FLOSS Project Planets
The Heartbleed bug impacted PythonAnywhere (along with pretty much every Linux-based web service out there). We don't believe there's any risk that customer data has been leaked as a result of this problem, with the single exception of private keys for HTTPS certificates for custom domains -- that is, for websites hosted with us that don't end with .pythonanywhere.com. We don't have any reason to believe that those private keys were leaked either -- they're just the only data that we think could possibly have been leaked by it.
[UPDATE: Robert Graham at Errata Security points out that Heartbleed could also potentially have been used to harvest session cookies, usernames and passwords from users of affected sites. He's right, though it would be hard to do, and unlikely that someone would have targeted us for that. But just to be sure, we recommend you change your PythonAnywhere password, log out, then log back in again, and get users of your website to do likewise. Just to be clear on this: we don't think this has been used against us, and have no indication that it has. But it's better to be safe than sorry.]The details
As you may have read, a bug in OpenSSL was announced last night that could potentially have been used to extract data from webservers, for example the private keys used to encrypt websites' SSL certificates. It exploits the SSL heartbeat extension, and has been nicknamed "Heartbleed". There's more information in this TechCrunch article.
All servers running recent versions of Linux were affected -- a very large percentage of the Internet -- and PythonAnywhere's were among them. All of our servers have been patched since early this morning, so the attack is now not possible against us. The only risk is that data might have been leaked before then.
We do not believe at this time that there's any risk that any data apart from SSL certificates' private keys could have been leaked. So for most PythonAnywhere users, everything should be fine. (Our own key for our own certificate for www.pythonanywhere.com might have been leaked, but we've changed it and are working on revoking the old certificate.)
For those customers who host websites on custom domains with PythonAnywhere (that is, domains that don't end with .pythonanywhere.com), there is a possibility that hackers who knew about this bug before this morning could have used it to extract their private keys. We have notified all such customers by email with details on what to do next; if you do have a custom domain with your own certificate and haven't received an email from us, drop us a line and we'll let you know what to do next.
If you have any questions, just let us know.What we did
Due to some heroic work on the part of the Ubuntu team, patched versions of the affected libraries were ready by the time we started working on this. So patching all of our servers was just a few commands on each server that did HTTPS:apt-get update apt-get install openssl libssl-dev libssl1.0.0
And then a service tornado restart or service nginx restart, depending on what the HTTPS service was on the server.
We're confident that the patches we've applied are enough to fix the bug, at least as it's currently understood.
I will be attending the PyCon in Montreal this week, and I look forward to many of the talks and blogging about as much as I possibly can while I am there. If anybody whom follows Python Diary is attending, you should be-able to find me there.
Looking forward to all the excellent talks this year, and this is my very first PyCon, so you can just see how excited I must be!
Everything PyCon will be properly tagged on the blog, so just bookmark that tag for the latest news directly from PyCon 2014.
How did you first find out about open source communities? What is your opinion about them?
In 2005, a friend told me about Ubuntu, and since then I discover it. I love the open source philosophy, I think it's a great project and all those who participate are awesome people!
What was your first take on Krita when you tried it?
My first impression of krita has been very positive, intuitive interface and an excellent management of shortcuts and I don't know, for me, after using photoshop elements and gimp for several years, it was love at first sight!
What do you think needs improvement in Krita? Also, anything that you really hate about Krita?
For the improvements don't know, the only thing that makes me mad is the management of adjustments made with curves, I would prefer the bars with more or less ... I hope you understand what I mean …
In your opinion, what sets Krita apart from the other tools that you may be using?
In the past two years I have used only krita, I think it's for the responsiveness of the brush, with the tools that I used previously didn't have the same feeling.
If you had to pick one favorite of all your work done in Krita so far, what would it be?
Good question! Perhaps "bellezza sul lago".
What is it that you like about it? What brushes did you use in it?
In it I was able to retain, I think with a good result, different styles (impressionism and realism) in a single work. I used the default brush, with variation in size, opacity and shape (round and square).
Would you like to share it with our site visitors?
Sure, no problem!
Drupal 8 is bringing some great new features in addition to some fun DX changes. One of the ways I like to learn about these changes is to deconstruct the API.
The best way to deconstruct the API is to dive into code that has a certain purpose, like looking at the Breadcrumb API.
Since we know we’re focusing on Drupal 7 to Drupal 8 changes, we can also use the excellent documentation in the change records to help us.
A lot of custom blocks that show related content, connected taxonomy, or any other relationship to currently viewed page typically depend on menu_get_object(). I’m sad to say that our old friend is gone.
In Drupal 8, the way to get details about nodes are through the attributes of the request object in the global \Drupal namespace.
While the DX of this implementation is currently being discussed, as of this writing, to get details about the current node:<?php $node = \Drupal::request()->attributes->get('node'); ?> drupal_render() is EVERYTHING!
Consistency is a big theme (no pun intended) in Drupal 8. Render arrays are the main driver to staging content to be passed to the theme layer.
As such, the theme() function is now gone.
Instead, a new #theme array key is passed to build a piece of content programmatically.
For old core theme functions, like theme_table() or theme_link(), you can pass in the ‘table’ or ‘link’ keyword, respectively, to the #type array key.
As noted in the change record, to create a table of data with a pager, set the various keys, then pass it to drupal_render():<?php // Theme is available as an element type (may have additional processing in rendering). $table = array( '#type' => 'table', '#header' => $header, '#rows' => $rows, '#attributes' => array( 'id' => 'my-module-table', ), ); $markup = drupal_render($table); // Pager is not an element type, use #theme directly. $pager = array('#theme' => 'pager'); $markup = drupal_render($pager); ?> Want More?
I hope to you see in you in NYC this weekend!
Today Microsoft ends support for Windows XP.
To keep my friends’ PC-s currently running XP secure I announce the the “Move friends from XP to Linux days”.
If you are my friend feel free to contact me and we find some time to install Ubuntu on your machine keeping your Windows installation bootable as long as you want. Ubuntu is a Debian derivative Linux distribution which is easy to use.
First and foremost I’d like to thank the KDE e.V. that they invited me to extended board meeting in Berlin two weeks ago. I got some more insights in the board’s work and could participate in the fundraising workshop on Saturday. So what did we learn?
“Ask, ask again and ask for more” and “KISS – Keep it simple and smart”. I hope to be able to apply this and the other things we learned to the fundraising campaign for the Randa Meetings 2014 which we’re going to launch in the next weeks.
Another thing where I was quite active in the last weeks is the “recruitment” for people that should come to Randa this summer. As you of course already know, two of the topics this year are the KDE SDK and the porting of apps to KF5 and other platforms. Thus I tried to get in contact with KDE-Mac people and then also got in contact with people from Macports. I’m currently working on bringing the technical parts of the discussion back to KDE-Mac mailing list.
And I’m working further to bring Windows, Android and the aforementioned Mac people to Randa. So if you’re interested and I did not yet get in contact with you (under which rock were you hiding?;-) get in contact, please. One of my personal goals is it by the way to get some “foreign” machines to our CI park, namely Windows, Mac, Android and Co . There e.g. the Macports.org CI people could be of valueable help.
On another topic or actually the middle one in the title above: I’m happy to tell you that this year we’ve already three or four participants registered for the Randa Meetings whom will bring their families with them to Randa. Don’t fear, none of the money of the KDE e.V. will be used to pay their accommodation or travel and food costs. They will pay for their families’ stay. But why do I think that this is so nice?
Because I think this is an important step and the right direction. A huge problem of many free software communities is the fact, that contributors leave after they get graduated or get families. So it’s (IMNSHO) only in the best interest of KDE if there are possibilities for KDE contributors to bring their families to KDE meetings. It is nice if you can hack on KDE software during the day and eat lunch and dinner with your family and spend the evening with them. And who knows probably we need to organize a day nursery in the coming years.
But what about the coming years and my family? First and foremost I’d like to write here a huge and humongous thank you to my family, the small and the big one and even some farther relatives. Without them I couldn’t organize these meetings in Randa. So as you may have already read some time back I decided to found an association for the Randa Meetings and each year since the founding I was searching for some local sponsors for some expense allowance for me and some other helpers. Do you have any idea what amount of work it is to cook for this crowd for a whole week. You won’t believe how much KDE and free software people eat .
And to be honest for the coming years I plan to stabilize this expense allowance or even small wage even more. But don’t fear (again . None of the money of the KDE e.V. or the planned fundraising campaign will land in my wallet! I just want to be able to keep the Randa Meetings alive for the next years (I roughly estimate to work one to one and a half month on the organization of a single edition of the Randa Meetings) and thus look for new opportunities. So if you have some ideas tell me or at least participate in this is short and tiny (takes around a minute to fill in) survey or poll about this topic. Would be nice to have it widespread…
But what’s next for the Randa Meetings beneath the fundraising campaign? In the coming days I plan to poke and email the people and groups that are already registered for the sprints in Randa that they should check their data, check their groups and see who is missing and who needs to be poked. We need to fix a more or less final budget till the end of April.
So stay tuned when we launch the fundraising campaign for the Randa Meetings and help us to spread the word. Thanks for reading and don’t forget to flattr me below .
PS: This blog post already got a bit larger than planned but here is another PS :
PPS: In the coming days I plan as well to check the wiki pages for the Randa Meetings and add some information about the some hardware present at this year’s meetings (e.g. touch screen, WeTabs, etc.) which you can use and I will add some additional information for families.
After few betas, Inline Manual Drupal module has reached stable 1.0 version. Throw screenshots, screencasts and word documents away! Be interactive and agile. :)
"Inline Manual is a service to create interactive, reusable and easy to maintain step-by-step documentation for end-users of a website or application. Be it a tutorial "How to add a new user" within a CMS you've just built or a tutorial showing how to manage specific content."
The Drupal module allows you to:
My younger son, Oscar, asked me to put bananas into the lamb curry I was planning to cook. Which inspired this:
Diced leg of lamb
Fry the onions in the ghee. Add ginger and ground spices and fry for a minute more, then add the diced lamb and brown. Add the raisins, banana (sliced), dried apricot (roughly chopped) and lemon (cut into eighths, including skin) and some yoghurt. Cook on a medium heat until the yoghurt begins to dry out, then add some more. Repeat a couple of times (I used most of a 500ml tub of greek yoghurt). Salt to taste. Eat. The lemon is surprisingly edible.
I served it with saffron rice and dal with aubergines.
Ardent team at KnackForge always loves to get hands dirty with challenging projects. In this connection we recently took an interesting newsletter sending project from one of our potential clients who is doing relatively big in Internet marketing.
In brief, we were asked for a custom system for sending out newsletter emails, based on Drupal. Tentatively 600k emails to be sent per month. A newsletter list shall have up to 80k users and limited to a couple of lists to begin with.
We are pleased to announce the release of GNUnet 0.10.1. This release focuses on fixing the most pressing bugs that were found after the drastic changes from the GNUnet 0.10.0's release.
As of today, Microsoft has officially ended the support for Windows XP and it will no longer receive any security updates. Even with the updates, XP has never been a secure platform and by now users should really stop using it. But what should people install instead? Our recommendation is Lubuntu.
Windows XP has finally reached its end-of-life. Most people have probably already bought new computers that come preinstalled with a newer version of Windows and others have had the wisdom to move to another operating system for a long time ago. Considering the licensing model, performance and ease of use in newer Windows versions, it is completely understandable that there is a large amount of people who have decided to stick to XP for a long time. But now they must upgrade, and the question is, to what?
It is obvious that the solution is to install Linux. It is the only option when the requirement is having a usable desktop environment on the same hardware as XP was used on. But the hard choice is what Linux distribution to choose. For this purpose Seravo recommends Lubuntu version 14.04 (currently in beta-2, but final release coming in just a few weeks).
Why? First of all the underlying Linux distribution is Ubuntu, the worlds third most popular desktop operating system (after Windows and Mac). The big market share guarantees that there are plenty of peer users, support and expertise available. Most software publishers have easy to install packages for Windows, Mac and Ubuntu. All major pre-installed Linux desktop offerings are based on Ubuntu. And when you count in Ubuntu’s parent distribution Debian and all of the derivative Linux distributions, it is certainly the most widely used Linux desktop platform. There is safety in the numbers and a platform with lots of users is most likely maintained, so it is a safe choice. Ubuntu 14.04 is also a long term release (LTS), and the publishing company Canonical promises that the base of this Ubuntu release will receive updates and security fixes until 2019.
However we don’t recommend the default desktop environment Ubuntu provides. Instead we recommend to use the Ubuntu flavour Lubuntu, which comes with the desktop environment LXDE. This is a very lightweight graphical user interface, meaning it will be able to run on machines that have just 128 MB of RAM memory. On better machines LXDE will just be lightning fast to use, and it will leave more unused memory for other applications to use (e.g. Firefox, Thunderbird, LibreOffice etc). Also the default applications in Lubuntu are chosen to be lightweight ones, so the file manager and image viewers are fast. There are also some productivity software included like Abiword and Sylpheed, but most users will rather want to use the heavier but more popular equivalents like LibreOffice Writer and Mozilla Thunderbird. These can easily be installed in Lubuntu using the Lubuntu software center.
Note that even though Lubuntu will be able to run on very old machines as it gets by with so little resources, you might still have some difficulties installing it if your machine does not support the PAE feature or if there are other hardware which are not supported by the millions of Linux device drivers that Ubuntu ships with by default. If you live in Finland, you can buy professional support from Linux-tuki.fi and have an expert do the installation for you.Why is Lubuntu the best Win XP replacement?
First of all Lubuntu is very easy to install and maintain. It has all the ease of use and out-of-box security and usability enhancements that Ubuntu has engineered, including the installer, encrypted home folders, auto-updates, readable fonts, stability and other features which makes up a good quality experience.
The second reason to use Lubuntu is that it is very easy to learn, use and support. Instead of the Ubuntu default Unity desktop environment Lubuntu has LXDE, which looks and behaves much like the classic desktop. LXDE has a panel at the bottom, a tree-like application launcher in the left lower corner, a clock and notification area in the right lower corner and a panel for window visualization and switching in the middle. Individual windows have their manipulation buttons in the right upper corner and application menus right inside the application windows and always visible. Anybody who has used Windows XP will immediately feel comfortable: applications are easy to discover and launch, there is no need to know their name or category in advance. It is easy to see what applications are open and to switch between them with classic mouse actions or using simple Alt+Tab shortcut. From a support perspective it is easy to ask users by phone to open menu File and Save as and so on, as users can easily see and choose the correct menu items for the application in question.
The third reason is that while the LXDE is visually simple, users can always install whatever application available in the Ubuntu repositories and get productive with whatever complex productivity software they want. A terminal can be spawned in under a second with shortkeys Ctrl+Alt+T. Even though LXDE itself is simple, it won’t hamper anybodys ability to be productive and do complex things.
The fourth reason is that when using Lubuntu, switching to a more modern desktop UI is easy. On top of a Lubuntu installation a admin can install the gnome-session package, and then users will be able to choose another session type in the login screen to get into Gnome 3.
Some might criticize LXDE that it does not have enough features. Yes, in LXDE pressing the keyboard button Print Screen will not automatically launch a screenshot tool nor dragging a window to the side of the screen will not automatically make the window into a perfectly aligned half screen sized window. But it is still possible to achieve the same end results using other means in LXDE and all the important features, like system settings, changing resolution, attaching external screen, attaching USB key and easy mounting and unmounting etc are all part of the standard feature set. In fact the lead developer of Lubuntu has said he will not add any new features and only do bug fixes. It could be said that LXDE is feature complete and the next development effort is rewriting in Qt instead of the current GTK2 toolkit, a move that will open new technological horizons under the hood, but not necessarily do anything to end user visible features.
Another option with similar design ideas is XFCE and the Ubuntu flavour Xubuntu that is built around this desktop environment. Proponents of XFCE say it has more features than LXDE but most of those features are not needed by average users and some components, like the file manager and image viewer, are more featureful in LXDE than in XFCE and the features in those apps are more likely to be actually needed. However the biggest and most striking difference is that XCFE isn’t actually that lightweight, and to run smoothly it needs a computer that is more than twice as powerful than what LXDE needs.
Our fifth and final reason to recommend LXDE and Lubuntu is speed. It is simply fast. And fast is always better. Have you ever wondered how come computers year after year feel sluggish even though processor speed is doubled each 18 moths according the Moore’s law? Switch to LXDE and you’ll have an environment that is lightning fast on any reasonable modern hardware.
Getting Linux and LXDE
LXDE is available also in many other Linux distributions like Debian and OpenSUSE, but for the reasons stated above we recommend installing it downloading Lubuntu 14.04, making a bootable USB key of it (following simple installation instructions) and installing it on all of your old Windows XP machines. Remember though to copy your files from XP to an external USB key so that you can later put them back on your computer when Lubuntu is installed.
Drupal Dev Days Szeged was a great opportunity for me to realize and take part in one of Kristof’s crazy ideas (well, almost as crazy as Drupalcon 2008 was ;) with some great people from the community. While the event turned out to be a success, I’ve learnt a lot that I would like to share with all future organizers through this blog post and other channels.