FLOSS Project Planets

Rhonda D'Vine: Salut Salon

Planet Debian - Tue, 2015-11-24 03:26

I don't really remember where or how I stumbled upon this four women so I'm sorry that I can't give credit where credit is due, and I even do believe that I started writing a blog entry about them already somewhere. Anyway, I want to present you today Salut Salon. They might play classic instruments, but not in a classic way. But see and hear yourself:

  • Wettstreit zu viert: This is the first that I stumbled upon that did catch my attention. Lovely interpretation of classic tunes and sweet mixup.
  • Ievan Polkka: I love the catchy tune—and their interpretation of the song.
  • We'll Meet Again: While the history of the song might not be so laughable the giggling of them is just contagious. :)

So like always, enjoy!

/music | permanent link | Comments: 1 | Flattr this

Categories: FLOSS Project Planets

Michal Čihař: Wammu 0.40

Planet Debian - Tue, 2015-11-24 03:09

Yesterday, Wammu 0.40 has been released.

The list of changes is not really huge:

  • Correctly escape XML output.
  • Make error message selectable.
  • Fixed spurious D-Bus error message.
  • Translation updates.

I will not make any promises for future releases (if there will be any) as the tool is not really in active development.

Filed under: English Gammu Wammu | 0 comments

Categories: FLOSS Project Planets

S. Lott: Navigation: Latitude, Longitude, Haversine, and all that

Planet Python - Tue, 2015-11-24 03:00
For a few years, I was a tech nomad. See Team Red Cruising for some stories of life on a sailboat. Warning: it's pretty dull.

As a tech nomad, I lived and died (literally) by my ability to navigate. Modern GPS devices make the dying part relatively unlikely. So, let's not oversell the danger aspect of this.

The prudent mariner plans a long voyage with a great deal of respect for the many things which can go wrong. One aspect of this is to create a "Float Plan". Read more about it here: http://floatplancentral.cgaux.org.

The idea is to create a summary of the voyage, provide that summary to trusted shore crew, and then check in periodically so that the shore crew can confirm that you're making progress safely. Failure to check in is an indicator of a problem, and action needs to be taken. We use a SPOT Messenger to check in at noon (and sometimes at waypoints.)

Creating a float plan involved an extract of the waypoints from our navigation software (GPS NavX). I would enrich the list of waypoints with estimated travel time between the points.  Folding in a departure time would lead to a schedule that could be tracked. I also include some navigation hints in the form of a bearing between waypoints so we know which way to steer to find the next point.

The travel time is the distance (in  nautical miles) coupled with an assumption about speed (5 knots.) It's a really simple thing. But the core haversine calculation is not a first-class part of any spreadsheet app. Because of the degrees-to-radians conversions required, and the common practice of annotating degrees with a lot of internal punctuation (38°54ʹ57″ 077°13ʹ36″), it becomes right awkward to simply implement this as a spreadsheet.

Some clever software has a good planning mode. The chartplotter on the boat can do a respectable job of estimating time between waypoints. But. It's not connected to a computer or the internet. So we can't upload that information in the form of a float plan. The idea of copying the data from the chart plotter to a spreadsheet is fraught with errors.
NavtoolsEnter navtools. This is a library that I use to transform a route into a .csv with distances and bearings that I can use to create a useful float plan. I can add an estimated arrival time calculation so that a change to departure time creates the entire check-in schedule.

This isn't a sophisticated GUI app. It's just enough software to transform a GPS NavX extract file into a more useful form. The GUI was a spreadsheet (i.e., Numbers.) From this we created a PDF with the details.

Practically, we don't have good connectivity on the boat.  So we would create a number of alternative plans ("leave tomorrow", "leave the day after", "leave next Monday", etc.) we would go ashore, find a coffee shop, and email the various plans to ourselves. They could sit in our inbox, waiting for weather and tide to be favorable.

Then, when the weather and tides were finally aligned, we could forward the relevant details to our trusted shore crew. This was a quick spurt of cell phone connectivity to forward an email. It worked out well. When the scheduled departure time arrived, we'd coax Mr. Lehman to life, raise the anchor and away.
Literate ProgrammingThis is an exercise in literate programming. The code that's executed and the HTML documentation are both derived from source ReStructured Text (RST) documents. The documentation for the navigation module includes the math along with the code that implements the math.

I have to say that I'm enthralled with the intimate connection between requirements, design, and implementation that literate programming embodies.

I'm excited to (finally) publish the thing to GitHub. See https://github.com/slott56/navtools.  I'm looking at some other projects that require the navtools module. What I wind up doing is copying and pasting the navigation calculation module into other projects. I had something like three separate copies on my laptop. It was time to fold all of the features together, delete the clones, and focus on one authoritative copy going forward.

I still have to remove some crufty old code. One step at a time. First, get all the tests to pass. Then expunge the old code. Then make progress on the other projects that leverage the navtools.navigation module.
Categories: FLOSS Project Planets

Talk Python to Me: #35 Turbogears and the future of Python web frameworks

Planet Python - Tue, 2015-11-24 03:00
Do you have a new web project coming up? Are you thinking of choosing Django or maybe Flask? Those are excellent frameworks, but you might also want to check out TurboGears.<more></more> It was created and released around the same time as Django. It lets you starts your project as a microframework (like Flask) and yet can scale up to a fullstack solution (like Django). It also has built-in support both relational DBs (via SQLAlchemy) and MongoDB. This week Alessandro Molina is here to tell us all about TurboGears! Links from the show: <div style="font-size: .85em;"> <b>TurboGears</b>: <a href='http://turbogears.org/' target='_blank'>turbogears.org</a> <b>TurboGears presentations</b>: <a href='http://turbogears.org/welcome/presentations.html' target='_blank'>turbogears.org/welcome/presentations.htm</a> <b>TurboGears on Github</b>: <a href='https://github.com/TurboGears/tg2' target='_blank'>github.com/TurboGears/tg2</a> <b>Kajiki Templates</b>: <a href='http://pythonhosted.org/Kajiki/index.html' target='_blank'>pythonhosted.org/Kajiki</a> <b>Depot Library</b>: <a href='http://depot.readthedocs.org/en/latest/' target='_blank'>depot.readthedocs.org</a> <b>DukPy</b>: <a href='https://github.com/amol-/dukpy' target='_blank'>github.com/amol-/dukpy</a> <b>WebAssets</b>: <a href='https://webassets.readthedocs.org/en/latest/' target='_blank'>webassets.readthedocs.org</a> <b>TurboGears documentation on Genshi</b>: <a href='http://turbogears.readthedocs.org/en/latest/turbogears/genshi-xml-templates.html' target='_blank'>turbogears.readthedocs.org/en/latest/turbogears/genshi-xml-templates.html</a> <b>Ming (MongoDB in TurboGears basis)</b>: <a href='http://ming.readthedocs.org/en/latest/' target='_blank'>ming.readthedocs.org</a> <b>TurboGears micro-framework mode</b>: <a href='http://blog.axant.it/archives/545' target='_blank'>blog.axant.it/archives/545</a> <b>A WebAssets filter that compiles ES6 to ES5 using DukPy and BabelJS</b>: <a href='https://gist.github.com/amol-/25bd86dfc630bf43aab2' target='_blank'>gist.github.com/amol-/25bd86dfc630bf43aab2</a> <b>Recent Python WebSIG thread on evolving WSGI for HTTP2 and asyncio</b>: <a href='https://mail.python.org/pipermail/web-sig/2014-October/005340.html' target='_blank'>mail.python.org/pipermail/web-sig/2014-October/005340.html</a> <b>Master-Slave DB support in TurboGears</b>: <a href='http://turbogears.readthedocs.org/en/latest/cookbook/master-slave.html' target='_blank'>turbogears.readthedocs.org/en/latest/cookbook/master-slave.html</a> <b>The project Alessandro mentioned during the episode that has been created in less than 1 hour starting as a single file and scaling up</b>: <a href='http://previewstrap.axantlabs.com/' target='_blank'>previewstrap.axantlabs.com</a> </div>
Categories: FLOSS Project Planets

"Menno's Musings": IMAPClient 1.0.0

Planet Python - Mon, 2015-11-23 23:45

IMAPClient 1.0.0 is finally here! This is a monster release, bursting with new features and fixes.

Here's the highlights:

Enhanced TLS support: The way that IMAPClient establishes TLS connections has been completely reworked. By default, IMAPClient will attempt certificate verification and certificate hostname checking, and will not use known-insecure TLS settings and protocols. In addition, TLS parameters are now highly configurable.

This change necessitates that backwards compatibility has been broken, and also means that IMAPClient has a bunch of new dependencies. Please see the earlier blog article about the TLS changes as well as the release notes for more information.

STARTTLS support: When the server supports it, IMAPClient can now establish an encrypted connection after initially starting with an unencrypted connection using the STARTTLS command. The starttls method takes an SSL context object for controlling the parameters of the TLS negotiation.

Many thanks to Chris Arndt for his extensive initial work on this.

Robust search criteria handling: IMAPClient's methods that accept search criteria have been changed to provide take criteria in a more straightforward and robust way. In addition, the way the charset argument interacts with search criteria has been improved. These changes make it easier to pass search criteria and have them handled correctly.

Unfortunately these changes also mean that small changes may be required to existing code that uses IMAPClient. Please see the earlier blog article about the search changes as well as the release notes for more information.

Socket timeout support: IMAPClient now accepts a timeout at creation time. The timeout applies while establishing the connection and for all operations on the socket connected to the IMAP server.

Semantic versioning: In order to better indicate version compatibility to IMAPClient's users, the project will now strictly adhere to the Semantic Versioning scheme.

Performance optimisation for parsing message id lists: A short circuit is now used when parsing a list of message ids which greatly speeds up parsing time.

Installation via wheels: In addition to .zip and .tar.gz files, IMAPClient releases are now also available as universal wheels.

There have also been many other smaller fixes and improvements. See the release notes and manual for more details.

IMAPClient can be installed from PyPI (pip install imapclient) or downloaded via IMAPClient site.

This release couldn't have been possible with the amazing support of Nylas. If you're developing software that needs to deal with email, save yourself a whole lot of pain and check out their email platform. If you're after a modern, extensible, cross-platform email client check out N1.

Categories: FLOSS Project Planets

Pantheon Blog: Explicit Drupal: Clear Intentions in Drupal 8!

Planet Drupal - Mon, 2015-11-23 22:36
Much of the conversation in the Drupal 8 development cycle has focused on “NIH vs. PIE.” In Drupal 8 we have replaced a fear of anything “Not-Invented-Here” with an embrace of tools that were “Proudly-Invented Elsewhere.” In practice, this switch means removing “drupalisms,” sections of code created for Drupal that are understood only by (some) Drupal developers. In their place, we have added external libraries or conventions used by a much wider group of people.
Categories: FLOSS Project Planets

OSTraining: Put Drupal Sites in Maintenance Mode Manually

Planet Drupal - Mon, 2015-11-23 22:14

Drupal allows to set a website offline with a few clicks via the admin interfacte.

However, we've seen situatuons where the admin interface becomes unavailable, often via a white screen of death.

In this tutorial, I'm going to show you a manual way to force your Drupal 7 site in maintenance mode.

Categories: FLOSS Project Planets

Django Weblog: Introducing the DSF&amp;#39;s Director of Advancement

Planet Python - Mon, 2015-11-23 20:32

In January of this year, the DSF ran a fundraising campaign with the intention of funding the DSF Fellowship. This fundraising drive enabled us to fund the Fellow for almost all of 2015.

However, since that initial fundraising drive, our fundraising efforts have not been as successful. If the DSF Fellowship is to continue, we're going to need to raise more money very soon.

What has become clear over this year is that it takes a lot of dedicated time and effort to execute a successful fundraising campaign. It's a job that requires persistence, regular follow-ups, and a specific set of people skills - things that are difficult for a community to provide on a volunteer basis. Given the importance of the DSF Fellowship to the long term maintenance of Django, we've decided to seek some professional help to raise the next round of funds for the DSF.

Adrienne Lowe is an organiser of PyLadies ATL and DjangoGirls ATL; she has also spoken at DjangoCon Europe, and maintains the DjangoGirls Your Django Story project. As well as being a notable contributor to the Django ecosystem, she's also a professionally trained chef (and baker of extremely delicious cookies).

In a past life, Adrienne directed fundraising efforts for a US university. Given her interest in the Django community, and her experience as a fundraiser, Adrienne has taken up a paid, part-time position as the Director of Advancement (that's a fancy word used for fundraising by philanthropic types).

The Director of Advancement position will run in much the same way as the Fellowship pilot program. We'll try this for three months to see if it works; if it does, the DSF will commit to funding the position full time.

So - if you're involved with the Django community, you can expect to be hearing from Adrienne in the near future as she comes knocking looking for donations of the DSF. If you've got any hot tips for people or companies to contact, please get in touch

Categories: FLOSS Project Planets

Greater Los Angeles Drupal (GLAD): GLADCamp 2016 is at SCALE 14x on January 21, 2016!

Planet Drupal - Mon, 2015-11-23 17:43

Greater Los Angeles Drupal Camp (GLADCamp) is a full day of Drupal on January 21st, 2016, at the Pasadena Convention Center in Pasadena, California.

We've partnered with SCALE 14x, the 14th annual Southern California Linux Expo, and are planning an all-day event that's packed with activities, including presentations and sessions.

GLADCamp has a focus on "Drupal for good" and civic engagement. We're still looking for a partner venue where we can feature either a non-profit summit or a Coder's with a Cause "barn raising" to benefit a local 501c3 non-profit, but for now we're ready to announce GLADCamp on January 21st, 2016.

Are you looking forward to warmer weather? Join us at GLADCamp, the sunniest DrupalCamp of the season!

We'll be announcing our call for presentations in the next couple of days.

Stay tuned to this event announcement, the GLADCamp.org website and @GLADCamp on Twitter for upcoming news and announcements.

Register for GLADCamp 2016

To register for GLADCamp 2016, you must register for SCALE. See the SCALE website for more information or register now at https://reg.socallinuxexpo.org/reg6/  

Who should attend GLADCamp?
  • Anyone wanting to know more about how Drupal can help you solve your problems.
  • Anyone wanting to network with others using Drupal in your area, either geographically or in your industry.
  • Anyone wanting to grow their Drupal team, or be hired for Drupal work.
  • Anyone wanting to give back to the Drupal community. The power of Drupal is in the community so contributing back helps us all.
  • Anyone wanting to learn more about Drupal, past, present and the future.
  • Non-profits wanting to learn how to use Open Source and Drupal to amplify your efforts.
GLADCamp needs you!

We can't do it without your help. We need volunteers to help with the following activities:

  • Join the session selection committee! We need a team that accurately reflects our community and expected attendees;
  • Help with info/registration desk (2 hour shifts); answer questions, sign attendees in;
  • Be a timekeeper at sessions in order to keep our presentations on schedule;
  • Join our video team and help record sessions and assist presenters with screen recording software;
  • Design and print signs, posters and badges for GLADCamp; we can provide logo and brand guidelines;
  • Wrangling volunteers for day-of tasks;
  • Organize evening reception, including help finding a location near the Pasadena Convention Center;
  • Print designers: design and print common area signs, posters, badges;
  • GLADCamp set-up and breakdown!
Tags: Planet Drupal
Categories: FLOSS Project Planets

Bryan Pendleton: The Witcher 3 Hearts of Stone expansion: a very short review

Planet Apache - Mon, 2015-11-23 16:56

It's rather remarkable that I'm motivated enough to write a review of an expansion pack for a video game, but then again, The Witcher 3 is no ordinary video game, and the Hearts of Stone expansion is no ordinary expansion.

I don't spend anywhere near as much time playing video games as I once did; still, Steam's tracker will confirm that nearly all of my spare time over the last six weeks has been devoted to the enthralling Hearts of Stone adventure.

It's almost as though the base game were just giving the CD Projekt Red team a chance to warm up, and Hearts of Stone was the true expression of their craft. The characters are fascinating; the story is absorbing; the music and graphics and setting are just as beautiful as you've come to expect with this game.

It all starts with a good villain, and Hearts of Stone has a superb one: "Evil Incarnate," as one minor character informs us in a heart-wrenching recollection of how his life was destroyed by this creature.

This villain is one side of a Faustian pact-with-the-devil plot involving ruined aristocrat Olgierd von Everec, who, in a desperate attempt to recover from a youthful mistake and save his threatened marriage, makes a deal whose consequences he surely failed to anticipate.

"Beware of immortality," Olgierd tells us, "it's not all it's cracked up to be."

So what is in this expansion?

  • Miles and miles of new territory to wander and new locations to explore
  • A giant death-dealing frog in the sewers
  • An auction (bring a full wallet!)
  • A rune master from a foreign land
  • Shani, medic extraordinaire, with a complex story of her own
  • A bank robbery, in which you have to assemble a team and execute your plan
  • The full-and-detailed exploration of the life and affairs of the above-mentioned Olgierd von Everec, with long and crucial detours into the history of his wife Iris and his brother Vlodomir

And more, much much more.

My absolute favorite part, though, and probably the best-executed part of any video game I've ever played, is the stupendously wonderful wedding scene. Our hero (the witcher Geralt of Rivia) is rather a straight-laced sort who generally plays things quite close to the chest and doesn't let his guard down.

But as the story plays out, Geralt finds himself accompanying Shani to a friend's wedding.

However, Geralt has been "possessed" by the spirit of a rather carefree aristocrat, rather a rake in fact, who takes a completely different approach to attending this courtly event of high society, and the result is glorious! It's no lie to say that the events of the wedding found me laughing out loud at my computer, over and over again, as our hero finds himself (mis-)behaving in the most amusing ways.

It will be VERY hard to top Hearts of Stone, and somehow I think that, for some time to come, other games are going to seem drab and ordinary after playing The Witcher 3.

Happily, there is still next spring's Blood and Wine expansion to look forward to; what will those creative folk at CD Projekt Red think of next?

Categories: FLOSS Project Planets

DrupalCon News: The Druplicon Tours India

Planet Drupal - Mon, 2015-11-23 15:26

We couldn't be more excited to bring DrupalCon to India: it's a unique and colorful nation with many amazing cultures. Though the Con itself will be held in Mumbai, we strongly recommend that anyone traveling to India for DrupalCon take the time to tour some of the many fascinating regions of India.

How much does India have to offer? Our friends at Niswey illustrated the Druplicon on a tour of the country, experiencing four unique cultures that India has to offer. Here's the comic, and you can see more information on each frame below.

Categories: FLOSS Project Planets

Aleksander Morgado: Concurso Universitario de Software Libre 2015-2016

GNU Planet! - Mon, 2015-11-23 15:24

Long time no post!

A quick reminder for students (*) in Spain interested in participating in this year’s CUSL, the deadline for the project proposals has been extended until December 1st:


You’re still on time to submit a proposal!

* Universidad, bachiller, ciclos de grado medio…

Filed under: FreeDesktop Planet, GNOME Planet, GNU Planet, Meetings, Planets, Uncategorized
Categories: FLOSS Project Planets

Web Wash: Build a Blog in Drupal 8: Create and Manage Menus

Planet Drupal - Mon, 2015-11-23 15:22

A website's navigation plays an important part in how easy a site is to use. It's essential that you spend time fleshing out the overall IA (Information architecture) or you'll end up with a site that's hard to use and difficult to navigate through.

Previous versions of Drupal have always offered a simple interface for managing menus, and Drupal 8 is no exception.

In this tutorial, we'll continue building our site by adding in some menus. We'll create a custom menu which'll be used to display links to popular categories, then create an "About us" page and add a menu link to the footer.

Categories: FLOSS Project Planets

Riku Voipio: Using ser2net for serial access.

Planet Debian - Mon, 2015-11-23 14:55
Is your table a mess of wires? Do you have multiple devices connected via serial and can't remember which is /dev/ttyUSBX is connected to what board? Unless you are a embedded developer, you are unlikely to deal with serial much anymore - In that case you can just jump to the next post in your news feed. Introducting ser2netUsually people start with minicom for serial access. There are better tools - picocom, screen, etc. But to easily map multiple serial ports, use ser2net. Ser2net makes serial ports available over telnet. Persistent usb device names and ser2netTo remember which usb-serial adapter is connected to what, we use the /dev/serial tree created by udev, in /etc/ser2net.conf:
# arndale
7004:telnet:0:'/dev/serial/by-path/pci-0000:00:1d.0-usb-0:1.8.1:1.0-port0':115200 8DATABITS NONE 1STOPBIT
# cubox
7005:telnet:0:/dev/serial/by-id/usb-Prolific_Technology_Inc._USB-Serial_Controller_D-if00-port0:115200 8DATABITS NONE 1STOPBIT
# sonic-screwdriver
7006:telnet:0:/dev/serial/by-id/usb-FTDI_FT230X_96Boards_Console_DAZ0KA02-if00-port0:115200 8DATABITS NONE 1STOPBIT
The by-path syntax is needed, if you have many identical usb-to-serial adapters. In that case a Patch from BTS is needed to support quoting in serial path. Ser2net doesn't seems very actively maintained upstream - a sure sign that project is stagnant is a homepage still at sourceforge.net... This patch among other interesting features can be also be found in various ser2net forks in github. Setting easy to remember names Finally, unless you want to memorize the port numbers, set TCP port to name mappings in /etc/services:
# Local services
arndale 7004/tcp
cubox 7005/tcp
sonic-screwdriver 7006/tcp
Now finally: telnet localhost sonic-screwdriver ^Mandatory picture of serial port connection in action
Categories: FLOSS Project Planets

Axelerant Blog: How To Set Up Drupal RESTful Caching

Planet Drupal - Mon, 2015-11-23 14:00

The Drupal RESTful module has a multitude of caching options and sorting through them on your own for the first time can be slow. This article will help you get started with Drupal RESTful caching.

NOTE: RESTful 2.x module was recently released. This article focuses on the 1.x RESTful module version and the techniques mentioned below may not work if you are using any other release.

Your caching options can be controlled at various levels in code. Knowing which layer your application needs is just as important as knowing how to execute, but we’ll start off with how, we’ll move on to why later.

hbspt.cta.load(557351, '5ad743d7-d16e-4b64-bc0a-078bc790dea1'); Start with Drupal RESTful Caching

To start caching your endpoint, the initial configuration is setting render to TRUE in the plugin file under render_cache key.

RESTful skips caching your endpoint if this setting is FALSE, which is the default value. In addition to this, Drupal RESTful also ships with support for the entitycache module for entity based endpoints.

Here’s how a typical flow looks like for an endpoint:

function viewEntity($id) { $cached_data = $this->getRenderedCache($context); if(!empty($cached_data->data)) { return $cached_data->data; } // perform expensive stuff and construct payload $values = construct_payload(); $this->setRenderedCache($values, $context); return $values; }

$context is the entity context, like the bundle name, entity ID and any other metadata you might find to be relevant to constructing your cache key. In most cases, just the bundle name, entity type and ID would suffice. RESTful fills in other contextual data like endpoint name, GET parameters, etc. RESTful builds your cache keys in a crafty way so that it is easy to do CRUD operations in bulk. For instance, clearing all caches for the “articles” endpoint would be something like clear("articles::*").

Within the RESTful project, RestfulBase.php houses all the caching primitives, like getRenderedCache, setRenderedCache, clearRenderedCache and generateCacheId. The last function, generateCacheId, constructs the cache key based on the $context supplied to that endpoint.

Preventing Cache-Busting

It is also worth noting that Drupal RESTful caching allows you to override the key generation logic on a per-endpoint basis. This is especially useful when you want to build a custom cache key.

While working on Legacy.com, we had to build a cache key which is agnostic of specific GET parameters. By default, the generateCacheId builds a different key for the following endpoints:

  • articles/23?foo=123456
  • articles/23?foo=567898
  • articles/23?foo=986543

Though a different key for each of these calls makes sense in most cases, it is redundant in some cases. E.g. we return the same payload for all the above 3. To change this behavior, we ended up overriding generateCacheId.

The setRenderedCache, getRenderedCache, and clearRenderedCache operate upon the default cache controller, which can be specified in the plugin using the class key inside render_cache. This value defaults to DrupalDatabaseCache.

This default value can also be explicitly set to your favorite caching backend. In our case, we use the memcache module and set this value to MemCacheDrupal. Again, Drupal RESTful allows you to configure caching backends on a per-endpoint basis.

Managing Caching Bins

Cache backends have this concept of bins, which is an abstraction for similar data which can be grouped together. Examples from the Drupal core are cache_filter and cache_variable.

There is a bin setting for every endpoint in the plugin file, which is cache_restful unless we explicitly specify otherwise. It is advisable to store high traffic endpoints in exclusive bins.

There is an expire setting for each endpoint, which dictates the cache expiration for that endpoint. This defaults to CACHE_PERMANENT, which means that the entry will never be wiped off until it is explicitly selected for clearing.

The alternative is CACHE_TEMPORARY which indicates that it will removed in the next round of cache clearing.

These are the very same constants used in Drupal cache interface’s cache_* calls. There is a middle ground too, which isn’t documented. The expire value can be set in seconds. This is a deviation from Drupal’s convention of mentioning it as a timestamp.

Varying Caching by Role or User

Some endpoints need to be cached for each role, and some for each user. This granularity can be controlled by the granularity setting, which takes either DRUPAL_CACHE_PER_USER or DRUPAL_CACHE_PER_ROLE. This depends to some extent on your authentication mechanism too.

We wrote our own authentication mechanism and had a user created exclusively for the API and serving the endpoints. We gave this user an exclusive role and configured per-role caching for all the endpoints.

Here’s how the plugin configuration looks for one of our endpoints:

$plugin = array( 'label' => t(Recommended Videos'), 'resource' => recommended_videos', 'name' => recommended_videos__1_1', 'entity_type' => 'node', 'bundle' => video', 'description' => t('Get all recommended videos for a given article.'), 'class' => RecommendedVideosResource__1_1', 'authentication_types' => array( 'my_custom_token', ), 'minor_version' => 1, 'render_cache' => array( 'render' => TRUE, 'expire' => CACHE_TEMPORARY, 'granularity' => DRUPAL_CACHE_PER_ROLE, ), // custom settings 'video_sources' => array(youtube', 'vimeo'), ); The anatomy of a Cache key

A cache key using the default key generation logic looks like this:


The corresponding endpoint URL looks like this:


The first part is the API version, followed by the resource name, which is “recommended_videos”. The next part is either a “uu” or “ur” depending on whether it is user level or role level granularity. Next is the entity type (e.g. node) with a prefix “pa”. This is followed by the entity ID part, which is “ei:105486” in this case.

The last part is the truncated key-value list of GET params foo and bar. Each logical section is separated by a “::” so that it is easy to do a selective purge, as in wiping out all endpoints for v1.0 of the API would be a call to clear("v1.0::*").

Note that a GET for a collection of resources like latest comments results in a viewEntity for each item in the collection and as many cache entries. If you want a single cache entry for the whole collection, you have to custom build your payload and call setRenderedCache as shown in the initial endpoint workflow code snippet.

Other Considerations Be Diligent, Validate Cache Strategies Early

RESTful is designed as being very modular from the ground up and has a provision for controlling caching settings for every endpoint. Such a high level of control is both good and bad. Digging through an issue for hours because some settings for an endpoint are misconfigured isn’t fun for anyone. Unless the settings are clear and explicit, it makes issues hard to debug and sort out.

Be diligent and validate your caching strategy from the beginning.

Memcache Stampeding

Another thing to look out for is memcache stampeding. Memcache stampeding occurs when a missing key results in simultaneous fetches from the database server, resulting in a high load. Memcache is designed to prevent too many requests from piling up.

With our work with Legacy.com, we could mitigate the need for passing these requests to Memcache by properly managing our Varnish layer.  We will detail on how we fixed the stampeding issue and constructed a Drupal RESTful Caching strategy in a later post. Stay tuned!

Need help with Drupal RESTful Caching on your team? Learn More Drupal RESTful Caching Resources

The post How To Set Up Drupal RESTful Caching first appeared on Axelerant.

Categories: FLOSS Project Planets

Python Anywhere: Security advisory: please change your PythonAnywhere MySQL password

Planet Python - Mon, 2015-11-23 13:33

tl;dr: On 19 November we were notified of a security vulnerability on PythonAnywhere. It could not have been used to access files on your PythonAnywhere storage, including your code, nor was any personally identifiable data in our databases exposed. We also have no indication that it was ever exploited. It was fixed within two hours of notification. However, as a precautionary measure, we are recommending that if you use MySQL on PythonAnywhere, you should change your MySQL password.

Here are the details.

On 19 November a user notified us of a security issue. In certain specific circumstances, a paying PythonAnywhere user could get a list of running processes on one of our console servers. We identified the problem and pushed a fix live 90 minutes later. We have analysed our logs, and cannot see any evidence of anyone having exploited this vulnerability, but clearly we cannot rule out the possibility that someone did exploit it in the past, or did so in a way we can't detect.

If someone did exploit it, they would have been able to see the usernames of all people logged in to that console server, and the full command lines of any processes they were running. They would not have had access to any user file storage, or to any of the databases where we store any personally identifiable information (for example, names and addresses). We do not store credit card numbers on our servers.

However, because full command lines for running processes were visible, any private information that you had on command lines could have been seen by such an attacker. This includes any MySQL passwords, as these are visible in the command line if you happen to have a MySQL console (started from the "Databases" tab) running on the server. Postgres passwords are not at risk, as these are never specified on a command line (unless you explicitly put them on a command line yourself).

As an example of a non-MySQL credential that might have been potentially exposed, imagine you're using a third-party service that sends text messages. Normally you would interact with this using Python, but if you're just playing around, you might use curl from a bash console like this:

curl https://api.provider.com/send-message -u '[YOUR ACCOUNT CREDENTIALS]' -d "message=Hello" -d "number=+15551234567"

You can see that if an attacker had used the vulnerability at exactly the right time, they might have seen those credentials.

Once again, we have no evidence to suggest that anyone has exploited this security hole, and it is now fixed. However, we strongly advise that as a precautionary security measure, you change any MySQL password you have set on the "Databases" tab within PythonAnywhere, and that you also change any other login credentials that might have been exposed on a command line.

If you have any questions, please email us at support@pythonanywhere.com.

Categories: FLOSS Project Planets

C.J. Adams-Collier: Regarding fdupes

Planet Debian - Mon, 2015-11-23 13:04

Dear readers,

There is a very useful tool for finding and merging shared permanent storage, and its name is fdupes. There was a terrible occurrence in the software after version 1.51, however. They removed the -L argument because too many people were complaining about lost data. It sounds like user error to me, and so I continue to use this one. I have to build from source, since the newer versions do not have the -L option.


And so there you are. I recommend using it, even though this most useful feature has been deprecated and removed from the software. Perhaps there should be a fdupes-danger package in Debian?

Categories: FLOSS Project Planets

Acquia Developer Center Blog: Integrating Drupal with a Proprietary Analytics Platform: How Parse.ly Did it.

Planet Drupal - Mon, 2015-11-23 12:07
Stefan Deeran

One of the great things about Drupal is its flexible system of nodes and taxonomies. This allows for bespoke categorization of many types of content.

At Parse.ly, we wanted to take advantage of that. Parse.ly, which has an alliance with Acquia to bring joint tech solutions to the worlds biggest media companies, works with hundreds of digital publishers to provide audience insights through an intuitive analytics platform.

Tags: acquia drupal planet
Categories: FLOSS Project Planets

Kushal Das: Life of Tunir

Planet Python - Mon, 2015-11-23 12:03

This comics explains the birth of the project Tunir. When I started working in the Fedora Cloud SIG, I volunteered myself to help with the testing of the Cloud images. We have very clear guidelines about what to test, and how to test.

Basically, you have to boot up a cloud image (or the atomic image) in a Cloud or on your local computer, run a few commands in sequence, and check the output. For the first few times it was fun to do, but slowly I found it is difficult for me. Being a super lazy programmer, I thought why not use the computer to do this job, it is not music theory :) The birth of Tunir was the result of the conversation between me and even lazier me. I just had to convert the shell commands into some Python3 based unittest cases.

At beginning it could only handle the qcow2 images of cloud base and atomic image. But while working with two week atomic change, I found out that we need do the same for Vagrant based images. It is important to remember that Fedora project generates two different kind of Vagrant boxes, one for libvirt, another one for standard Virtualbox based .box file. So Tunir got the power to execute tests on any given Vagrant image. Using these features Tunir is being consumed by the Autocloud project, where we automatically test Fedora cloud and Atomic image builds. I should not forget to mention that Tunir can also connect to a remote system, and execute the tests there. Did I mention that Tunir is doing all of these with only one JSON file containing the job description, and one text file containing the commands used for the actual tests? Tunir started as a tool for a developer, who does not want to spend time in configuration, it remains in the same way.

Until a couple of releases back, Tunir actually had two types of tests in it, one type of commands which will return zero as a success value, we could also mark a set of commands as the ones which will return non-zero exit code. Right now Tunir can have a third set of commands, the non-gating tests, these commands may pass, or they may fail. But Tunir will continue executing the tests accordingly.

I wrote Tunir to test the actual OS images, but it is generic enough that it can be used to test any application. You can easily configure it to download all the dependencies of your project every time on a clean cloud/Vagrant image, and then it will build and test your application (or the full application stack along with configuration files).

Last week I have added a new weapon in Tunir’s arsenal. It can now test using a given AWS AMI ID. If you run your application on AWS cloud platform, you now can use Tunir to test it there. This code is in a separate branch, but will be merged in the master this week. Following the similar style Praveen Kumar submitted a patch using which Tunir can run tests on an Openstack Cloud. We will work on it a little bit more before merging it to master branch.

You can view the tests already written for Fedora in this repository. Thanks to Trishna Guha, and Farhaan Bukhsh we now have many more test cases. I have written a document explaining how to write more tests, I have another document which explains how to debug failed tests.

What is in the future? The best way to predict your future is to create it. We have the features which we, and our users use regularly. Tunir is still simple enough for anyone to understand in less than 10 minutes. If you just want to say hi, or you are looking forward for any new feature, come to #fedora-cloud on freenode.

Categories: FLOSS Project Planets
Syndicate content