Kubuntu 17.04 Beta 2 released for testers

Planet KDE - Thu, 2017-03-23 19:46

Today the Kubuntu team is happy to announce that Kubuntu Zesty Zapus (17.04) Beta 2 is released . With this Beta 2 pre-release, you can see and test what we are preparing for 17.04, which we will be releasing April 13, 2017.

Kubuntu 17.04 Beta 2


NOTE: This is Beta 2 Release. Kubuntu Beta Releases are NOT recommended for:

* Regular users who are not aware of pre-release issues
* Anyone who needs a stable system
* Anyone uncomfortable running a possibly frequently broken system
* Anyone in a production environment with data or work-flows that need to be reliable

Getting Kubuntu 17.04 Beta 2:
* Upgrade from 16.10: run `do-release-upgrade -d` from a command line.
* Download a bootable image (ISO) and put it onto a DVD or USB Drive : http://cdimage.ubuntu.com/kubuntu/releases/zesty/beta-2/

Release notes: https://wiki.ubuntu.com/ZestyZapus/Beta2/Kubuntu

Categories: FLOSS Project Planets

Carl Chenet: Feed2tweet 1.0, tool to post RSS feeds to Twitter, released

Planet Python - Thu, 2017-03-23 19:00

Feed2tweet 1.0, a self-hosted Python app to automatically post RSS feeds to the Twitter social network, was released March 2017, 23th.

The main new feature of this release allows to create filters for each RSS feed, because before you could only define global filters. Contributed by Antoine Beaupré, Feed2tweet is also able to use syslog, starting from this release.

What’s the purpose of Feed2tweet?

Some online services offer to convert your RSS entries into Twitter posts. Theses services are usually not reliable, slow and don’t respect your privacy. Feed2tweet is Python self-hosted app, the source code is easy to read and you can enjoy the official documentation online with lots of examples.

Twitter Out Of The Browser

Have a look at my Github account for my other Twitter automation tools:

  • Retweet , retweet all (or using some filters) tweets from a Twitter account to another one to spread content.
  • db2twitter, get data from SQL database (several supported), build tweets and send them to Twitter
  • Twitterwatch, monitor the activity of your Twitter timeline and warn you if no new tweet appears

What about you? Do you use tools to automate the management of your Twitter account? Feel free to give me feedback in the comments below.

… and finally

You can help Feed2tweet by donating anything through Liberaypay (also possible with cryptocurrencies). That’s a big factor motivation

Categories: FLOSS Project Planets

Drupal Association blog: A Statement from the Executive Director

Planet Drupal - Thu, 2017-03-23 18:49

We understand that there is uncertainty and concern in the Drupal community about project founder, Dries Buytaert, asking Larry Garfield to leave the Drupal community, and about the Drupal Association removing Larry's DrupalCon sessions and ending his term as track chair.

We want to be clear that the decision to remove Larry's DrupalCon session and track chair role was not because of his private life or personal beliefs. The Drupal Association stands by our values of inclusivity. Our decision was based on confidential information conveyed in private by many sources. Due to the confidential nature of the situation we cannot and will not disclose any information that may harm any members of our community, including Larry.

This decision followed our established process. As the Executive Director, charged with safekeeping the goodwill of the organization, I made this decision after considering input from various sources including the Community Working Group (CWG) and Drupal Project Lead, Dries Buytaert. Upon Larry’s request for an appeal, the full board reviewed the situation, all the evidence, and statements provided by Larry. After reviewing the entirety of the information available (including information not in the public view) the decision was upheld.

In order to protect everyone involved we cannot comment more, and trust that the community will be understanding.  

We do see that there are many feelings and questions around this DrupalCon decision and we empathize with those community members. We will continue to monitor comments. We are listening.

Categories: FLOSS Project Planets

NumFOCUS: PyData Atlanta Meetup Celebrates 1 Year and over 1,000 members

Planet Python - Thu, 2017-03-23 17:23
PyData Atlanta holds a meetup at MailChimp, where Jim Crozier spoke about analyzing NFL data with PySpark. Atlanta tells a new story about data by Rob Clewley

In late 2015, the three of us (Tony Fast, Neel Shivdasani, and myself) had been regularly  nerding out about data over beers and becoming fast friends. We were eager to see a shift from Atlanta's data community to be more welcoming and encouraging towards beginners, self-starters, and generalists. We were about to find out that we were not alone.

We had met at local data science-related events earlier in the year and had discovered that we had lots of opinions—and weren’t afraid to advocate for them. But we also found that we listened to reason (data-driven learning!), appreciated the art in doing good science, and cared about people and the community. Open science, open data, free-and-open-source software, and creative forms of technical communication and learning were all recurring themes in our conversations. We also all agreed that Python is a great language for working with data.

Invitations were extended to like-minded friends, and the informal hangout was soon known as “Data Beers”. The consistent good buzz that Data Beers generated helped us realize an opportunity to contribute more widely to the Atlanta community. At the time, Atlanta was beginning its emergence as a new hub in the tech world and startup culture.

Some of the existing data-oriented meetups around Atlanta have a more formal business atmosphere, or are highly focused on specific tools or tech opinions. Such environments seem to intimidate newcomers and those less formally educated in math or computer science. This inspired us to take a new perspective through an informal and eclectic approach. So, in January 2016, with the support of not-for-profit organization NumFOCUS, we set up the Atlanta chapter of PyData.

The mission of NumFOCUS is to promote sustainable high-level programming languages, open code development, and reproducible scientific research. NumFOCUS sponsors PyData conferences and local meetups internationally. The PyData community gathers to discuss how best to apply tools using Python, R, Stan, and Julia to meet evolving challenges in data management, processing, analytics, and visualization. In all, PyData is over 28,000 members across 52 international meetups. The Python language and the data-focused ecosystem that has grown around it has been remarkably successful in attracting an inclusive mindset centered around free and open-source software and science. Our Atlanta chapter aims to be even more neutral about specific technologies so long as the underlying spirit resonates with our mission.

The three of us, with the help of friend and colleague Lizzy Rolando, began sourcing great speakers who have a distinctive approach to using data that resonated with the local tech culture. We hosted our first meetup in early April. From the beginning, we encouraged a do-it-yourself, interactive vibe to our meetings, supporting shorter-format 30 minute presentations with 20 minute question and answer sessions.

Regardless of the technical focus, we try to bring in speakers who are applying their data-driven work to something of general interest. Our programming balances technical and more qualitative talks. Our meetings have covered a diverse range of applications, addressing computer literacy and education, human rights, neuroscience, journalism, and civics.

A crowd favorite is the inclusion of 3-4 audience-submitted lightning talks at the end of the main Q&A. The strictly five-minute talks add more energy to the mix and give a wider platform to the local community. They’re an opportunity to practice presentation skills for students, generate conversations around projects needing collaborators, discussions about new tools, or just have fun looking at interesting data sets.

Students, career changers, and professionals have come together as members of PyData to learn and share. Our network has generated new friends, collaborators, and even new jobs. Local organizations that share our community spirit provide generous sponsorship and refreshments for our meetings.

We believe we were in the right place at the right time to meet a need. It’s evident in the positive response and rapid growth we’ve seen, having acquired over 1,000 members in one year and hosted over 120 attendees at our last event. It has been a whirlwind experience, and we are delighted that our community has shared our spirit and become involved with us so strongly. Here’s to healthy, productive, data-driven outcomes for all of us in 2017!
Categories: FLOSS Project Planets

Stefan Bodewig: XMLUnit.NET 2.3.1 Released

Planet Apache - Thu, 2017-03-23 16:05
This release adds xml docs to the binary distribution and the nuget package, it doesn't contain any functional changes.
Categories: FLOSS Project Planets

San Francisco Open Source Voting System Project Continues On

Open Source Initiative - Thu, 2017-03-23 15:13

This update on San Francisco's project to develop and certify the country's first open source voting system was submitted by OSI Individual Member Chris Jerdonek. While Chris is a member (and President) of the San Francisco Elections Commission, he is providing this update as an individual and not in his official capacity as a Commissioner. Chirs' e-mail is, chris@sfopenvoting.org and a website with that domain is expected soon.

Some "Action Items"

Below are some things you can do to help the effort:

  • Show support by following @SFOpenVoting on Twitter: https://twitter.com/SFOpenVoting
  • Retweet the following tweet about a recent front-page news story to help spread the word: https://twitter.com/SFOpenVoting/status/834136200663310336
  • Reply to Chris with the words "keep me posted" if you'd like me to notify you sooner if something interesting happens related to the project (e.g. an RFP or job posting getting posted, an important Commission meeting coming up, the publishing of a news piece about SF open source voting, etc).
  • Reply to Chris with the words "might want to help" if you might like to help organize or be part of a core group of activists to help build more support and otherwise help the project succeed. This would likely start off with a small organizing meeting.
  • Show your support and come watch the next Elections Commission meeting on Wed, April 19 at 6pm in Room 408 of San Francisco City Hall: http://sfgov.org/electionscommission/
San Francisco Examiner Article

At the February 15 Elections Commission meeting, the Elections Commission voted unanimously to ask the Mayor's Office to allocate $4 million towards initial development of the open source voting project for the 2018-19 fiscal year (from Aug. 2018 - July 2019). This would go towards initial development once the planning phase is complete.

The San Francisco Examiner wrote a good article about this development here (with the headline appearing on the front page): http://www.sfexaminer.com/sfs-elections-commission-asks-mayor-put-4m-toward-open-source-voting-system/

Latest Project Updates

The open source voting project is starting to gain some definition. For the latest, read the March 2017 Director's Report in the agenda packet of last week's March 15 Elections Commission meeting: http://sfgov.org/electionscommission/commission-agenda-packet-march-15-2017

A few highlights from the report:

  • Very soon (perhaps within the next few days), the Department will be posting a job opening for a senior staff position to assist with the project.
  • In addition, by the end of March or so, the Department will be issuing an RFP for an outside contractor to help plan and create a "business case" for the project.
  • Software for the project will be released under version 3 of the GNU General Public License where possible. (GPL-3.0 is a copyleft license, which means that future changes would also be assured open source.)
  • The software is projected to be released to the public as it is written, which would be great for increased public visibility and transparency.
Citizen's Advisory Committee

Also at last week's Elections Commission meeting, the Commission started discussing the idea of forming a Citizen's Advisory Committee to help guide the open source voting project. This is an idea that was raised at the February meeting, as well as previously.

At the meeting, it was suggested that the committee help advise primarily on technical matters -- things like agile procurement approaches, project management, open source issues, and engineering / architecture issues.

The Commission will be taking this up again at its April meeting on April 19 (and possibly voting on it).

If you might be interested in serving on the committee, you are encouraged to listen to the discussion from last week's meeting to get an idea of what it might be like (starting at 11 mins, 18 sec): https://www.youtube.com/watch?v=k2-DX8UNqY0&t=11m18s

(And if you know someone who might be good to serve on such a committee, please forward them this info!)

FairVote California house party (recap)

In early March, Chris spoke about San Francisco's open source voting project at a house party organized by FairVote California. Thank you to FairVote California for having me!

If anyone would like me to speak to a group of people about the project, just shoot me an e-mail. It would only require 5 minutes or so of a group's time.

GET Summit (upcoming: May 17-18)

On May 17-18 in San Francisco, there will be a conference on open source and election technology issues called the GET Summit: https://www.getsummit.org

The conference is being organized by Startup Policy Lab (SPL) and has an amazing line-up of many speakers, including people like California Secretary of State Alex Padilla and former Federal Elections Commissioner (FEC) Ann Ravel. In September 2016, Alex Padilla said on television that "open source [voting] is the ultimate in transparency and accountability for all." And Ann Ravel made headlines last month with her very public resignation from the FEC. See the conference website for the latest speaker list.

So that's all folks! Please follow @SFOpenVoting on Twitter if you haven't yet, and thank you for all your continued interest and support!

We thank Chris Jerdonek for his work in raising awareness of San Francisco's efforts to develop an open source voting system and sharing these updates with us here at the OSI and the larger open source software community.

Categories: FLOSS Research

d7One: 50 ways to slide your images

Planet Drupal - Thu, 2017-03-23 14:34

Recently, I had to create a slideshow for a project. Nothing unusual about that you say. Indeed, everywhere you look you see slideshows. If there's one thing that's common to 99% of all websites today it's a slideshow. Almost boring. That is until you actually start to implement one. There must be 50 ways to slide you images - and I don't mean the transition effects. Picking and choosing the right module and library is almost a burden.

There are various scenarios where you would want to display a slideshow. The most common is the home page. I've used the venerable Views Slideshow module (2007) in the past for this purpose. It's simple enough to implement and is available for D7, D8 as well as Backdrop.

Categories: FLOSS Project Planets

Simon McVittie: GTK hackfest 2017: D-Bus communication with containers

Planet Debian - Thu, 2017-03-23 14:07

At the GTK hackfest in London (which accidentally became mostly a Flatpak hackfest) I've mainly been looking into how to make D-Bus work better for app container technologies like Flatpak and Snap.

The initial motivating use cases are:

  • Portals: Portal authors need to be able to identify whether the container is being contacted by an uncontained process (running with the user's full privileges), or whether it is being contacted by a contained process (in a container created by Flatpak or Snap).

  • dconf: Currently, a contained app either has full read/write access to dconf, or no access. It should have read/write access to its own subtree of dconf configuration space, and no access to the rest.

At the moment, Flatpak runs a D-Bus proxy for each app instance that has access to D-Bus, connects to the appropriate bus on the app's behalf, and passes messages through. That proxy is in a container similar to the actual app instance, but not actually the same container; it is trusted to not pass messages through that it shouldn't pass through. The app-identification mechanism works in practice, but is Flatpak-specific, and has a known race condition due to process ID reuse and limitations in the metadata that the Linux kernel maintains for AF_UNIX sockets. In practice the use of X11 rather than Wayland in current systems is a much larger loophole in the container than this race condition, but we want to do better in future.

Meanwhile, Snap does its sandboxing with AppArmor, on kernels where it is enabled both at compile-time (Ubuntu, openSUSE, Debian, Debian derivatives like Tails) and at runtime (Ubuntu, openSUSE and Tails, but not Debian by default). Ubuntu's kernel has extra AppArmor features that haven't yet gone upstream, some of which provide reliable app identification via LSM labels, which dbus-daemon can learn by querying its AF_UNIX socket. However, other kernels like the ones in openSUSE and Debian don't have those. The access-control (AppArmor mediation) is implemented in upstream dbus-daemon, but again doesn't work portably, and is not sufficiently fine-grained or flexible to do some of the things we'll likely want to do, particularly in dconf.

After a lot of discussion with dconf maintainer Allison Lortie and Flatpak maintainer Alexander Larsson, I think I have a plan for fixing this.

This is all subject to change: see fd.o #100344 for the latest ideas.

Identity model

Each user (uid) has some uncontained processes, plus 0 or more containers.

The uncontained processes include dbus-daemon itself, desktop environment components such as gnome-session and gnome-shell, the container managers like Flatpak and Snap, and so on. They have the user's full privileges, and in particular they are allowed to do privileged things on the user's session bus (like running dbus-monitor), and act with the user's full privileges on the system bus. In generic information security jargon, they are the trusted computing base; in AppArmor jargon, they are unconfined.

The containers are Flatpak apps, or Snap apps, or other app-container technologies like Firejail and AppImage (if they adopt this mechanism, which I hope they will), or even a mixture (different app-container technologies can coexist on a single system). They are containers (or container instances) and not "apps", because in principle, you could install com.example.MyApp 1.0, run it, and while it's still running, upgrade to com.example.MyApp 2.0 and run that; you'd have two containers for the same app, perhaps with different permissions.

Each container has an container type, which is a reversed DNS name like org.flatpak or io.snapcraft representing the container technology, and an app identifier, an arbitrary non-empty string whose meaning is defined by the container technology. For Flatpak, that string would be another reversed DNS name like com.example.MyGreatApp; for Snap, as far as I can tell it would look like example-my-great-app.

The container technology can also put arbitrary metadata on the D-Bus representation of a container, again defined and namespaced by the container technology. For instance, Flatpak would use some serialization of the same fields that go in the Flatpak metadata file at the moment.

Finally, the container has an opaque container identifier identifying a particular container instance. For example, launching com.example.MyApp twice (maybe different versions or with different command-line options to flatpak run) might result in two containers with different privileges, so they need to have different container identifiers.

Contained server sockets

App-container managers like Flatpak and Snap would create an AF_UNIX socket inside the container, bind() it to an address that will be made available to the contained processes, and listen(), but not accept() any new connections. Instead, they would fd-pass the new socket to the dbus-daemon by calling a new method, and the dbus-daemon would proceed to accept() connections after the app-container manager has signalled that it has called both bind() and listen(). (See fd.o #100344 for full details.)

Processes inside the container must not be allowed to contact the AF_UNIX socket used by the wider, uncontained system - if they could, the dbus-daemon wouldn't be able to distinguish between them and uncontained processes and we'd be back where we started. Instead, they should have the new socket bind-mounted into their container's XDG_RUNTIME_DIR and connect to that, or have the new socket set as their DBUS_SESSION_BUS_ADDRESS and be prevented from connecting to the uncontained socket in some other way. Those familiar with the kdbus proposals a while ago might recognise this as being quite similar to kdbus' concept of endpoints, and I'm considering reusing that name.

Along with the socket, the container manager would pass in the container's identity and metadata, and the method would return a unique, opaque identifier for this particular container instance. The basic fields (container technology, technology-specific app ID, container ID) should probably be added to the result of GetConnectionCredentials(), and there should be a new API call to get all of those plus the arbitrary technology-specific metadata.

When a process from a container connects to the contained server socket, every message that it sends should also have the container instance ID in a new header field. This is OK even though dbus-daemon does not (in general) forbid sender-specified future header fields, because any dbus-daemon that supported this new feature would guarantee to set that header field correctly, the existing Flatpak D-Bus proxy already filters out unknown header fields, and adding this header field is only ever a reduction in privilege.

The reasoning for using the sender's container instance ID (as opposed to the sender's unique name) is for services like dconf to be able to treat multiple unique bus names as belonging to the same equivalence class of contained processes: instead of having to look up the container metadata once per unique name, dconf can look it up once per container instance the first time it sees a new identifier in a header field. For the second and subsequent unique names in the container, dconf can know that the container metadata and permissions are identical to the one it already saw.

Access control

In principle, we could have the new identification feature without adding any new access control, by keeping Flatpak's proxies. However, in the short term that would mean we'd be adding new API to set up a socket for a container without any access control, and having to keep the proxies anyway, which doesn't seem great; in the longer term, I think we'd find ourselves adding a second new API to set up a socket for a container with new access control. So we might as well bite the bullet and go for the version with access control immediately.

In principle, we could also avoid the need for new access control by ensuring that each service that will serve contained clients does its own. However, that makes it really hard to send broadcasts and not have them unintentionally leak information to contained clients - we would need to do something more like kdbus' approach to multicast, where services know who has subscribed to their multicast signals, and that is just not how dbus-daemon works at the moment. If we're going to have access control for broadcasts, it might as well also cover unicast.

The plan is that messages from containers to the outside world will be mediated by a new access control mechanism, in parallel with dbus-daemon's current support for firewall-style rules in the XML bus configuration, AppArmor mediation, and SELinux mediation. A message would only be allowed through if the XML configuration, the new container access control mechanism, and the LSM (if any) all agree it should be allowed.

By default, processes in a container can send broadcast signals, and send method calls and unicast signals to other processes in the same container. They can also receive method calls from outside the container (so that interfaces like org.freedesktop.Application can work), and send exactly one reply to each of those method calls. They cannot own bus names, communicate with other containers, or send file descriptors (which reduces the scope for denial of service).

Obviously, that's not going to be enough for a lot of contained apps, so we need a way to add more access. I'm intending this to be purely additive (start by denying everything except what is always allowed, then add new rules), not a mixture of adding and removing access like the current XML policy language.

There are two ways we've identified for rules to be added:

  • The container manager can pass a list of rules into the dbus-daemon at the time it attaches the contained server socket, and they'll be allowed. The obvious example is that an org.freedesktop.Application needs to be allowed to own its own bus name. Flatpak apps' implicit permission to talk to portals, and Flatpak metadata like org.gnome.SessionManager=talk, could also be added this way.

  • System or session services that are specifically designed to be used by untrusted clients, like the version of dconf that Allison is working on, could opt-in to having contained apps allowed to talk to them (effectively making them a generalization of Flatpak portals). The simplest such request, for something like a portal, is "allow connections from any container to contact this service"; but for dconf, we want to go a bit finer-grained, with all containers allowed to contact a single well-known rendezvous object path, and each container allowed to contact an additional object path subtree that is allocated by dconf on-demand for that app.

Initially, many contained apps would work in the first way (and in particular sockets=session-bus would add a rule that allows almost everything), while over time we'll probably want to head towards recommending more use of the second.

Related topics Access control on the system bus

We talked about the possibility of using a very similar ruleset to control access to the system bus, as an alternative to the XML rules found in /etc/dbus-1/system.d and /usr/share/dbus-1/system.d. We didn't really come to a conclusion here.

Allison had the useful insight that the XML rules are acting like a firewall: they're something that is placed in front of potentially-broken services, and not part of the services themselves (which, as with firewalls like ufw, makes it seem rather odd when the services themselves install rules). D-Bus system services already have total control over what requests they will accept from D-Bus peers, and if they rely on the XML rules to mediate that access, they're essentially rejecting that responsibility and hoping the dbus-daemon will protect them. The D-Bus maintainers would much prefer it if system services took responsibility for their own access control (with or without using polkit), because fundamentally the system service is always going to understand its domain and its intended security model better than the dbus-daemon can.

Analogously, when a network service listens on all addresses and accepts requests from elsewhere on the LAN, we sometimes work around that by protecting it with a firewall, but the optimal resolution is to get that network service fixed to do proper authentication and access control instead.

For system services, we continue to recommend essentially this "firewall" configuration, filling in the ${} variables as appropriate:

<busconfig> <policy user="${the daemon uid under which the service runs}"> <allow own="${the service's bus name}"/> </policy> <policy context="default"> <allow send_destination="${the service's bus name}"/> </policy> </busconfig>

We discussed the possibility of moving towards a model where the daemon uid to be allowed is written in the .service file, together with an opt-in to "modern D-Bus access control" that makes the "firewall" unnecessary; after some flag day when all significant system services follow that pattern, dbus-daemon would even have the option of no longer applying the "firewall" (moving to an allow-by-default model) and just refusing to activate system services that have not opted in to being safe to use without it. However, the "firewall" also protects system bus clients, and services like Avahi that are not bus-activatable, against unintended access, which is harder to solve via that approach; so this is going to take more thought.

For system services' clients that follow the "agent" pattern (BlueZ, polkit, NetworkManager, Geoclue), the correct "firewall" configuration is more complicated. At some point I'll try to write up a best-practice for these.

New header fields for the system bus

At the moment, it's harder than it needs to be to provide non-trivial access control on the system bus, because on receiving a method call, a service has to remember what was in the method call, then call GetConnectionCredentials() to find out who sent it, then only process the actual request when it has the information necessary to do access control.

Allison and I had hoped to resolve this by adding new D-Bus message header fields with the user ID, the LSM label, and other interesting facts for access control. These could be "opt-in" to avoid increasing message sizes for no reason: in particular, it is not typically useful for session services to receive the user ID, because only one user ID is allowed to connect to the session bus anyway.

Unfortunately, the dbus-daemon currently lets unknown fields through without modification. With hindsight this seems an unwise design choice, because header fields are a finite resource (there are 255 possible header fields) and are defined by the D-Bus Specification. The only field that can currently be trusted is the sender's unique name, because the dbus-daemon sets that field, overwriting the value in the original message (if any).

To make it safe to rely on the new fields, we would have to make the dbus-daemon filter out all unknown header fields, and introduce a mechanism for the service to check (during connection to the bus) whether the dbus-daemon is sufficiently new that it does so. If connected to an older dbus-daemon, the service would not be able to rely on the new fields being true, so it would have to ignore the new fields and treat them as unset. The specification is sufficiently vague that making new dbus-daemons filter out unknown header fields is a valid change (it just says that "Header fields with an unknown or unexpected field code must be ignored", without specifying who must ignore them, so having the dbus-daemon delete those fields seems spec-compliant).

This all seemed fine when we discussed it in person; but GDBus already has accessors for arbitrary header fields by numeric ID, and I'm concerned that this might mean it's too easy for a system service to be accidentally insecure: It would be natural (but wrong!) for an implementor to assume that if g_message_get_header (message, G_DBUS_MESSAGE_HEADER_FIELD_SENDER_UID) returned non-NULL, then that was guaranteed to be the correct, valid sender uid. As a result, fd.o #100317 might have to be abandoned. I think more thought is needed on that one.

Unrelated topics

As happens at any good meeting, we took the opportunity of high-bandwidth discussion to cover many useful things and several useless ones. Other discussions that I got into during the hackfest included, in no particular order:

  • .desktop file categories and how to adapt them for AppStream, perhaps involving using the .desktop vocabulary but relaxing some of the hierarchy restrictions so they behave more like "tags"
  • how to build a recommended/reference "app store" around Flatpak, aiming to host upstream-supported builds of major projects like LibreOffice
  • how Endless do their content-presenting and content-consuming apps in GTK, with a lot of "tile"-based UIs with automatic resizing and reflowing (similar to responsive design), and the applicability of similar widgets to GNOME and upstream GTK
  • whether and how to switch GNOME developer documentation to Hotdoc
  • whether pies, fish and chips or scotch eggs were the most British lunch available from Borough Market
  • the distinction between stout, mild and porter

More notes are available from the GNOME wiki.


The GTK hackfest was organised by GNOME and hosted by Red Hat and Endless. My attendance was sponsored by Collabora. Thanks to all the sponsors and organisers, and the developers and organisations who attended.

Categories: FLOSS Project Planets

DrupalCon News: Join in the discussion about the future of Drupal + Media

Planet Drupal - Thu, 2017-03-23 12:18

It's that time of year again when everyone starts getting excited about DrupalCon.  People are getting geared up to attend sessions, meet up with team members and clients, and let's not forget, load up on as much swag as possible.  But an important piece which often gets overlooked are the Summits that happen the Monday before the conference begins.  These events are happening again in Baltimore, and the Media and Publishing Summit is one you should consider attending.

Categories: FLOSS Project Planets

Meet the LibrePlanet 2017 Speakers: Christian Fernandez

FSF Blogs - Thu, 2017-03-23 12:07

His session, Pentesting loves free software, takes place on Saturday, March 25th in session block 5A (15:40 - 16:25).

Could you tell us a bit about yourself?

I moved to the US in 1997. Since then I been traveling around and moving to different cities. I've been into social justice movements in the past. I started into hacking in the late 80s with BBS’ FidoNet, exploring and trying to sniff out all the information I could.

At the same time I got into hacking, I got into free software after that—. Most people I knew online were also involved in both since they go hand by hand.

How did you first get interested in penetration testing with free sotware?

I've seen a lot of newcomers to the security field from academia. As with any other tech field, they learn commercial, proprietary, non-free tools.

I like to point out and show people that you can get the job done even better using free tools. I'm very passionate about this as a free software activist.

Have you been to LibrePlanet before?

Yes, I am a longtime Free Software Foundation member and have been to a number of LibrePlanets.

How can we follow you on social media?

I have A LOT of handles...some nobody knows. :) I use @rek2fernandez on Twitter. B1naryFreed0m is the one I use for politics.

What is a skill or talent you have that you wish more people knew about?

In order to make things better first you have to break them apart and study them. Learning is not about reading a book and going to school, it is about passion and practice, and a lot of frustration sometimes. :D

Categories: FLOSS Project Planets

Steve Purkiss: Co-operative.club - Part II: To Drupal or not

Planet Drupal - Thu, 2017-03-23 11:10
Co-operative.club - Part II: To Drupal or not Steve Purkiss Thu, 23/03/2017 - 15:10

"You'll write about this one day" she said. "and you'll make it sound like you're the hero. You should go to L.A." she added.

Well, turns out for a number of reasons this happens to be that day, and as for the latter, I'll let you the reader decide, although to be quite honest, I don't much care either way as you weren't there, and I'm not asking for opinions. I'm writing this because I want to conclude the story about what I've been trying to create in this world whilst I am still able to. I believe there is a better, more fairer to all, way of living and that we have all the tools we need in order to achieve this change, leaving the world in a far better place than it currently is. For me, for her, for everyone. This isn't going to be an easy read, there's no pretty pictures, no subheadings and no holds barred. I'm sorry if you wanted that, I'll get back to 'normal' mode after this, but I have to get this out as it's been over ten years now and I need to move on, and this is my therapy.

In Part I of The Co-operative.club story I explained how Free Software had enabled me to connect with others through a social business network based on the Drupal platform after being made redundant and having to leave London and return to my father's house. Thirteen years hence I find myself back here/there again, broke again (and more so this time round), but still with the ability to get myself out of this situation thanks to Free Software, and Drupal. The latter however I am, and not for the first time, too sure about given the events of the past 24h, and that's where I'd value your input - not just in words but also in actions. Inaction is also action, I guess we will see.

First let's go back to where I left off last time, in Toronto, where I'd just set up a 'Test Box' which had ended up being just an expensive party and an art gallery. What I hadn't mentioned in the previous post, and which is why I found it hard to write the second part, was that I was at the time in a relationship with a girl I'd met at the Bovine Sex Club. Not a sex club, but a live music bar near where I was staying in Queen St. W. I'd been talking with this pretty girl and when she and her friends were going to leave I thought I'd ask for her number - something I'd never done before but being in another country knowing I'd probably never see her again if I didn't pluck up the courage I thought I would. I did, and she smiled and wrote her number down. I don't think you could've met a happier guy that night than me after that. Sadly, it didn't carry on that way.

I invited her out on a date - one of my favourite British comedians Dave Gorman was playing a gig in Toronto and I thought it would be a nice thing to go to, have a meal and all that jazz. Nothing too serious - a bit of fun to see if we still liked each other outside the dark sweaty confines of a Toronto music bar. The day came, I waited. And waited. And waited. She didn't turn up, I went to the gig alone. Dave was hilarious as usual, talking about the time when he decided to find all the people in the world with the same name as him then go meet some. Silly comedy, that's what I like.

I decided to phone and find out why she hadn't turned up - perhaps something had happened, perhaps she had just changed her mind. She said she thought I wasn't going to turn up, that I didn't really mean what I'd said, and that she didn't want to get hurt again so had decided it was better to stay at home. Coming from a broken home myself and seeing girls get hurt by blokes at college and uni, I kinda could see a little where she was coming from and assured her my intentions were honest, forgave her for not turning up, asked if she'd like to try again and was delighted when she said yes. What I didn't know at that time was she hadn't been on meds for three years and was classed as having 'Borderline Personality Disorder' and a rapid-cycling Bipolar. Heck, I didn't even know what 'meds' were.

We met up again, and again. We talked and talked, and I had stories of how bad the situation was living with her parents and within a very short space of time - perhaps a week or three, she had moved in with me. She seemed like she was in a really bad place at the time so although it seemed to me too soon, I thought I understood her situation and was willing to give cohabiting a go - this could be 'the one' and I didn't want to look back and regret missing that chance at that long-held dream I'd had until then of meeting someone and spending my life with them.

She moved in but pretty soon things started to get very strange and scary. Within a week or two she was crying uncontrollably and cut her wrists. Not in a blood-gushing out gonna die right now way, but enough to make it bleed. I didn't know what to do - I was in a country I didn't know, and I'd never experienced anything like this before. I actually ended up phoning my mum, who of course ended up worried out of her mind and could only suggest we go to the hospital, which she didn't want to do. I saw other scars and found out in time this is how she 'released the pressure'.

I slowly discovered the truth about her diagnosis and medication or lack thereof, and heard stories about how she became to be on that medication - her parents said it was a 'chemical imbalance', however her story was one of a guy at school who had tried to attack her when she had shunned his advances towards her and who had later been jailed for some predatory activity. I don't know to this day what the actual truth is, on either side of the tale. Being rapid-cycling meant she was fine half the day and, to be brutally honest, batshit crazy the other half. She was highly intelligent, with a degree from one of the top universities and previously a fairly high-powered job until that fell apart when her body started to become immune to the lithium she was taking - or not, I don't really know, that's just what she told me.

We used to argue a lot when she'd accuse me of everything under the sun - from looking at other women to me being a 'dictator' because I wanted to create these open source cafes. I remember one night when she decided to rip up my copy of Lawrence Lessig's 'Free Culture' book one page at a time and shove each page under the door of the lounge where I'd barricaded myself in so that she couldn't physically attack me. The rapid cycling meant she'd calm down in a few hours and all would be sweetness and light again, as if nothing had happened. But it had, and I couldn't forget that, which annoyed her more as I didn't feel at all in the mood for anything unlike herself, which I guess is another part of the being on her high. So the cycle would repeat. She'd punch holes in the wall then go to the DIY store and fix them up after. All things I look back at now and think "why the hell didn't I get out of that situation straight away". But you don't - well I didn't. I can't explain how it feels to be in that situation - all I knew is she said she'd be out on the street if I'd chucked her out, and I didn't know why she had this distrust of me that I'd go off with other women. For a start I hardly had the chance because we never seemed to leave the house and when we did it was a nightmare as she'd have a breakdown in the middle of a store and of course everyone would stare at me with that 'what this nasty bloke had done to this poor girl' look in their eyes.

I tried to go to networking meetings - after all I was only on a visiting visa and was there to see if I could connect and build business - but we only managed to go to a few and I wasn't getting enough business in to survive, and my credit cards by this time were maxxed out. The way I usually get business is I'm connecting with people every day, writing blog posts, and talking about Free Software. I couldn't do that in this situation where everyone we met was a 'bad person' if they were male, or a potential threat if they were female. I used to go for long walks when she was mad at me for apparently looking at another girl or whatever I was supposed to have done - I'm a networker and an essential part of that is talking to other people so yes, I talk with other people and I'm friendly with them - doesn't mean I want to go to bed with them. I used to go to the local library and read up on Borderline Personality Disorder and Bipolar. I read a lot, and the main thing I came away with was that saying you didn't have it was a symptom of having it. She said she didn't have it, and the meds were just to dumb her down, she would be able to cope without them.

I managed to convince her that if we were to have any future, it was going to have to be going back on the meds again - at least for a while as I simply couldn't deal with fighting every day and perhaps a different combination than before might help. She went back on them - a horrible to see process as she had such a high dose she was asleep for most of the day and yes, all they seemed to do was make her inactive so she wouldn't think or do much.

This too didn't last long though, she'd not take her meds some days, and things got progressively worse until one day during another attack she'd bitten my arm. I went to the clinic as it had started to go green and the doc said I'd gone just in time as human bites were worse than snake bites. Then another time she'd knelt on my hand so hard she broke it and I had to go to hospital, with her all the time saying "it's not broken" when it plainly was. I see that every time I look at my hand with the knuckle where it shouldn't be and the bone sticking out also where it shouldn't. I've had guys 'joke' to me suggesting that's where I punched her - if only they knew. I only ever restrained, which I hated having to do but there's pretty much nothing else you can do apart of course from getting the hell out of that situation but I hope others who have experienced similar will understand. I guess that's why I've found it hard to talk about at any length until now, because I fear what people assume. What has helped me finally write this is mostly down to people in the Drupal community who have been brave enough to talk about their situations, they know who they are and I'd like to thank every one of them for doing so, I don't think they realise just how much it helps others like me have the confidence to even consider doing this when I still worry hopefully unnecessarily about potential retribution and consequences.

Now she was back on the meds but not doing too well with me there her parents rented her a flat but that didn't go too well either, when I went to visit she hadn't eaten for days and thought she was hearing screams from down the road and had to go investigate. We decided that we wanted to be together(!) but that would involve being nearer to where her parents had moved to out on the lakes a couple of hundred miles up the lake in Kingston, Ontario. We briefly moved into a bed & board place but moved out soon after as I'd managed to find a local client who of course I couldn't work in the office as I was 'just visiting', but I have clients all over the world so work remotely and they don't employ me. That didn't last long though so I went into their office 'just visiting', but that didn't last long either as she'd be on the phone every five minutes.

I started to make connections locally and garnered quite an interest in my project - they had a 'Think Kingston' campaign who said the local uni wanted closer ties with the town as they hadn't invested much of late and this sort of thing could help - in fact so much they said it would be good to have one central location and one in each of the six suburbs to connect the community. No one person would put up the money though so it was a case of continually networking until I brought enough interested parties together to make something happen. I met some interesting people there too as Sun Microsystems had a big office there and had offered me all the computers I'd needed which was great as they had keycards so students and office workers could plug in and be on the same systems they used. I even met one of the first people to have a Unix business who said my main issue was going to be getting everything up and running at the same time - the events, the tech, the food, etc.

At the same time the half/half life was still going on and although she was managing to go to a few Cognitive-based therapy meetings it wasn't working. One day I got a black eye - I'm not sure if it's the same day I was asking about food regulations to the librarian who happened to be female but I have a feeling it might've been. I decided to call the police but they said there wasn't much they could do, she could only admit herself back in hospital. We went to the doctor, she ended up getting up on his desk waving an umbrella at him and shouting racist comments at him. She went back into hospital, I saw her trying to bend her fingers back, and she ended up talking her way around the weekend staff as they weren't as trained and she was back, attacking me. I left. My friend who I'd met through the networking in Toronto offered to pay for my flight home but when I went back to Toronto I decided, in my stupidity, to go back again.

It didn't last long again, I'd be in the kitchen making food and I'd forget something so the light ended up being switched on and off a couple of times - this apparently was me making secret signals to the next-door neighbours wife who I was apparently having an affair with. I kept myself busy online and it was at this time I rediscovered Drupal as one of the fairly high-profile sites I'd built back in the UK had been rebuilt in Drupal - I'd built it in another Open Source CMS called XOOPS. I had a pretty similar view of Drupal as many still have "Ugh, Drupal", however this time I decided to look under the hood at the code and saw that it was just as - if not more so - capable as the system I'd been involved with back in the dotcom days. I saw an API with business logic infused, and all the hallmarks of a system which anyone could use, whether they could code or not. It was modular, capable, and could build anything. I didn't however realise there was a whole community behind it as every time I went to the forums I'd get questions about who I was talking to and they'd end up with the usual fighting, so I just saw the code.

Things go worse again and I found myself many nights out in the freezing temperatures wandering around until she'd calm down. My friend again paid for my flight home, but this time I went. I had no baggage, just a big winter jacket and they thought they'd caught their terrorist so searched and searched but all they found was my tired soul waiting to get the hell out of there.

There were good times, but there were also many very bad times. I haven't covered everything that happened because it's amazing how much did in such a relatively short period of my life and yes I know it's only my side of the story, however I'm not the one who was on meds who then went off them and one of the first things I did when I arrived home was get checked out as she told me that it takes one to know one. I went through interviews and they said I was 'normal'. To be honest, I don't know what normal is, I don't think there is such a thing as normal. I do know where we were in Canada was around the area where the "pill for every ill" started with placebos and the medical world doesn't know much of how our brain works. I also know the culture there seems to be if you don't fit into the 9-5 lifestyle you're obviously in need of meds, whereas here in the UK it's getting more that way but different.

So why am I writing about this now? Because I find myself again questioning whether Drupal is the right tool I want to use for my project, and this time I feel it has relevance with the experience I went through and the knowledge I gained about the wonders of the brain. A prominent member of the Drupal community whom I've had the pleasure of meeting a few times has been 'ousted' due to his personal beliefs. The founder of Drupal, Dries, says he is doing it to protect the values of the community, however the facts as they are available at the time of writing seem to show that nothing nefarious has actually happened, only that there is the perceived chance that something might happen. I don't follow these beliefs, in fact I hadn't heard of this specific community previously and I, along with many others, do worry about it. I have seen vulnerable people and know how people can manipulate situations, and even though there is consent in the situation it is often a blurry line as to whether people are in a capacity to really know what that is and whether it's a good thing or not to be doing it. My personal view on the situation is though that it is none of our business and it should not be affecting the project, it is however and that's a problem. We now have a situation where another person who has practically dedicated their life to the project is now in a place they don't want - or need - to be, all in the name of 'inclusion'. 

Our project recently ousted another member of the community who has given similar amount of their life to it and who now has a gaping hole where friends, fun, and code used to be. I made an official complaint but was met with the usual brush-off and told that there was not much they could do with "undiagnosed autism". So we are now the medical establishment diagnosing people?

We are all human beings with our quirks and strange ways. Free Software (more specifically Copyleft software which ensures users freedom both up and downstream) gives people the opportunity to be included in society no matter who they are and we need to preserve that. If Drupal is to decide who is and who isn't allowed to be part of this, without them actually doing anything which is breaking the law of their respective residential countries, then where does this leave the platform? A Minority Report way of thinking will just keep it to a very small minority. Yes, we need to look after our community and make it as welcome to everyone - and from what I've seen of the actual work this community member who's just been ousted has done he's been nothing but a boon to this. He hasn't - as far as we've seen - done anything illegal or untoward, yet we are branding him otherwise, causing untold damage to his reputation in the process. And that's not fair.

So why do I even bother with Drupal? Aren't there other things I can use? Sure, but none are as advanced as Drupal is in terms of the ability for non-coders to build what they want in order to be able to communicate via the medium of the internet, for free. Drupal although a much smaller share of the market currently than other certain systems, has freedom built in its DNA. I don't have to buy a plugin to do what I want, and if I don't know how to code something it doesn't stop me from using modules or giving something to the community from my skill set which will help others and perhaps others will then be more likely to help me when I need help with something that needs some code. Drupal is pervasive in government institutions and education, and, if the community is scaled organically then we have the opportunity to change the world with it. We can save tax money by sharing code, local communities can be involved in building and maintaining the technology they need, and people who want to build their own businesses and lives online can do it freely and often without code. On top of that, creatives can publish their videos and art and writings online, and we can build a framework for freedom. But not in this current configuration, not when it is seemingly the business players who are supported. Those same ones who many in the community have had to help rescue projects from and been squeezed out because they don't conform to the 9-5 mentality so don't fit into the current corporate structure which seems to be gradually taking over this project. Those corporates who we hear find it fine to take people to strip clubs to help make a sale but then say they are ousting people because they don't align with their values. Well, I don't value taking people to strip clubs just to win a sale - does that mean I'm not Drupal enough? If so, then I don't really want to be part of that, I find that way more harmful actions than any alleged future actions.

Back to the story, because that's why I do support Drupal as it enabled me to earn and live. I began to build my life back up again. I rented a room in my sister's ex's house who lived just down the road from her - they had a son together so were still in contact regularly. I had my newly found interest in Drupal and I did various things to promote it as I thought it was amazing. There was a site which you could post up short videos of 12 (I think) seconds so I used to do my 'module of the day' and tried to make them entertaining - I think I still have them somewhere. But it was when I put the word 'Drupal' on my LinkedIn profile that things changed as I had a call the next day from a London agency who needed some 'urgent' help. It was for a sponsor of the triathlon who wanted a Facebook app integration so people could support their friends. The agency had promised the app but it was late, however they were under contract to deliver so although I built it, it was only live for a day before the event itself. This was my first experience of the digital agency world, there have been many to follow, most of which haven't been that good, which is why I believe the agency model is dead.

The project gave me enough money to move to Brighton - a place I'd heard was the epicentre for the web in the UK so thought it would be a good place to set up my open source coworking cafe concept, and I could fund through my Drupal work. I'd made a little block for my website which displayed my LinkedIn profile and as Drupal had helped me, I decided to post it to the site so others could use it too. I got no response (well I did six years later after talking about it), so I still didn't see the community side of it much. I networked like hell in Brighton and within a short time had gained a couple of high-profile sites to work on, one of which the developer I worked with decided he was moving to London and gave me a couple of his old projects he didn't want to deal with any more. Not realising the amount of work involved with one of these projects I ended up massively underquoting but I'd promised the work so I did it, ending up moving out of my flat into a small bedsit to save money in the process. When I handed over the project I said "you'll need to work with a designer now as I've only selected rounded corners" but still to today all they've done is put a front-page on the site. It's still one of the projects I'm most proud of - it's got more information on children's books than amazon and is highly respected in the industry. I'm surprised it's still going, but my background has always been making things work well so they don't break - not so good for business I guess but I like to take pride in the work I do. You can check the site out at BooksForKeeps.co.uk.

I finished that project and did more networking, including going to an event called 'Connecting Innovation' where I saw Ken Thompson present his work on 'Virtual Enterprise Networks' in which he details how the organisations of the future aren't the big monolithic corporations but instead networks of smaller organisations, freelancers, and so on. He'd written a book including all the models he'd used in practice to build these Virtual Enterprise Networks around the world, for example when NASA wanted to deal with suppliers from outside the U.S. but had no interface for doing this. To me it was an eye-opener as this was precisely how the Drupal community worked. I had set up a local Drupal Users Group and we all shared code and information. I still hadn't been to an 'official' Drupal event, I simply didn't have the funds at the time so only dreamed of attending.

Business grew and after less than a year in my tiny bedsit with an outlook of a wall I managed to have enough to move out. I'd been checking the property ads every day and this amazing-looking apartment with floor to ceiling windows became available in the centre of Brighton which I thought would be a great base for my business, not only the Drupal side as I worked from home but also to start something up on my vision of the open source coworking cafe side. It was central, I could fit a few people in for lunchtime talks, all was good. So I thought, more on that later, first back to the Drupal.

I also had enough funds to attend my first DrupalCon, this year it was in Copenhagen so I decided to go. It was weird though, there were all these people sitting around long tables working away at their laptops to which just confused me - why would they go to the trouble of paying to get to a conference then not go to the talks and just sit tapping away at their computers? Didn't make sense. 

I was keen to talk to someone 'in power' about my findings about the Virtual Enterprise Networks as I thought I'd be bringing them a potential answer as to how they could spread 'good' Drupal by connecting and helping each other out - just as we did with the code and at our local meetups. I saw someone go past who I recognised from the Drupal Association so asked him if there was anyone I could talk to at the DA about this, to which he replied that they were 'all too busy working for large corporations' and brushed me off. I was later told he was 'autistic'. My friend who I was with at the time just looked at me, both of us in surprise. I resigned myself to finding out what else was going on and decided to stop at one of the tables where people were working away and find out what was going on. That's when I first met Angie/webchick who said they were testing the upgrade script from 6 to 7 so I could try that on a site I'd built. The only one I had was the children's book site however I was in my 'module buffet' phase so there were masses of modules on it (tabs within mini-panels within panels and so on!) and surprisingly it didn't work.

This experience didn't stop my pursuit of what I thought was trying to help the community solve its scaling issues though and I started to go to more events. I went to my first DrupalCamp in Cambridge and that's where I met a team of guys who were building native CRM in Drupal which I thought was amazing. Having come from an integrated platform previously I could see how this made Drupal much more of a full product and how essential to the framework it could be. I ran a couple of DrupalCamps in Brighton at which one of them they did a 36 hour BoF on the CRM which again I thought was amazing as this was how software should be debated and developed, by collaboration not everyone in their own pigeon hole making their own version of some common functionality.

I started to go to the CxO meetups which were happening as I wanted to achieve two things - grow my own business so I could build my vision, and connect the Drupal business as that would support my vision too. A platform where we commoditise common functionality across the world - every business vertical has similar functionality required, it's the people and the products that are the differentiators, unless you're a software company. I tried out one of the exercises from the Virtual Enterprise Network book at one of the CxO events - the synergy discovery - but I'm not a good person at this type of thing and when getting people to put up post-it notes of their skills they all just put Drupal. The idea is people obviously have all different skills, experience and expertise and the goal is to group and cluster those and connect with complementary skills so as to create collaborative products and services. I was told at the time by the organiser that it was the way of the community - if something didn't work then people simply weren't interested and the idea wasn't worth pursuing. I realise now that's just another person's opinion, you have to have belief in your own thoughts in order to make things happen.

So, on we go and a few more CxO events down I find we're all talking about the same issues over and over again. Where the code is shared and discussed online via the drupal.org infrastructure, the business people don't use the complicated site and so don't have anywhere online to share. They do collaborate in 'secret' in their own groups, and as I went to more events they all seemed to get further away from community and more 'business', with restrictions on the size of company you had to be to attend, which basically pushed me out of the picture. At one of the last events I went to though I met another Director of the DA and it was at the time when they first introduced community elections for an 'at large' Director. I asked how many had applied to which I was told three, to which I though did no-body care and decided that night to apply. With my following I had grown on social networks by helping others out with their Drupal issues due to the seeming lack of support channels due to many businesses making money from the support side so no want to fund and/or foster the free ways of support, I was voted in and within a week I found I was now also a Director of the DA.

Obviously having to cut a very long story short before we all fall asleep, I didn't get much in the way of communication or involvement in my time there, I did manage to help push through a Marketing & Branding Committee which wasn't really supported that much, and I found myself realising that the agenda was there to stay and they had their way and that was it, I was just seen as trouble. I remember once sitting around the table when they were talking about revenue and how much the individual memberships didn't bring in (look at how they compare to total revenue) and the founder's remarks were "well why do we even bother having them". Now I understand that could've been taken out of context, but then I look back and wonder - this guy is running the fastest growing private software company in the country and has known pretty much nothing else apart from uni and successful career, I don't think he's ever had to really worry about where his next meal is coming from. He's obviously good at business, and seems to be good at people skills when in public, so I gave him the benefit of doubt that I'd just either heard it wrong or taken it the wrong way. Drupal may have been released by him, but it's his army of contributors who build and maintain it, many of whom work tirelessly and often for free in their spare time, even those who do get paid to work on it.

So skipping along, when my term finished at the DA I decided to set up a co-operative online as I'd met many people from many Drupal businesses who were more than keen to help market the project and product better, and who lacked a place to communicate and gather online. Sure there's the partner networks and the DA itself they can sponsor, and the events, but they're all run by someone else with their own agenda - a Virtual Enterprise Network is where the members own and operate the group, much like a co-operative if you look at something like Mondragon Corporation. This was surely a better way to scale than a top-down infrastructure which seemed to result in many issues - helping some get richer but at the expense of making the product and processes harder for the rest. I set up the site, I set up some skills tags and people connected and did business but I failed to capture the business model myself and at the time had high monthly costs so could not keep it going without revenue. I asked for membership dues, of which about four people paid, of which was the equivalent to about half a day's Drupal development, so didn't last long.

By that time I was quite disheartened so I kind of went back to just doing projects but then in 2014 an opportunity came along to rent an annexe opposite the coworking space in Brighton which I had been a member of on-and-off since its inception and as I'd heard that this space was now full I thought this could be an opportunity to finally get my space up and running. I took a gamble and paid the deposit and rent, and worked on two projects at the same time to ensure it had some time to get up and running whilst the overspill from next door came forth. This didn't happen, and I didn't have the time to do enough promotion. The building wasn't exactly right either, and it ended up being a costly three-month experiment and I lost over ten grand. We did however have another spectacular party, and I was proud to host the first VR Brighton events, something I shall never forget being a huge VR fan. As for getting enough things up and running at the same time - well apart from not having enough time, the space wasn't big enough to do that and so it never would've been the dream. I knew most of that but was hoping at least I would be able to get enough members to cover costs and start to build the rest. 

I then started to do my first commercial collaborations with the CRM guys and decided it was something I should promote more as it was profitable and gave me time to work on my other project as opposed to if I was sitting there building sites all day. I was once again too confident and as DrupalCon was in L.A. that year I decided I should go and spread the word about CRM, and I wanted to see the place in real life too, after all, I'd been told I should go there by you-know-who so I thought what the hell and booked my tickets. I guess I was on a high too as I decided as the hotel was the main cost I would take along my friend as he was looking for a way to change his work and I'd been extolling the virtues of Drupal to him and saying how it helped anyone build a career if they wanted to. He obviously just saw it as a free trip, but I don't regret offering, I just need to choose more carefully whom I offer opportunities like this too if I am ever in a position to again.

So L.A. was fun, and we did a BoF on the CRM where a few people turned up - all from very large corporations, but nothing came of it as I didn't have the team around me to make something like this happen. I returned back to Brighton and carried on the continued search for work and odd project. But times were different now and many agencies had grown up and the available pool of work was less. I didn't do front-end so I worked with others on that, but one kept continually letting me down and mocked me when I worked with them again at the fact I had, and in the process had practically lost me any faith that client had in my judgement by then. 

Then came along winter and my flat where I was day in day out became infested with mice. This had happened a few years back but this time they were back with a vengeance. The landlord flat refused to do anything proper about it, a temporary fix was just that, and I was getting ill with the stress of it all. I managed to get some work with a local digital agency but they were another one who knew little about the product they were building so I had to, for the sake of the client's project, do the opposite of what they asked. I implemented a rock solid architecture of custom entities, purposely making it hard for them to mess around with and as far as I know the site is still based on those. They wanted to play around with different views and lots of front-end stuff, which you can do fine if you have the base to do it on, but if you start by doing that you soon end up in trouble. I couldn't deal with their want of me being in the office all the time as nothing apart from seemingly useless meetings happened all day then at the end of the day they'd asked how it was going and I'm sure they must've thought I had a double working on the stuff whilst I was at their inconsequential meetings they just wanted a face at. I ended up working all over the Xmas period with mice running around my flat making me more ill, and I turned up the day they all came back from hols with their architecture and recommended they find someone now with more front-end skills than myself. I recommended a couple of people, they eventually found someone who is still there today but I hear they don't have the project any more. That was the idea that it would be handed over to the client to maintain, but it was months overdue so I don't know what went on after I left. I do know that when I tested the site out I did a search which resulted in no results, that wouldn't have happened if they'd followed my advice using facets and bottom-up SOLR search from actual data instead of top-down "nice looking" but fundamentally flawed implementation they made. Such is life.

So I'm back in the flat, mice running around, and a landlord who refuses to fix it. Why is this relevant? Well it took me four years to get a replacement boiler - the original one made loud bangs and I ended up boiling water for years as I gave up trying. I think this is relevant because I see a pattern of me getting into interdependent relationships where I'm the submissive and I let people dominate me. Do I do it for kinks? No. Am I vulnerable? Maybe - stupid more like and just need to raise my own self-confidence and put up a few barriers, at least know when to get out of situations and when to say no to stuff. I said no to my landlord, I refused to pay him rent until he sorted out the mice problem, and he then decided to use the law to evict me from the flat as laws to stop this were only introduced in 2015 and my contract with him was from before that.

He finally evicted me in June last year and served me notice that he was taking me to court. I wrote up my defence, including all the info about the boiler and how he'd left me without a gas safety certificate for months when the original one finally failed it. His solicitor sent me copies of all the certificates which I thanked him for as it proved my defence, but he still didn't back down. I decided it wasn't worth trying to stay in Brighton and pay expensive living costs when I couldn't afford to start my other business vision due to the extortionate rents there (higher than Silicon Roundabout in London), the town was full of rubbish and with 1 in 69 people homeless the streets were lined with those I wanted to help but couldn't because there was no funding for that sort of thing down south. Sure, if you want to make an internet of things gadget which will suck up lots of data you can sell to the system you'll be fine, but do something which will benefit many but not maybe those who are currently rich getting richer and you're sod out of luck.

As funny as the world goes, I decided to stay with a friend for a week before returning back to Essex to stay with my folks for a while until the next DrupalCamp visit or going abroad opportunity came up (couldn't see the point in staying in expensive UK), and whilst staying there I found my dream space to set up my vision. It was the White Hart Hotel in Lewes and it was where Thomas Paine used to attend the debating society there. He used to talk about his ideas and vision but it was only when a fellow attendee said he should write about them and publish it that he ended up writing Common Sense, attributed to helping the American and French Revolutions. I believe we are now at this point with the internet - we have all the tools we need to communicate, share our ideas, and co-operate together for a better world, we just don't use them. We have the corporate version of the internet where it isn't their interests to help you but to grow their own business. So instead of having local spaces where people can go make use of things like video studios, rooms for presenting in front of people and streamed online, art on the walls and online, and everything else I cover in the Co-operative.club concept, we have instead a surveillance society and a few corporations at the top with many working to keep their systems going for little or no pay.

The Lewes building is £2m. It could work from crowd-funding, but quite rightly I see you need to build community first and grow from there. So I've thought about starting one up here, but first just building the network online and running a few events locally to get things up and running. I didn't do that before because I thought it would take too long but here I am 13 years in, £60k or more in debt, and a community I'm not even sure I actually should be worrying about as although it's kept me alive for years, I've never wanted to build websites and that's where I fail on the business side because my heart simply isn't in it. On top of that we have all the community issues which people again and again talk about and a community which isn't equipped currently to collaborate at scale as a community, they all seem too happy to take the quick cash, keep in their top-down partner networks and everything's ok. Well, I personally don't think that's going to work in the long run, and I'm more upset about the vision we won't be seeing if it just turns totally corporate. You can't pay people to have passion, and some of us aren't equipped or indeed want to 'have a job'. 

I want to help people, including myself, enjoy the time they have on this planet by exploiting free software. It's the LibrePlanet conference this weekend which I hope some will be streamed as it will give me a boost I need. I was lucky enough to attend when I first went to Toronto back in 2005 before all the crazy stuff hit the fan, that's where I met Larry Lessig and one of my heros Eben Moglen who I believe is one of the best orators in the world. I spoke to them about my concept and they 'got it', and that counts for a lot to me. Or is that just my attachment issues again? Am I still suffering from worry about being abandoned when my parents split up? Should I just "get off my arse and do a job?". Well, on the latter front I've a little money due, but no - no job in the immediate future, once I decide on a direction I'll be out there networking like crazy whether on or offline, I don't have the want for trinkets I used to have as I realise that's not what makes me happy and there's a lot cheaper places than the UK I can go live. I did start a daily vlog on my project but I've focused it on the Drupal community as I thought that would be a constraint good enough because we do already collaborate. But now with all the issues I'm not sure of whether it's worth pursuing without some serious backing, and it seems everyone's hunky dory with the way the business runs, down to the everyone-except-for-me clapping at the recent talk mentioning we should stop all the debate about Free vs Open when it is so obviously not an insignificant thing, Open Source is for business, Free Software is for life.

Anyway, that's the ramble. I was going to write this up much nicer but it's been three months and that hasn't happened until today, I'm just sad it took such a shitty event to make it happen and I hope things will change. I certainly need to as I keep seeing buildings which would be perfect for connected community spaces.

Category Creativity Tags drupal Drupal Association Drupal Planet Add new comment
Categories: FLOSS Project Planets

Reinout van Rees: Fossgis: open source for emergencies - Marco Lechner

Planet Python - Thu, 2017-03-23 10:28

(One of my summaries of a talk at the 2017 fossgis conference).

He works for the Bundesamtes fuer Strahlenschutz, basically the government agency that was started after Chernobil to protect against and to measure radioactivity. The software system they use/build is called IMIS.

IMIS consists of three parts:

  • Measurements (automatic + mobile measurements + laboratory results).
  • Prediction system. Including documentation (managed in Plone, a python CMS system).
  • Decision support. Help support the government layers that have to make the decisions.

They have a simple map at odlinfo.bfs.de.

The current core of the system is proprietary. They are dependent on one single firm. The system is heavily customized for their usage.

They need a new system because geographical analysis keeps getting more important and because there are new requirements coming out of the government. The current program cannot handle that.

What they want is a new system that is as simple as possible; that uses standards for geographical exchange; they don't want to be dependent on a single firm anymore. So:

  • Use open standards, so OGC. But also a specific world-wide nuclear info protocol.
  • Use existing open source software. OSGEO.
  • If we need something special, can we change/extend existing open source software?
  • If not, then it is OK to create our their software. Under an open source license.

They use open source companies to help them, including training their employees. And helping getting these employees used to modern software development (jenkins, docker, etc.)

If you use an open source strategy, what do you need to do to make it fair?

  • Your own developments should also be open source!
  • You need your own test and build infrastructure. (For instance Jenkins)
  • You need to make it easy to start working with what you made: documentation, docker, buildout (!), etc.

(Personal note: I didn't expect to hear 'buildout' at this open source GIS conference. I've helped quite a bit with that particular piece of python software :-) )

Categories: FLOSS Project Planets

.VDMi/Blog: Creating default pages in Drupal 8

Planet Drupal - Thu, 2017-03-23 10:16
Here at .VDMi/ we like to use nodes for everything, even for things where you would normally use a View page, a search page for example. We do this because nodes bring a great deal of advantages. This blog explains how we create these default pages, make sure they don’t get deleted accidentally and how to use different nodes as frontpage for different languages.
Categories: FLOSS Project Planets

Bryan Pendleton: Assessing an estimate

Planet Apache - Thu, 2017-03-23 09:56


Can this really be true?

Addressing Detroit’s Basic Skills Crisis

Various estimates of the scale of need for basic skills services in the region convey a crisis-level order of magnitude.
  • The National Institute for Literacy estimates that 47% of adults (more than 200,000 individuals) in the City of Detroit are functionally illiterate, referring to the inability of an individual to use reading, speaking, writing, and computational skills in everyday life situations.
  • We also know that of the 200,000 adults who are functionally illiterate, approximately half have a high school diploma or GED, so this issue cannot be solely addressed by a focus on adult high-school completion.
  • The remaining 100,000 of these functionally illiterate adults (age 25 and older) lack a high school diploma or GED, another prerequisite for employment success.

I'm not sure how this institute made this estimate.

Later, the report expands somewhat on the topic:

Generally, those adults who score at Level 1 (on a scale of 1 to 5, lowest to highest) have difficulty performing such everyday tasks as locating an intersection on a street map, reading and comprehending a short newspaper article, or calculating total costs on an order form.

It isn't clear whether their estimate was that all 47% were at "Level 1", or whether those were five levels of illiteracy (versus five levels of literacy), but no matter how you slice it, those are some astonishing claims about the literacy problem in the greater Detroit region.

Categories: FLOSS Project Planets

Pronovix: Web APIs in Drupal: success takes more than an endpoint

Planet Drupal - Thu, 2017-03-23 09:45

Web APIs are not just useful when making headless sites in Drupal: large Drupal sites often hold valuable information that could also be useful outside the site's context. Media companies might want to expose historical media content, community sites could show data about their community activities, e-commerce sites tend to open an API for their affiliates and partners.

While it is possible to use Drupal 7 and Drupal 8 as an API backend, a lot of functionalities that describe a mature API service do not come out of the box. In this post we will explain what key concepts you have to keep in mind when designing an API service, why they are important and how APIgee Edge can make it easier to build a full-featured API webservice in Drupal successfully.

Categories: FLOSS Project Planets

Chromatic: Dependency Injection in Drupal 8 Plugins

Planet Drupal - Thu, 2017-03-23 09:15

Dependency Injection in Drupal 8 Plugins can trip you up if you focus on the Dependency Injection part and forget about the Plugin part. This blog post shows key differences to keep in mind when you're working with D8 Plugins.

Categories: FLOSS Project Planets

Boosting performance with shader binary caching in Qt 5.9

Planet KDE - Thu, 2017-03-23 09:02

Now that Qt 5.9 is getting closer, let’s take a look at a minor but immensely useful improvement to the basic OpenGL enablers that form the foundation of Qt Quick and the optional OpenGL-based rendering path of QPainter.

Those looking at the documentation snapshots for 5.9 may have already come across some new functions in the venerable QOpenGLShaderProgram. What is more, most internal usages in Qt have been switched over to the new API. What does this mean in practice?

As explained here, such shader programs will attempt to cache the program binaries on disk using GL_ARB_get_program_binary or the standard equivalents in OpenGL ES 3.0. When no support is provided by the driver, the behavior is equivalent to the non-cached case. The files are stored in the global or per-process cache location, whichever is writable. The result is a nice boost in performance when a program is created with the same shader sources next time.

How big is the improvement? It varies. Some drivers have already been doing some sort of caching for the past couple of years, while some others have similar features in the pipeline. However, the gains turn out to be quite significant in practice on devices that are out in the field right now:

Do not read too much into the actual numbers. What is important is the difference between Qt 5.8 and 5.9. Also, a simple Qt Quick or GL-backed QPainter scene will definitely not use 10 programs, but as complexity grows, with Qt Graphical Effects and custom ShaderEffect items entering the picture, getting similar improvements does not look far fetched anymore.

In fact we gain something even on systems that employ shader caching already. Therefore every application’s startup and view switching times are expected to benefit with Qt 5.9 – without having to change anything.

Applications that use QOpenGLShaderProgram on their own can usually switch to the cacheable function variants by just changing the name in the function call. The change have to be a conscious decision, though, since some of the APIs change semantics when program binaries are used. Most notably, QOpenGLShader, addShader(), and removeShader() are incompatible with the program-level caching since they rely on individual shader compilation.

That’s it for now, stay tuned for more posts about exciting upcoming Qt 5.9 and 5.10 features.

The post Boosting performance with shader binary caching in Qt 5.9 appeared first on Qt Blog.

Categories: FLOSS Project Planets

lakshminp.com: DIY Drupal hosting: DrupalVM

Planet Drupal - Thu, 2017-03-23 07:46

Time for a little confession. I didn't intend to showcase DrupalVM as a DIY Drupal hosting solution when I conceived this series idea. Jeff Geerling, DrupalVM's creator hinted at using DrupalVM as a viable solution for small to medium sites in the first post of the series. It was an idea worth exploring and the result is this post.

Categories: FLOSS Project Planets

Neil McGovern: GNOME ED Update – Week 12

Planet Debian - Thu, 2017-03-23 07:43
New release!

In case you haven’t seen it yet, there’s a new GNOME release – 3.24! The release is the result of 6 months’ work by the GNOME community.

The new release is a major step forward for us, with new features and improvements, and some exciting developments in how we build applications. You can read more about it in the announcement and release notes.

As always, this release was made possible partially thanks to the Friends of GNOME project. In particular, it helped us provide a Core apps hackfest in Berlin last November, which had a direct impact on this release.

Conferences GTK+ hackfest

I’ve just come back from the GTK+ hackfest in London – thanks to RedHat and Endless for sponsoring the venues! It was great to meet a load of people who are involved with GNOME and GTK, and some great discussions were had about Flatpak and the creation of a “FlatHub” – somewhere that people can get all their latest Flatpaks from.


As I’m writing this, I’m sitting on a train going to Heathrow, for my flight to LibrePlanet 2017! If you’re going to be there, come and say hi. I’ve a load of new stickers that have been produced as well so these can brighten up your laptop.

Categories: FLOSS Project Planets
Syndicate content