientist explains why that’s not the case

Tags: tech, neural-networks, ai, machine-learning, neuroscience

Friendly reminder that the neural networks we use are very much artificial. They’re also far from working like biological ones do.

https://theconversation.com/were-told-ai-neural-networks-learn-the-way-humans-do-a-neuroscientist-explains-why-thats-not-the-case-183993


Radicle: sovereign code infrastructure

Tags: tech, git, version-control, p2p

Looks like an interesting approach for a new family of development forges. Fully distributed and peer to peer, I wonder if it’ll pick up.

https://radicle.xyz/


List of 2024 Leap Day Bugs

Tags: tech, time

We’re collectively still failing at handling leap days properly it seems.

https://codeofmatt.com/list-of-2024-leap-day-bugs/


The Hunt for the Missing Data Type

Tags: tech, graph, mathematics, matrix, performance

Indeed, graphs are peculiar beasts. When dealing with graph related problems there are so many choices to make that it’s hard or impossible to come up with a generic solution.

https://www.hillelwayne.com/post/graph-types/


The “missing” graph datatype already exists. It was invented in the ‘70s

Tags: tech, graph, mathematics, performance

A response to “The Hunt for the Missing Data Type” article. There are indeed potential solutions, but they’re not really used/usable in the industry right now. Maybe tomorrow.

https://tylerhou.com/posts/datalog-go-brrr/


Java is becoming more like Rust, and I am here for it! | Josh Austin

Tags: tech, java, type-systems

Don’t fret, this just illustrates the fact that immutable data and algebraic data types are easier to have in Java now. Still that’s very good things to see spread in many languages.

https://joshaustin.tech/blog/java-is-becoming-rust/


CSS for printing to paper

Tags: tech, web, frontend, css, javascript

Nice set of tricks (might also involve Javascript, not only CSS) when you need to format web content for printing.

https://voussoir.net/writing/css_for_printing


DUSt3R: Geometric 3D Vision Made Easy

Tags: tech, 3d, computer-vision

Looks like an interesting pipeline for multi-view stereo reconstruction.

https://dust3r.europe.naverlabs.com/


How I use git worktrees - llimllib notes

Tags: tech, git, version-control, tools

Good reminder that git worktrees exist. They definitely come in handy sometimes.

https://notes.billmill.org/blog/2024/03/How_I_use_git_worktrees.html


Twenty Years Is Nothing – De Programmatica Ipsum

Tags: tech, version-control, git, history

Going back on the history of the introduction of version control in software engineering and how Git ended up so dominant. We often forget there was a time before Git.

https://deprogrammaticaipsum.com/twenty-years-is-nothing/


Google Testing Blog: Increase Test Fidelity By Avoiding Mocks

Tags: tech, tests

This is a good explanation of why you should limit your use of mocks. It also highlights some of the alternatives.

https://testing.googleblog.com/2024/02/increase-test-fidelity-by-avoiding-mocks.html?m=1


I’m a programmer and I’m stupid

Tags: tech, programming, craftsmanship, complexity

Interesting how feeling stupid can actually push you toward good engineering practices, isn’t it?

https://antonz.org/stupid/


Defining, Measuring, and Managing Technical Debt

Tags: tech, technical-debt, cognition

A bit of a high level view on technical debt. There’s a couple of interesting insights though. In particular the lack of good metrics to evaluate technical debt… and the fact that it’s probably about “both the present state and the possible state” of the code base. So it’s very much linked to the human cognition in order to conceive the “ideal state”.

https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10109339


Enabling constraints | Organizing Chaos

Tags: tech, architecture, complexity

Interesting thinking about constraints and their rough classification as restrictive or enabling. I also liked how they’re tied to complexity.

https://jordankaye.dev/posts/enabling-constraints/


The Bureaucratization of Agile. Why Bureaucratic Software Environments… | by Kevin Meadows | Feb, 2024 | Medium

Tags: tech, agile, management, project-management, product-management, culture

A few points to take with a pinch of salt, especially regarding the proposed solutions. Still it makes a very good point that most transformation failures toward agile organizations are due to lack of trust and the swapping of one bureaucracy for another.

https://jmlascala71.medium.com/the-bureaucratization-of-agile-025dd5e2d2d0


These companies tried a 4-day workweek. More than a year in, they still love it : NPR

Tags: management, work, life

Interesting outcome from those experiments. Interesting insights coming from the practices the companies put in place. The failures also bring interesting information.

https://www.npr.org/2024/02/27/1234271434/4-day-workweek-successful-a-year-later-in-uk


Lemmings: Can You Dig It?

Tags: tech, game, history

Very nice documentary about the creation of Lemmings. It’s especially incredible what you can do with a bunch of pixels. This is a lesson in minimalism. And to think it was initially rejected by publishers… This is a fascinating story through and through with a lot of (sometimes surprising) ramifications.

https://www.youtube.com/watch?v=RbAVNKdk9gA


Bye for now!

Categories: FLOSS Project Planets

LN Webworks: How To Protect Your Website With Drupal 10 From Cyber Threats

Planet Drupal - Fri, 2024-03-08 01:44

In 2024, safeguarding your website against a multitude of online threats has become more crucial than ever. With cyberattacks posing significant risks that can potentially cripple your business, ensuring the security and safety of your digital presence is paramount. 

Enter Drupal 10, a robust CMS equipped with advanced features designed to protect your website from these looming dangers. This comprehensive guide will dive into the talk about the prominent thread out there for your website and the key steps you need to take to protect your website. 

Knowing Potential Threats that Can Harm Your Drupal 10 Website:

Before forging your Drupal 10 security shields, understanding the enemies you face is important. Here's a deeper dive into the most common threats, their tactics, and their potential impact:

Categories: FLOSS Project Planets

www @ Savannah: Malware in Proprietary Software - Latest Additions

GNU Planet! - Thu, 2024-03-07 21:05

The initial injustice of proprietary software often leads to further injustices: malicious functionalities.

The introduction of unjust techniques in nonfree software, such as back doors, DRM, tethering, and others, has become ever more frequent. Nowadays, it is standard practice.

We at the GNU Project show examples of malware that has been introduced in a wide variety of products and dis-services people use everyday, and of companies that make use of these techniques.

Here are our latest additions February 2024

Proprietary Surveillance

  • Surveillance cameras put in by government A to surveil for it may be surveilling for government B as well. That's because A put in a product made by B with nonfree software.

(Please note that this article misuses the word "hack" to mean "break security.")

January 2024

Malware in Cars

A good privacy law would prohibit cars recording this data about the users' activities. But not just this data—lots of other data too.

DRM in Trains

  • Newag, a Polish railway manufacturer, puts DRM inside trains to prevent third-party repairs.
    • The train's software contains code to detect if the GPS coordinates are near some third party repairers, or the train has not been running for some time. If yes, the train will be "locked up" (i.e. bricked). It was also possible to unlock it by pressing a secret combination of buttons in the cockpit, but this ability was removed by a manufacturer's software update.
    • The train will also lock up after a certain date, which is hardcoded in the software.
    • The company pushes a software update that detects if the DRM code has been bypassed, i.e. the lock should have been engaged but the train is still operational. If yes, the controller cabin screen will display a scary message warning about "copyright violation."


Proprietary Insecurity in LogoFAIL


4K UHD Blu-ray Disks, Super Duper Malware

  • The UHD (Ultra High Definition, also known as 4K) Blu-ray standard involves several types of restrictions, both at the hardware and the software levels, which make “legitimate” playback of UHD Blu-ray media impossible on a PC with free/libre software.
    • DRM - UHD Blu-ray disks are encrypted with AACS, one of the worst kinds of DRM. Playing them on a PC requires software and hardware that meet stringent proprietary specifications, which developers can only obtain after signing an agreement that explicitly forbids them from disclosing any source code.
    • Sabotage - UHD Blu-ray disks are loaded with malware of the worst kinds. Not only does playback of these disks on a PC require proprietary software and hardware that enforce AACS, a very nasty DRM, but developers of software players are forbidden from disclosing any source code. The user could also lose the ability to play AACS-restricted disks anytime by attempting to play a new Blu-ray disk.
    • Tethering - UHD Blu-ray disks are encrypted with keys that must be retrieved from a remote server. This makes repeated updates and internet connections a requirement if the user purchases several UHD Blu-ray disks over time.
    • Insecurity - Playing UHD Blu-ray disks on a PC requires Intel SGX (Software Guard Extensions), which not only has numerous security vulnerabilities, but also was deprecated and removed from mainstream Intel CPUs in 2022.
    • Back Doors - Playing UHD Blu-ray disks on a PC requires the Intel Management Engine, which has back doors and cannot be disabled. Every Blu-ray drive also has a back door in its firmware, which allows the AACS-enforcing organization to "revoke" the ability to play any AACS-restricted disk.


Proprietary Interference

This is a reminder that angry users still have the power to make developers of proprietary software remove small annoyances. Don't count on public outcry to make them remove more profitable malware, though. Run away from proprietary software!

Categories: FLOSS Project Planets

Matt Layman: Do It Live - Building SaaS with Python and Django #185

Planet Python - Thu, 2024-03-07 19:00
In this episode, we deployed all our user setup and Stripe configuration change to the live site and tested the new flows end to end. Along the way, we found a bug in djstripe as well as some final bugs in the JourneyInbox configuration that prevented things from working. This is why you test!
Categories: FLOSS Project Planets

Pages