Kate 17.04.1 available for Windows

Planet KDE - Mon, 2017-05-22 15:03

Installers for Kate 17.04.1 are now available for download!

This release includes, besides bug-fixing and features, an update to the search in files plugin. The search-while-you-type in the current file should not “destroy” your last search in files results as easily as previously. The search-combo-box-history handling is also improved.

Grab it now at download.kde.org:  Kate-setup-17.04.1-KF5.34-32bit or Kate-setup-17.04.1-KF5.34-64bit

Categories: FLOSS Project Planets

Gunnar Wolf: Open Source Symposium 2017

Planet Debian - Mon, 2017-05-22 13:21

I travelled (for three days only!) to Argentina, to be a part of the Open Source Symposium 2017, a co-located event of the International Conference on Software Engineering.

This is, all in all, an interesting although small conference — We are around 30 people in the room. This is a quite unusual conference for me, as this is among the first "formal" academic conference I am part of. Sessions have so far been quite interesting.
What am I linking to from this image? Of course, the proceedings! They managed to publish the proceedings via the "formal" academic channels (a nice hard-cover Springer volume) under an Open Access license (which is sadly not usual, and is unbelievably expensive). So, you can download the full proceedings, or article by article, in EPUB or in PDF...
...Which is very very nice :)
Previous editions of this symposium have also their respective proceedings available, but AFAICT they have not been downloadable.
So, get the book; it provides very interesant and original insights into our community seen from several quite novel angles!

AttachmentSize oss2017_cover.png84.47 KB
Categories: FLOSS Project Planets

Drupal Modules: The One Percent: Drupal Modules: The One Percent — Footermap (video tutorial)

Planet Drupal - Mon, 2017-05-22 12:54
Drupal Modules: The One Percent — Footermap (video tutorial) NonProfit Mon, 05/22/2017 - 11:54 Episode 28

Here is where we bring awareness to Drupal modules running on less than 1% of reporting sites. Today we'll investigate Footermap, a module which renders the results expanded menus in a block.

Categories: FLOSS Project Planets

Valuebound: How to set the right expectations for project delivery?

Planet Drupal - Mon, 2017-05-22 12:46

Setting a clear list of expectation to the client for a project delivery goes a long way to great client relationships. A mismatched and misunderstood project goal and target always leads to dissatisfaction among team members, account head, and all other stakeholders.

I manage a team of a few developers who build web applications in Drupal. While working on projects with my team, I have had the chance to practice a few of the points that I have mentioned in the article. It has not only kept us on track but also kept people happy and motivated.

What should you do? Be involved from the beginning

When you begin a project makes sure that you and your team members are involved in the project from the beginning. There are times when the team would expand…

Categories: FLOSS Project Planets

Colm O hEigeartaigh: Security advisories issued for Apache CXF Fediz

Planet Apache - Mon, 2017-05-22 12:23
Two security advisories were recently issued for Apache CXF Fediz. In addition to fixing these issues, the recent releases of Fediz impose tighter security constraints in some areas by default compared to older releases. In this post I will document the advisories and the other security-related changes in the recent Fediz releases.

1) Security Advisories

The first security advisory is CVE-2017-7661: "The Apache CXF Fediz Jetty and Spring plugins are vulnerable to CSRF attacks.". Essentially, both the Jetty 8/9 and Spring Security 2/3 plugins are subject to a CSRF-style vulnerability when the user doesn't complete the authentication process. In addition, the Jetty plugins are vulnerable even if the user does first complete the authentication process, but only the root context is available as part of this attack.

The second advisory is CVE-2017-7662: "The Apache CXF Fediz OIDC Client Registration Service is vulnerable to CSRF attacks". The OIDC client registration service is a simple web application that allows the creation of clients for OpenId Connect, as well as a number of other administrative tasks. It is vulnerable to CSRF attacks, where a malicious application could take advantage of an existing session to make changes to the OpenId Connect clients that are stored in the IdP.

2) Fediz IdP security constraints

This section only concerns the WS-Federation (and SAML-SSO) IdP in Fediz. The WS-Federation RP application sends its address via the 'wreply' parameter to the IdP. For SAML SSO, the address to reply to is taken from the consumer service URL of the SAML SSO Request. Previously, the Apache CXF Fediz IdP contained an optional 'passiveRequestorEndpointConstraint' configuration value in the 'ApplicationEntity', which allows the admin to specify a regular expression constraint on the 'wreply' URL.

From Fediz 1.4.0, 1.3.2 and 1.2.4, a new configuration option is available in the 'ApplicationEntity' called 'passiveRequestorEndpoint'. If specified, this is directly matched against the 'wreply' parameter. In a change that breaks backwards compatibility, but that is necessary for security reasons, one of 'passiveRequestorEndpointConstraint' or 'passiveRequestorEndpoint must be specified in the 'ApplicationEntity' configuration. This ensures that the user cannot be redirected to a malicious client. Similarly, new configuration options are available called 'logoutEndpoint' and 'logoutEndpointConstraint' which validate the 'wreply' parameter in the case of redirecting the user after logging out, one of which must be specified.

3) Fediz RP security constraints

This section only concerns the WS-Federation RP plugins available in Fediz. When the user tries to log out of the Fediz RP application, a 'wreply' parameter can be specified to give the address that the Fediz IdP can redirect to after logout is complete. The old functionality was that if 'wreply' was not specified, then the RP plugin instead used the value from the 'logoutRedirectTo' configuration parameter.

From Fediz 1.4.0, 1.3.2 and 1.2.4, a new configuration option is available called 'logoutRedirectToConstraint'. If a 'wreply' parameter is presented, then it must match the regular expression that is specified for 'logoutRedirectToConstraint', otherwise the 'wreply' value is ignored and it falls back to 'logoutRedirectTo'. 
Categories: FLOSS Project Planets

MD Systems blog: Using Commerce for a newspaper subscription shop

Planet Drupal - Mon, 2017-05-22 12:09
Commerce 2.x has a lot of changes in comparison to Commerce 1x. In this blogpost, we write about how those changes affected us in our project and what we did to resolve certain problems that showed up as we used Commerce 2.x for a newspaper subscription shop.
Categories: FLOSS Project Planets

Appnovation Technologies: The Future of Drupal

Planet Drupal - Mon, 2017-05-22 12:04
The Future of Drupal *Cross-posted from Millwood Online.  Over the past month there has been a lot of focus on Drupal, the community. More recently it seems people are back to thinking about the software. Dave Hall and David Hernandez both posted eye opening posts with thoughts and ideas of what needs doing and how we can more forward. A one line summary of those posts would be "...
Categories: FLOSS Project Planets

Curtis Miller: The End of the Honeymoon: Falling Out of Love with quantstrat

Planet Python - Mon, 2017-05-22 11:00
Introduction I spent good chunks of Friday, Saturday, and Sunday attempting to write another blog post on using R and the quantstrat package for backtesting, and all I have to show for my work is frustration. So I’ve started to fall out of love with quantstrat and am thinking of exploring Python backtesting libraries from…Read more The End of the Honeymoon: Falling Out of Love with quantstrat
Categories: FLOSS Project Planets

Semaphore Community: Continuous Deployment of a Python Flask Application with Docker and Semaphore

Planet Python - Mon, 2017-05-22 10:09

This article is brought with ❤ to you by Semaphore.


In this tutorial, we'll go through the continuous integration and deployment of a dockerized Python Flask application with Semaphore. We'll deploy the application to Heroku.

Continuous integration and deployment help developers to:

  • Focus on developing features rather than spending time on manual deployment,
  • Be certain that their application will work as expected,
  • Update existing applications or rollback features by versioning applications using Git, and
  • Eliminate the it works on my machine issue by providing a standardized testing environment.

Docker is an application containerization tool that allows developers to deploy their applications in a uniform environment. Here are some of the benefits of using Docker:

  • Collaborating developers get to run their applications in identical environments that are configured in the same way,
  • There is no interference between the OS environment and the application environment,
  • Application portability is increased, and
  • Application overhead is reduced by providing only the required environment features, and not the entire OS, which is the case with virtual environments.

Docker works by utilizing a Dockerfile to create images. Those images are used to spin up containers that host and run the application. The application can then be exposed by using an IP address, so it can be accessed from outside the container.


Before you begin this tutorial, ensure the following is installed to your system:

  • Python 2.7 or 3.x,
  • Docker, and
  • A git repository to store your project and track changes.
Setting Up a Flask Application

To start with, we're going to create a simple Flask todo list application, which will allow users to create todos with names and descriptions. The application will then be dockerized and deployed via Semaphore to a host of our choice. It will have the following directory structure:

app/ ├── templates/ │ └── index.html ├── tests/ │ └── test_endpoints.py ├── app.py ├── Dockerfile ├── docker-compose.yml ├── requirements.txt

The app.py file will be the main backend functionality, responsible for the routing and view rendering of HTML templates in the templates folder.

First, we'll set up a Python environment following this guide, and create a virtual environment, activate it and install the necessary requirements. A virtual environment in Python applications allows them to have their own runtime environment without interfering with the system packages.

$ virtualenv flask-env $ . flask-env/bin/activate $ pip install -r requirements.txt Creating Application Tests

Test Driven Development (TDD) makes developers consider the structure and the functionality of their application in different situations. Also, writing tests reduces the amount of time a developer needs to spend manually testing their application by enabling them to automate the process.

We'll set up the test environment using the setUp(self) and tearDown(self) methods. They allow our tests to run independently without being affected by other tests. In this scenario, every time a test runs, we create a Flask test application. We also clean the database after every test in the tearDown(self) method. This ensures that the data stored by the previous test does not affect the next test.

# tests/test_endpoints.py from app import app, db from flask import url_for import unittest class FlaskTodosTest(unittest.TestCase): def setUp(self): """Set up test application client""" self.app = app.test_client() self.app.testing = True def tearDown(self): """Clear DB after running tests""" db.todos.remove({})

In this section, we'll write tests for our endpoints and HTTP methods. We'll first try to assert that when a user accesses the default homepage(/) they get an OK status(200), and that they are redirected with a 302 status after creating a todo.

# tests/test_endpoints.py class FlaskTodosTest(unittest.TestCase): # ..... setup section..... def test_home_status_code(self): """Assert that user successfully lands on homepage""" result = self.app.get('/') self.assertEqual(result.status_code, 200) def test_todo_creation(self): """Assert that user is redirected with status 302 after creating a todo item""" response = self.app.post('/new', data=dict(name="First todo", description="Test todo") ) self.assertEqual(response.status_code, 302) if __name__ == '__main__': unittest.main()

The tests can be run using nosetests -v.

Creating the Actual Application

The application uses MongoDB hosted on mlab, which can be changed in the configuration. It provides two routes. The first one, default/index route(/), displays the available todos by rendering a HTML template file. The second route, (/new), accepts only POST requests, and is responsible for saving todo items in the database, and then redirecting the user back to the page with all todos.

# app.py import os from flask import Flask, redirect, url_for, request, render_template from pymongo import MongoClient app = Flask(__name__) # Set up database connection. client = MongoClient( "mongodb://username:password@database_url:port_number/db_name") db = client['db_name'] @app.route('/') def todo(): _items = db.todos.find() items = [item for item in _items] # Render default page template return render_template('index.html', items=items) @app.route('/new', methods=['POST']) def new(): item_doc = { 'name': request.form['name'], 'description': request.form['description'] } # Save items to database db.todos.insert_one(item_doc) return redirect(url_for('todo')) if __name__ == "__main__": app.run(host='', debug=True)

We can then run the application with python app.py, and access it in our browser localhost If no other port ID is provided, Flask uses port 5000 as the default port. To run the application on a different port, set the port number as follows:

app.run(host='', port=port_number, debug=True) Dockerizing the Application

Docker is used to create the application image from the provided Dockerfile configuration. If this is your first time working with Docker, you can follow this step-by-step tutorial to learn more about installing Docker and setting up the environment.


FROM python:2.7 ADD . /todo WORKDIR /todo EXPOSE 5000 RUN pip install -r requirements.txt ENTRYPOINT ["python", "app.py"]

The Dockerfile dictates the environmental requirements and application structure.

The application will run in a Python 2.7 environment. A folder named todo is created and set as our work directory.

Since the Flask application is running on port 5000, this port will be exposed for mapping to the external environment. Application requirements are installed within the container. The application will be run using python app.py command, as specified by the ENTRYPOINT directive.

All of the above happens within the Docker container environment, without interference with the OS environment.

Docker Compose is a tool for defining and running multi-container Docker applications. The docker-compose file is used to configure application services by specifying the directory with the Dockerfile, container name, port mapping, and many others. Those services can then be started with a single command.

web: build: . container_name: flock ports: - "5000:5000" volumes: - .:/todo

The build command directs Compose to build the application image using the Dockerfile in the current folder, and map the application port 5000 in the container to port 5000 of the OS. We then build and run our application in a Docker container.

$ docker-compose build $ docker-compose up

Docker downloads the necessary dependencies, builds up the image, and starts the application in a container accessible at

Continuous Integration and Deployment (CI/CD)

With CI/CD, developers set up a pipeline for testing and deployment. This allows them to concentrate on developing the features, since the application is automatically built, tested, and deployed from a CI server whenever some changes are made.

To create a new project, log into your Semaphore account, click on Create new, and choose Project on the drop down list.

On the next page, choose whether your project repository is hosted on GitHub or Bitbucket.

Select the project repository by searching for it in the provided filter.

Next, select which branch to load:

After you've selected the project owner, Semaphore will analyze the repository and detect the platform:

Analyzing repository

Detecting Platform

Semaphore automatically detects Docker projects and recommends using the Docker platform for the application. You then need to provide project settings in order to define the commands that should be run. Semaphore automatically runs the commands to build an image, and runs the tests before deployment. This ensures that an application version is deployed only if it passes all the tests.

After the build and the tests have completed, the application can be deployed to the chosen platform.

Click on Set Up Deployment and choose the deployment platform.

A complete deployment to Heroku looks as follows:

You can choose to have automatic deployment on subsequent changes. Every time any changes are pushed to GitHub, a build is triggere, and automatic deployment occurs. However, for the first deployment we will need to do it manually.

The application is finally launched on Heroku.


The advantages of continuous integration range from reducing the amount of work done by developers to automatic updates and reduced errors in the application pipeline. Docker enhances this by allowing the provision of uniform environments for running applications.

In this tutorial, we explored how you can create a Flask application and run it using Docker. We also learned how to use Semaphore to create a pipeline that automates running the tests and the necessary build commands, as well as deploying the application to Heroku.

You can check out the demo of this application on Heroku and the source code.

Feel free to leave any comments or questions in the section below.

Want to continuously deliver your applications made with Docker? Check out Semaphore’s Docker platform.

This article is brought with ❤ to you by Semaphore.

Categories: FLOSS Project Planets

PyBites: Code Challenge 20 - Object Oriented Programming Fun

Planet Python - Mon, 2017-05-22 09:10

Hi Pythonistas, a new week, a new 'bite' of Python coding! This week we will let you experiment with Object Oriented Programming, an important skill and fundamental building block of (everthing-is-an-object) Python. Enjoy!

Categories: FLOSS Project Planets

Doug Hellmann: string — Text Constants and Templates — PyMOTW 3

Planet Python - Mon, 2017-05-22 09:00
The string module dates from the earliest versions of Python. Many of the functions previously implemented in the module have been moved to methods of str objects. The string module retains several useful constants and classes for working with str objects, and this discussion will concentrate on them. Read more… This post is part of … Continue reading string — Text Constants and Templates — PyMOTW 3
Categories: FLOSS Project Planets

PyBites: Code Challenge 19 - Post to Your Favorite API - Review

Planet Python - Mon, 2017-05-22 09:00

This week was pretty busy due to PyCon, but what an amazing conference! A lot to absorb which we will digest in the upcoming articles. First our regular schedule though: review of last week's challenge: post to your favorite API.

Categories: FLOSS Project Planets

Ci vediamo a QtDay 2017?

Planet KDE - Mon, 2017-05-22 08:58

With an apology to English-speaking audiences

Anche quest’anno KDAB partecipa a QtDay, la conferenza italiana interamente dedicata a Qt. Giunta oramai alla sua sesta edizione, QtDay continua a crescere. Quest’anno QtDay si articola in 3 giorni: il primo dedicato a un training su QML, seguito da due giorni di conferenza vera e propria.

Durante la conferenza terrò due interventi:

  • Venerdì 23 giugno parteciperò ad una tavola rotonda sul come contribuire allo sviluppo di Qt;
  • Sabato 24 giugno

The post Ci vediamo a QtDay 2017? appeared first on KDAB.

Categories: FLOSS Project Planets

Mike Driscoll: PyDev of the Week: Harrison Kinsley

Planet Python - Mon, 2017-05-22 08:30

This week’s PyDev of the Week is Harrison Kinsley. Harrison is the creator of a popular Python Youtube tutorial channel. He also maintains a website that is kind of a text version of his video tutorials here: https://pythonprogramming.net/. Let’s take a few moments to get to know Harrison better!

Can you tell us a little about yourself (hobbies, education, etc):

As cliche as it will sound, my biggest hobby is programming without a doubt. That said, I also enjoy running, scuba diving, and performance driving. There are various tracks (think: F1 racing) that you can take your street car to, some are actual F1 tracks. I tend to track my car (Honda S2000) once or twice a month over the weekend.

As for education, I have no formal CS or related education. I double majored in Philosophy and Criminal Justice.

I am married, live in Texas, and have a couple large dogs.

Why did you start using Python?

It’s funny, I actually disliked programming for a long time. I had wanted to learn to program since I was about 12 years old, I kept trying, but I just hated it. Too tedious, too annoying, too confusing.

Fast forward to college, by this point I had a few online businesses, but was always just paying developers to work for me. This time, my idea was to track sentiment for stocks for investing/trading. I didn’t know anyone who could do that for me, so I revisited programming yet again with this goal in mind. I tried quite a few languages again, was left pretty bummed out overall, but then a friend of mine mentioned that a programming language called Python had a natural language processing library called Natural Language Toolkit (NLTK). I quickly found their book on nltk.org/book, and it was perfect for me, since it was exactly what I wanted. I went through the book, and that’s how I learned python and begun my journey. That project still exists today as sentdex.com (sentdex = sentiment+index), and that’s also how my “Sentdex” e-name was formed.

What other programming languages do you know and which is your favorite?

I’ve done a bit of javascript and C++, but I am really nothing special in either, probably the language I know the most of besides Python would be SQL if I’m allowed to claim that language.

I’ve also poked into Go and Swift. I would like to learn more C++ and Javascript for the future. Mainly C++ to augment Python, where a relevant library might not yet exist for a task I am doing in Python. I find myself relying too much on other people to have made wrappers for me, which is fine when people have done it, but, when something doesn’t exist yet, I am stuck, and that’s always a bummer!

Javascript more for my web development purposes. My favorite language, however, is of course Python! The main reason I haven’t learned C++ any more in depth, for example, is because it’s just not as exciting to work with for me as Python is. I would describe Python as an “exciting” language to work with, just simply due to the rapid development capability for me personally.

What projects are you working on now?

Most recently, I have been working on self-driving cars in Grand Theft Auto 5. As I am writing this, I have been training a deep learning model for about 5 days straight while out of town. I am excited to get home and see how the model has done, I’m like a kid waiting for Christmas morning. I just hope it’s not coal.

For anyone interested in tracking the series’ tutorials: https://pythonprogramming.net/game-frames-open-cv-python-plays-gta-v/

The project is also open sourced at: https://github.com/sentdex/pygta5/

You can also view the livestreams of the AI: https://www.twitch.tv/Sentdex

Which Python libraries are your favorite (core or 3rd party)?

Pandas is probably my number 1 vote, just based on how much value I have gotten from it over the years, but probably Numpy should take #1, it just isn’t as often recognized for all the work it’s doing in the background for such a huge variety of libraries.

I also like Flask a lot due to the simplicity of working with it, and how easily you can customize it to do whatever you want. Flask has enabled me to share my work with others in a way no other library has afforded me.

Where do you see Python going as a programming language?

I think the main power behind Python is the community. There are other languages that are fairly similar in ease and general-purpose-ness, such as Ruby or Julia. The difference I personally see between Python and Ruby/Julia is the actual community behind them. With Python, you really can do just about everything. I think the only real weak point for Python these days is for something like game development/mobile development, along with anything where the latency between a wrapper is still too costly. Something like millisecond-frequency-trading.

Fundamentally, I can easily see Python being here in the next 20+ years, but a lot will depend on the community. The still-existing forking of the community between version 2 and 3 is a great example of how, despite an initially great community, you can chop it right in half. It seems like some people think the 2 vs 3 stuff is behind us, but I really don’t see that. It’s certainly becoming uncool to admit you work with Python 2 online, but it’s still very much a reality in practice

How did you get started doing Youtube videos about Python?

I actually was just trying to market Sentdex.com at first. I was doing some videos about sentiment analysis and a few with using Python for some associated tasks. People seemed to really appreciate the tutorials, so I just kept sharing things that I had learned. It just kept growing until pretty quickly the channel had really nothing to do with sentdex.com anymore, but the name couldn’t be changed. Now it’s very clear that, marketing-wise, the term “Sentdex” is more associated with Python programming education, and not sentiment analysis.

What advice can you give to someone who wants to teach using Youtube or similar?

Don’t worry be crappy! The overwhelming majority of the responses I got, even from the early days when I was pretty bad at coding AND teaching, were super positive. Even if you’re not considering teaching, I suggest you still try it. It doesn’t need to be YouTube, just a blog or something similar. The return for doing it is just insane. First, as you’re attempting to teach things, it only solidifies what you know, and quickly shines a light on what you don’t know. Trying to explain something is just a great way to learn it.

Next, once you put something out there, you get other eyes on it, you’ll get tips, suggestions, and just tons of general help. It’s basically a form of peer review.

Finally, if you’re seeking employment, having a blog with proof of work/passion is something that most employers seem to appreciate.

Is there anything else you’d like to say?

Thanks for considering me a pydev of the week!

Categories: FLOSS Project Planets

EuroPython: EuroPython 2017 Keynote: Aisha Bello & Daniele Procida

Planet Python - Mon, 2017-05-22 07:48

We are pleased to announce our next keynote speakers for EuroPython 2017: Aisha Bello & Daniele Procida

About Aisha

Aisha currently serves as vice chair for the Python Nigeria community. She has helped co-organized and support a number of Django Girls workshops in Namibia & Nigeria. She also is a co-organizer for PyLadies Nigeria. She is an ardent Tech and Python community enthusiast with a strong desire and passion for social change, women’s tech education and empowerment in Africa. In 2016 she won the Django Software Foundation Malcolm Tredinnick Memorial prize for her contributions to the community. Currently she works as an Associate Systems Engineer for Cisco Systems.

About Daniele

Daniele is an avid contributor to open source software and its communities. He has been a core developer of Django for over three years and recently joined the Django Software Foundation board. He works at Divio, where he helps support and develop open source Django products. Daniele is a veteran community builder. His contribution as part of the organising committee of PyCon Namibia has been key in establishing a successful Python community in Namibia.

The Keynote: The Encounter: Python’s adventures in Africa

A genuine encounter changes both parties. In this talk Daniele and Aisha will report on the dialogue opened up by recent PyCons and other Python events in Africa. They’ll discuss Python’s impact in countries including Namibia, Nigeria and Zimbabwe, and what open-source software means for Africa at large - and what the encounter means for Python too.


EuroPython 2017 Team
EuroPython Society
EuroPython 2017 Conference

Categories: FLOSS Project Planets

Michal Čihař: HackerOne experience with Weblate

Planet Debian - Mon, 2017-05-22 06:00

Weblate has started to use HackerOne Community Edition some time ago and I think it's good to share my experience with that. Do you have open source project and want to get more attention of security community? This post will answer how it looks from perspective of pretty small project.

I've applied with Weblate to HackerOne Community Edition by end of March and it was approved early in April. Based on their recommendations I've started in invite only mode, but that really didn't bring much attention (exactly none reports), so I've decided to go public.

I've asked for making the project public just after coming from two weeks vacation, while expecting the approval to take some time where I'll settle down things which have popped up during vacation. In the end that was approved within single day, so I was immediately under fire of incoming reports:

I was surprised that they didn't lie - you will really get huge amount of issues just after making your project public. Most of them were quite simple and repeating (as you can see from number of duplicates), but it really provided valuable input.

Even more surprisingly there was second peak coming in when I've started to disclose resolved issues (once Weblate 2.14 has been released).

Overall the issues could be divided to few groups:

  • Server configuration such as lack of Content-Security-Policy headers. This is certainly good security practice and we really didn't follow it in all cases. The situation should be way better now.
  • Lack or rate limiting in Weblate. We really didn't try to do that and many reporters (correctly) shown that this is something what should be addressed in important entry points such as authentication. Weblate 2.14 has brought lot of features in this area.
  • Not using https where applicable. Yes, some APIs or web sites did not support https in past, but now they do and I didn't notice.
  • Several pages were vulnerable to CSRF as they were using GET while POST with CSRF protection would be more appropriate.
  • Lack of password strength validation. I've incorporated Django password validation to Weblate hopefully avoiding the weakest passwords.
  • Several issues in authentication using Python Social Auth. I've never really looked at how the authentication works there and there are some questionable decisions or bugs. Some of the bugs were already addressed in current releases, but there are still some to solve.

In the end it was really challenging week to be able to cope with the incoming reports, but I think I've managed it quite well. The HackerOne metrics states that there are 2 hours in average to respond on incoming incidents, what I think will not work in the long term :-).

Anyway thanks to this, you can now enjoy Weblate 2.14 which more secure than any release before, if you have not yet upgraded, you might consider doing that now or look into our support offering for self hosted Weblate.

The downside of this all was that the initial publishing on HackerOne made our website target of lot of automated tools and the web server was not really ready for that. I'm really sorry to all Hosted Weblate users who were affected by this. This has been also addressed now, but the infrastructure really should have been prepared before on this. To share how it looked like, here is number of requests to the nginx server:

I'm really glad I could make Weblate available on HackerOne as it will clearly improve it's security and security of hosted offering we have. I will certainly consider providing swag and/or bounties on further severe reports, but that won't be possible without enough funding for Weblate.

Filed under: Debian English SUSE Weblate

Categories: FLOSS Project Planets

My Akademy Plans

Planet KDE - Mon, 2017-05-22 05:21

The Akademy programme (saturday, sunday) is actually pretty long; the conference days stretch into feels-like-evening to me. Of course, the Dutch are infamous for being “6pm at the dinner table, and eat potatoes” so my notion of evening may not match what works on the Mediterranean coast. Actually, I know it doesn’t since way back when at a Ubuntu Developer Summit in Sevilla it took some internal-clock-resetting to adjust to dinner closer to midnight than 18:00.

Foreseen clock-adjustment difficulties aside, I have a plan for Akademy.

  • Attend a bunch of talks. Telemetry / User Feedback sounds like a must-see for me, and lightning talks, and Input Methods is something I know nothing about and should (hey, my work-work application is Latin-1 only and therefore can’t even represent the names of all of its developers properly, and that in 2017), and the analysing code and fuzzing talk connects way back to the English Breakfast Network days of KDE Code Quality.
  • Hammer (and saw, and sand, and paint) on the KDE CI for FreeBSD; this will involve a fair amount of futzing with the base system, but also gently pushing changes to a whole bunch of repositories. KDE Frameworks 5 are mostly blue / yellow. It’s time to start adding higher layers of the software stack to the whole.
  • BoF it up around CMake, FreeBSD, CI, and LDAP.
  • Have fun at the day trip.
Categories: FLOSS Project Planets

Django Weekly: Django Weekly Issue 39 - GraphQL, context processor, DRF and more

Planet Python - Mon, 2017-05-22 04:41
Worthy Read
How to Use GraphQL with DjangoIn this article, we will describe on how to use GraphQL with Django. In this guide, you will see code sample and examples of implementation for Python.
How to make your Django context processors lazyIf you came here, you probably know what is a context processor, but let's quickly recap. It's a function, that returns dictionary of values. Those values will be injected to rendering context without explicitly defining them in view. They allows us to refactor commonly used variables out of views.
Catch Errors Before Your Users DoFull-stack error monitoring and analytics for developers. Users finding bugs? Searching logs for errors? Find + fix broken code fast!
Tips for Building High-Quality Django Apps at ScaleTo continue to scale, we’ve also started to migrate our monolithic app towards a microservices architecture. We’ve learned a lot about what works well and what doesn’t with Django, and hope we can share some useful tips on how to work with this popular web framework.
Django REST framework - release of django rest framework
Fastest Redis configuration for DjangoI have an app that does a lot of Redis queries. It all runs in AWS with ElastiCache Redis. Due to the nature of the app, it stores really large hash tables in Redis. The application then depends on querying Redis for these. The question is; What is the best configuration possible for the fastest service possible?
redis, caching
Django Developer PanelDjango Developer Panel is a Google Chrome extension paired with a piece of Django middleware that highlights helpful data to assist in the debugging and construction of Django applications. It was inspired heavily by, and some portions of the middleware code derived from, the very popular Django Debug Toolbar plugin, as well as the Ember Inspector plugin.
debugging, web application

django-notifyAll - 154 Stars, 4 ForkA library which can be used for all types of notifications like SMS, Mail, Push.
django-migrations-graph - 13 Stars, 0 ForkDjango-admin command to display migrations with dependencies.
django-json-widget - 7 Stars, 0 ForkAn alternative widget that makes it easy to edit the new Django's field JSONField (PostgreSQL specific model fields)
django-export-csv - 5 Stars, 0 ForkCSV exporter for Django this tool create a shortcut to render a queryset to a CSV steaming HTTP response.
django-messages-to-bootstrap-notify - 3 Stars, 0 ForkShow django messages using bootstrap-notify
Categories: FLOSS Project Planets

Import Python: ImportPython Issue 125 - How to Publish Your Package on PyPI and more

Planet Python - Mon, 2017-05-22 04:37
Worthy Read
How to Publish Your Package on PyPI? When you’ve written some great code, you might want to make this available for others to use as well. The pythonic way of sharing a package is making it available on PyPI. Let’s create a simple package and go through the process of publishing it!
Catch Errors Before Your Users Do - Full-stack error monitoring and analytics for developers Users finding bugs? Searching logs for errors? Find + fix broken code fast!.
Python Testing with pytest: Simple, Rapid, Effective, and Scalable by Brian Okken | The Pragmatic Bookshelf Do less work when testing your Python code, but be just as expressive, just as elegant, and just as readable. The pytest testing framework helps you write tests quickly and keep them readable and maintainable—with no boilerplate code. Using a robust yet simple fixture model, it’s just as easy to write small tests with pytest as it is to scale up to complex functional testing for applications, packages, and libraries. This book shows you how.
testing, book
Python Goes To The Movies with Dhruv Govil Movies are magic, and Python is part of what makes that magic possible. We go behind the curtain this week with Dhruv Govil to learn about how Python gets used to bring a movie from concept to completion. He shares the story of how he got started in film, the tools that he uses day to day, and some resources for further learning.
Building a ML classifier on NY city taxi data to predict no tips vs generous tips with Python I demonstrate the power of the Google BigQuery engine by building a classifier which will predict whether a NY city taxi ride will result in a generous tip or no tip at all. As part of doing this I explore the dataset and look at relationships in the dataset. I also visualize the pickups around the city and the result is a scatterplot which essentially draws the city streets of NY.
bigquery, datawarehouse
Using Python and Google Docs to Build Books Daniel ( Co-Author of Two Scoops of Django ) shares how he put Python ( python-docx library ) along with Google Docs to create his latest self-published fiction book.
Make Sublime Text as the best IDE for full stack python development sublime3
Train/Test Split and Cross Validation in Python data science
Argparse vs Click Command line arguments processing library.
Definitive guide to python on Mac OSX installation, macos-x
Modern Face Detection based on Deep Learning using Python and Mxnet In this post, we’ll discuss and illustrate a fast and robust method for face detection using Python and Mxnet.
machine learning
Text Analysis with South Park — Part 1: TF-IDF I noticed recently that Kaggle has an interesting dataset?—?70,000 lines of South Park dialogue. It’s nicely labelled by episode and character. I figured it would be a good practical test for the TF-IDF tools in scikit learn that I’ve been wanting to try recently.
machine learning
Using Python Generator to Monitor Data David Beazley demonstrates how to use a generator in Python to watch real-time data sources. This is an excerpt from the Pearson video course "Python Programming Language".
Spelling with Elemental Symbols Sitting in my 5-hour-long chemistry class, my gaze would often drift over to the periodic table posted on the wall. To pass the time, I began to try finding words I could spell using only the symbols of the elements on the periodic table. Some examples: ScAlEs, FeArS, ErAsURe, WAsTe, PoInTlEsSnEsS, MoISTeN, SAlMoN, PuFFInEsS. I wondered what the longest such word was ('TiNTiNNaBULaTiONS' was the longest one I could come up with). Then I started thinking about how nice it would be to have a tool that could find the elemental spellings of any word. I decided to write a Python program.
lambda, map and filter in Python lambda operator or lambda function is used for creating small, one-time and anonymous function objects in Python.
core-python, lamda, map, filter
Simple demo of Pandas DataFrames and MultiIndex Pandas Dataframes generally have an "index", one column of a dataset that gives the name for each row. It works like a primary key in a database table. But Pandas also supports a MultiIndex, in which the index for a row is some composite key of several columns. It's quite confusing at first, here's a simple demo of creating a multi-indexed DataFrame and then querying subsets with various syntax.
Python + Docker: From development to production: Episode I dockers
Developing a Pricing Strategy to Maximize Revenue Turns out, selling lemonade is a perfect scenario to introduce dynamic pricing and price optimization techniques. In this post, we'll be finding an optimal price for our glasses of lemonade using some basic methodology in Python in order to maximize our revenue.
numpy, pandas, scipy
Pandas and Python Real World Project (GPS data) Analysis and plotting of GPS data using pandas
Top 15 Python Libraries for Data Science in 2017 As Python has gained a lot of traction in the recent years in Data Science industry, I wanted to outline some of its most useful libraries for data scientists and engineers, based on recent experience. And, since all of the libraries are open sourced, we have added commits, contributors count and other metrics from Github, which could be served as a proxy metrics for library popularity.
data science
Inspect PCAP Files Using AWS Lambda AWS Lambda is a service that allows you to run code without provisioning a server. This has some interesting possibilities especially when processing data asynchronously. When I first started learning about Lambda most of the examples were about resizing images. I work with PCAP files on a daily basis and have used scapy for several years so thought it would be a good experiment to use Lambda to do some simple PCAP inspection.
aws, lamda, pcap, scapy

tbvaccine - 164 Stars, 5 Fork A small utility to pretty-print Python tracebacks.
How_to_simulate_a_self_driving_car - 41 Stars, 13 Fork This is the code for "How to Simulate a Self-Driving Car" by Siraj Raval on Youtube.
now.httpbin.org - 15 Stars, 0 Fork An API (for Humans) for converting timestamps.
Dagon - 11 Stars, 1 Fork Advanced Hash Manipulation
DocumentClassification - 4 Stars, 1 Fork This code implements a sample CNN model for document classification with tensorflow.
sqline - 4 Stars, 0 Fork Simple command line tool to query databases
flexicon - 3 Stars, 0 Fork A lightweight, regex-based lexer framework for Python.
Categories: FLOSS Project Planets

La Drupalera (en): How To Create a Custom Format for a Date Field

Planet Drupal - Mon, 2017-05-22 04:33

In this post, you will learn how to create a custom date format for Drupal 7.

Read more
Categories: FLOSS Project Planets
Syndicate content