Feeds

You are probably interested in setting up a workign environment for Drupal-based projects or maybe you have new members in your development team, so the configuration of the correct development environment is a fundamental part of the process of working with Drupal, you are right. By reading this how-to guide, you will implement a complete and ready-to-go Drupal working environment ready for versions 8, 9, and 10 of our favorite CMS/framework. Do you want to start?…

Picture from Unsplash, user Mathyas Kurmann, @mathyaskurmann.

This content has been constructed as a …

Releases on the Python Package Index are never “done” About • Blog • Newsletter • Links Releases on the Python Package Index are never “done”

Published 2024-01-24 by Seth Larson
Reading time: minutes

This critical role would not be possible without funding from the OpenSSF Alpha-Omega project. Massive thank-you to Alpha-Omega for investing in the security of the Python ecosystem! PEP 740 and open-ended PyPI releases

PEP 740 is a proposal to add support for digital attestations to PyPI artifacts, for example publish provenance attestations, which can be verified and used by tooling.

William Woodruff has been working on PEP 740 which is in draft on GitHub, William addressed my feedback this week. During this work the open-endedness of PyPI releases came up during our discussion, specifically how it is a common gotcha for folks designing tools and policy for multiple software ecosystems difficult.

What does it mean for PyPI releases to be open-ended? It means that you can always upload new files to an existing release on PyPI even if the release has been created for years. This is because a PyPI “release” is only a thin layer aggregating a bunch of files on PyPI that happen to share the same version.

This discussion between us was opened up as a wider discussion on discuss.python.org about this property. Summarizing this discussion:

• New Python releases mean new wheels need to be built for non-ABI3 compatible projects. IMO this is the most compelling reason to keep this property.
• Draft releases seem semi-related, being able to put artifacts into a "queue" before making them public.
• Ordering of which wheel gets evaluated as an installation candidate isn't defined well. Up to installers, tends to be more specific -> less specific.
• PyPI doesn't allow single files to be yanked even though PEP 592 allows for yanking at the file level instead of only the release level.
• The "attack" vector is fairly small, this property would mostly only provide additional secrecy for attackers by blending into existing releases.

CPython Software Bill-of-Materials update

CPython 3.13.0a3 was released, this is the very first CPython release that contains any SBOM metadata at all, and thus we can create an initial draft SBOM document.

Much of the work on CPython's SBOMs was done to fix issues related to pip's vendored dependencies and issues found by downstream distributors of CPython builds like Red Hat. The issues were as follows:

• Don't require internet access to run the SBOM script. We use internet access to automatically generate metadata for pip, but if the internet isn't available we should continue using the metadata that we already have (assuming the file hasn't changed) and then rely on CI which should always have internet access (the script fails in CI) to verify the values.
• If pip wheel is removed, don't raise an unskippable error. Redistributors will typically remove the wheel in favor of their own distribution of pip for ensurepip.
• Enumerate pip's vendored dependencies in the SBOM. This requires parsing the vendor.txt script inside of pip's vendor directory.

All of these issues are mostly related and touch the same place in the codebase, so resulted in a medium-sized pull request to fix all the issues together.

On the release side, I've addressed feedback from the first round of reviews for generating SBOMs for source code artifacts and uploading them during the release. Once those SBOMs start being generated they'll automatically begin being added to python.org/downloads.

Other items

• Two new Developer-in-Residence roles have been filled at the Python Software Foundation. Welcome, Petr Viktorin as the Deputy Developer-in-Residence and Serhiy Storchaka as the Supporting Developer-in-Residence. We've already gotten a chance to collaborate and I look forward to even more.
• scikit-learn is considering build reproducibility.
• Wrote my piece for the Python Software Foundation Annual Impact report.
• Submitted to the OpenSSF SOSS Community Day Call for Proposals (see you in Washington!)
• Reviewed a fix by Erlend Aasland for the SBOM generation script.
• I published a blog post which provides guidance on how to remove a maintainer from an open source project to reduce the attack surface of an open source project.

That's all for this week! 👋 If you're interested in more you can read last week's report.

Thanks for reading! ♡ Did you find this article helpful and want more content like it? Get notified of new posts by subscribing to the RSS feed or the email newsletter.

This work is licensed under CC BY-SA 4.0

This is the third part of a post series under the tag package_config that explains the Nuitka package configuration in more detail. To recap, Nuitka package configuration is the way Nuitka learns about hidden dependencies, needed DLLs, data files, and just generally avoids bloat in the compilation. The details are here on a dedicate page on the web site in Nuitka Package Configuration but reading on will be just fine.

Problem Package

Each post will feature one package that caused a particular problem. In this case, we are talking about the package toga.

Problems like with this package are typically encountered in standalone mode only, but they also affect accelerated mode, since it doesn’t compile all the things desired in that case. Some packages, and in this instance look at what OS they are running on, environment variables, etc. and then in a relatively static fashion, but one that Nuitka cannot see through, loads a what it calls “backend” module.

We are going to look at that in some detail, and will see a workaround applied with the anti-bloat engine doing code modification on the fly that make the choice determined at compile time, and visible to Nuitka is this way.

Initial Symptom

The initial symptom reported was that toga did suffer from broken version lookups and therefor did not work, and we encountered even two things, that prevented it, one was about the version number. It was trying to do int after resolving the version of toga by itself to None.

Traceback (most recent call last): File "C:\py\dist\toga1.py", line 1, in <module> File "<frozen importlib._bootstrap>", line 1176, in _find_and_load File "<frozen importlib._bootstrap>", line 1147, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 690, in _load_unlocked File "C:\py\dist\toga\__init__.py", line 1, in <module toga> File "<frozen importlib._bootstrap>", line 1176, in _find_and_load File "<frozen importlib._bootstrap>", line 1147, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 690, in _load_unlocked File "C:\py\dist\toga\app.py", line 20, in <module toga.app> File "<frozen importlib._bootstrap>", line 1176, in _find_and_load File "<frozen importlib._bootstrap>", line 1147, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 690, in _load_unlocked File "C:\py\dist\toga\widgets\base.py", line 7, in <module toga.widgets.base> File "<frozen importlib._bootstrap>", line 1176, in _find_and_load File "<frozen importlib._bootstrap>", line 1147, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 690, in _load_unlocked File "C:\py\dist\travertino\__init__.py", line 4, in <module travertino> File "<frozen importlib._bootstrap>", line 1176, in _find_and_load File "<frozen importlib._bootstrap>", line 1147, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 690, in _load_unlocked File "C:\py\dist\setuptools_scm\__init__.py", line 7, in <module setuptools_scm> File "<frozen importlib._bootstrap>", line 1176, in _find_and_load File "<frozen importlib._bootstrap>", line 1147, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 690, in _load_unlocked File "C:\py\dist\setuptools_scm\_config.py", line 15, in <module setuptools_scm._config> File "<frozen importlib._bootstrap>", line 1176, in _find_and_load File "<frozen importlib._bootstrap>", line 1147, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 690, in _load_unlocked File "C:\py\dist\setuptools_scm\_integration\pyproject_reading.py", line 8, in <module setuptools_scm._integration.pyproject_reading> File "<frozen importlib._bootstrap>", line 1176, in _find_and_load File "<frozen importlib._bootstrap>", line 1147, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 690, in _load_unlocked File "C:\py\dist\setuptools_scm\_integration\setuptools.py", line 62, in <module setuptools_scm._integration.setuptools> File "C:\py\dist\setuptools_scm\_integration\setuptools.py", line 29, in _warn_on_old_setuptools ValueError: invalid literal for int() with base 10: 'unknown'

So, this is clearly something that we consider bloat in the first place, to runtime lookup your own version number. The use of setuptools_scm is implying the use of setuptools, for which the version cannot be determined, and that’s crashing.

Step 1 - Analysis of initial crashing

So first thing, we did was to repair setuptools, to know its version. It is doing it a bit different, because it cannot use itself. Our compile time optimization failed there, but also would be overkill. We never came across this, since we avoid setuptools very hard normally, but it’s not good to be incompatible.

- module-name: 'setuptools.version' anti-bloat: - description: 'workaround for metadata version of setuptools' replacements: "pkg_resources.get_distribution('setuptools').version": "repr(__import__('setuptools.version').version.__version__)"

We do not have to include all metadata for setuptools here, just to get that one item, so we chose to make a simple string replacement here, that just looks the value up at compile time and puts it into the source code automatically. That removes the pkg_resources.get_distribution() call entirely.

With that, setuptools_scm was not crashing anymore. That’s good. But we don’t really want it to be included, since it’s good for dynamically detecting the version from git, and what not, but including the framework for building C extensions, not a good idea in the general case. Nuitka therefore said this:

Nuitka-Plugins:WARNING: anti-bloat: Undesirable import of 'setuptools_scm' (intending to Nuitka-Plugins:WARNING: avoid 'setuptools') in 'toga' (at Nuitka-Plugins:WARNING: 'c:\3\Lib\site-packages\toga\__init__.py:99') encountered. It may Nuitka-Plugins:WARNING: slow down compilation. Nuitka-Plugins:WARNING: Complex topic! More information can be found at Nuitka-Plugins:WARNING: https://nuitka.net/info/unwanted-module.html

So that’s informing the user to take action. And in the case of optional imports, i.e. ones where using code will handle the ImportError just fine and work without it, we can use do this.

- module-name: 'toga' anti-bloat: - description: 'remove setuptools usage' no-auto-follow: 'setuptools_scm': '' when: 'not use_setuptools'

He we say, no not automatically follow setuptools_scm reports, unless there is other code that still does it. In that way, the import still happens if some other part of the code imports the module, but only then. We no longer enforce the non-usage of a module here, we just make that decision based on other uses being present.

With this the bloat warning, and the inclusion of setuptools_scm into the compilation is removed, and you always want to make as small as possible and remove those packages that do not contribute anything but overhead, aka bloat.

The next thing discovered was that toga needs the toga-core distribution to version check. For that, we use the common solution, and tell that we want to include the metadata of it, for when toga is part of a compilation.

- module-name: 'toga' data-files: include-metadata: - 'toga-core'

So that moved the entire issue of version looks to resolved.

Step 2 - Dynamic Backend dependency

Now on to the backend issue. What remained was a need for including the platform specific backend. One that can even be overridden by an environment variable. For full compatibility, we invented something new. Typically what we would have done is to create a toga plugin for the following snippet.

- module-name: 'toga.platform' variables: setup_code: 'import toga.platform' declarations: 'toga_backend_module_name': 'toga.platform.get_platform_factory().__name__' anti-bloat: - change_function: 'get_platform_factory': "'importlib.import_module(%r)' % get_variable('toga_backend_module_name')"

There is a whole new thing here, a new feature that was added specifically for this to be easy to do. And with the backend selection being complex and partially dynamic code, we didn’t want to hard code that. So we added support for variables and their use in Nuitka Package Configuration.

The first block variables defines a mapping of expressions in declarations that will be evaluated at compile time given the setup code under setup_code.

This then allows us to have a variable with the name of the backend that toga decides to use. We then change the very complex function get_platform_factory that we used used, for compilation, to be replacement that Nuitka will be able to statically optimize and see the backend as a dependency and use it directly at run time, which is what we want.

Final remarks

I am hoping you will find this very helpful information and will join the effort to make packaging for Python work out of the box. Adding support for toga was a bit more complex, but with the new tool, once identified to be that kind of backend issue, it might have become a lot more easy.

Lessons learned. We should cover packages that we routinely remove from compilation, like setuptools, but e.g. also IPython. This will have to added, such that setuptools_scm cannot cloud the vision to actual issues.

What are those words on the bottom of your video screen and where do they come from? Captioning’s normalization in the past several decades may seem like it would render those questions moot, but understanding more about captions means making more informed decisions about when, how, and why we make sure information is accessible.

Join Fran Garcia, Senior Drupal Developer at the Drupal Association, as he unveils the driving forces behind Drupal's evolution. Fran shares exclusive insights with Kazima Abbas, Sub Editor at The DropTimes (TDT), exploring strategic projects, global hiring initiatives, and the transformative impact of GitLab CI on Drupal's development process. Discover the symbiotic relationship between Fran's role, the Drupal community, and his unique journey from teaching to web development.

#613 – JANUARY 23, 2024
View in Browser »

Python Packaging, One Year Later: A Look Back at 2023

This is a follow-on post to Chris’s article from last year called Fourteen tools at least twelve too many. “Are there still fourteen tools, or are there even more? Has Python packaging improved in a year?”
CHRIS WARRICK

Running Python on Air-Gapped Systems

This post describes running Python code on a “soft” air-gapped system, one without direct internet access. Installing packages in a clean environment and moving them to the air-gapped machine has challenges. Read Ibrahim’s take on how he solved the problem.
IBRAHIM AHMED

Elevate Your Web Development with MongoDB’s Full Stack FastAPI App Generator

Get ready to elevate your web development process with the newly released Full Stack FastAPI App Generator by MongoDB, offering a simplified setup process for building modern full-stack web applications with FastAPI and MongoDB →
MONGODB sponsor

Add Logging and Notification Messages to Flask Web Projects

After you implement the main functionality of a web project, it’s good to understand how your users interact with your app and where they may run into errors. In this tutorial, you’ll enhance your Flask project by creating error pages and logging messages.
REAL PYTHON

Python 3.13.0 Alpha 3 Is Now Available

CPYTHON DEV BLOG

PSF Announces More Developer in Residence Roles

PYTHON SOFTWARE FOUNDATION

PSF Announces Foundation Fellow Members for Q3 2023

PYTHON SOFTWARE FOUNDATION

Discussions PEP 736: Shorthand Syntax for Keyword Arguments

PYTHON.ORG

Python Jobs Python Tutorial Editor (Anywhere)

Real Python

More Python Jobs >>>

Articles & Tutorials Bias, Toxicity, and Truthfulness in LLMs With Python

How can you measure the quality of a large language model? What tools can measure bias, toxicity, and truthfulness levels in a model using Python? This week on the show, Jodie Burchell, developer advocate for data science at JetBrains, returns to discuss techniques and tools for evaluating LLMs With Python.
REAL PYTHON podcast

Postgres vs. DynamoDB: Which Database to Choose

This article presents various aspects you need to consider when choosing a database for your project - querying, performance, ORMs, migrations, etc. It shows how things are approached differently for Postgres vs. DynamoDB and includes examples in Python.
JAN GIACOMELLI • Shared by Jan Giacomelli

Building with Temporal Cloud Webinar Series

Hear from our technical team on how we’ve built Temporal Cloud to deliver world-class latency, performance, and availability for the smallest and largest workloads. Whether you’re using Temporal Cloud or self-host, this series will be full of insights into how to optimize your Temporal Service →
TEMPORAL sponsor

Python App Development: In-Depth Guide for Product Owners

“As with every technology stack, Python has its advantages and limitations. The key to success is to use Python at the right time and in the right place.” This guide talks about what a product owner needs to know to take on a Python project.
PAVLO PYLYPENKO • Shared by Alina

HTTP Requests With Python’s urllib.request

In this video course, you’ll explore how to make HTTP requests using Python’s handy built-in module, urllib.request. You’ll try out examples and go over common errors, all while learning more about HTTP requests and Python in general.
REAL PYTHON course

Beware of Misleading GPU vs CPU Benchmarks

Nvidia has created GPU-based replacements for NumPy and other tools and promises significant speed-ups, but the comparison may not be accurate. Read on to learn if GPU replacements for CPU-based libraries are really that much faster.
ITAMAR TURNER-TRAURING

Django Migration Files: Automatic Clean-Up

Your Django migrations are piling up in your repo? You want to clean them up without a hassle? Check out this new package django-migration-zero that helps make migration management a piece of cake!
RONNY VEDRILLA • Shared by Sarah Boyce

Understanding NumPy’s ndarray

To understand NumPy, you need to understand the ndarray type. This article starts with Python’s native lists and shows you when you need to move to NumPy’s ndarray data type.
STEPHEN GRUPPETTA • Shared by Stephen Gruppetta

Type Information for Faster Python C Extensions

PyPy is an alternative implementation of Python, and its C API compatibility layer has some performance issues. This article describes on-going work to improve its performance.
MAX BERNSTEIN

Fastest Way to Read Excel in Python

It’s not uncommon to find yourself reading Excel in Python. This article compares several ways to read Excel from Python and how they perform.
HAKI BENITA

How Are Requests Processed in Flask?

This article provides an in-depth walkthrough of how requests are processed in a Flask application.
TESTDRIVEN.IO • Shared by Michael Herman

Projects & Code harlequin: The SQL IDE for Your Terminal

GITHUB.COM/TCONBEER

AnyText: Multilingual Visual Text Generation and Editing

GITHUB.COM/TYXSSPA

Websocket CLI Testing Interface

GITHUB.COM/LEWOUDAR • Shared by Kevin Tewouda

Autometrics-py: Metrics to Debug in Production

GITHUB.COM/AUTOMETRICS-DEV • Shared by Adelaide Telezhnikova

django-cte: Common Table Expressions (CTE) for Django

GITHUB.COM/DIMAGI

Events Weekly Real Python Office Hours Q&A (Virtual)

January 24, 2024
REALPYTHON.COM

SPb Python Drinkup

January 25, 2024
MEETUP.COM

PyLadies Amsterdam: An Introduction to Conformal Prediction

January 25, 2024
MEETUP.COM

PyDelhi User Group Meetup

January 27, 2024
MEETUP.COM

PythOnRio Meetup

January 27, 2024
PYTHON.ORG.BR

Happy Pythoning!
This was PyCoder’s Weekly Issue #613.
View in Browser »

[ Subscribe to 🐍 PyCoder’s Weekly 💌 – Get the best Python news, articles, and tutorials delivered to your inbox once a week >> Click here to learn more ]

In this tutorial, we’ll explain the difference between Python map vs list comprehension. Both map and list comprehensions are powerful tools in Python for applying functions to each element of a sequence. However, they have different strengths and weaknesses, making them suitable for different situations. Here’s a breakdown: What is the Difference Between the Python […]

The post Python Map vs List Comprehension – The Difference Between the Two appeared first on TechBeamers.

In this post, we explain to all novice Drupal developers and Drupal site owners how to develop a page layout for a Drupal-based site using the Layout Builder.

This is part 2 of the series on the Layout Builder. You can find the first post here: Layout Builder | The power module in a nutshell.

With Composer and several useful modules, your Drupal 9 site can be upgraded to Drupal 10 as quickly as possible. Here is a step-by-step guide on how to do this and save you time.

Python lists are similar to real-life lists. You can use them to store and organize a collection of objects, which can be of any data type. Instead of just storing one item, a list can hold multiple items while allowing manipulation and retrieval of those items. Because lists are mutable, you can think of them as being written in pencil. In other words, you can make changes.

Tuples, on the other hand, are written in ink. They’re similar to lists in that they can hold multiple items, but unlike lists, tuples are immutable, meaning you can’t modify them after you’ve created them.

In this video course, you’ll learn:

• What lists and tuples are and how they’re structured
• How lists and tuples differ from other data structures
• How to define and manipulate lists and tuples in your Python code

By the end of this course, you’ll have a solid understanding of Python lists and tuples, and you’ll be able to use them effectively in your own programming projects.

This video course is part of the Python Basics series, which accompanies Python Basics: A Practical Introduction to Python 3. You can also check out the other Python Basics courses.

Note that you’ll be using IDLE to interact with Python throughout this course.

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

READ MORE

Drupal voice search has evolved from being a mere trend to becoming a standard feature for websites today. If you find yourself wondering, 'How do I enable search based on voice recognition on my Drupal website?' — you're in the right place. 

Integrating voice search functionality into your Drupal site is not only modern but also enhances user experience and is extremely important for SEO ranking. In this blog post, we'll walk you through the steps to set up search based on voice recognition, making your Drupal site more accessible and user-friendly. But before we dive into the steps, let’s understand…

<strong>Topics covered in this episode:</strong><br> <ul> <li><a href="https://www.syntaxerror.tech/syntax-error-11-debugging-python/"><strong>Syntax Error #11: Debugging Python</strong></a></li> <li><a href="https://umami.is">umami</a> and <a href="https://pypi.org/project/umami-analytics/">umami-analytics</a></li> <li><a href="https://github.com/okken/pytest-suite-timeout"><strong>pytest-suite-timeout</strong></a></li> <li><a href="https://listmonk.app">Listmonk</a> and <a href="https://pypi.org/project/listmonk/">(py) listmonk</a></li> <li><strong>Extras</strong></li> <li><strong>Joke</strong></li> </ul><a href='https://www.youtube.com/watch?v=Tac5MS__IBA' style='font-weight: bold;'data-umami-event="Livestream-Past" data-umami-event-episode="368">Watch on YouTube</a><br> <p><strong>About the show</strong></p> <p>Sponsored by us! Support our work through:</p> <ul> <li>Our <a href="https://training.talkpython.fm/"><strong>courses at Talk Python Training</strong></a></li> <li><a href="https://courses.pythontest.com/p/the-complete-pytest-course"><strong>The Complete pytest Course</strong></a></li> <li><a href="https://www.patreon.com/pythonbytes"><strong>Patreon Supporters</strong></a></li> </ul> <p><strong>Connect with the hosts</strong></p> <ul> <li>Michael: <a href="https://fosstodon.org/@mkennedy"><strong>@mkennedy@fosstodon.org</strong></a></li> <li>Brian: <a href="https://fosstodon.org/@brianokken"><strong>@brianokken@fosstodon.org</strong></a></li> <li>Show: <a href="https://fosstodon.org/@pythonbytes"><strong>@pythonbytes@fosstodon.org</strong></a></li> </ul> <p>Join us on YouTube at <a href="https://pythonbytes.fm/stream/live"><strong>pythonbytes.fm/live</strong></a> to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too.</p> <p><strong>Brian #1:</strong> <a href="https://www.syntaxerror.tech/syntax-error-11-debugging-python/"><strong>Syntax Error #11: Debugging Python</strong></a></p> <ul> <li>Juhis</li> <li>Issue 11 of a fun debugging newsletter from Juhis</li> <li>Debugging advice <ul> <li>mindeset <ul> <li>take a break</li> <li>adopt a process</li> <li>talk to a duck</li> </ul></li> <li>tools &amp; techniques <ul> <li>print</li> <li>snoop</li> <li>debuggers</li> <li>Django debug toolbar &amp; Kolo for VS Code</li> </ul></li> </ul></li> </ul> <p><strong>Michael #2:</strong> <a href="https://umami.is">umami</a> and <a href="https://pypi.org/project/umami-analytics/">umami-analytics</a></p> <ul> <li>Umami makes it easy to collect, analyze, and understand your web data — while maintaining <strong>visitor privacy</strong> and <strong>data ownership</strong>.</li> <li><a href="https://pypi.org/project/umami-analytics/">umami-analytics</a> is a client for privacy-preserving, open source <a href="https://umami.is/">Umami analytics platform</a> based on <code>httpx</code> and <code>pydantic</code>.</li> <li>Core features</li> <li>➕ <strong>Add a custom event</strong> to your Umami analytics dashboard.</li> <li>🌐 List all websites with details that you have registered at Umami.</li> <li>🔀 Both <strong>sync</strong> and <strong>async</strong> programming models.</li> <li>⚒️ <strong>Structured data with Pydantic</strong> models for API responses.</li> <li>👩‍💻 <strong>Login / authenticate</strong> for either a self-hosted or SaaS hosted instance of Umami.</li> <li>🥇Set a <strong>default website</strong> for a <strong>simplified API</strong> going forward.</li> </ul> <p><strong>Brian #3:</strong> <a href="https://github.com/okken/pytest-suite-timeout"><strong>pytest-suite-timeout</strong></a></p> <ul> <li>While recording <a href="https://podcast.pythontest.com/episodes/213-repeating-tests">Python Test 213 : Repeating Tests</a> <ul> <li>I noted that pytest-repeat doesn’t have a timeout, but pytest-flakefinder does.</li> <li>And perhaps I should add a timeout to pytest-repeat</li> </ul></li> <li>But also, maybe there’s other places I’d like a timeout, not just with repeat, but often with other parametrizations and even parametrize matrices. </li> <li>So, <a href="https://github.com/okken/pytest-suite-timeout"><strong>pytest-suite-timeout</strong></a> is born</li> <li>But <a href="https://hachyderm.io/@miketheman/111799555975904630">Why not pytest-timeout? asks Mike Felder</a> <ul> <li>timeout is only timeouts per test, and it isn’t always graceful</li> <li>suite-timeout is for the full suite, and only times out between tests.</li> <li>so, you could use both</li> </ul></li> </ul> <p><strong>Michael #4:</strong> <a href="https://listmonk.app">Listmonk</a> and <a href="https://pypi.org/project/listmonk/">(py) listmonk</a></p> <ul> <li><a href="https://listmonk.app">Listmonk</a> <ul> <li>Self-hosted newsletter and mailing list manager (think mailchimp)</li> <li>Built on Go and Vue</li> <li>Backed by a company charing for this service as SaaS</li> <li>Still requires a mail infrastructure backend (I’m using <a href="https://sendgrid.com">Sendgrid</a>)</li> </ul></li> <li><a href="https://pypi.org/project/listmonk/">listmonk</a> (on PyPI) <ul> <li>API Client for Python</li> <li>Created by Yours Truly</li> <li>I tried 4 other options first, they were all bad in their own way.</li> <li>Features:</li> <li>➕<strong>Add a subscriber</strong> to your subscribed users.</li> <li>🙎 Get <strong>subscriber details</strong> by email, ID, UUID, and more.</li> <li>📝 <strong>Modify subscriber details</strong> (including custom attribute collection).</li> <li>🔍 <strong>Search</strong> your users based on app and custom attributes.</li> <li>🏥 Check the <strong>health and connectivity</strong> of your instance.</li> <li>👥 Retrieve your <strong>segmentation lists</strong>, list details, and subscribers.</li> <li>🙅 Unsubscribe and block users who don't want to be contacted further.</li> <li>💥 Completely delete a subscriber from your instance.</li> <li>📧 Send transactional email with template data (e.g. password reset emails).</li> </ul></li> <li>These pair well in my new <a href="https://www.docker.com">docker</a> cluster infrastructure <ul> <li>Calls to the API from a client app (e.g. <a href="https://training.talkpython.fm">Talk Python Training</a>) are basically loopback on the local docker bridge network.</li> </ul></li> </ul> <p><strong>Extras</strong> </p> <p>Michael:</p> <ul> <li>Every github repo that has “releases” has a releases RSS feed, e.g. <a href="https://github.com/umami-software/umami/releases.atom">Umami</a></li> <li><a href="https://kolo.app">Kolo Django + VS Code</a></li> <li><a href="https://www.warp.dev/linux-terminal">Warp Terminal</a> on linux</li> <li><a href="https://fosstodon.org/@mkennedy/111787125592445700">bpytop and btop</a> - live server monitoring</li> </ul> <p><strong>Joke:</strong> <a href="https://infosec.exchange/@jbhall56/111178034352233910">The cloud, visualized</a></p>

Everyone loves a good showdown. Drupal VS WordPress debate has been a hot topic for ages. Businesses want to make informed judgments, and articles like these can play a crucial role in the decision game. While comparing market share and numbers might seem interesting at first glance, beyond the stats, it’s about finding the right CMS that perfectly fits your needs. We're a downright Drupal-centric company. We're all in on Drupal – it's in our DNA. Now that you've got the picture, it’s important to emphasize that we won't engage in a one-sided battle between Drupal and WordPress. The focus is on providing insightful comparisons and that can help you find the right solution for your specific needs. So dive into this article where we're tackling the most popular questions about Drupal VS WordPress, sourced straight from Google and beyond.   Question #1: What's the community support like for Drupal and WordPress? Before answering this question, let’s talk about why community support is important. One of the most common and significant reasons why organizations choose an open-source Content Management System (CMS) is having lean-back support from a strong community. This assures them that their code is in safe hands even if they have to change vendors. After all, open-source code is built by everyone, for everyone. Both WordPress and Drupal boast of a global community of open-source enthusiasts. Due to its sheer popularity and widespread usage, the WordPress community is vast and you can find a solution to almost every query. WordCamps are low-key, local events held all over the world and are attended by WordPress users and developers. State of the Word events are annual events where the co-founders discuss the platform's current state and future direction. Fun fact: the first WordPress community summit took place in the year 2012 at Tybee Island, Georgia. While Drupal’s community is comparatively smaller, although growing every day, it is renowned for its depth of technical expertise and knowledge. This makes it a great resource for complex projects.  DrupalCamps are local community events where developers and users come together to learn and network. DrupalCons are held annually both in the United States and Europe where thousands of Drupal enthusiasts come together to network, learn, contribute, and get inspired. Dries Buytaert, founder of Drupal, presents his keynote speech every year where he discusses the state of Drupal and talks about innovation and new initiatives for the future. Fun fact: the first-ever Drupal community event (DrupalCon) was held in Antwerp, Belgium in the year 2005. No matter how expansive or niche a community is, the crucial question remains: Which community dynamics align better with your goals? Question #2: Is Drupal easier to learn or WordPress? The easy (and blunt) answer to this question is WordPress. WordPress’s intuitive and friendly user interface makes it accessible to beginners. Because of its vast community, and access to tons of online documentation and tutorials, learning WordPress is not hard.  But if you’re looking for a more meaningful explanation, it starts with a question - What are you trying to accomplish with your CMS?   If you want to set up a website and want it to go live before EOD today, WordPress makes it easy. If you want to learn to set up a straightforward personal blog or portfolio site, WordPress is for you. If you’re a small to medium-sized business or e-Commerce store, looking to establish an online presence without help from external agencies, WordPress could work for you.BUT If you're a web developer buff, with Drupal, you'll enjoy learning new skills, and you won't be intimidated by the challenge level. If you like customizing existing modules or building custom modules, Drupal gives you a ton of flexibility with that. If you’re looking at building enterprise-level, complex applications for you or your clients, Drupal offers everything you need. Drupal is notorious for its steep learning curve. Having said that, over the years, there has been a tremendous shift on that front especially since the launch of Drupal 8 in 2015. The evolution of Drupal has seen a departure from traditional Drupal-ly aspects to embrace modern trends like object-oriented programming and standardized frameworks like Symfony. This shift has attracted developers with diverse skills into the community. Initiatives such as the Project Browser are making it easier for site admins to discover and apply modules, creating a marketplace-like experience. Add to that, initiatives like Easy out of the box, Automatic updates, Recipes, starterkits, and distributions are contributing heavily to making Drupal more beginner-friendly. On a side note, this brilliant article written by Kathy Sierra is worth a read if you’re starting your career or looking to become an expert in your field. This "How to be an expert" graph below resonates with the idea that persistent learning and improvement make mastering Drupal easier, even with its initial complexity. Question #3: Which is easier to customize, Drupal or WordPress? While this again depends on the level of customization you are looking for, let me try to keep it simple. WordPress’s extensive theme and plugin ecosystem allows for straightforward modifications without deep coding knowledge. It offers a vast array of themes, both free and premium, allowing users to change the look and feel of their site instantly. Many WordPress themes come with integrated page builders or support popular ones. These drag-and-drop interfaces enable users to create complex layouts without any coding, enhancing the customization experience. When it comes to deep customizations, Drupal is the clear winner. Its modular architecture allows for precise customization where modules can be added, removed, or modified to extend functionality. The level of control and specificity you have with customizing themes is unparalleled with Drupal. The Twig theming engine allows for a flexible and secure way to customize the presentation layer of your website. You can leverage the Drupal Views module (core module) to customize the way your data is presented using custom queries. The ability to create custom content types and fields enables websites with complex content requirements (educational institutions, media, and publishing houses) to create highly structured data. Clearly, this level of customization comes with a learning curve, which brings us back to the question mentioned before - What do you want to accomplish with your CMS? :) However, this does not mean that WordPress cannot be used to build customizable websites or that Drupal cannot be used to build simple websites. It’s just that each platform has its strengths and sweet spots. WordPress excels in simplicity, quick deployment, and a massive ecosystem of plugins for common features. Drupal's power lies in its flexibility, scalability, and ability to handle complex projects with a high degree of customization.  Question # 4: Are there notable performance differences between Drupal and WordPress? This is where Drupal truly excels, hands down! Clearly, speed and performance are Drupal's key differentiating factors. While WordPress can also be used for complex websites whilst maintaining performance, it does require a lot of optimization expertise. If a WordPress website uses too many or poorly coded plugins, it can slow down performance and speed. Its inability to provide granular access control can also limit performance. Drupal, on the other hand, offers high performance right out of the box: Advanced Caching Mechanism - The built-in caching mechanism is simply brilliant. Drupal doesn't just cache pages; it goes the extra mile by caching dynamic views at both the query and output levels. This meticulous approach can be further optimized and ensures optimal performance. Version Upgrades - With every version upgrade released by Drupal, you don’t just get better features, you get improved performance out of the box. Because of its dependencies like PHP and Symfony, Drupal needs to stay updated to make sure it stays compatible with the best version of the dependencies. A recent study by Kinsta shows that a Drupal 10 website using the latest PHP 8.3 version “gives you an extreme speed boost”. Optimized Database Queries - Drupal's database queries are well-optimized, contributing to efficient data retrieval. This means quicker response times when fetching content from the database. Lazy Loading - Drupal supports lazy loading for images and other assets. Resources are loaded only when needed, enhancing the initial page load speed. BigPipe technology -  Drupal’s BigPipe technology optimizes performance by introducing dynamic page-loading mechanisms for authenticated and anonymous users. Instead of waiting for the entire page to be fully rendered, it prioritizes and delivers the main content first. It also utilizes parallel processing, allowing different components of a page to load concurrently. As of Jan 16, 2024, the usage statistics of Drupal show that although used by fewer websites compared to WordPress, when it comes to being used by high-traffic websites, Drupal tops the list. uestion #5: How do the security features compare between Drupal and WordPress? Whenever we have discussed security, we always make it a point to clarify that security is not just a one-time task but an ongoing process. But yes, choosing the right CMS does make a huge difference in safeguarding your data. While both Drupal and WordPress are dedicated to security, Drupal is known for its excellence in this area. While WordPress core is secure, with thousands of third-party plugins and themes freely available, it is more susceptible to hacker attacks. It requires careful selection and maintenance to ensure a secure environment. Security vulnerabilities may arise from poorly coded or outdated plugins. According to a 2022 Website Threat Research Report by Sucuri, WordPress accounts for 96.2% of infections while Drupal was at 0.6%. Of course, you cannot deny the popularity of WordPress when a comparison analysis of this sort is carried out. Drupal has a robust defense against critical internet vulnerabilities, boasting a proven 15+ year track record of its Security Team successfully identifying and addressing potential threats. The platform's stringent coding standards and rigorous community code review process contribute significantly to preventing security issues altogether. Drupal offers many security modules and when implemented with the right strategy, you can have a highly secure website. Granular access control is a strength of Drupal. Site administrators can define specific roles and permissions, ensuring that users have the appropriate level of access. It is also important to keep your Drupal website updated with the latest release to mitigate any security vulnerabilities. The Automatic Updates module (coming soon to core) makes updating your website easier with features like auto patch-level updates, problem detection and reporting at every stage, error detection API, and more. Final Thoughts It is rather easy for us to give our verdict - Drupal is the best 🙂 But jokes apart, it is up to you to decide which platform best fits your needs and budget. Both Drupal and WordPress offer great features and can be powerful tools for web development. If you’re still confused if Drupal is the right CMS for you or not, we can help. Simply fill out the form and tell us your requirements. You'll hear from us with the best-fit solution. We'll never push a CMS on you if it doesn't meet your specific needs. You can also call us at +1-678-806-8004. 

In 2015, I wrote one of my more popular blog posts, “Your Text Editor Is Malware”, about the sorry state of security in text editors in general, but particularly in Emacs and Vim.

It’s nearly been a decade now, so I thought I’d take a moment to survey the world of editor plugins and see where we are today. Mostly, this is to allay fears, since (in today’s landscape) that post is unreasonably alarmist and inaccurate, but people are still reading it.

Problem Is It Fixed? vim.org is not available via https Yep! http://www.vim.org/ redirects to https://www.vim.org/ now. Emacs's HTTP client doesn't verify certificates by default Mostly! The documentation is incorrect and there are some UI problems1, but it doesn’t blindly connect insecurely. ELPA and MELPA supply plaintext-HTTP package sources Kinda. MELPA correctly responds to HTTP only with redirects to HTTPS, and ELPA at least offers HTTPS and uses HTTPS URLs exclusively in the default configuration. You have to ship your own trust roots for Emacs. Fixed! The default installation of Emacs on every platform I tried (including Windows) seems to be providing trust roots. MELPA offers to install code off of a wiki. Yes. Wiki packages were disabled entirely in 2018.

The big takeaway here is that the main issue of there being no security whatsoever on Emacs and Vim package installation and update has been fully corrected.

Where To Go Next?

Since I believe that post was fairly influential, in particular in getting MELPA to tighten up its security, let me take another big swing at a call to action here.

More modern editors have made greater strides towards security. VSCode, for example, has enabled the Chromium sandbox and added some level of process separation. Emacs has not done much here yet, but over the years it has consistently surprised me with its ability to catch up to its more modern competitors, so I hope it will surprise me here as well.

Even for VSCode, though, this sandbox still seems pretty permissive — plugins still seem to execute with the full trust of the editor itself — but it's a big step in the right direction. This is a much bigger task than just turning on HTTPS, but I really hope that editors start taking the threat of rogue editor packages seriously before attackers do, and finding ways to sandbox and limit the potential damage from third-party plugins, maybe taking a cue from other tools.

Acknowledgments

Thank you to my patrons who are supporting my writing on this blog. If you like what you’ve read here and you’d like to read more of it, or you’d like to support my various open-source endeavors, you can support me on Patreon as well!

1. the documention still says “gnutls-verify-error” defaults to nil and that means no certificate verification, and maybe it does do that if you are using raw TLS connections, but in practice, url-retrieve-synchronously does appear to present an interactive warning before proceeding if the certificate is invalid or expired. It still has yet to catch up with web browsers from 2016, in that it just asks you “do you want to do this horribly dangerous thing? y/n” but that is a million times better than proceeding without user interaction. ↩

Removing maintainers from open source projects About • Blog • Newsletter • Links Removing maintainers from open source projects

Published 2024-01-23 by Seth Larson
Reading time: minutes

Here's a tough but common situation for open source maintainers:

• You want a project you co-maintain to be more secure by reducing the attack surface.
• There are one or more folks in privileged roles who previously were active contributors, but now aren't active.
• You don't want to take away from or upset the folks who have contributed to the project before you.

These three points feel like they're in contention. This article is here to help resolve this contention and potentially spur some thinking about succession for open source projects.

Why do people do open source?

Most rewards that come from contributing to open source are either intrinsic (helping others, learning new skills, interest in a topic, improve the world) or for recognition (better access to jobs, proof of a skill-set, “fame” from a popular project). Most folks don't get paid to work on open source for their first project, so it's unlikely to be their initial motivation.

Recognition is typically what feels “at stake” when removing a previous maintainer from operational roles on an open source project.

Let's split recognition into another two categories: operational and celebratory. Operational recognition is the category of recognition that has security implications like access to sensitive information or publishing rights. Celebratory has no security implications, it's there because we want to thank contributors for the work they've done for the project. Here's some examples of the two categories:

Operational:

• Additional access on source control like GitHub (“commit bit”)
• Additional access on package repository like PyPI
• Listing email addresses for security contacts

Celebratory:

• Author and maintainer annotation in package metadata
• Elevating contributors into a triager role
• Maintainer names listed in the README
• Thanking contributors in release notes
• Guest blog posts about the project

You'll notice that the celebratory recognition might be a good candidate for offsetting the removal of incidental operational recognition (like your account being listed on PyPI).

Suggestions for removing maintainers' with empathy

Ensure the removal of operational recognition is supplanted by deliberate celebratory recognition. Consider thanking the removed individual publicly in a blog post, release notes, or social media for their contributions and accomplishments. If there isn't already a permanent place to celebrate past maintainers consider adding a section to the documentation or README.

Don't take action until you've reached out to the individual. Having your access removed without any acknowledgement feels bad and there's no way around that fact. Even if you don't receive a reply, sending a message and waiting some time should be a bare minimum.

Practice regular deliberate celebratory recognition. Thank folks for their contributions, call them out by name in release notes, list active and historical maintainers in the documentation. This fulfills folks that are motivated by recognition and might inspire them to contribute again.

Think more actively about succession. In one of the many potential positive outcomes for an open source project, you will be succeeded by other maintainers and someone else may one day be in the position that you are in today.

How can you prepare that individual to have a better experience than you are right now? I highly recommend Sumana Harihareswara's writing on this topic. There are tips like:

• Actively recruit maintainers by growing and promoting contributors.
• Talk about succession openly while you are still active on the project.
• Give privileges or responsibility to folks that repeatedly contribute positively, starting from triaging or reviewing code.
• Recognize when you are drifting away from a project and make it known to others, even if you intend to contribute in the future.

Thanks for reading! ♡ Did you find this article helpful and want more content like it? Get notified of new posts by subscribing to the RSS feed or the email newsletter.

This work is licensed under CC BY-SA 4.0

Python's None value is used to represent emptiness. None is the default function return value.

Table of contents

1. Python's None value
2. None is falsey
3. None represents emptiness
4. The default function return value is None
5. None is like NULL in other programming languages

Python's None value

Python has a special object that's typically used for representing emptiness. It's called None.

If we look at None from the Python REPL, we'll see nothing at all:

>>> name = None >>>

Though if we print it, we'll see None:

>>> name = None >>> name >>> print(name) None

When checking for None values, you'll usually see Python's is operator used (for identity) instead of the equality operator (==):

>>> name is None True >>> name == None True

Why is that?

Well, None has its own special type, the NoneType, and it's the only object of that type:

>>> type(None) <class 'NoneType'>

In fact, if we got a reference to that NoneType class, and then we called that class to make a new instance of it, we'll actually get back the same exact instance, always, every time we call it:

>>> NoneType = type(None) >>> NoneType() is None True

The NoneType class is a singleton class. So comparing to None with is works because there's only one None value. No object should compare as equal to None unless it is None.

None is falsey

We often rely on the …

Read the full article: https://www.pythonmorsels.com/none/

In this short tutorial, we’ll quickly compare Python map vs loop. We’ll try to assess whether the Python map is faster than the loop or vice-versa. The comparison between using map and a loop (such as a for loop) in Python depends on the specific use case and the nature of the operation you are […]

The post Is Python Map Faster than Loop? appeared first on TechBeamers.

Today I saw a short YouTube video about “cozy games” and started writing a comment, then realized that this was somehow prompting me to write the most succinct summary of my own personal views on politics and economics that I have ever managed. So, here goes.

Apparently all I needed to trim down 50,000 words on my annoyance at how the term “capitalism” is frustratingly both a nexus for useful critque and also reductive thought-terminating clichés was to realize that Animal Crossing: New Horizons is closer to my views on political economy than anything Adam Smith or Karl Marx ever wrote.

Cozy games illustrate that the core mechanics of capitalism are fun and motivating, in a laboratory environment. It’s fun to gather resources, to improve one’s skills, to engage in mutually beneficial exchanges, to collect things, to decorate. It’s tremendously motivating. Even merely pretending to do those things can captivate huge amounts of our time and attention.

In real life, people need to be motivated to do stuff. Not because of some moral deficiency, but because in a large complex civilization it’s hard to tell what needs doing. By the time it’s widely visible to a population-level democratic consensus of non-experts that there is an unmet need — for example, trash piling up on the street everywhere indicating a need for garbage collection — that doesn’t mean “time to pick up some trash”, it means “the sanitation system has collapsed, you’re probably going to get cholera”. We need a system that can identify utility signals more granularly and quickly, towards the edges of the social graph. To allow person A to earn “value credits” of some kind for doing work that others find valuable, then trade those in to person B for labor which they find valuable, even if it is not clearly obvious to anyone else why person A wants that thing. Hence: money.

So, a market can provide an incentive structure that productively steers people towards needs, by aggregating small price signals in a distributed way, via the communication technology of “money”. Authoritarian communist states are famously bad at this, overproducing “necessary” goods in ways that can hold their own with the worst excesses of capitalists, while under-producing “luxury” goods that are politically seen as frivolous.

This is the kernel of truth around which the hardcore capitalist bootstrap grindset ideologues build their fabulist cinematic universe of cruelty. Markets are motivating, they reason, therefore we must worship the market as a god and obey its every whim. Markets can optimize some targets, therefore we must allow markets to optimize every target. Markets efficiently allocate resources, and people need resources to live, therefore anyone unable to secure resources in a market is undeserving of life. Thus we begin at “market economies provide some beneficial efficiencies” and after just a bit of hand-waving over some inconvenient details, we get to “thus, we must make the poor into a blood-sacrifice to Moloch, otherwise nobody will ever work, and we will all die, drowning in our own laziness”. “The cruelty is the point” is a convenient phrase, but among those with this worldview, the prosperity is the point; they just think the cruelty is the only engine that can possibly drive it.

Cozy games are therefore a centrist1 critique of capitalism. They present a world with the prosperity, but without the cruelty. More importantly though, by virtue of the fact that people actually play them in large numbers, they demonstrate that the cruelty is actually unnecessary.

You don’t need to play a cozy game. Tom Nook is not going to evict you from your real-life house if you don’t give him enough bells when it’s time to make rent. In fact, quite the opposite: you have to take time away from your real-life responsibilities and work, in order to make time for such a game. That is how motivating it is to engage with a market system in the abstract, with almost exclusively positive reinforcement.

What cozy games are showing us is that a world with tons of “free stuff” — universal basic income, universal health care, free education, free housing — will not result in a breakdown of our society because “no one wants to work”. People love to work.

If we can turn the market into a cozy game, with low stakes and a generous safety net, more people will engage with it, not fewer. People are not lazy; laziness does not exist. The motivation that people need from a market economy is not a constant looming threat of homelessness, starvation and death for themselves and their children, but a fun opportunity to get a five-star island rating.

Acknowledgments

Thank you to my patrons who are supporting my writing on this blog. If you like what you’ve read here and you’d like to read more of it, or you’d like to support my various open-source endeavors, you can support me on Patreon as well!

1. Okay, I guess “far left” on the current US political compass, but in a just world socdems would be centrists. ↩