FLOSS Project Planets
As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!
Today, there is a Less Critical security release for the Webform module to fix an Access Bypass vulnerability.
When using forms with private file uploads, Webform wasn't explicitly denying access to files it managed which could allow access to be granted by other modules.
You can download the patch for Webform 6.x-3.x.
If you have a Drupal 6 site using the Webform, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)
If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.
Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).
Thanks to everyone who participated in this year’s New England Drupal Camp – otherwise known as “NEDCamp.” A special thanks to those of you that attended my session and to the organizers for putting together an excellent conference!
Upon posting my presentation slides online (you can find them here: https://nedcamp.org/new-england-drupal-camp/sessions/dont-set-fire-your-laptop-learn-how-manage-your-multiple-projects), I realized they’re not going to be terribly helpful since I am rarely inclined to condense all of my talking points into a slideshow. Therefore, I decided to write a two-part blog that will elaborate on crucial points I made during the presentation; this first post will focus on task prioritization and keeping all your projects and clients straight.
Throughout my presentation, we discussed different things to consider when trying to prioritize multiple projects. Three categories come into play for me when determining overall priority: 1) Client; 2) Tasks, and; 3) Other factors.
In this corner of our industry, we work with individual clients of varying sizes. It‘s therefore essential for us to understand each client’s priority.
There are six factors I take into account when prioritizing my client accounts:
- Budget. This is generally the only factor people use in prioritization.
- Client Deadlines. In my kick-off meetings, I always talk about deadlines with my clients. Questions such as, “Do you have any contracts ending we need to know about?” “How about internal blackout dates?” “Any launches coming up?” Asking these questions can give us a lot of insight to the client expectations as well as what is important to them. This is also a great start for a candid conversation around those dates and expectations.
- Growth potential. If your current project with the client is a proof of concept or one of a series of projects, prioritize it as though you have those additional projects or the proof of concept was successful.
- Internal or external. Internal customers are often a bit more flexible with their deadlines and priorities with respect to external customers. Learn where that priority lies, and, if the project is critical to the organization, you need to know that when prioritizing as well.
- Partnership potential. This is something that can often be overlooked. If a client has potential for partnership (e.g., sending you more business, being vocal on social media, participating in a case study) take that into consideration when prioritizing.
- Relationship. If the relationship with the client is in a bad space, I want to make sure I take that into consideration and use the project as an opportunity to turn things around.
There are four factors for determining overall priority based on tasks:
- Importance. We’ll talk a lot more about importance vs. urgency in the next post, but, in short, a task is important if it moves you towards the goal of your project.
- Urgency. A lot of people equate urgency with importance, but these are distinct things. Urgency is deadline based and is not related to the project goals.
- Value. When picking what task to prioritize, higher value tasks will go to the top.
- Effort. If a task is low effort, but still important, those will often get prioritized just to get them complete and out of the way.
Other factors I take into account when looking at my priorities are:
- Political ramifications
- Overall impact
- Overall risk to the project, client, and relationship.
When taking these factors into account, I consider the whole picture when determining my priorities. Going off just one or two of these can lead to dangerous blind spots for your projects.
Another challenge to managing multiple projects is to keep everything straight when it comes to client teams, deadlines, schedules, and resources. For all aspects of your projects, nothing is going to replace hard work. Take the time to learn your projects, teams, deadlines, schedules, and resources. Putting time into this will save time in the long run as well as potential embarrassment in front of your clients.
Be specific in your notes and don’t assume you’ll know what you mean later. It’s easy to fall into the trap of “I’ll remember what I meant,” but don’t take it for granted. If you’ve switched topics and projects three times since your notes, you probably won’t remember. Aim to write your notes as if another team member will be reading them.
For your clients, don’t underestimate the power of face time and building relationships. This not only helps you keep things straight, but also essential to a successful project. While we don’t always have the luxury of traveling to client site, there are things like conferences, hangouts, and Skype to help grow these relationships.
The first thing I do when assigned a project is read the statement of work (SOW) or contract. Knowing the documented details helps me keep things straight and facilitates conversations about changes and expectations.
Schedules, deadlines, and resources often require similar different tactics. For all three of these, I recommend you keep a master calendar. Know who is working on what and when. This will avoid overscheduling as well as insight into your team members’ priorities.
There is a good chance your resources are working on more than just your projects. Get to know your team members’ priorities. Your number one project may be number three for them. Knowing these priorities can help you schedule accordingly.
In the upcoming second half of this series, we’ll discuss common pitfalls to managing multiple projects and how to best utilize your quieter times to make your busy times more manageable.
Like this story? Follow us on Facebook and share your thoughts!DrupalProject Manager
NumPy is a commonly used Python data analysis package. By using NumPy, you can speed up your workflow, and interface with other packages in the Python ecosystem, like scikit-learn, that use NumPy under the hood. NumPy was originally developed in the mid 2000s, and arose from an even older package called Numeric. This longevity means that almost every data analysis or machine learning package for Python leverages NumPy in some way.
In this tutorial, we’ll walk through using NumPy to analyze data on wine quality. The data contains information on various attributes of wines, such as pH and fixed acidity, along with a quality score between 0 and 10 for each wine. The quality score is the average of at least 3 human taste testers. As we learn how to work with NumPy, we’ll try to figure out more about the perceived quality of wine.
The wines we'll be analyzing are from the Minho region of Portugal.
I wanted to share the exciting news that Nasdaq Corporate Solutions has selected Acquia and Drupal 8 as the basis for its next generation Investor Relations Website Platform. About 3,000 of the largest companies in the world use Nasdaq's Corporate Solutions for their investor relations websites. This includes 78 of the Nasdaq 100 Index companies and 63% of the Fortune 500 companies.
What is an IR website? It's a website where public companies share their most sensitive and critical news and information with their shareholders, institutional investors, the media and analysts. This includes everything from financial results to regulatory filings, press releases, and other company news. Examples of IR websites include http://investor.starbucks.com, http://investor.apple.com and https://investor.fb.com -- all three companies are listed on Nasdaq.
All IR websites are subject to strict compliance standards, and security and reliability are very important. Nasdaq's use of Drupal 8 is a fantastic testament for Drupal and Open Source. It will raise awareness about Drupal across financial institutions worldwide.
In their announcement, Nasdaq explained that all the publicly listed companies on Nasdaq are eligible to upgrade their sites to the next-gen model "beginning in 2017 using a variety of redesign options, all of which leverage Acquia and the Drupal 8 open source enterprise web content management (WCM) system."
It's exciting that 3,000 of the largest companies in the world, like Starbucks, Apple, Amazon, Google and Facebook, are now eligible to start using Drupal 8 for some of their most critical websites. If you want to learn more, consider attending Acquia Engage in a few weeks, as Nasdaq's CIO, Brad Peterson, will be presenting.
Tomorrow we have a special PyLadies meetup at the local Red Hat office. Hong Phuc Dang from FOSSASIA is coming down for a discussion with the PyLadies team here. She will be taking about various projects FOSSASIA is working on, including codeheat. In the second half I will be taking a workshop on creating command line shell using Python.
On Friday we will be moving to Belgaum, Karnataka, India. We will be participating in Science Hack Day India, the idea is to have fun along with school kids, and build something. Praveen Patil is leading the effort for this event.
If you're a digital marketer, SEO is likely one of your many priorities. Since Google released "Mobilegeddon" last April, your primary focus may have shifted to mobile optimization - but have you noticed a struggle to successfully reach and engage with prospects from across the globe? If you target multiple countries and languages, your site needs to be optimized not just for Mobile SEO, but for International SEO as well.
In September, about 152 work hours have been dispatched among 13 paid contributors. Their reports are available:
- Balint Reczey did 15 hours (out of 12.25 hours allocated + 7.25 remaining, thus keeping 4.5 extra hours for October).
- Ben Hutchings did 6 hours (out of 12.3 hours allocated + 1.45 remaining, he gave back 7h and thus keeps 9.75 extra hours for October).
- Brian May did 12.25 hours.
- Chris Lamb did 12.75 hours (out of 12.30 hours allocated + 0.45 hours remaining).
- Emilio Pozuelo Monfort did 1 hour (out of 12.3 hours allocated + 2.95 remaining) and gave back the unused hours.
- Guido Günther did 6 hours (out of 7h allocated, thus keeping 1 extra hour for October).
- Hugo Lefeuvre did 12 hours.
- Jonas Meurer did 8 hours (out of 9 hours allocated, thus keeping 1 extra hour for October).
- Markus Koschany did 12.25 hours.
- Ola Lundqvist did 11 hours (out of 12.25 hours assigned thus keeping 1.25 extra hours).
- Raphaël Hertzog did 12.25 hours.
- Roberto C. Sanchez did 14 hours (out of 12.25h allocated + 3.75h remaining, thus keeping 2 extra hours).
- Thorsten Alteholz did 12.25 hours.
We only need a couple of supplementary sponsors now to reach our objective of funding the equivalent of a full time position.
New sponsors are in bold.
- Platinum sponsors:
- Gold sponsors:
- The Positive Internet (for 28 months)
- Blablacar (for 27 months)
- Linode LLC (for 17 months)
- Babiel GmbH (for 6 months)
- Plat’Home (for 6 months)
- UR Communications BV
- Silver sponsors:
- Domeneshop AS (for 27 months)
- Université Lille 3 (for 27 months)
- Trollweb Solutions (for 25 months)
- Nantes Métropole (for 21 months)
- University of Luxembourg (for 19 months)
- Dalenys (for 18 months)
- Univention GmbH (for 13 months)
- Université Jean Monnet de St Etienne (for 13 months)
- Sonus Networks (for 7 months)
- maxcluster GmbH
- Bronze sponsors:
- David Ayers – IntarS Austria (for 28 months)
- Evolix (for 28 months)
- Offensive Security (for 28 months)
- Seznam.cz, a.s. (for 28 months)
- Freeside Internet Service (for 27 months)
- MyTux (for 27 months)
- Intevation GmbH (for 25 months)
- Linuxhotel GmbH (for 25 months)
- Daevel SARL (for 23 months)
- Bitfolk LTD (for 22 months)
- Megaspace Internet Services GmbH (for 22 months)
- Greenbone Networks GmbH (for 21 months)
- NUMLOG (for 21 months)
- WinGo AG (for 21 months)
- Ecole Centrale de Nantes – LHEEA (for 17 months)
- Sig-I/O (for 14 months)
- Entr’ouvert (for 12 months)
- Adfinis SyGroup AG (for 9 months)
- GNI MEDIA (for 4 months)
- Laboratoire LEGI – UMR 5519 / CNRS (for 4 months)
- Quarantainenet BV (for 4 months)
- RHX Srl
The following text is in German, since we're announcing a regional user group meeting in Düsseldorf, Germany.
Das nächste Python Meeting Düsseldorf findet an folgendem Termin statt:
Bereits angemeldete Vorträge
"Testing mit Hypothesis"
"MicroPython auf dem ESP8266"
"PyCharm als Python IDE"
"Visual Studio Code als Python IDE"
Weitere Vorträge können gerne noch angemeldet werden. Bei Interesse, bitte unter email@example.com melden.Startzeit und Ort
Wir treffen uns um 18:00 Uhr im Bürgerhaus in den Düsseldorfer Arcaden.
Das Bürgerhaus teilt sich den Eingang mit dem Schwimmbad und befindet
sich an der Seite der Tiefgarageneinfahrt der Düsseldorfer Arcaden.
Über dem Eingang steht ein großes "Schwimm’ in Bilk" Logo. Hinter der Tür direkt links zu den zwei Aufzügen, dann in den 2. Stock hochfahren. Der Eingang zum Raum 1 liegt direkt links, wenn man aus dem Aufzug kommt.
>>> Eingang in Google Street View
Das Python Meeting Düsseldorf ist eine regelmäßige Veranstaltung in Düsseldorf, die sich an Python Begeisterte aus der Region wendet.Einen guten Überblick über die Vorträge bietet unser PyDDF YouTube-Kanal, auf dem wir Videos der Vorträge nach den Meetings veröffentlichen.
Das Python Meeting Düsseldorf nutzt eine Mischung aus Open Space und Lightning Talks, wobei die Gewitter bei uns auch schon mal 20 Minuten dauern können :-)Lightning Talks können vorher angemeldet werden, oder auch spontan während des Treffens eingebracht werden. Ein Beamer mit XGA Auflösung steht zur Verfügung.
Lightning Talk Anmeldung bitte formlos per EMail an firstname.lastname@example.orgKostenbeteiligung
Das Python Meeting Düsseldorf wird von Python Nutzern für Python Nutzer veranstaltet.
Da Tagungsraum, Beamer, Internet und Getränke Kosten produzieren, bitten wir die Teilnehmer um einen Beitrag in Höhe von EUR 10,00 inkl. 19% Mwst. Schüler und Studenten zahlen EUR 5,00 inkl. 19% Mwst.
Wir möchten alle Teilnehmer bitten, den Betrag in bar mitzubringen.Anmeldung
Da wir nur für ca. 20 Personen Sitzplätze haben, möchten wir bitten,
sich per EMail anzumelden. Damit wird keine Verpflichtung eingegangen.
Es erleichtert uns allerdings die Planung.
Meeting Anmeldung bitte formlos per EMail an email@example.com
Weitere Informationen finden Sie auf der Webseite des Meetings:
Viel Spaß !
Marc-Andre Lemburg, eGenix.com
Two weeks ago I wrote about routes and controllers in the introduction to namespaces. This week we are going to take a much closer look at routes and controllers.
So, what exactly is a route and a controller?
When you create a custom page in Drupal with code, you need both a route and a controller. You define the URL for the page with the route. And then you create a controller for that page. This will be responsible for building and returning the content for the page.Routes
A route determines which code should be run to generate the response when a URI is requested. It does this by mapping a URI to a controller class and method. This defines how Drupal deals with a specific URI.Controllers
Controllers take requests or information from the user and decide how to handle the request. For the example module in this tutorial, the controller is responsible for generating the content and returning it for the page.
Read on to learn more about routes and controllers in Drupal 8 modules...
Two weeks have passed since the Plasma 5.8 release and our Wayland efforts have seen quite some improvements. Some changes went into Plasma 5.8 as bug fixes, some changes are only available in master for the next release. With this blog post I want to highlight what we have improved since Plasma 5.8.Resize only borders
KWin’s server side decorations have a feature that one can resize the window in the shadow area. With the Breeze window decoration this is available if one uses the border size “No Side Borders” or “No Borders”. For Wayland we just had to adjust the input area of a window slightly and honor it when evaluating the mouse pointer movements.Global Shortcut handling
We found a few bugs related to global shortcut triggering. There is some unexpected behavior for shortcut triggering in xkbcommon, which will be addressed in the next release by adding new API. For now we had to workaround it to support some shortcuts which no longer triggered. Of course for every kind of shortcut which did not trigger we added a test case so we can also in future ensure that this works once the new xkbcommon release is available. At the moment we are not aware of any not working global shortcuts on Wayland. If you hit one, please report a bug.Support for Keyboard LEDs through libinput
KWin did not enable the LEDs for num lock, caps lock, etc. This was mostly because I don’t have any keyboard which has such LEDs – neither my desktop keyboard nor my two notebooks have any LEDs. So I just didn’t notice that this was missing. Once we got the bug report we looked into adding this. I want to take this as an example of the “obvious bug” one doesn’t report because it’s so obvious. But if one doesn’t have such hardware it’s not so obvious any more.Relative pointer support
A feature we added for Plasma 5.9 is support for the relative pointer protocol.
The protocol is implemented in KWayland 5.28 and KWin is adjusted to support the relative pointer events as can be seen in the screenshot of the input debug console. This is a rather important protocol to support games on Wayland. We also plan to add pointer confinement for Plasma 5.9.Move windows through the widget style
Our widget styles Breeze and Oxygen have a feature to move the window when clicking in empty areas. This is a feature which needs to interact with the windowing system directly as Qt doesn’t provide an abstraction for it. On X11 it uses the NETRootInfo::moveResizeRequest, on Wayland support for triggering a window move is built into the core protocol. But so far we were not able to provide the feature on Wayland as we just didn’t have enough information from QtWayland. For example we lacked access to the wl_shell_surface on which we have to trigger the move. So some time ago I added support to QtWayland that we can access the wl_shell_surface through the native interface. Now about a year later we can start to use it. To support this feature we need to create an own wl_seat and wl_pointer object and track the serial of pointer button press. This we can then pass to the move request on the ShellSurface. The change is not KWin specific at all and will work on all Wayland compositors.Color scheme sync to decoration
A new feature we added in KWin 5.0 is the possibility to synchronize the color scheme from the window into the window decoration and the context menu on the decoration. On X11 this works through a property which our KStyle library sets. This was the best we had back in the early days of the 5.x series as Qt didn’t expose enough information. It has the disadvantage that the sync only works with QWidget based applications and only with widget styles inheriting KStyle. For Plasma 5.9 we improved that and brought the relevant code into plasma-integration. The restriction to QWidget is gone and it works now with all kind of windows by listening to the QPlatformSurfaceEvent. This very useful event which got added in Qt 5.5. It informs us when a native window is created for a QWindow. Thus we can add our own X11 properties on the native window directly after creation and before the window is mapped.
While adjusting this code for X11 we also added the relevant bits for Wayland. We use the Qt Surface Extension protocol to pass a property to the server. That’s a small and neat addition the Qt devs did to allow communication between a Qt based client and a Qt based Wayland compositor. As one can see in the screenshot the color scheme now updates also for Wayland applications.Window icons
Window icon handling in Wayland is different to X11. On X11 the icons are passed as pixmaps. That has a few disadvantages nowadays because the icons provided on the window might not have a high enough resolution to work well on high-dpi systems. The icon from the icon-theme though provides higher resolution. On Wayland there is no way to pass window icons around and the compositor takes the icon from the desktop file of the application. This works well unless we don’t have a desktop file. For such windows we now started to use a generic Wayland icon as the fallback, just like we use a generic X icon as fallback for X11 windows which don’t have an icon.
That’s an icon which one might have noticed when using a Plasma Wayland session as every Xwayland window only had the generic X icon in the task manager. The communication between KWin and the task manager also passes the icon name around and not pixmap data. This works well for everything which isn’t Xwayland where we normally just don’t have the name. For Plasma 5.9 we addressed this problem and extended our protocol to request pixmap data for a window icon which doesn’t have a name. Thus we are now able to also support Xwayland windows, which increases the useability of the system quite a lot.Multi screen effect improvements
On Wayland several of our effects broke in a multi-screen setup. This is because rendering is different. On X11 all screens are rendered together in one rendering pass and we have one OpenGL window to render to. On Wayland we have one OpenGL window per screen and have one rendering pass per screen. That’s something our effects didn’t handle well and resulted in rendering issues. For Plasma 5.9 these issues are finally resolved.Wobbly windows
One of the affected effects is Wobbly windows. A rather important effect given that this blog is subtitled “From the land of wobbly windows”. We experienced that in a multi-screen setup the effect was only active on one screen. If the window got moved to the other screen it completely vanished.
I was quite certain that this is not a problem with the effect itself, but rather with the way how we render. As we also saw other effects having rendering issues in multi-screen setups I was quite optimistic that fixing wobbly would fix many effects.
The investigation showed that the problem in fact was an incorrect area passed to glScissor due to the general changes in rendering explained above. Rendering on other screens got clipped away. With the proper change we got wobbly working and several other effects (Present Windows, Desktop Grid, Alt+Tab for example) without having to touch the effects at all.Screenshot
With that knowledge in place we looked into fixing other effects. E.g. the screenshot effect which allows to save a screenshot in the tmp directory. A few example of screenshots taken with this effect can be seen in this blog post. The problem with this effect was that when taking a fullscreen shot over all screens only one got captured. The assumption here was that our glBlitFramebuffer code needs adjustment to be per output and with that we can now screenshot every screen individually or all screens combined.
Related to that are the blur and background contrast effect as they also interact with the frame buffer, though don’t use the glBlitFramebuffer extension. With those effects one of the biggest problems was that the viewport got restored to a wrong value after unbinding the frame buffer object. Due to that the rendering got screwed up and we had severe rendering issues with blur on multi screen. These issues are now fixed as can be seen in the screenshot above: both screens are rendered correctly even with blur enable.Panel improvements
Plasma’s panel got some improvements for Plasma 5.9. This started from bug reports about windows can cover not working and also auto-hide not working. Another example that it is important to report bugs.Auto hiding panel
On X11 auto hiding panels use a custom protocol with KWin to indicate that they want to be restored if the mouse cursor touches the screen edge. It uses low level X11 code thus we also need a low level Wayland protocol for it. We extended our plasma shell protocol to expose auto hiding state and implemented it in both KWin and Plasma.Search in widget explorer
We had a bug report that search in the widget explorer doesn’t work. The investigation showed that the reason for that is that the widget explorer is a panel window and we designed panels on Wayland so that they don’t take any keyboard focus. This is correct for the normal panel, but not for this special panel. We adjusted our protocol to provide an additional hint that the panel takes focus and implemented this in kwayland-integration in a way that the widget explorer gains focus without any adjustments to it.KRunner as a panel
Of course there are more potential users for this new feature. One being KRunner. Once we had the code in place we decided to make KRunner a Panel on Wayland which brings us quite some improvements like it will be above other windows and on all desktops.
While my Python 3 posts seemed to stretch for pages and pages with differences, there actually aren’t very many changes at all. Most of that space is taken up by the code outputs (which often had only minor changes) and unchanged code (that had to be there for context). In fact, while the book is about 300 pages long, just a handful of changes are needed to get the whole of the code in the book to run in Python 3. Those changes (in alphabetical order by topic) are below. Check them out if you’re having trouble with your other Python 2.7 code:class
In Python 3, classes inherit from object automatically, so you don’t need (object) in the first line of the class definition. It’s not an error, but it is superfluous.# Python 2.7 >>> class AddressEntry(object): """ AddressEntry instances hold and manage details of a person """ pass # Python 3 >>> class AddressEntry: # note: no (object) """ AddressEntry instances hold and manage details of a person """ pass Floating point division
Python 2 code in the book will work with Python 3. Some changes to floating point is now automatic in Python 3, so the code to change a number into floating point (eg float(2)) is unnecessary.import cPickle as pickle
Python 3 uses cPickle by default, so replace import cPickle as pickle by just import pickle. If you try to import cPickle, you’ll get an error.open
In Python 3 open() has the same syntax as in Python 2.7, but uses a different way to get data out of the file and into your hands. As a practical matter this means that some Python 2.7 code will sometimes cause problems when run in Python 3. If you run into such a problem (open code that works in Python 2.7 but fails in Python 3), the first thing to try is to add the binary modifier – you’ll need it when reading and writing pickle files for instance. So, instead of ‘r’ or ‘w’ for read and write use ‘rb’ or ‘wb’.#Python2.7 >>> import pickle >>> FILENAME = "p4k_test.pickle" >>> dummy_list = [x*2 for x in range(10)] >>> with open(FILENAME,'w') as file_object: #now dump it! pickle.dump(dummy_list,file_object) >>> # open the raw file to look at what was written >>> with open(FILENAME,'r') as file_object: # change w to r!!! print(file_object.read()) #Python3 >>> import pickle >>> FILENAME = "p4k_test.pickle" >>> dummy_list = [x*2 for x in range(10)] >>> with open(FILENAME,'wb') as file_object: #### note: 'wb' not 'w' pickle.dump(dummy_list,file_object) >>> # open the raw file to look at what was written >>> with open(FILENAME,'rb') as file_object: ##### note 'rb' not 'r' print(file_object.read()) print
Print – mostly the same, since I used Python 3 print syntax in the book. There is an issue with the print continuation character (trailing comma). That needs to be replaced by an end parameter:#Python 2.7 code: >>> my_message = "Hello World!" >>> while True: ... print(my_message), #<- notice the comma at the end ... #Python 3 >>> my_message = 'Hello World!' >>> while True: ... print(my_message, end="") ...
If you’re using Python 2.7 code that’s not in my book, it might look like this:#Python 2.7 code: >>> print "Hello World"
To make this work in Python 3, you put brackets around what’s to be printed:#Python 3 >>> print("Hello World") raw_input v input
In Python 3 replace raw_input by input wherever you see it. Literally, input is simply a new name for raw_input.Range vs xrange
The book uses range in anticipation of upgrading to Python 3, so mostly the code will work without changes! If you have code that uses xrange, just rename it to range and all should be well.
In one case the code assumed that the output of range is a list (which is is in Python 2.7, but not in Python 3). The code’s syntax was correct, but led to a logical error. That was corrected by choosing a way to test for the end of the loop that didn’t assume a list was involved.
[Oct 2016: edits to correct escaped characters inserted by WordPress’s misbehavior]
Some people want to use my book Python for Kids for Dummies to learn Python 3. Choosing Python 2.7 over Python 3 was a difficult decision and I have given reasons why in the book.* Nevertheless, if I write a new edition of the book, it definitely will be in Python 3, so I plan to work through the code in the existing book, highlighting changes from Python 2 to Python 3 and providing code that will work in Python 3.
I am working from the downloadable code samples (they are cross referenced to page numbers in the book), so it might be an idea to get a copy, although working from the hard copy should also be fine. Get a copy from the link in the right hand sidebar.
For Project 2, most of the code works exactly the same in Python 2.7 and Python 3. There are some changes though later in the Project (from page 50). Those changes are set out below (page numbers from the 2015 printing).Code on Pages 36 to Page 50
All of the code on these pages works in Python 3 and gives the same output.Code on Page 50 #Python 2.7 code: >>> my_message = 'Hello World!' >>> while True: ... print(my_message), ... Comment
In Python 2.7 you use the comma -> , to tell print to NOT include a new line at the end of what is printed.
In Python 3 print has become a function. Functions are not discussed till Project 5! Implementing this in Python 3 needs a lot of extra concepts, that I’m not going to explain here. Instead, I’m just going to give you working code. You will need to come back to this after you’ve done Project 5. Hopefully then it will make more sense.
In Python 2.7 range() creates a list. In Python 3 it makes something like a generator** – and generators are not even covered in the book!
In several of my recent presentations, I’ve discussed the lifetime of security flaws in the Linux kernel. Jon Corbet did an analysis in 2010, and found that security bugs appeared to have roughly a 5 year lifetime. As in, the flaw gets introduced in a Linux release, and then goes unnoticed by upstream developers until another release 5 years later, on average. I updated this research for 2011 through 2016, and used the Ubuntu Security Team’s CVE Tracker to assist in the process. The Ubuntu kernel team already does the hard work of trying to identify when flaws were introduced in the kernel, so I didn’t have to re-do this for the 557 kernel CVEs since 2011.
As the README details, the raw CVE data is spread across the active/, retired/, and ignored/ directories. By scanning through the CVE files to find any that contain the line “Patches_linux:”, I can extract the details on when a flaw was introduced and when it was fixed. For example CVE-2016-0728 shows:Patches_linux: break-fix: 3a50597de8635cd05133bd12c95681c82fe7b878 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2
This means that CVE-2016-0728 is believed to have been introduced by commit 3a50597de8635cd05133bd12c95681c82fe7b878 and fixed by commit 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2. If there are multiple lines, then there may be multiple SHAs identified as contributing to the flaw or the fix. And a “-” is just short-hand for the start of Linux git history.
Then for each SHA, I queried git to find its corresponding release, and made a mapping of release version to release date, wrote out the raw data, and rendered graphs. Each vertical line shows a given CVE from when it was introduced to when it was fixed. Red is “Critical”, orange is “High”, blue is “Medium”, and black is “Low”:
And here it is zoomed in to just Critical and High:
The line in the middle is the date from which I started the CVE search (2011). The vertical axis is actually linear time, but it’s labeled with kernel releases (which are pretty regular). The numerical summary is:
- Critical: 2 @ 3.3 years
- High: 34 @ 6.4 years
- Medium: 334 @ 5.2 years
- Low: 186 @ 5.0 years
This comes out to roughly 5 years lifetime again, so not much has changed from Jon’s 2010 analysis.
While we’re getting better at fixing bugs, we’re also adding more bugs. And for many devices that have been built on a given kernel version, there haven’t been frequent (or some times any) security updates, so the bug lifetime for those devices is even longer. To really create a safe kernel, we need to get proactive about self-protection technologies. The systems using a Linux kernel are right now running with security flaws. Those flaws are just not known to the developers yet, but they’re likely known to attackers, as there have been prior boasts/gray-market advertisements for at least CVE-2010-3081 and CVE-2013-2888.
(Edit: see my updated graphs that include CVE-2016-5195.)
© 2016, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Yesterday Gammu 1.37.90 has been released. This release brings quite a lot of changes and it's for testing purposes. Hopefully stable 1.38.0 will follow soon as soon as I won't get negative feedback on the changes.
Besides code changes, there is one news for Windows users - there is Windows binary coming with the release. This was possible to automate thanks to AppVeyor, who does provide CI service where you can download built artifacts. Without this, I'd not be able to do make this as I don't have single Windows computer :-).
Full list of changes:
- Improved support Huawei K3770.
- API changes in some parameter types.
- Fixed various Windows compilation issues.
- Fixed several resource leaks.
- Create outbox SMS atomically in FILES backend.
- Removed getlocation command as we no longer fit into their usage policy.
- Fixed call diverts on TP-LINK MA260.
- Initial support for Oracle database.
- Removed unused daemons, pbk and pbk_groups tables from the SMSD schema.
- SMSD outbox entries now can have priority set in the database.
- Added SIM IMSI to the SMSD status table.
- Added CheckNetwork directive.
- SMSD attempts to power on radio if disabled.
- Fixed processing of AT unsolicited responses in some cases.
- Fixed parsing USSD responses from some devices.
Check out the calendar for upcoming events!
What happened in the Reproducible Builds effort between Sunday October 9 and Saturday October 15 2016:Media coverage
- despinosa wrote a blog post on Vala and reproducibility
- h01ger and lynxis gave a talk called "From Reproducible Debian builds to Reproducible OpenWrt, LEDE" (video, slides) at the OpenWrt Summit 2016 held in Berlin, together with ELCE, held by the Linux Foundation.
- A discussion on debian-devel@ resulted in a nice quotable comment from Paul Wise: "(Reproducible) builds from source (with continuous rechecking) is the only way to have enough confidence that a Debian user has the freedoms promised to them by the Debian social contract."
- Chris Lamb will present a talk at Software Freedom Kosovo on reproducible builds on Saturday 22nd October.
After discussions with HW42, Steven Chamberlain, Vagrant Cascadian, Daniel Shahaf, Christopher Berg, Daniel Kahn Gillmor and others, Ximin Luo has started writing up more concrete and detailed design plans for setting SOURCE_ROOT_DIR for reproducible debugging symbols, buildinfo security semantics and buildinfo security infrastructure.Toolchain development and fixes
Ximin Luo filed bug 77985 to GCC as a pre-requisite for future patches to make debugging symbols reproducible.Packages reviewed and fixed, and bugs filed
The following updated packages have become reproducible - in our current test setup - after being fixed:
- cobbler/2.6.6+dfsg1-13 by Thomas Goirand, original patch by Chris Lamb.
- collectd/5.6.1-1 by Marc Fournier.
- fonts-tiresias/0.1-3 by Gürkan Myczko, original patch by Chris Lamb.
- fntsample/4.0-2 by Євгеній Мещеряков, original patch by Chris Lamb.
- fpga-icestorm/0~20160913git266e758-2 by Ruben Undheim, original patch by Chris Lamb.
- frog/0.13.5-1 by Maarten van Gompel, original patch by Chris Lamb.
- lambda-align/1.0.0-2 by Sascha Steinbiss, original patch by Chris Lamb.
- pleiades/1.7.0-2 by Hideki Yamane, original patch by Chris Lamb.
- sweethome3d/5.2+dfsg-1 by Markus Koschany, original fix by Gabriele Giacone.
- trac-subtickets/0.2.0-2 by W. Martin Borgert.
The following updated packages appear to be reproducible now, for reasons we were not able to figure out. (Relevant changelogs did not mention reproducible builds.)
- aodh/3.0.0-2 by Thomas Goirand.
- eog-plugins/3.16.5-1 by Michael Biebl.
- flam3/3.0.1-5 by Daniele Adriana Goulart Lopes.
- hyphy/2.2.7+dfsg-1 by Andreas Tille.
- libbson/1.4.1-1 by A. Jesse Jiryu Davis.
- libmongoc/1.4.1-1 by A. Jesse Jiryu Davis.
- lxc/1:2.0.5-1 by Evgeni Golov.
- spice-gtk/0.33-1 by Liang Guo.
- spice-vdagent/0.17.0-1 by Liang Guo.
- tnef/1.4.12-1 by Kevin Coyner.
Some uploads have addressed some reproducibility issues, but not all of them:
- chktex/1.7.6-1 by Thorsten Alteholz, original patch by Sascha Steinbiss.
- dbus/1.10.12-1 by Simon McVittie.
- doomsday/1.15.8-3 by Markus Koschany, #839338 by Lucas Nussbaum.
- emacs25/25.1+1-1 by Rob Browning.
- gpgme1.0/1.7.0-3 by Daniel Kahn Gillmor.
- monkeysign/2.2.0 by Antoine Beaupré.
- python-attrs/16.2.0-1 by Tristan Seligmann, original patch by Chris Lamb.
- shotwell/0.24.0-1 by Jörg Frings-Fürst, original patch by Alexis Bienvenüe.
- supple/1.0.6-2 by Daniel Silverstone.
- why/2.36-1 by Ralf Treinen, original patch by Valentin Lorentz.
Some uploads have addressed nearly all reproducibility issues, except for build path issues:
- palo/1.96 by Helge Deller, #778437 by Chris Lamb.
- rbdoom3bfg/1.1.0~preview3+dfsg+git20160807-1 by Tobias Frost.
- singular/4.0.3-p3+ds-1 by Jerome Benoit.
- varnish/5.0.0-3 by Stig Sandbeck Mathisen, original patch by Chris Lamb.
- yaml-cpp/0.5.2-4 by Paul Novotny, original patch by Reiner Herrmann.
Patches submitted that have not made their way to the archive yet:
- #840741 filed against http-icons by Chris Lamb.
- #840177 filed against qconf by Chris Lamb.
- #840845 filed against python-pygraphviz by Chris Lamb.
- #840346 filed against qjoypad by Chris Lamb.
101 package reviews have been added, 49 have been updated and 4 have been removed in this week, adding to our knowledge about identified issues.
3 issue types have been updated:
During of reproducibility testing, some FTBFS bugs have been detected and reported by:
- Anders Kaseorg (1)
- Chris Lamb (18)
- h01ger has turned off the "Scheduled in testing+unstable+experimental" regular IRC notifications and turned them into emails to those running jenkins.d.n.
- Re-add opi2a armhf node and 3 new builder jobs for a total of 60 build jobs for armhf. (h01ger and vagrant)
- vagrant suggested to add a variation of init systems effecting the build, and h01ger added it to the TODO list.
- Steven Chamberlain submitted a patch so that now all buildinfo files are collected (unsigned yet) at firstname.lastname@example.org.
- Holger enabled CPU type variation (Intel Haswell or AMD Opteron 62xx) for i386. Thanks to Profitbricks.com for their great and continued support!
- Increase memory on the 2 build nodes from 12 to 16gb, thanks to profitbricks.com
This week's edition was written by Ximin Luo, Holger Levsen & Chris Lamb and reviewed by a bunch of Reproducible Builds folks on IRC.
Last week I had the opportunity to back to Colombia as para of my tour Around the Drupal world in 140+ days.
To be honest, this stop wasn't planned, during my visit to France the border control officer inform to me about a situation with my passport, I was almost done with the space for new stamps. That situation forces me to try to get a new passport as soon as possible; After checking to Colombian embassy in Costa Rica, I confirm that renew my passport in Costa Rica wasn't an option due the return time. For that reason, I have to travel to Colombia to renew my passport there.
With this un expected trip I tried to use in as many activities I could. In Drupal Side, I participated in a Drupal Meetup organized by Seed, and particularly by Aldibier Morales. They rent and space and organize the event to enable me to talk about Drupal Console and Drupal Community in general, I enjoy the Q & A session, where I could provide some points of view I have about how to handle local communities.
With my new passport on my hands, I start a marathon to visit my mother and father familly located in Bucaramanga, Santader. Was really good because for many years I haven't visit them.
So, as many time in my #enzotour16 I overcome the adversities and transform in something positive as much I could it.Airplane Distance (Kilometers) San Jose, Costa Rica → Bogota, Colombia → San Jose, Costa Rica 2.576 Previously 106.561 Total 109.137 Walking Distance (steps) Dublin 39.597 Previously 1.897.088 Total 1.936.685 Train Distance (Kilometers) Today 0 Previously 528 Total 528 Bus/Car Distance (Kilometers) Today 796 Previously 2.944 Total 3.740