FLOSS Project Planets
1) Understand your design and decide on the breakpoints.
2) Start with your theme info file
Exaltation of Larks will be at DrupalCon Portland next week and we’d like to share some of our DrupalCon plans.
To summarize, we’re excited to announce that we’re co-training on Drupal Commerce with Commerce Guys; we’re continuing the conversation we started last month about Long Term Support for Drupal 6; and we have a quick list of Drupal Fit activities that are happening before and during the conference.
Interested? Read on.Drupal Commerce Training
One of our core philosophies is that high-quality trainings are one of the very best ways to help Drupal and the Drupal developer community grow, and we’ve been working closely with Commerce Guys for the DrupalCon training, Launching an Online Store with Commerce Kickstart, on Monday, May 20th.
Our joint curriculum is based on the 7.x-2.7 version of Commerce Kickstart, which was just released yesterday. The attendees of this training are really in for a treat and this is a Commerce training that’s not to be missed.Drupal Commerce Meetups Every Month
This is a good time as any to let everyone know that we’re proud sponsors of the Drupal Commerce Meetup, which meets in Los Angeles on the 4th Tuesday of each month.
Not in Los Angeles? Not to worry, these meetups are also being broadcast online for everyone to tune in for and enjoy. The next meetup is after DrupalCon on Tuesday, May 28th, so be sure to sign up over at Drupal Groups to hear what the next meetup is about.
These meetups are recorded and the video from last month’s meetup is available online. The video features a presentation by Ryan Szrama on Relify and personalized product recommendations. Relify neatly narrows the gap between Drupal Commerce and recommendation systems, like Amazon’s “you may also like” suggestions.Long Term Support (LTS) for Drupal
We’re hosting a BoF (birds of a feather) discussion on long-term Drupal support (particularly for Drupal 6 sites when Drupal 8 comes out and bug fixes and security releases for Drupal 6 are discontinued).
Long Term Support is a topic that is near and dear to us and a number of our clients and this BoF is a followup to our earlier post, Drupal 6 End of Life When Drupal 8 is Released… Or Not.
Finally, if you haven’t heard of Drupal Fit, it’s a group of nearly 200 Drupaleros who are dedicated to fitness is one form or another (mental, physical, etc.) and to sharing their experiences with other Drupal community members.
Here’s a summary of some of the Drupal Fit activities at DrupalCon Portland.
- Other than the Drupal Fit group itself, the authoritative place for fitness activities at DrupalCon Portland appears to be the Drupal Fit plans for DrupalCon Portland 2013 discussion started by Jeff Linwood;
- Steve Parks has some great words of advice on avoiding the Drupal Flu™ at DrupalCon this time around;
- Two groups are assembling at Mt. Hood — one group is hiking Oregon’s highest summit; the other group, led by Denis Voitenko (the focus of Drupal Fit’s first community spotlight) is biking down it!
- A few months ago, Portland native Dan Lin posted his suggestions for how to lose 10 pounds at DrupalCon.
Are there any other Drupal Fit activities not mentioned here? Send @DrupalFit a shout out on Twitter.
My “speed up pypi installs” PEP438 has been accepted and transition phase 1 is live: as a package maintainer you can speed up the installation for your packages for all your users now, with the click of a button: Login to https://pypi.python.org and then go to urls for each of your packages, and specify that all release files are hosted from pypi.python.org. Or add explicit download urls with an MD5. Tools such as pip or easy_install will thus avoid any slow crawling of third party sites.
Many thanks to Carl Meyer who helped me write the PEP, and Donald Stufft for implementing most of it, and Richard Jones who accepted it today! And thanks also to the distutils-sig discussion participants, in particular Phillip Eby and Marc-Andre Lemburg.
If you missed it, Kivy 1.7.0 is out last Monday. It’s quite a big release that include some big fixes we did during the :
- Android Emulator is now supported
- ScrollView has been re-factored with new physics calculations. To be exact, the scrollview doesn’t calculate anything now, it just pass the touch position to an Scroll effect. This class calculate the movement’s velocity, and the over-scroll’s distance (means how far you scrolled out of the bounds). Then, we implemented 2 visual effects that use the over-scroll to make the scrollview act as a Damped spring, and/or to fade out the scrollview if you over-scroll too much.
- Garden: a separated organization for centralize user’s widgets and addons. You can create garden packages very easily, and import it in the source code with just “kivy.garden.packagename“. Few garden packages are already available!
- And more, Check the announcement
If you like my work, tip me!
Here's the list of issues reported by Oxygen folks during the past 1-2 years I guess, which are either resolved or closed:
In the above report, you might ignore bugs dated as old as 2006, which must have been resolved within an existing or an earlier Xerces-J version.
Other than the bugs reported by Oxygen XML folks, we also received bug reports from other members of XML community. Thanks to those persons also.
I'm not sure when we're going to release next version of Xerces-J which should have many implementation improvements. Taking a very pessimistic view wrt this, I expect a new version of Xerces-J sometime later this year or might slip to next year.
Drupal Commerce 1.x has had a full release for a year and a half. We rolled the initial full release at DrupalCon London, and since then we've put out a few of minor releases to fix bugs, add minor features, and touch up its APIs.
Since that time we've also fielded requests for a 2.x branch with increasing regularity but have postponed the matter until Drupal 8 itself settled down some. Drupal Commerce 1.x was developed when Drupal 7 was still in its unstable release phase on top of incomplete Views, Entity API, and Rules modules. While some contributors were eager to dive into a fresh branch of Drupal Commerce that allowed major API changes and rewrites, we weren't exactly eager to reproduce the effort of developing a major contributed Drupal module on such an unstable foundation.
However, in order to be ready to take full advantage of the new features and modules in Drupal 8, we met last year to draw up a roadmap for Drupal Commerce 2.x. The roadmap provides:
- An overview of our primary goals - re-architect around the new Drupal 8 systems where appropriate and mitigate the challenges users and developers have faced with Drupal Commerce 1.x,
- A list and description of our major development emphases and how they will affect various systems in core Drupal Commerce,
- And a task list of specific changes we're either contributing to in Drupal 8 or expecting to make to Drupal Commerce itself.
I'll be presenting the roadmap at DrupalCon Portland and am looking forward to getting busy with the code. As development progresses, we'll keep the roadmap up to date.
Check out the roadmap to see where you can get involved today.
People that use Linux on a daily basis probably are completely oblivious to the actual mechanisms being used to store their passwords safely and securely on a given Linux system. Oh they might guess that their password is stored in the /etc/passwd file (they’d be wrong by the way) but most probably never even gave it a passing thought. So I thought I’d take the opportunity to shed some light on how Linux systems “stash” your precious password away.Solution
So if your password isn’t actually stored in the /etc/passwd file then where does it get stored?
Answer: the /etc/shadow file.
This file is where all the keys to each user’s account are kept for safe keeping. Obviously only the root user can peer inside this file so all the commands we’ll be dealing with in this post, it should be assumed that you’ll need to either be root, or use sudo to run./etc/shadow
A typical /etc/shadow entry:1 root:$6$bbmDJwcZHy5bgEDz$kFO.W/T7nUqcszZWl5RglxoDDAcDxevWpHVfN3v3f.Cx2ZeMcn5PX23VvnnkgtNWZf8hYtqsL0pPkZqyj50NY/:14362:0:33333:7:::
NOTE1: Don’t get too excited, the above isn’t really my entry, I made this one up.
NOTE2: Each field is separated by a colon (:) & we’re only concerned with the first two columns!
The key pieces to notice in that line of what looks like gibberish is the following:
- The first column, root is the user whom this entry belongs to from the /etc/passwd file.
- The second column, $6$..... is essentially the user’s hashed password.
Taking the second column apart further you should start to notice that’s it’s not complete gibberish after all.
- the first couple of characters, $6$, is a mark that tells the system what type of hashing was used to hash the password.
- The text between the next set of dollar signs, $bbmDJwcZHy5bgEDz$, is the actual salt that was used to hash your password.
- Everything else after, is your password + salt hashed using whatever hash function was specified at the beginning, $6$, in our example here.
Specifically if you look at the man page for the crypt command, man 3 crypt there is a section that discusses what the $6$ notation means:
So $5$salt$encrypted is an SHA-256 encoded password and $6$salt$encrypted is an SHA-512 encoded one.
NOTE: So in our case the password + salt is being hashed using the SHA-512 scheme.design details
For reference purposes here’s the rest of that excerpt from the crypt man page:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 If salt is a character string starting with the characters "$id$" followed by a string terminated by "$": $id$salt$encrypted then instead of using the DES machine, id identifies the encryption method used and this then determines how the rest of the password string is interpreted. The following values of id are supported: ID | Method ───────────────────────────────────────────────────────── 1 | MD5 2a | Blowfish (not in mainline glibc; added in some | Linux distributions) 5 | SHA-256 (since glibc 2.7) 6 | SHA-512 (since glibc 2.7) So $5$salt$encrypted is an SHA-256 encoded password and $6$salt$encrypted is an SHA-512 encoded one. "salt" stands for the up to 16 characters following "$id$" in the salt. The encrypted part of the password string is the actual computed password. The size of this string is fixed: MD5 | 22 characters SHA-256 | 43 characters SHA-512 | 86 characters The characters in "salt" and "encrypted" are drawn from the set [a–zA–Z0–9./]. In the MD5 and SHA implementations the entire key is significant (instead of only the first 8 bytes in DES). Now what?
So by now you’re probably saying to yourself. OK, big deal, my password is hashed with some salt and stored in /etc/shadow. What else?generating the hash manually using mkpasswd
For starters you can generate the $6$... string yourself manually using the mkpasswd command:1 2 $ mkpasswd -m sha-512 password saltsalt $6$saltsalt$qFmFH.bQmmtXzyBY0s9v7Oicd2z4XSIecDzlB5KiA2/jctKu9YterLp8wwnSq.qc.eoxqOmSuNp2xS0ktL3nh/
In the above command we’re specifying that we want to use the SHA-512 hash, our password is the string password and our salt string is saltsalt. As before we can see in our resulting string the following components:
- $6$ – which hash function was used
- saltsalt – the string “saltsalt” was used
- qFmFH.bQmmtXzyBY0s9v7Oicd2z4XSIecDzlB5KiA2/jctKu9YterLp8wwnSq.qc.eoxqOmSuNp2xS0ktL3nh/ – password + salt hashed using SHA-512
I came across the following nice Python one-liner that effectively does the same thing as the mkpasswd command discussed above.1 2 3 $ python -c "import crypt, getpass, pwd; \ print crypt.crypt('password', '\$6\$saltsalt\$')" $6$saltsalt$qFmFH.bQmmtXzyBY0s9v7Oicd2z4XSIecDzlB5KiA2/jctKu9YterLp8wwnSq.qc.eoxqOmSuNp2xS0ktL3nh/ generating the hash manually using Perl 1 2 $ perl -e 'print crypt("password","\$6\$saltsalt\$") . "\n"' $6$saltsalt$qFmFH.bQmmtXzyBY0s9v7Oicd2z4XSIecDzlB5KiA2/jctKu9YterLp8wwnSq.qc.eoxqOmSuNp2xS0ktL3nh/ authconfig
Before I wrap up I thought I’d mention one final tool authconfig that’s included on Red Hat distros such as Fedora, CentOS, and RHEL. This tool allows you to change what hash algorithm is being used on a particular system. The command to change a system to use SHA-512 would be as follows:1 authconfig –passalgo sha512 –update
See the man page for authconfig for more details.conclusions
And with that you are now a little more in the know as to how Linux systems take your password and store them in the /etc/shadow file.References links
It can currently be accessed by putting184.108.40.206 twistedmatrix.com speed.twistedmatrix.com
in /etc/hosts. Please tests it, and verify that things appear to be working, but be aware that any changes will be lost, when the transition occurs.
At some point Monday or Tuesday, there will be some downtime for mail and the mailing lists, as mail-service is migrated to the new machine. For those that have accounts on cube, your data will be copied to the new machine at this point.
On Wednesday, at about 10 MDT (16 UTC), there will be downtime of all twisted services, as live data is transfered over. This may last up-to a couple of hours.
This work is made possible by the sponsorship of individuals and organizations which have donated to the Twisted project, part of the Software Freedom Conservancy, a not-for-profit organization that helps promote, improve, and develop open source software. Thanks!
Support is included in 1.0.0 for building Debian packages using sbuild in response to subversion commits or changes in email@example.com (by using apt as a version control handler) for any architecture and build environment which sbuild can support. There is also an example git commit template. Pybit has been designed to be fully extensible, so support for RPM or other package formats can be added as well as other version control handlers, other build environments and other architectures. Pybit is also scalable, when one type of client is struggling with the workload, another machine of the same architecture can be added to the pool to share the load. Pybit can also build a package for any number of architectures and build environments at the same time. The Pybit web interface provides an at-a-glance summary of all current builds as well as options to blacklist certain combinations, cancel and retry specific jobs and add monitor each pybit client. Current use cases include:
- Rapidly changing VCS - one or more subversion repositories with lots of Debian packages, built automatically for any number of build environments and architectures every time the debian/changelog is modified. Clean chroot builds provide continuous integration testing of the every package.
- Rebuilding the archive with different compilers or flags - a dedicated email account subscribed to firstname.lastname@example.org feeding messages through procmail to the changes-debian hook, passing build requests to the apt handler to rebuild each package in your own sbuild chroots, using whatever environments, suites and build options can be configured within those chroots.
- something else we haven't thought of yet ... there is scope for a lot more hooks, package formats, chroot tools and handler plugins.
Healthy relationships. I've been thinking about them not in my personal life, but in terms of teams in free software. When I first began contributing, it was within a team creating an application (Amarok), so rather small. Then I became active in Ubuntu-Women, which is larger, but still not huge. Then Kubuntu, then the larger Ubuntu community, and now KDE, which is truly enormous.
In all of these projects, communication and trust are paramount. Dialog which fosters creativity and progress is only possible when people enlarge their trust in one another. Along the way to the highest trust levels, many barriers will come down, as people allow them. Sometimes these barriers are invisible, until someone points them out.
I thought I'd seen a cartoon illustrating this story, but a web search tells me it's a story by David Foster Wallace:
Two young fish meet an older fish, who asks them “How’s the water?” The younger fish look at each other and say, “What the hell is water?”I was reminded of this story recently while observing the various reactions to the removal of the Community link on Ubuntu.com, the portal to the Ubuntu project. The link is coming back, so I'm not complaining. However, what I've noticed is that most of the people discussing the issue seem to be talking past the folks they are hoping to connect with. The emotions expressed range from puzzlement, to shock and outrage, with little understanding on the other "side" on the perceptions causing these reactions.
So how is the water? To me, the drama played out completely predictably, because any time you have one company selling a product, and volunteers working in that same project, you will have class issues, and class is like the water fish swim in. People are often not aware of it, and thus have difficulty dealing with their emotions around it, because they have been taught to ignore it, or even that it doesn't exist. So when the designers removed the link, it was felt as a slap to the face of community members, while the designers see it as just a step to a clean, functional design. The conversation about this change at the recent vUDS clearly betrays this lack of understanding of the other on all sides. http://summit.ubuntu.com/uds-1305/meeting/21740/community-1305-ubuntu-website-planning/
There is no such thing as a culture without class. There are always power imbalances, and privileges. However, that doesn't mean that class is the death of the Ubuntu project, or that volunteers and companies can't happily co-exist. They can, but the fact of class must be acknowledged, and those with privilege and power must realize what they have, and use them on behalf of the project.
A healthy culture has hierarchy, but not one based on domination. In fact, in FOSS that is part of what we are attempting to dislodge, right? We want our hierarchies to be constructed for function, not to rule over us. For instance, those who demonstrate their skill in packaging or coding are given the right to upload to the repositories. And those who grant them that right are those who already have built their reputations by using their skill and trustworthiness in that domain.
Recently there has been a breakdown -- or an apparent breakdown -- in that hierarchy of function in Ubuntu. And I think that both those inside Canonical and those outside, perceive that the other is the one causing that break. So, some repair is needed.
All of our differences can be overcome as we build (or re-build) trust. However, all sides of the issue will need to think about, process emotion about, and finally discuss openly what has gone on. The replacement of the Community link alone will not mend this breach, nor will brief virtual UDS sessions. In fact, I think the lack of in-person face-to-face interaction is allowing this divide to grow.
Folks, we don't want resentment and suspicion to grow, so we are all going to need to work on this if the Ubuntu project is going to continue to thrive as a free software enterprise. In my opinion, thinking about and discussing class issues are fundamental to that effort.
This blog appears on the Linuxchix, KDE and Ubuntu planets, and these issues of class appear in all teams. Health and progress are the goal, and honest dialog is the means. I propose we look one another in the eye and start a conversation. These are difficult dialogs, but our health is at stake.
(This is a re-post of what I sent to python-announce@ but with several screenshots attached)
I’m very happy to announce the first release of Zato, the next generation ESB and application server, available under a commercial-friendly open-source LGPL license.
What can you expect out of the box?
- HTTP, JSON, SOAP, Redis, AMQP, JMS WebSphere MQ, ZeroMQ, FTP, SQL, hot-deployment, job scheduling, statistics, high-availability load balancing and more
- Incredible productivity with Python
- Painless rollouts with less downtime
- Slick web admin GUI, CLI and API
- Awesome documentation (several hundred A4 pages)
- 24×7 commercial support and training
Project’s site: https://zato.io
Mailing list: https://mailman-mail5.webfaction.com/listinfo/zato-discuss
Diversity statement: https://zato.io/docs/project/diversity.html
Spread the news and enjoy
Globaleaks 0.2 Alpha is out.
Globaleaks is an open source project aimed at creating a worldwide, anonymous, censorship-resistant, distributed whistle-blowing platform. It enables organizations interested in running whistle-blowing initiatives to setup their own safe zone, where whistle-blowers and recipients can exchange data.
2 Years ago I helped out with the development of Globaleaks 0.1. And although I am not active anymore, I really support the initiative behind it. Now with the HERMES Center for Transparency and Digital Human Rights backing it up, it has grown a lot and shaped up to be a very organized and thought through project.
- Full rewrite
- More flexible and extensible
- Linux ready-made system and network hardened installation
- Written in python using twisted
- New Frontend
Try it out:
Try out the demo. It is pretty straight forward.
As young project, Globaleaks can use some help fixing bugs. Just head to the wiki and read through it. It is pretty straight forward, and explains the modules, security concepts and set up instructions.
Globaleaks already has Debian and Ubuntu ready packages. An easy way to help out is to set up a PPA for us on Launchpad.
Get in touch:
You can contact the Globaleaks team at info () globaleaks org or on IRC on #globaleaks at irc.oftc.net
Here are some screenshots of the new frontend
After breakfast was over the first day started with a talk by Bernd on the
Hadoop ecosystem. He did a good job selecting the most important and
interesting projects related to storing data in HDFS and processing it with Map
Reduce. After the usual “what is Hadoop”, “what does the general architecture
look like”, “what will change with YARN” Bernd gave a nice overview of which
publications each of the relevant projects rely on:
- HDFS is mainly based on the paper on GFS.
- Map Reduce comes with it’s own publication.
- The big table paper mainly inspired Cassandra (to some extend), HBase,
Accumulo and Hypertable.
- Protocol Buffers inspired Avro and Thrift, and is available as free
- Dremel (the storage side of things) inspired Parquet.
- The query language side of Dremel inspired Drill and Impala.
- Power Drill might inspire Drill.
- Pregel (a graph database) inspired Giraph.
- Percolator provided some inspiration to HBase.
- Dynamo by Amazon kicked of Cassandra and others.
- Chubby inspired Zookeeper, both are based on Paxos.
- On top of Map Reduce today there are tons of higher level languages,
starting with Sawzall inside of Google, continuing with Pig and Hive at Apache
we are now left with added languages like Cascading, Cascalog, Scalding and
- There are many other interesting publications (Megastore, Spanner, F1 to
name just a few) for which there is no free implementation yet. In addition
with Storm, Hana and Haystack there are implementations lacking canonical
After this really broad clarification of names and terms used, Bernd went into
some more detail on how Zookeeper is being used for defining the namenode in
Hadoop 2, how high availablility and federation works for namenodes. In
addition he gave a clear explanation of how block reports work on cluster
bootup. The remainder of the talk was reserved for giving an intro to HBase,
Giraph and Drill.
We're super-excited to announce that we've been invited to present a half-day workshop during DrupalCamp Austin. The Camp takes place the weekend of June 21-23, 2013 and we'll be presenting "Getting Stuff into Drupal - Basics of Content Migration" from 1:30pm until 5:30pm on Saturday the 22nd. The workshop will cost $75 and we'll be covering the basics of three of the most common ways of importing content into Drupal: the Feeds, Migrate, and the Drupal-to-Drupal data migration (based on Migrate) modules. Interested? Check out all the details and then register today.-->
When a variety of ISPs and services filter out most of it, you only get what slips through the net. I've noticed something that made me appreciate the scale of spam. My blog is tiny. I get perhaps an average of 100 views to any post that I make. I rarely get comments, although I think that's normal for most blogs now, even those much more established and more popular than mine.
I use Drupal for my blog, with the Mollom module to deal with attempted spam in an intelligent way. Every time I check for comments held in moderation, it's often at 0, or the odd genuine comment. Every so often a spam comment gets through to there, but it's mostly empty.
I took a look at the events logs, in particular the Mollom logs for the last 3 days. I think each page shows about 50 entries, I've not counted them. Over the last week or so I've been experimenting with clearing the logs, and checking later to see how much it filled up and how fast. I was stunned.
In one 24hr period, it can often fill up 4 pages of log entries. That's 200 failed spam attempts in one single 24hr period. In many of these cases it's a Gmail account blasting through a batch of maybe 10 attempts in a minute, then again an hour later.
Apart from the odd comment, none of this is getting through. My real amazement was in just how much of this I was getting, and mainly from the angle of "this blog is a nothing blog, from a random Joe on the internet". I can't imagine the amount a household name site would get. It also gave me a new appreciation of just how much spam is filtered out before we even see it.
To all the organisations around the world who help keep our spam to a minimum, I humbly thank you.Tags: Spam
The 1.5.1 release fixes a few issues with 1.5.0. Especially, it
- fixes a crash bug which could happen when PEP8 checking was enabled
- fixes capitalization in the coding line completion
- displays the correct plugin version in the About dialog
There's one thing I forgot to announce in the 1.5 release: PEP8 checking support (which was actually a good thing, since it was rather crashy until now ;)).
PEP8 checking suppot in kdev-python 1.5.1It will run the PEP8 style checker whenever an open file is modified and display all errors inline (if you have inline error display enabled) and in the Problems toolview.
By default it is disabled though, since it displays a lot of errors for people who don't follow PEP8, so if you want to use it, go to Settings -- Configure KDevelop -- PEP8 style checking (the change will only apply to newly opened or modified files).
If there's any issues, please make sure to let me know on the bug tracker.
The tarball can be found here, sha256 checksum is d9b68bd2dd9361961e264254d2acfebc9ce0ea4b47ea2689d2f01a3ed81f7c47
It’s one of those yearly things, scheduled for less than two months from now. Frankly, I’m a little surprised that no one else — Paul Adams is a usual suspect — has bunged up some badges for this year yet. So here’s my entry for Akademy 2013 in Bilbao, showcasing, as always, my most excellent kolourpaint skills. And, like it says on the tin (brass? what material are badges made of anyway), Akademy doesn’t fit my schedule this year either. My only remaining hope is to integrate the conference with a three week train-and-bicycle vacation for two adults and two kids.
Just a quick note that the Quick Python Book, 2nd edition will be Manning Publications deal of the day Saturday, May 18.
Here’s the official scoop:
Deal of the Day : Half off my book The Quick Python Book, Second Edition. Use code dotd0518au at http://www.manning.com/ceder/.
And for anyone in Europe and the Americas, you should know that the deals usually run until past the end of day everywhere in the world. So if you don’t get it done on Saturday, the code might still work on Sunday morning. Just sayin’…
Filed under: Python