Training in Foss Compliance

Planet KDE - Thu, 2017-05-18 05:32

On June 23rd 2017, there’s a new, one day training in our Berlin facility, this time in German.

Training in FOSS Compliance will be available, in English, in Berlin and other locations later this year. More on that below, in English. Meanwhile, since our first open-enrolment training to help you with the complex issues around compliance is in German…….

Der Begriff Corporate Compliance ist seit einigen Jahren in den Fokus der Öffentlichkeit gerückt, aber wenige Unternehmen wissen bislang um die …

The post Training in Foss Compliance appeared first on KDAB.

Categories: FLOSS Project Planets

Sergey Beryozkin: Distributed Tracing with CXF: New Features

Planet Apache - Thu, 2017-05-18 05:23
As you may already know Apache CXF has been offering a simple but effective support for tracing CXF client and server calls with HTrace since 2015.

What is interesting about this feature is that it was done after the DevMind attended to Apache Con NA 2015 and got inspired about integrating CXF with HTrace.

You'll be glad to know this feature has now been enhanced to get the trace details propagated to the logs which is the least intrusive way of working with HTrace though should you need more advanced control, CXF will help, see this section for example.

CXF has also been integrated with Brave. That should do better for CXF OSGI users. The integration work with Brave 4 is under way now.
Categories: FLOSS Project Planets

Alessio Treglia: Digital Ipseity: Which Identity?

Planet Debian - Thu, 2017-05-18 04:50


Within the next three years, more than seven billion people and businesses will be connected to the Internet. During this time of dramatic increases in access to the Internet, networks have seen an interesting proliferation of systems for digital identity management (i.e. our SPID in Italy). But what is really meant by “digital identity“? All these systems are implemented in order to have the utmost certainty that the data entered by the subscriber (address, name, birth, telephone, email, etc.) is directly coincident with that of the physical person. In other words, data are certified to be “identical” to those of the user; there is a perfect overlap between the digital page and the authentic user certificate: an “idem“, that is, an identity.

This identity is our personal records reflected on the net, nothing more than that. Obviously, this data needs to be appropriately protected from malicious attacks by means of strict privacy rules, as it contains so-called “sensitive” information, but this data itself is not sufficiently interesting for the commercial market, except for statistical purposes on homogeneous population groups. What may be a real goldmine for the “web company” is another type of information: user’s ipseity. It is important to immediately remove the strong semantic ambiguity that weighs on the notion of identity. There are two distinct meanings…

<Read More…[by Fabio Marzocca]>

Categories: FLOSS Project Planets

Agiledrop.com Blog: AGILEDROP: DrupalCon sessions about Project Management

Planet Drupal - Thu, 2017-05-18 04:04
Last time, we gathered together DrupalCon Baltimore sessions about Case Studies. We promised that we will also look in some other areas. Therefore, we will this time explore the sessions from Project Management. Project Managers ARE the new Content Strategists by Lynn Winter from August Ash The session is about Project Managers being a content strategist. They become so because nobody has money to pay for a content strategist. Therefore, a session walks you through the discovery, design, and build phases of a website redesign sharing tips, tools, and examples of steps you can take to… READ MORE
Categories: FLOSS Project Planets

Talk Python to Me: #112 Geeking out in the golden years

Planet Python - Thu, 2017-05-18 04:00
I've always thought that if I retired, I'd more or less do what I had been doing as my job - except without the meetings and reports. That is, write interesting and fulfilling software. <br/> <br/> In this episode of Talk Python To Me, we are back together with Philip Guo to discuss his research project aimed to improve the learning to code experience for older adults (those 60 - 85 years old).<br/> <br/> Links from the show:<br/> <br/> <div style="font-size: .85em;"><b>Older Adults publication</b>: <a href="http://www.pgbovine.net/publications/older-adults-learning-programming_CHI-2017.pdf" target="_blank">pgbovine.net/publications/older-adults-learning-programming_CHI-2017.pdf</a><br/> <b>PG Podcast</b>: <a href="http://www.pgbovine.net/PG-Podcast-summary.htm" target="_blank">pgbovine.net/PG-Podcast-summary.htm</a><br/> <b>Episode 22: 10-hour code walk</b>: <a href="/22" target="_blank">talkpython.fm/22</a><br/> <b>Python Tutor website</b>: <a href="http://www.pythontutor.com/" target="_blank">pythontutor.com</a><br/> <br/> <b>Sponsored Links</b><br/> <b>Rollbar</b>: <a href="https://talkpython.fm/rollbar" target="_blank">talkpython.fm/rollbar</a><br/> <b>Hired</b>: <a href="https://hired.com/?utm_source=podcast&utm_medium=talkpythontome&utm_term=cat-tech-software&utm_content=2k&utm_campaign=q1-16-episodesbanner" target="_blank">hired.com/talkpythontome</a><br/> <b>Talk Python Courses</b>: <a href="https://training.talkpython.fm/" target="_blank">training.talkpython.fm</a><br/></div>
Categories: FLOSS Project Planets

Python Anywhere: System update this morning

Planet Python - Thu, 2017-05-18 03:36

This morning's system update went well :-)

There aren't any major visible new features in the new system -- it was primarily an infrastructural change. The operating system on our underlying servers has been upgraded from Ubuntu 14.04 to 16.04 (so we had to rewrite all of our upstart system jobs as systemd ones, which was... fun). The sandboxes where your code runs have been kept as Ubuntu 14.04, so that your code doesn't break due to the system it runs on changing unexpectedly.

A future update, hopefully soon, will enable a 16.04-based system image that you'll be able to opt in to use when it's convenient to you. There's also a big new feature that we're working on that required the OS upgrade -- more about that another time...

There were a few minor changes beyond that:

  • We've increased the server capacity available for scheduled tasks.
  • We've significantly reworked the system for logging of error messages for web apps, so they should appear pretty much instantly in your error logs rather than being delayed -- previously they could sometimes take 30 seconds to arrive, which could make debugging frustrating.
  • We've been working on improving the API; there's some documentation here. The API is still in early alpha, and may change without warning, but if you'd like to have a play, just let us know and we can switch it on for your account.
  • A couple of security fixes -- mostly rate-limiting things that send email so that they can't be abused by trolls trying to fill up your inbox with junk. A shout-out to akash c for reporting that.
Categories: FLOSS Project Planets

Michael Prokop: Debugging a mystery: ssh causing strange exit codes?

Planet Debian - Thu, 2017-05-18 03:29

Recently we had a WTF moment at a customer of mine which is worth sharing.

In an automated deployment procedure we’re installing Debian systems and setting up MySQL HA/Scalability. Installation of the first node works fine, but during installation of the second node something weird is going on. Even though the deployment procedure reported that everything went fine: it wasn’t fine at all. After bisecting to the relevant command lines where it’s going wrong we identified that the failure is happening between two ssh/scp commands, which are invoked inside a chroot through a shell wrapper. The ssh command caused a wrong exit code showing up: instead of bailing out with an error (we’re running under ‘set -e‘) it returned with exit code 0 and the deployment procedure continued, even though there was a fatal error. Initially we triggered the bug when two ssh/scp command lines close to each other were executed, but I managed to find a minimal example for demonstration purposes:

# cat ssh_wrapper chroot << "EOF" / /bin/bash ssh root@localhost hostname >/dev/null exit 1 EOF echo "return code = $?"

What we’d expect is the following behavior, receive exit code 1 from the last command line in the chroot wrapper:

# ./ssh_wrapper return code = 1

But what we actually get is exit code 0:

# ./ssh_wrapper return code = 0

Uhm?! So what’s going wrong and what’s the fix? Let’s find out what’s causing the problem:

# cat ssh_wrapper chroot << "EOF" / /bin/bash ssh root@localhost command_does_not_exist >/dev/null 2>&1 exit "$?" EOF echo "return code = $?" # ./ssh_wrapper return code = 127

Ok, so if we invoke it with a binary that does not exist we properly get exit code 127, as expected.
What about switching /bin/bash to /bin/sh (which corresponds to dash here) to make sure it’s not a bash bug:

# cat ssh_wrapper chroot << "EOF" / /bin/sh ssh root@localhost hostname >/dev/null exit 1 EOF echo "return code = $?" # ./ssh_wrapper return code = 1

Oh, but that works as expected!?

When looking at this behavior I had the feeling that something is going wrong with file descriptors. So what about wrapping the ssh command line within different tools? No luck with `stdbuf -i0 -o0 -e0 ssh root@localhost hostname`, nor with `script -c “ssh root@localhost hostname” /dev/null` and also not with `socat EXEC:”ssh root@localhost hostname” STDIO`. But it works under unbuffer(1) from the expect package:

# cat ssh_wrapper chroot << "EOF" / /bin/bash unbuffer ssh root@localhost hostname >/dev/null exit 1 EOF echo "return code = $?" # ./ssh_wrapper return code = 1

So my bet on something with the file descriptor handling was right. Going through the ssh manpage, what about using ssh’s `-n` option to prevent reading from standard input (stdin)?

# cat ssh_wrapper chroot << "EOF" / /bin/bash ssh -n root@localhost hostname >/dev/null exit 1 EOF echo "return code = $?" # ./ssh_wrapper return code = 1

Bingo! Quoting ssh(1):

-n Redirects stdin from /dev/null (actually, prevents reading from stdin). This must be used when ssh is run in the background. A common trick is to use this to run X11 programs on a remote machine. For example, ssh -n shadows.cs.hut.fi emacs & will start an emacs on shadows.cs.hut.fi, and the X11 connection will be automatically forwarded over an encrypted channel. The ssh program will be put in the background. (This does not work if ssh needs to ask for a password or passphrase; see also the -f option.)

Let’s execute the scripts through `strace -ff -s500 ./ssh_wrapper` to see what’s going in more detail.
In the strace run without ssh’s `-n` option we see that it’s cloning stdin (file descriptor 0), getting assigned to file descriptor 4:

dup(0) = 4 [...] read(4, "exit 1\n", 16384) = 7

while in the strace run with ssh’s `-n` option being present there’s no file descriptor duplication but only:

open("/dev/null", O_RDONLY) = 4

This matches ssh.c’s ssh_session2_open function (where stdin_null_flag corresponds to ssh’s `-n` option):

if (stdin_null_flag) { in = open(_PATH_DEVNULL, O_RDONLY); } else { in = dup(STDIN_FILENO); }

This behavior can also be simulated if we explicitly read from /dev/null, and this indeed works as well:

# cat ssh_wrapper chroot << "EOF" / /bin/bash ssh root@localhost hostname >/dev/null </dev/null exit 1 EOF echo "return code = $?" # ./ssh_wrapper return code = 1

The underlying problem is that both bash and ssh are consuming from stdin. This can be verified via:

# cat ssh_wrapper chroot << "EOF" / /bin/bash echo "Inner: pre" while read line; do echo "Eat: $line" ; done echo "Inner: post" exit 3 EOF echo "Outer: exit code = $?" # ./ssh_wrapper Inner: pre Eat: echo "Inner: post" Eat: exit 3 Outer: exit code = 0

This behavior applies to bash, ksh, mksh, posh and zsh. Only dash doesn’t show this behavior.
To understand the difference between bash and dash executions we can use the following test scripts:

# cat stdin-test-cmp #!/bin/sh TEST_SH=bash strace -v -s500 -ff ./stdin-test 2>&1 | tee stdin-test-bash.out TEST_SH=dash strace -v -s500 -ff ./stdin-test 2>&1 | tee stdin-test-dash.out # cat stdin-test #!/bin/sh : ${TEST_SH:=dash} $TEST_SH <<"EOF" echo "Inner: pre" while read line; do echo "Eat: $line"; done echo "Inner: post" exit 3 EOF echo "Outer: exit code = $?"

When executing `./stdin-test-cmp` and comparing the generated files stdin-test-bash.out and stdin-test-dash.out you’ll notice that dash consumes all stdin in one single go (a single `read(0, …)`), instead of character-by-character as specified by POSIX and implemented by bash, ksh, mksh, posh and zsh. See stdin-test-bash.out on the left side and stdin-test-dash.out on the right side in this screenshot:

So when ssh tries to read from stdin there’s nothing there anymore.

Quoting POSIX’s sh section:

When the shell is using standard input and it invokes a command that also uses standard input, the shell shall ensure that the standard input file pointer points directly after the command it has read when the command begins execution. It shall not read ahead in such a manner that any characters intended to be read by the invoked command are consumed by the shell (whether interpreted by the shell or not) or that characters that are not read by the invoked command are not seen by the shell. When the command expecting to read standard input is started asynchronously by an interactive shell, it is unspecified whether characters are read by the command or interpreted by the shell.

If the standard input to sh is a FIFO or terminal device and is set to non-blocking reads, then sh shall enable blocking reads on standard input. This shall remain in effect when the command completes.

So while we learned that both bash and ssh are consuming from stdin and this needs to prevented by either using ssh’s `-n` or explicitly specifying stdin, we also noticed that dash’s behavior is different from all the other main shells and could be considered a bug (which we reported as #862907).

Lessons learned:

  • Be aware of ssh’s `-n` option when using ssh/scp inside scripts.
  • Feeding shell scripts via stdin is not only error-prone but also very inefficient, as for a standards compliant implementation it requires a read(2) system call per byte of input. Instead create a temporary script you safely execute then.
  • When debugging problems make sure to explore different approaches and tools to ensure you’re not relying on a buggy behavior in any involved tool.

Thanks to Guillem Jover for review and feedback regarding this blog post.

Categories: FLOSS Project Planets

Tianon Gravi: My Docker Install Process (redux)

Planet Debian - Thu, 2017-05-18 02:00

Since I wrote my first post on this topic, Docker has switched from apt.dockerproject.org to download.docker.com, so this post revisits my original steps, but tailored for the new repo.

There will be less commentary this time (straight to the beef). For further commentary on “why” for any step, see my previous post.

These steps should be fairly similar to what’s found in upstream’s “Install Docker on Debian” document, but do differ slightly in a few minor ways.

grab Docker’s APT repo GPG key # "Docker Release (CE deb)" export GNUPGHOME="$(mktemp -d)" gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 # stretch+ gpg --export --armor 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 | sudo tee /etc/apt/trusted.gpg.d/docker.gpg.asc # jessie # gpg --export 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 | sudo tee /etc/apt/trusted.gpg.d/docker.gpg > /dev/null rm -rf "$GNUPGHOME"


$ apt-key list ... /etc/apt/trusted.gpg.d/docker.gpg.asc ------------------------------------- pub rsa4096 2017-02-22 [SCEA] 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88 uid [ unknown] Docker Release (CE deb) <docker@docker.com> sub rsa4096 2017-02-22 [S] ... add Docker’s APT source

With the switch to download.docker.com, HTTPS is now mandated:

$ apt-get update && apt-get install apt-transport-https

Setup sources.list:

echo "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable" | sudo tee /etc/apt/sources.list.d/docker.list

Add edge component for every-month releases and test for release candidates (ie, ... stretch stable edge). Replace stretch with jessie for Jessie installs.

At this point, you should be safe to run apt-get update to verify the changes:

$ sudo apt-get update ... Get:5 https://download.docker.com/linux/debian stretch/stable amd64 Packages [1227 B] ... Reading package lists... Done

(There shouldn’t be any warnings or errors about missing keys, etc.)

configure Docker

This step could be done after Docker’s installed (and indeed, that’s usually when I do it because I forget that I should until I’ve got Docker installed and realize that my configuration is suboptimal), but doing it before ensures that Docker doesn’t have to be restarted later.

sudo mkdir -p /etc/docker sudo sensible-editor /etc/docker/daemon.json

(sensible-editor can be replaced by whatever editor you prefer, but that command should choose or prompt for a reasonable default)

I then fill daemon.json with at least a default storage-driver. Whether I use aufs or overlay2 depends on my kernel version and available modules – if I’m on Ubuntu, AUFS is still a no-brainer (since it’s included in the default kernel if the linux-image-extra-XXX/linux-image-extra-virtual package is installed), but on Debian AUFS is only available in either 3.x kernels (jessie’s default non-backports kernel) or recently in the aufs-dkms package (as of this writing, still only available on stretch and sid – no jessie-backports option).

If my kernel is 4.x+, I’m likely going to choose overlay2 (or if that errors out, the older overlay driver).

Choosing an appropriate storage driver is a fairly complex topic, and I’d recommend that for serious production deployments, more research on pros and cons is performed than I’m including here (especially since AUFS and OverlayFS are not the only options – they’re just the two I personally use most often).

{ "storage-driver": "overlay2" } configure boot parameters

I usually set a few boot parameters as well (in /etc/default/grub’s GRUB_CMDLINE_LINUX_DEFAULT option – run sudo update-grub after adding these, space-separated).

  • cgroup_enable=memory – enable “memory accounting” for containers (allows docker run --memory for setting hard memory limits on containers)
  • swapaccount=1 – enable “swap accounting” for containers (allows docker run --memory-swap for setting hard swap memory limits on containers)
  • systemd.legacy_systemd_cgroup_controller=yes – newer versions of systemd may disable the legacy cgroup interfaces Docker currently uses; this instructs systemd to keep those enabled (for more details, see systemd/systemd#4628, opencontainers/runc#1175, docker/docker#28109)
  • vsyscall=emulate – allow older binaries to run (debian:wheezy, etc.; see docker/docker#28705)

All together:

... GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1 systemd.legacy_systemd_cgroup_controller=yes vsyscall=emulate" ... install Docker!

Finally, the time has come.

$ sudo apt-get install -V docker-ce ... docker-ce (17.03.1~ce-0~debian-stretch) ... $ sudo docker version Client: Version: 17.03.1-ce API version: 1.27 Go version: go1.7.5 Git commit: c6d412e Built: Mon Mar 27 17:07:28 2017 OS/Arch: linux/amd64 Server: Version: 17.03.1-ce API version: 1.27 (minimum version 1.12) Go version: go1.7.5 Git commit: c6d412e Built: Mon Mar 27 17:07:28 2017 OS/Arch: linux/amd64 Experimental: false $ sudo usermod -aG docker "$(id -un)"
Categories: FLOSS Project Planets

Montreal Python User Group: Montréal-Python 64: Oleophobic Pretzel

Planet Python - Thu, 2017-05-18 00:00

Right after PyConUS 2017 we are inviting for our May meetup. It's gonna be held on Monday May 29th at the Shopify offices. It is your chance to get the latest news from he Montreal's Python community. Then join us!

Please note that we are still looking for lightning talks presentations (5 minute talks). Come present a project you are working on, a library you like, etc.

Presentations David Larlet - Inclusive Python

After 12 years hacking in Python, what did I learn the hard way? From biology to the web, across startups and now French government, I realized one thing: making your code resilient requires empathy.

David Larlet is seeking for a more diverse and enthusiastic world. Thoughts (en/fr): https://larlet.fr/david/

Mavi Ruiz-Blondet - A dive into the mind: Python for sensory stimulation and brain signal analysis

Commercial EEG headset are readily available nowadays. How can we find useful information from the EEG data that they can easily acquire? It all starts with the sensory stimulation that will elicit meaningful brain signals, when done correctly. PyschoPy is a library that greatly helps this purpose. Proper sensory stimulation is the first step, once the EEG data has been acquired, its post processing is what will allow us to predict what the user was thinking. This post processing can also be achieved on Python. At the talk, we will see the entire process, from the proper data acquisition to the data post processing and how to interpret the results in order to have a look into a human's mind.

Mavi has always been interested in the electrical signals from the body. She got her bachelor's on Electronic Engineering from the Pontifical Catholic University of Peru, and after working for a year with medical equipment, went to the US to get a Masters in Biomedical Engineering at the State University of New York at Binghamton. After very fruitful research using brain signals as a biometric for authentication purposes, she continues the research as a PhD student in Cognitive and Brain Sciences.

Claude Arpin - The micro:bit and the worldwide rush to teach coding Where

Shopify Offices 490 de la Gauchetière street Montréal, Québec https://goo.gl/maps/EXQWD6jAEAr


Monday, May 29th, 2017 at 6PM

  • 6:00PM - Door will open
  • 6:30PM - Start of presentations
  • 7:15PM - Break
  • 7:30PM - Presentations
  • 8:00PM - End of event
  • 8:30PM - Benelux

We’d like to thank our sponsors for their continued support: Shopify UQÀM Bénélux Savoir-faire Linux

Categories: FLOSS Project Planets

Daniel Bader: When to Use Python

Planet Python - Wed, 2017-05-17 20:00
When to Use Python

What is the Python programming language used for in the real world, and when is using Python the right choice?

When I grew up in Germany as a kid there was this craze about “desks that can grow with you.” The idea was you’d buy your kid an adjustable desk and then they’d be able to use it throughout their whole education career.

As your kid grows taller, so does his or her desk. Just turn the little crank handle every few months… And voila, you’re right on track for raising the next Albert Einstein or Marie Curie.

Python is a great
“adjustable desk” language.

With the small but important difference that Python is also a much prettier desk. One that you wouldn’t be embarrassed of using past elementary school. And one you’d be okay with showing to your girlfriend/boyfriend. (Okay, time to stop with that desk analogy.)

My point is this:

What I love about Python is how it scales so well (no pun intended)—from writing simple prototypes to validate an idea, all the way to building “production grade” systems.

Sure, sometimes it would be nice to have a compiler and static type checks to lean on—but often I realized that I would’ve never come this far in so little time with Java or C++. And with optional type hints in Python 3 and type checking tools like mypy this gap is starting to close.

But not only does Python scale and grow with the project at hand, it also scales and grows with your skills as a developer.

It’s relatively easy to get started with Python—but it’s not going to prevent you from growing as a developer and getting impressive real-world work done with it. My friend and fellow Python wrangler Michael Kennedy refers to it as a “full spectrum” language. And I really like that as an analogy.

Python spans the gamut from print('hello, world') all the way to running the back-end infrastructure for massive applications like Reddit, Instagram, or YouTube.

Now, is using Python
always the right choice?


No single programming language is.

For example, it’s unlikely you’re going to write a real-time operating system kernel in Python. Neither will id Software use it to implement their next-generation rendering engine…

But millions of developers around the world are using Python to build web applications, write data-crunching pipelines, generate reports, automate tests, conduct research, and do all kinds of other amazing work in a multitude of domains.

By learning Python you’re not limiting yourself to a specific niche.

And that’s what I love about this adorable, “adjustable desk” of a language.

Happy Pythoning!

Categories: FLOSS Project Planets

Justin Mason: Links for 2017-05-17

Planet Apache - Wed, 2017-05-17 19:58
  • Seeking medical abortions online is safe and effective, study finds | World news | The Guardian

    Of the 1,636 women who were sent the drugs between the start of 2010 and the end of 2012, the team were able to analyse self-reported data from 1,000 individuals who confirmed taking the pills. All were less than 10 weeks pregnant. The results reveal that almost 95% of the women successfully ended their pregnancy without the need for surgical intervention. None of the women died, although seven women required a blood transfusion and 26 needed antibiotics. Of the 93 women who experienced symptoms for which the advice was to seek medical attention, 95% did so, going to a hospital or clinic. “When we talk about self-sought, self-induced abortion, people think about coat hangers or they think about tables in back alleys,” said Aiken. “But I think this research really shows that in 2017 self-sourced abortion is a network of people helping and supporting each other through what’s really a safe and effective process in the comfort of their own homes, and I think is a huge step forward in public health.”

    (tags: health medicine abortion pro-choice data women-on-web ireland law repealthe8th)

Categories: FLOSS Project Planets

Sandipan Dey: Some more Computational Photography: Creating Video Textures in Python and OpenCV

Planet Python - Wed, 2017-05-17 17:57
The following problem appeared as an assignment in the Coursera Course Computational Photography (by Georgia Tech, 2013). The following description of the problem is taken directly from the assignment’s description. Introduction In this article, we shall be applying our computational photography magics to video, with the purpose of creating video textures, or infinitely looping pieces … Continue reading Some more Computational Photography: Creating Video Textures in Python and OpenCV
Categories: FLOSS Project Planets

Kalamuna Blog: Lessons from Our Drupal 8 Blog Migration

Planet Drupal - Wed, 2017-05-17 17:29
Lessons from Our Drupal 8 Blog Migration Shannon O'Malley Wed, 05/17/2017 - 14:29

Late last year, we upgraded our blog from Drupal 7 to Drupal 8. Our main objective was to invest in our skills within Kalamuna so we could, in turn, better serve our clients. We have a lot of Drupal 8 migrations lined up over the course of the next year or so, and we foresee many more coming down the pipeline. This gave us a chance to learn the ins and outs of Drupal 8, with the added value of sprucing up our very own blog. This post is a summary of takeaways from our experience that I hope will help you on your own Drupal 8 adventures.

Categories Articles Drupal Git Guidance Information Architecture Responsive Design
Categories: FLOSS Project Planets

Daniel Pocock: Hacking the food chain in Switzerland

Planet Debian - Wed, 2017-05-17 14:41

A group has recently been formed on Meetup seeking to build a food computer in Zurich. The initial meeting is planned for 6:30pm on 20 June 2017 at ETH, (Zurich Centre/Zentrum, Rämistrasse 101).

The question of food security underlies many of the world's problems today. In wealthier nations, we are being called upon to trust a highly opaque supply chain and our choices are limited to those things that major supermarket chains are willing to stock. A huge transport and storage apparatus adds to the cost and CO2 emissions and detracts from the nutritional value of the produce that reaches our plates. In recent times, these problems have been highlighted by the horsemeat scandal, the Guacapocalypse and the British Hummus crisis.

One interesting initiative to create transparency and encourage diversity in our diets is the Open Agriculture (OpenAg) Initiative from MIT, summarised in this TED video from Caleb Harper. The food produced is healthier and fresher than anything you might find in a supermarket and has no exposure to pesticides.

An open source approach to food

An interesting aspect of this project is the promise of an open source approach. The project provides hardware plans, a a video of the build process, source code and the promise of sharing climate recipes (scripts) to replicate the climates of different regions, helping ensure it is always the season for your favour fruit or vegetable.

Do we need it?

Some people have commented on the cost of equipment and electricity. Carsten Agger recently blogged about permaculture as a cleaner alternative. While there are many places where people can take that approach, there are also many overpopulated regions and cities where it is not feasible. Some countries, like Japan, have an enormous population and previously productive farmland contaminated by industry, such as the Fukushima region. Growing our own food also has the potential to reduce food waste, as individual families and communities can grow what they need.

Whether it is essential or not, the food computer project also provides a powerful platform to educate people about food and climate issues and an exciting opportunity to take the free and open source philosophy into many more places in our local communities. The Zurich Meetup group has already received expressions of interest from a diverse group including professionals, researchers, students, hackers, sustainability activists and free software developers.

Next steps

People who want to form a group in their own region can look in the forum topic "Where are you building your Food Computer?" to find out if anybody has already expressed interest.

Which patterns from the free software world can help more people build more food computers? I've already suggested using Debian's live-wrapper to distribute a runnable ISO image that can boot from a USB stick, can you suggest other solutions like this?

Can you think of any free software events where you would like to see a talk or exhibit about this project? Please suggest them on the OpenAg forum.

There are many interesting resources about the food crisis, an interesting starting point is watching the documentary Food, Inc.

If you are in Switzerland, please consider attending the meeting on at 6:30pm on 20 June 2017 at ETH (Centre/Zentrum), Zurich.

One final thing to contemplate: if you are not hacking your own food supply, who is?

Categories: FLOSS Project Planets

Andre Roberge: What if range did not exist?

Planet Python - Wed, 2017-05-17 13:03
Over the years, various proposals for new syntactic constructs have been put forward to supplement or replace the range() function for looping over integers. Some of them have been documented in PEPs, whereas various others arose during discussions on the python-dev, comp.lang.python, and python-ideas lists. This lead Guido van Rossum to write in 2005: The whole point (15 years ago) of
Categories: FLOSS Project Planets

Python Engineering at Microsoft: Come visit us at PyCon US 2017!

Planet Python - Wed, 2017-05-17 13:00

With PyCon US 2017 happening later this week, we wanted to let you know what we will be up to at the conference!

To start, thanks to our platinum sponsorship this year, we are going to have a booth in the exhibit hall. This will provide you a place to come if you have any questions involving Python and Microsoft. We are also going to have a constant rotation of 10 and 20 minute demos at our booth that will include:

  1. Azure Data Lake
  2. Azure CLI
  3. Bash on Windows/WSL
  4. SQL Tools
  5. SQL Server on Linux
  6. Python in SQL Server
  7. VS Code
  8. Azure Notebooks
  9. Python in Visual Studio
  10. Cookiecutter in Visual Studio

Come by our booth to see the schedule for when we will be demoing what!

But our participation doesn’t stop at sponsorship and demos. Both Steve Dower and myself will be attending the Python language summit. This is the once-a-year meeting where the core developers of Python have an opportunity to get together in a room and discuss various points and issues surrounding the language. We will also be attending the development sprints where we sprint with other core developers to resolve various design decisions, build some camaraderie, and generally just get some coding done!

Lastly, both Steve and I are presenting at the conference this year. Steve is giving his talk entitled
“I Installed Python 3.6 on Windows and I Liked It”
where he will discuss how Python 3.6 makes cross-platform support easier for Windows and UNIX easier. I will be giving my talk entitled “What’s new in Python 3.6” where I will cover the over 16 new features in Python 3.6 that make it one of Python’s largest release ever.

As with every year we expect to have a great time at PyCon US and we look forward to see those of you who are able to make it!

Categories: FLOSS Project Planets

Weekly Python Chat: PyCon Sprints Chat

Planet Python - Wed, 2017-05-17 13:00

We'll chat at the sprints at PyCon 2017!

Categories: FLOSS Project Planets

Weekly Python Chat: PyCon Chat

Planet Python - Wed, 2017-05-17 13:00

Join us live from Pycon 2017 in Portland, Oregon!

Categories: FLOSS Project Planets

Reproducible builds folks: Reproducible Builds: week 107 in Stretch cycle

Planet Debian - Wed, 2017-05-17 12:08

Here's what happened in the Reproducible Builds effort between Sunday May 7 and Saturday May 13 2017:

Report from Reproducible Builds Hamburg Hackathon

We were 16 participants from 12 projects: 7 Debian, 2 repeatr.io, 1 ArchLinux, 1 coreboot + LEDE, 1 F-Droid, 1 ElectroBSD + privoxy, 1 GNU R, 1 in-toto.io, 1 Meson and 1 openSUSE. Three people came from the USA, 3 from the UK, 2 Finland, 1 Austria, 1 Denmark and 6 from Germany, plus we several guests from our gracious hosts at the CCCHH hackerspace as well as a guest from Australia…

We had four presentations:

Some of the things we worked on:

  • h01ger did orga stuff for this very hackathon, discussed tests.r-b.o with various non-Debian contributors, filed some bugs and restarted the policy discussion in #844431. He also did some polishing work on tests.r-b.o which shall be covered in next issue of our weekly blog.
  • Justin Cappos involved many of us in interesting discussions and started to write an academic paper about Reproducible Builds of which he shared an early beta on our mailinglist.
  • Chris Lamb (lamby) filed a number of patches for individual packages, worked on diffoscope, merged many changes to strip-nondeterminism and also filed #862073 against dak to upload buildinfo files to external services.
  • Maria Glukhova (siamezzze) fixed a bug with plots on tests.reproducible-builds.org and worked on diffoscope test coverage.
  • Lynxis worked on a new squashfs upstream release improving support for reproducible squashfs filesystems and also had some time to hack on coreboot and show others how to install coreboot on real hardware.
  • Michael Poehn worked on integrating F-Droid builds into tests.reproducible-builds.org, on the F-Droid verification utility and also ran some app reproducibility tests.
  • Bernhard worked on various unreproducible issues upstream and submitted fixes for curl, bzr, ant.
  • Erin Myhre worked on bootstrapping cleanroom builds of compiler components in Repeatr sandboxes.
  • Calvin Behling merged improvements to reppl for a cleaner storage format and better error handling and did design work for next version of repeatr pipeline execution. Calvin also lead the reproducibility testing of restaurant mood lighting.
  • Eric and Calvin also claim to have had all sorts of useful exchanges about the state of other projects, and learned a lot about where to look for more info about debian bootstrap and archive mirroring from steven and lamby
  • Phil Hands came by to say hi and worked on testing d-i on jenkins.debian.net.
  • Chris West (Faux) worked on extending misc.git:has-only.py, and started looking at Britney.

We had a Debian focussed meeting where we discussed a number of topics:

  • IRC meetings: yes, we want to try again to have them, monthly, a poll for a good date is being held.
  • Debian tests post Stretch: we'll add tests for stable/Stretch.
  • .buildinfo files, how forward: we need sourceful uploads for any arch:all packages. dak should send .buildinfo files to buildinfo.debian.net.
  • (pre?) Stretch release press release: we should do that, esp. as our achievements are largely unrelated to Stretch.
  • Reproducible Builds Summit 3: yes, we want that.
  • what to do (in notes.git) with resolved issues: keep the issues.
  • strip-nondeterminism quo vadis: Justin reminded us that strip-nondeterminism is a workaround we want to get rid off.

And then we also had a lot of fun in the hackerspace, enjoying some of their gimmicks, such as being able to open physical doors with ssh or controlling light and music with an webbrowser without authentication (besides being in the right network).

(This wasn't the hackathon per-se, but some of us appreciated these sights and so we thought you would too.)

Many thanks to:

  • Debian for sponsoring food and accomodation!
  • Dock Europe for providing us with really nice accomodation in the house!
  • CCC Hamburg for letting us use their hackerspace for >3 days non-stop!
News and media coverage

openSUSE has had a security breach in their infrastructure, including their build services. As of this writing, the scope and impact are still unclear, however the incident illustrates that no one should rely on being able to secure their infrastructure at all times. Reproducible Builds help mitigate this by allowing independent verification of build results, by parties that are unaffected by the compromise.

(Whilst this can happen to anyone. Kudos to openSUSE for being open about it. Now let's continue working on Reproducible Builds everywhere!)

On May 13th Chris Lamb gave a talk on Reproducible Builds at OSCAL 2017 in Tirana, Albania.

Toolchain bug reports and fixes Packages' bug reports Reviews of unreproducible packages

11 package reviews have been added, 2562 have been updated and 278 have been removed in this week, adding to our knowledge about identified issues. Most of the updates were to move ~1800 packages affected by the generic catch-all captures_build_path (out of ~2600 total) to the more specific gcc_captures_build_path, fixed by our proposed patches to GCC.

5 issue types have been updated:

Weekly QA work

During our reproducibility testing, FTBFS bugs have been detected and reported by:

  • Adrian Bunk (1)
  • Chris Lamb (2)
  • Chris West (1)
diffoscope development

diffoscope development continued on the experimental branch:

  • Maria Glukhova:
    • Code refactoring and more tests.
  • Chris Lamb:
    • Add safeguards against unpacking recursive or deeply-nested archives. (Closes: #780761)
strip-nondeterminism development
  • strip-nondeterminism 0.033-1 and -2 were uploaded to unstable by Chris Lamb. It included contributions from:

  • Bernhard M. Wiedemann:

    • Add cpio handler.
    • Code quality improvements.
  • Chris Lamb:
    • Add documentation and increase verbosity, in support of the long-term aim of removing the need for this tool.
reprotest development
  • reprotest 0.6.1 and 0.6.2 were uploaded to unstable by Ximin Luo. It included contributions from:

  • Ximin Luo:

    • Add a documentation section on "Known bugs".
    • Move developer documentation away from the man page.
    • Mention release instructions in the previous changelog.
    • Preserve directory structure when copying artifacts. Otherwise hash output on a successful reproduction sometimes fails, because find(1) can't find the artifacts using the original artifact_pattern.
  • Chris Lamb
    • Add proper release instructions and a keyring.
trydiffoscope development
  • Chris Lamb:
    • Uses the diffoscope from Debian experimental if possible.

This week's edition was written by Ximin Luo, Holger Levsen and Chris Lamb & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.

Categories: FLOSS Project Planets

Nick Kew: The Great B Minor

Planet Apache - Wed, 2017-05-17 11:53

This Sunday, May 21st, we’re performing Bach’s B Minor Mass at the Guildhall, Plymouth.  This work needs no introduction, and I have no hesitation recommending it for readers who enjoy music and are within evening-out distance of Plymouth.

Tickets are cheaper in advance than on the door, so you might want to visit your favourite regular ticket vendor or google for online sales.

Minor curiosity: the edition we’re using was edited by Arthur Sullivan.  Yes, he of G&S, and an entirely different era and genre of music!   It’s also the Novello edition used in most performances in Britain.

Categories: FLOSS Project Planets
Syndicate content