FLOSS Project Planets

Modules Unraveled: 122 The Drupal Security Team With Greg Knaddison and Michael Hess - Modules Unraveled Podcast

Planet Drupal - Fri, 2014-10-17 06:04
Published: Fri, 10/17/14Download this episodeThe Drupal Security Team
  • What type of people are on the Drupal Security Team?
    • https://security.drupal.org/team-members
    • Mostly coders, some project managers, core maintainers
  • What does the security team do?
    • We fix issues in drupal
    • Resolve reported security issues in a Security Advisory
    • Provide assistance for contributed module maintainers in resolving security issues
    • Provide documentation on how to write secure code
    • Provide documentation on securing your site
    • Help the infrastructure team to keep the drupal.org infrastructure secure
  • What doesn’t the security team do
    • projects without stable releases
    • Site support
    • Set policy around security with the security working group.
  • Is there a D7 security team and a D8 security team with different people? (What about Drupal 6)
  • How can others get involved?
  • What was the recent bug that was fixed
Questions from Twitter
  • Paulius Pazdrazdys
    How this latest security release is different from others? Do you have any information if this bug done any harm before release?
  • aboros
    The recent bug was über critical, still only 20/25. What would be a 25/25 bug?
  • aboros
    Do you notify any high value targets before SA is sent out? Is the list of those public? Can one be part of this privileged group?
  • Carie Fisher
    When the latest bug was found? is there a private drupal security group where this was discussed? could we have found out sooner?
  • David Hernandez
    What is the average time from discovery to announcement?
  • Damien McKenna
    @ModsUnraveled Are there existing stats on how long it takes from initial reporting, to maintainer response, to first patch & fix?
  • Heine Deelstra
    How was SA-CORE-005 (in hindsight) able to be public for so long in the public queue?
  • Mark Conroy
    I think the #drupal security team are great. Working extremely hard. (I know, that wasn't a question)
  • aboros
    Are there plans for some sort of bounty program run by DA maybe?
  • David Hernandez
    What kind of work does the security team do besides review code? What is the administrative overhead?
Episode Links: Greg on drupal.orgGreg on TwitterMichael on drupal.orgMichael on TwitterList of permissions that aren’t includedDrupal Security ReportTwo factor auth moduleParanoia module to prevent php executionSecurity group on g.d.oTags: SecurityDrupal Coreplanet-drupal
Categories: FLOSS Project Planets

KDE Frameworks 5.3 and KDE Plasma 5.1 for Fedora are ready!

Planet KDE - Fri, 2014-10-17 05:37

Fedora KDE SIG is happy to announce that latest version of KDE Frameworks 5 have just reached stable repositories of Fedora and  brand new version of KDE Plasma 5 is now available in the our Plasma 5 COPR.

KDE Frameworks 5.3.0

The third release of KDE Frameworks brings mostly bugfixes. KDE Frameworks 5 is a collection of libraries and software frameworks created by the KDE community. It’s an effort to rework KDE 4 libraries into a set of individual and independent, cross platform modules that will be readily available to all Qt-based applications.

KDE Frameworks 5 are available in official Fedora repositories for Fedora 20 and the upcoming Fedora 21.

KDE Plasma 5.1

KDE Plasma 5 is the next generation of KDE workspace based on Qt 5 and KDE Frameworks. It’s latest version brings many bug fixes, performance improvements but also many new features! Dark color theme for the Breeze style, more widgets, improved Task switcher, reworked tray icons and much more. You can read about all the new things in Plasma 5.1 in the official release announcement.

To install KDE Plasma 5 on Fedora, just add the Plasma 5 COPR repository to yum, and simply run yum install plasma-5.

Live ISO

Do you want to give Plasma 5 a try, but don’t want to install it yet? Easy! We have prepared a live ISO image based on Fedora 20 for you! You can get it from here: http://pub.dvratil.cz/plasma/iso/5.1/ (use Torrent for faster download).

Do you need help? Come talk to us: either on #fedora-kde IRC channel on Freenode, or join our mailing list kde@lists.fedoraproject.org.

Categories: FLOSS Project Planets

Notes about Dell XPS 13 developer edition and Kubuntu

Planet KDE - Fri, 2014-10-17 04:14

Got new tool, Dell XPS 13 developer edition, running Ubuntu 12.04. Here’s some experiences using it and also a note for future self what needed to be done to make everything work.

After taking restore disc from the pre-installed Ubuntu using the tool Dell provided, I proceeded on clean installing Kubuntu 14.04. I have to say for the size and price of this piece of hardware is rather amazing, only nitpicking could be the RAM capability being capped to 8 GiB. Having modern Linux distribution running smoothly in any circumstances is simply nice experience. I haven’t hit yet for the limitations of the integrated Intel GPU either, which is surprising, or maybe it is just telling my way of using these things. (:

Touch screen is maybe the most interesting bit on this laptop. Unfortunately I have to say the use of it is limited by UI not working well with touch interaction in many cases. Maybe choosing apps differently I would get better experience. At least some websites are working just fine when using Chromium browser.

Note on hardware support

Everything else works like a charm out of the box in Kubuntu 14.04, except cooling. After some searching I found out some Dell laptops need separate tools for managing the cooling. I figured out the following:

I needed to install i8kutils, which can be found in Ubuntu repositories.

Then I made the following contents to /etc/i8kmon.conf

# Run as daemon, override with --daemon option set config(daemon) 0 # Automatic fan control, override with --auto option set config(auto) 1 # Report status on stdout, override with --verbose option set config(verbose) 1 # Status check timeout (seconds), override with --timeout option set config(timeout) 12 # Temperature thresholds: {fan_speeds low_ac high_ac low_batt high_batt} set config(0) {{-1 0} -1 48 -1 48} set config(1) {{-1 1} 45 60 45 60} set config(2) {{-1 2} 50 128 50 128} # end of file

Note that some options are overridden in the init script, for example it does set i8kmon to daemon mode. Timeout of 12 seconds is there because I noticed every time fan speed is set, the speed begins to fall down in ~10 seconds so that in half a minute point you notice clearly the accumulated change on the fan speed. My 12 seconds is just compromise I found working for me well, YMWV etc.

Also to have i8kmon control cooling without human interaction, I needed to enable it in /etc/default/i8kmon

ENABLED=1

That’s it for now, I might end up updating the post if something new comes up regarding hardware support.

Categories: FLOSS Project Planets

Justin Mason: Links for 2014-10-16

Planet Apache - Thu, 2014-10-16 19:58
  • Landlords not liable for tenants’ water bills

    What an utter fuckup. Business as usual for Irish Water:

    However the spokeswoman said application packs for rented dwellings would be addressed to the landlord, at the landlord’s residence, and it would be the landlord’s responsibility to ensure the tenant received the application pack. Bills are to be issued quarterly, but as Irish Water will have the tenant’s PPS number, the utility firm will be able to pursue the tenant for any arrears and even apply any arrears to new accounts, when the tenant moves to a new address. Last week landlords had expressed concern over potential arrears, the liability for them and the possibility of being used as collection agents by Irish Water.

    (tags: landlords ireland irish-water tenancy rental ppsn)

  • Irish Water responds to landlords’ questions

    ugh, what a mess….

    * Every rental unit in the State is to get a pack addressed personally to the occupant. If Irish Water does not have details of a tenant, the pack will be addressed to ‘The Occupier’ * Packs will only be issued to individual rental properties in so far as Irish Water is aware of them * Landlords can contact Irish Water to advise they have let a property * Application Packs are issued relative to the information on the Irish Water mailing list. If this is incorrect or out of date, landlords can contact Irish Water to have the information adjusted *Irish Water will contact known landlords after the initial customer application campaign, to advise of properties for which no application has been received * Irish Water said that when a household is occupied the tenant is liable and when vacant the owner is liable. Both should advise Irish Water of change of status to the property – the tenant to cease liability, the landlord to take it up. Either party may take a reading and provide it to Irish Water, alternatively Irish Water will bill on average consumption, based on the date of change.

    (tags: irish-water water ireland liability bills landlords tenancy rental)

Categories: FLOSS Project Planets

Bryan Pendleton: He had me at "the Largest Ship in the World"

Planet Apache - Thu, 2014-10-16 19:00

Don't miss Alastair Philip Wiper's photo-journalism essay about the building of the new Maersk Triple-E container vessels: Building the Largest Ship In the World, South Korea

The Daewoo Shipbuilding and Marine Engineering (DSME) shipyard in South Korea is the second largest shipbuilder in the world and one of the “Big Three” shipyards of South Korea, along with the Hyundai and Samsung shipyards. The shipyard, about an hour from Busan in the south of the country, employs about 46,000 people, and could reasonably be described as the worlds biggest Legoland. Smiling workers cycle around the huge shipyard as massive, abstractly over proportioned chunks of ships are craned around and set into place: the Triple E is just one small part of the output of the shipyard, as around 100 other vessels including oil rigs are in various stages of completion at the any time.
Categories: FLOSS Project Planets

KDE Gardening Team: K3b

Planet KDE - Thu, 2014-10-16 18:20

As mentioned on other KDE Gardening Team bugs we are focusing on getting K3b 2.0.3 release out.

The release will be on 4th November if all goes to plan.

Also we are going through the bugs doing two things:

  • Checking if it still happens and asking people to give more info if needed
For bugs that are easy enough to reproduce (i.e. they do not involve having 13 CD burners or writing 50GB of data to a BlueRay disc) we are trying to reproduce them and if we can't ask the reporter for more information while setting the bug status to NEEDSINFO+WAITINGFORINFO

  • Classifying it regarding it's gardening potential
For bugs that we can reproduce or we think they have enough information we are classifying them in three groups using the gardening flag in bugzilla "+" for crashes that are really critical to be fixed before the release[1], "?" for bugs that seem to be relatively easy and someone could pick up and fix if has time but are not a problem if not fixed, and "-" for bugs that are out of the scope of the gardening initiative. Being out of scope of the gardening initiative doesn't mean the bug is more or less valid, it just means that it is not for the gardeners or not very involved people to fix this bug and requires people with more commitment.

You can visit https://community.kde.org/Gardening/K3b for the relevant bugzilla links.

[1] This should be a mostly empty list since we already have 2.0.2 out and doesn't make sense to delay 2.0.3 until a bug is fixed given 2.0.3 will be already better than 2.0.2
Categories: FLOSS Project Planets

freedink @ Savannah: New FreeDink DFArc frontend 3.12 release

GNU Planet! - Thu, 2014-10-16 17:54

Here's a new release of DFArc, a frontend to run the GNU FreeDink game and manage its numerous add-on adventures or D-Mods :)
http://ftp.gnu.org/pub/gnu/freedink/dfarc-3.12.tar.gz

- DFArc now launches Dink and Dinkedit asynchronously, so you can run the editor even when the game is running.

- Improve extract & package performance.

- Fix infrequent off-by-1-pixel bug in logo animation.

- New Serbian, Catalan, Turkish, Esperanto, Brazilian Portuguese and Hungarian translations, as well as translations updates.

- Upgrade to wxWidgets 3.0.

About GNU FreeDink:

Dink Smallwood is an adventure/role-playing game, similar to Zelda, made by RTsoft. Besides twisted humor, it includes the actual game editor, allowing players to create hundreds of new adventures called Dink Modules or D-Mods for short.

GNU FreeDink is a new and portable version of the game engine, which runs the original game as well as its D-Mods, with close
compatibility, under multiple platforms.

DFArc is an integrated frontend, .dmod installer and .dmod archiver for the Dink Smallwood game engine.

Categories: FLOSS Project Planets

Get Pantheon Blog: What We Are Seeing With Drupal SA 2014-005

Planet Drupal - Thu, 2014-10-16 17:41

It's been 24 hours since Drupal SA-CORE-2014-005 was announced, and we are already beginning to see attacks in the wild. As a platform with 10s of 1000s of Drupal sites, we have a unique perspective on the problem.

This is not a drill: black-hat scripters from sketchy domains are working through lists of known Drupal websites probing for exploits. If you have not patched all your sites, stop reading and do it right now.

...

Ok, now that your websites are safe, here's what we're seeing.

Profiling and Logging Suspected Exploits

We learned of the vulnerability through our participation with the Drupal Security team, so we had a few days to prepare prior to the announcement. At that point, we were under obligation not to share details as part of responsible disclosure, but we did tweet and email customers to "be ready" for the update on Wednesday.

Beyond that, the first step was fashioning our own exploit to have something to build a defense against. I "owned" my personal blog several times getting this right.

With a sense of a potential attack signature, we developed platform-wide request filtering, WAF style. At our scale, we couldn't try to tweak every individual site: a platform solution was the only answer.

We got that deployed on Monday, giving us two days to see the results of real production traffic. We were able to eliminate false-positives while still detecting our PoC attacks, which gave us confidence that our filter would not impact legitimate traffic. That was an important moment, because it meant we could start locking things down.

Log and Block

With the SA announcement on Wednesday we switched the filter from "log" to "log and block". The first detected (and blocked) attack came in at 22:42 UTC (3:42 PM PT), about seven hours after the security announcement. It attempted to set up a fake user with id 9999 and a suspicious temp email address from trbvm.com.

Over the rest of the day we saw a handfull (20-ish) more attacks that looked like proof of concepts or penetration tests. We saw attempts to re-use a proof of concept posted in a Reddit thread, an attempt to create a user named "morpheus" with a pre-set password, and a few attempts to make accounts with the email address test@test.com and then elevate them to an admin role.

It Gets Real

Early this morning at 08:23 UTC (1:23 AM PT) we started seeing an attack that attempts to insert a new item into the menu_router table. This attack is originating from IPs from a VPS provider in the .ru domain space, and it appears to be working through a list of domain names alphabetically.

The attack seems to be the initial part of a multi-step process. The menu_callback it is attempting to create will try to use file_put_contents() to drop a file somewhere in the codebase. That file will pick up a subsequent http request with more of an attack payload in the $_COOKIE superglobal. This sophistication plus the alphabetical attack sequence suggests a professional exploit.

Note that this attack has a 0% chance of success on Pantheon. We block it, but even if we didn't live sites can't write files into the codebase, and a sophisticated $_COOKIE attack would also be stripped. Still, it's concerning.

This Is Not A Drill

It's barely 24 hours after the SA, and we have logged and blocked over 500 attempted attacks on sites on the Pantheon platform. We expect this rate to increase as exploit code is more widely shared and attacks become more automated.

The fact that we are blocking suspect traffic does not mean you delay updating. We're happy to be defending sites on our Platform, but the filter, like CloudFlare's WAF firewall rule is not a guarantee to secure your site. You need to get the update deployed and patch the vulnerability at the source.

If you need help, let us know. If you have friends who need help, lend a hand.

Credits

Credit to the Drupal Security team for organizing a responsible and orderly release. There was likely temptation to rush something out once the severity was realized, but they showed great professionalism by taking a more deliberate route. As soon as the fix was disclosed, black-hats would start working to weaponize the exploit, which we are already seeing.

I'd also like to thank Leonardo Finetti for chiming in based on some tweets with additional information about the menu_router attack. He has his own post up (in Italian) here.

Finally, I'd like to give credit to Greg "greggles" Knaddison for planting the idea in my head of using the reach of our platform as a way to monitor exploit attempts against sites running on Pantheon. Hopefully the data we're able to gather will help everyone defend better and build more secure software and platforms.

Blog Categories: Engineering
Categories: FLOSS Project Planets

FSF News: Matthew Garrett joins Free Software Foundation board of directors

GNU Planet! - Thu, 2014-10-16 17:39

He becomes the eighth director on the FSF's board. The full list of their names and biographies can be found at http://www.fsf.org/about/staff-and-board.

"Matthew Garrett is a truly committed defender of users' freedom. The FSF is fortunate to have him on the board of directors," said FSF president Richard M. Stallman.

A developer specializing in the interactions between operating system kernels, platform firmware and system security, much of Garrett's work has focused on mechanisms for avoiding the oft-suggested tradeoff between user security and user freedom, ensuring that users have ultimate control over which software their devices will and will not run.

FSF executive director John Sullivan said, "Matthew has generously donated his time and expertise to advise the FSF on many issues in recent years, especially Restricted Boot and other disconcerting trends at the intersection of hardware and proprietary software distribution. His willingness to increase his involvement in FSF technical and policy leadership is fantastic news for our members and supporters."

Earlier this year, Garrett won the Free Software Foundation Award for the Advancement of Free Software. He holds a PhD in genetics from the University of Cambridge, and presents frequently around the world on the topic of free software in wider society.

On accepting the invitation to join the board, Garrett said, "It's been almost thirty years since the Free Software Foundation was founded, and in that time free software has become an indispensable part of computer use everywhere, creating an entire new generation of users and developers for whom free software has always been ubiquitous. Unfortunately, the number of threats to user freedom has also increased over that time. The FSF continues to campaign against attempts to restrict the rights of users and developers to be in ultimate control of the software that they use and the devices that they own, and I'm proud to be able to be a part of that."

About the Free Software Foundation

The Free Software Foundation, founded in 1985, is dedicated to promoting computer users' right to use, study, copy, modify, and redistribute computer programs. The FSF promotes the development and use of free (as in freedom) software -- particularly the GNU operating system and its GNU/Linux variants -- and free documentation for free software. The FSF also helps to spread awareness of the ethical and political issues of freedom in the use of software, and its Web sites, located at fsf.org and gnu.org, are an important source of information about GNU/Linux. Donations to support the FSF's work can be made at https://donate.fsf.org. Its headquarters are in Boston, MA, USA.

More information about the FSF, as well as important information for journalists and publishers, is at https://www.fsf.org/press.

Media Contacts

John Sullivan
Executive Director
Free Software Foundation
+1 (617) 542 5942
campaigns@fsf.org

The above image is licensed under Creative Commons Attribution-ShareAlike 2.0 by nekonoir on Flickr.

Categories: FLOSS Project Planets

Acquia: Shields Up!

Planet Drupal - Thu, 2014-10-16 17:32

Yesterday, the Drupal Security team announced that all Drupal 7 sites are highly vulnerable to attack. Acquia deployed a platform-wide "shield" which protects all our customer sites, while still keeping them 100% functional for visitors and content editors. These sites can now upgrade to 7.32 in a more calm, controlled timeline.

Categories: FLOSS Project Planets

Ioan Eugen Stan: Modular REST applications with Karaf features for OSGi Jax-RS Connector

Planet Apache - Thu, 2014-10-16 17:03
The purpose of this article is to let you know how easy  it is to develop modular REST (JAX-RS) applications on OSGi, particularly Apache Karaf.

For some time I'm working on improving the way I deliver applications. My focus is on quality, ease of understanding and speed of delivery. My framework of choice for some time is the OSGi platform (mostly used on top of Karaf, but I'm getting bolder - going for bare-bone, native containers). 

Regarding web applications I admit I don't like sessions and I am strongly inclined to develop stateless applications. Since I like standards and the benefits they provide, my choice for a web framework has narrowed down to JAX-RS for which there are a few implementations. 

I came across a project called osgi-jax-rs-connector who's aim is to simplify web application  development using JAX-RS on OSGi. The way it works is you write your JAX-RS annotated resources and you publish them in the registry. Once there, the JAX-RS Publisher from osgi-jax-rs-connector will find them, take notice of the annotation and publish them.  That's it.

In the project README on github, you will find links to articles detailing the whole process.

All i did was to  add a features file for Apache Karaf so you can try it out easily. I've made a pull request with my code to make it part of the original code base and hopefully it will soon. 

I'll reproduce the steps below. You start by building the project and installing the features in Apache Karaf:

feature:repo-add mvn:com.eclipsesource.jaxrs/features/0.0.1-SNAPSHOT/xml/features
feature:install scr http
feature:install jax-rs-connector jax-rs-provider-moxy
install mvn:com.eclipsesource.jaxrs/jax-rs-sample/0.0.1-SNAPSHOTAfter this just go to: http://localhost:8181/sercices/greeting 

You can check the whole project on my github account in the mean time: step by step .

There are other solution out there for publishing JAX-RS resources using OSGi HttpService. Another interesting approach is Neil Bartlett's JAX-RS OSGi extender . The main advantage (in my opinion) of using the approach taken by Connector is the fact that you publish objects instead of the extender building them for you. This means that I am free to choose the way I build my object and I also have the opportunity to inject dependencies in it before I publish it  - hello CDI. I can build my objects using CDI via pax-cdi or with declarative services (as you can see in my sample code) and I am free to inject stuff in it before I expose it for registration with HttpService. That is a pretty powerful thing. I hope to show you how this is done soon. 

   
 
Categories: FLOSS Project Planets

Mike C. Fletcher: Save/Restore for Django "Embedded" Apps

Planet Python - Thu, 2014-10-16 16:22

So we have a lot of Django-based code where we'd like the user to be able to download a (subset of) the Django database as a "config file", then upload that "config file" to some number of other machines (or the original one), potentially long after the database has been migrated. I've got the skeleton of that working, I record all of the current migrations in the data-file, I play the migrations forward to that point, then attempt to insert the records, then continue migrating. That almost works, but inserting the stored records fails, as the standard "loaddata" command is trying to use Django's live models, rather than South's migration models.

There's a snippet for getting a particular South data migration to use the South models, but for this I want any release of the product to be able to store/restore, not just particular releases. It seems it should be possible to do a horrific hack where I temporarily set settings.SOUTH_MIGRATION_MODULES for all supported apps to point to a package where I have a migration that imports the current migration for the app and produces a data-migration that's just that migration with the forwards/backwards methods overridden and then uses the code in the snippet to force use of that while doing the loaddata... and then I suppose I need to clean out the DB of that migration... which all seems to be getting a bit Byzantine.

So, anyone got a clean implementation, or should I wend my Byzantine way?

Update: don't have time to look any further today, but after tracing through the South machinery it looks like I could just create the Migration sub-class, patch the model importing, and run .forwards() directly... have to try that tomorrow.

Categories: FLOSS Project Planets

FSF Blogs: SSL, POODLE, and you

GNU Planet! - Thu, 2014-10-16 15:15

The flaw, which only affects the SSL 3.0 protocol, makes traffic vulnerable to man-in-the-middle attacks. We have dropped support for SSL 3.0 on fsf.org and gnu.org until a fix is released.

SSL 3.0 is nearly two decades old so most users will not be impacted by this change as we will continue to support modern encryption protocols. Older Web browsers without support for TLS 1.0 or later may have trouble connecting to our websites using a secure http connection (https).

A summary of CVE-2014-3566 can be found on the National Vulnerability Database.

The OpenSSL project has also produced a technical report(PDF) on the vulnerability.

Categories: FLOSS Project Planets

SSL, POODLE, and you

FSF Blogs - Thu, 2014-10-16 15:15

The flaw, which only affects the SSL 3.0 protocol, makes traffic vulnerable to man-in-the-middle attacks. We have dropped support for SSL 3.0 on fsf.org and gnu.org until a fix is released.

SSL 3.0 is nearly two decades old so most users will not be impacted by this change as we will continue to support modern encryption protocols. Older Web browsers without support for TLS 1.0 or later may have trouble connecting to our websites using a secure http connection (https).

A summary of CVE-2014-3566 can be found on the National Vulnerability Database.

The OpenSSL project has also produced a technical report(PDF) on the vulnerability.

Categories: FLOSS Project Planets

Calvin Spealman: I Want to Write More Often

Planet Python - Thu, 2014-10-16 14:59
I want to write more often. I’ve been writing more lately and I hope to continue that, and I think expressing why this is important to me is valuable so here is that post.
I want to explore my thoughts more concretely and have a record of how I came to my stands on the positions I believe in, and I want to keep track of the ideas for stories I have. Rather than have some bothering me constantly, I want to feel safe that I can forget things.
Writing ideas can also get them out of your mind. The act of writing about it can often free your mind from the burden of so many thoughts. You can be more confident in an idea, or let it go out of your mind now that you’ve written it somewhere safe and permanent.
I like the idea of turning my thoughts into essays. A thought is ill-defined. A thought is hard to grasp, even inside your own head. Thoughts are connections between so many points in your mind, but a well written essay is a single coherent position. It is a statement at a time and place that expresses a piece of yourself succinctly and I really appreciate that about writing.
Writing makes creative endeavours more accessible and helps keep my brain active and healthy. This practice of expressing thoughts in writing also gives you the practice in patterns of thinking that are better structured. The more of your thoughts find their way onto paper (literally or virtually) the easier they’ll come because your mind will learn to organize them better.
I’ve begun the practice of Morning Pages again after years of allowing the habit to lapse.
Morning Pages are three pages of longhand, stream of consciousness writing done first thing in the morning. *There is no wrong way to do Morning Pages*– they are not high art. They are not even “writing.” They are about anything and everything that crosses your mind– and they are for your eyes only. Morning Pages provoke, clarify, comfort, cajole, prioritize and synchronize the day at hand. Do not over-think Morning Pages: just put three pages of anything on the page…and then do three more pages tomorrow.
I use a version of morning pages called 750words.com which is a fantastic tool that helps you write every day by tracking your words (750 words is roughly three pages) and each month provides a challenge to fill every day with these words.
It has helped a lot. I start every day writing between 750 and 1000 words with as little pausing as I can. In this time I get lots of stressful and worried thoughts out of my mind, or get a chance to think harder about them and settle on decisions that have been bothering me. I begin each day by clearing from my head many of the distractions that would keep me from the things I enjoy and the things I need to focus on.
My work and my happiness have both improved as a result, I believe. I find myself focusing on work easier and I find myself able to enjoy my relaxing and hobby times, as well.
What is most interesting, perhaps, is how much more I have written in this same time. On top of writing every morning, I find myself feeling drawn every day to sit down and write even more and I do. I’ve written, roughly, 20,000 words in the last two weeks. And other creative interests have become easier, as well. I’ve been drawing and (digitally) painting more for the first time in years, and I cannot express how happy that makes me.

I hope that I do not let up on these changes any time soon.
Categories: FLOSS Project Planets

Acquia: 30 Awesome Drupal 8 API Functions you Should Already Know - Fredric Mitchell

Planet Drupal - Thu, 2014-10-16 14:49

Apart from presenting a terrific session that will help you wrap your head around developing for Drupal 8, Fredric and I had a great conversation that covered the use of Drupal and open source in government, government decision-making versus corporate decision-making, designing Drupal 7 sites with Drupal 8 in mind, designing sites for the end users and where the maximum business value comes from in your organization, and more!

Categories: FLOSS Project Planets

Calvin Spealman: Top Articles

Planet Python - Thu, 2014-10-16 14:12
Along the side of my blog, for many years. I've had a section called "Top Articles". I don't remember when I put it there, but I know that it included all of the most popular posts I had written at the time and I wanted to make them more prominent. They were obviously popular topics people wanted to find. These were the things I was writing about that people found most interesting or useful.I haven't thought a lot about this list for a few years, until I just noticed it today. Top Articles is a time capsule. This was a snapshot of my interests and knowledge from a previous version of myself. It doesn't reflect me as well today. I'm equally interested in the things that no longer worth keeping on that list as I am of the things that are still very important to me.
I'll make a point to clean things up around here. What was on that list so long ago?
Of no surprise, I had a number of posts about Python which still draw a lot of new readers to this day.
And at that time I was spending a lot of time helping people on programming forums, especially IRC. I tried to help explain how people can better reach out for the help they need.

I was also starting to focus a little more broadly on how people learn to code and what we can do better.


I was starting to write less about programming itself and more about managing the world of building projects. My focus was also starting to broaden from just syntax and code to what we're delivering to the user and what they're going to do with it. Signs of the holistic approach to building software that I try to take these days already forming so long ago.

This blog was started in January of 2007. That's over seven and a half years ago, nearly as old as my son, who is a third grader. I'm sure the focus and breadth of my writing has changed since then, as have my opinions and focus. I'm sure over the next seven years they'll continue to do so, and I hope over that time I'll continue to write about it all.
Categories: FLOSS Project Planets

Bits from Debian: Help empower the Debian Outreach Program for Women

Planet Debian - Thu, 2014-10-16 13:30

Debian is thrilled to participate in the 9th round of the GNOME FOSS Outreach Program. While OPW is similar to Google Summer of Code it has a winter session in addition to a summer session and is open to non-students.

Back at DebConf 14 several of us decided to volunteer because we want to increase diversity in Debian. Shortly thereafter the DPL announced Debian's participation in OPW 2014.

We have reached out to several corporate sponsors and are thrilled that so far Intel has agreed to fund an intern slot (in addition to the slot offered by the DPL)! While that makes two funded slots we have a third sponsor that has offered a challenge match: for each dollar donated by an individual to Debian the sponsor will donate another dollar for Debian OPW.

This is where we need your help! If we can raise $3,125 by October 22 that means we can mentor a third intern ($6,250). Please spread the word and donate today if you can at: http://debian.ch/opw2014/

If you'd like to participate as intern, the application deadline is the same (October 22nd). You can find out more on the Debian Wiki.

Categories: FLOSS Project Planets

PyCon: Posters due November 1, Early Bird tickets 50% sold

Planet Python - Thu, 2014-10-16 11:49
We're coming up on the end of our call for poster proposals! After the sugar rush of Halloween on October 31 (you all eat the candy right away, right?), poster proposals are due as long as it's November 1 somewhere in the world.

Since their start in Atlanta, the poster session has grown to be a key part of the conference, and we look forward to another successful run in 2015. If you ask me, the poster session is one of the best parts of PyCon. I presented a poster on two PSF initiatives (sprints and outreach) back in 2012 and had a great time sharing those committees, talking with people about what they were doing, how they could get involved, and a lot more. It was a great medium to make that presentation because it took attendees from being passive participants to active in the direction of what we talked about every few minutes.

For more information on the poster session, see our Call for Proposals!

Registration

Early bird ticket sales are just over 50% sold out! If you buy early you can save up to 25%, and we recommend you buy earlier than later because we're expecting our fourth consecutive sell out. Buy your tickets today at https://us.pycon.org/2015/registration/
Categories: FLOSS Project Planets
Syndicate content