FLOSS Project Planets
Of Color and Software
It’s been a minute!
We have been hard at work making sure our design system keeps moving forward. For the past weeks, we have made significant progress in the space of color creation and icons.
There is also an easter egg in the form of PenPot. Read the rest!
As previously mentioned, we restructured our color palettes to have set color variations at various levels. We will combine those colors into tokens that will be named something like this:
pd.sys.color.red50
Meaning:
- PD: Plasma Design
- SYS: System token (We also have reference tokens and component tokens, .ref. and .com. respectively)
- Color: Token type
- red50: color name + color value
Note that as we follow Material design guidelines for these colors, we have a collection of 100 different color shades for a given color. Depending on the needs of the system or changes in design, we could decide to not use red50 but we would like more intensity. So we would choose red49, or red48, and so on.
The color variable name would change accordingly. This set up would allow designers and developers to understand the kind of token they are working with and it would be the same language for both developer and designer.
In Figma and PenPot, designers have the ability to name tokens however they like. I opted for keeping token names as we are recommending them for the Plasma system. That way there is good consistency.
This week, we consolidated these colors and we added them to the list of tokens in Figma and PenPot. However, there is still more to be done in the form of documentation for our Plasma developer team. We are still working through it, making sure we are accurate in the request for development.
Additionally, this week we had the pleasure to meet with Pablo Ruiz, CEO at PenPot. Mike, one of our team members met Pablo recently and spoke of our Plasma Next project. This led to a meeting to discuss the needs that our team currently has for developing a design system.
The team at PenPot is excited to partner with our KDE team and the Plasma Next initiative. They have generously offered a few resources to help.
This couldn’t come at a better time as very recently we have been hitting gaps in our team knowledge when it comes to developing design systems. This process is a first for our desktop system and we want to get it right. With the help of the PenPot team and the changes they are making to the application, this should be easier.
As such, we also decided to request prioritization for some of our tickets that would allow us to set up and migrate our Figma assets into PenPot and eventually, share these with the community at large.
Today, we are not close to releasing a full design system for others to use, but we are making good progress. Stay tuned!
We also moved into the process of editing 16px icons. Given that we already have new icons in the 24px collection that we can leverage, we cut the design time in half or more. We don’t have to brainstorm new icons, we mostly just have to edit the 24px icon and adapt it to a 16px version. This work just barely started but we are making good progress.
One area that is still up in the air is our colorful icons. Given we edited the monochrome icons, this calls for editing colorful icons as well. We have received many suggestions on what kind of colorful style we should follow. I would like to extend that invitation.
If you have seen or created amazing colorful icons and would like to suggest that style for us at Plasma, send us a comment!
That’s it for this week. Good progress so far!
Dirk Eddelbuettel: RcppSpdlog 0.0.19 on CRAN: New Upstream, New Features
Version 0.0.19 of RcppSpdlog arrived on CRAN early this morning and has been uploaded to Debian. RcppSpdlog bundles spdlog, a wonderful header-only C++ logging library with all the bells and whistles you would want that was written by Gabi Melman, and also includes fmt by Victor Zverovich. You can learn more at the nice package documention site.
This releases updates the code to the version 1.15.0 of spdlog which was released on Saturday, and contains fmt 11.0.2. It also contains a contributed PR which allows use std::format under C++20, bypassing fmt (with some post-merge polish too), and another PR correcting a documentation double-entry.
The NEWS entry for this release follows.
Changes in RcppSpdlog version 0.0.19 (2024-11-10)Support use of std::format under C++20 via opt-in define instead of fmt (Xanthos Xanthopoulos in #19)
An erroneous duplicate log=level documentation level was removed (Contantinos Giachalis in #20)
Upgraded to upstream release spdlog 1.15.0 (Dirk in #21)
Partially revert / simplify src/formatter.cpp accomodating both #19 and previous state (Dirk in #21)
Courtesy of my CRANberries, there is also a diffstat report. More detailed information is on the RcppSpdlog page, or the package documention site. If you like this or other open-source work I do, you can sponsor me at GitHub.
This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.
Gunnar Wolf: Why academics under-share research data - A social relational theory
As an academic, I have cheered for and welcomed the open access (OA) mandates that, slowly but steadily, have been accepted in one way or another throughout academia. It is now often accepted that public funds means public research. Many of our universities or funding bodies will demand that, with varying intensities–sometimes they demand research to be published in an OA venue, sometimes a mandate will only “prefer” it. Lately, some journals and funder bodies have expanded this mandate toward open science, requiring not only research outputs (that is, articles and books) to be published openly but for the data backing the results to be made public as well. As a person who has been involved with free software promotion since the mid 1990s, it was natural for me to join the OA movement and to celebrate when various universities adopt such mandates.
Now, what happens after a university or funder body adopts such a mandate? Many individual academics cheer, as it is the “right thing to do.” However, the authors observe that this is not really followed thoroughly by academics. What can be observed, rather, is the slow pace or “feet dragging” of academics when they are compelled to comply with OA mandates, or even an outright refusal to do so. If OA and open science are close to the ethos of academia, why aren’t more academics enthusiastically sharing the data used for their research? This paper finds a subversive practice embodied in the refusal to comply with such mandates, and explores an hypothesis based on Karl Marx’s productive worker theory and Pierre Bourdieu’s ideas of symbolic capital.
The paper explains that academics, as productive workers, become targets for exploitation: given that it’s not only the academics’ sharing ethos, but private industry’s push for data collection and industry-aligned research, they adapt to technological changes and jump through all kinds of hurdles to create more products, in a result that can be understood as a neoliberal productivity measurement strategy. Neoliberalism assumes that mechanisms that produce more profit for academic institutions will result in better research; it also leads to the disempowerment of academics as a class, although they are rewarded as individuals due to the specific value they produce.
The authors continue by explaining how open science mandates seem to ignore the historical ways of collaboration in different scientific fields, and exploring different angles of how and why data can be seen as “under-shared,” failing to comply with different aspects of said mandates. This paper, built on the social sciences tradition, is clearly a controversial work that can spark interesting discussions. While it does not specifically touch on computing, it is relevant to Computing Reviews readers due to the relatively high percentage of academics among us.
Real Python: Python News Roundup: November 2024
The latest Python developments all point to the same thing—Python is currently thriving. The recent GitHub Octoverse 2024 report has revealed that Python is now the most used language on GitHub. Also, last month saw the release of Python 3.13, which is already laying the groundwork for some exciting future improvements.
While Python core developers have been busy exploring the language’s features as they tinker with upcoming enhancements, it’s good to know that working on Python’s source code isn’t the only way you can contribute to Python’s future. Another way to shape the focus of upcoming releases is to join the Python Developers Survey 2024.
And with the end of the year in sight, you may want to venture a look at next year’s calendar and mark some dates, such as the PyCon US conference in May or the Python 3.14 release in October 2025.
Now that you know the highlights, it’s time to dive into the most important Python news for November.
Join Now: Click here to join the Real Python Newsletter and you'll never miss another Python tutorial, course update, or post.
Python’s Popularity Shines in GitHub’s Octoverse 2024The latest Octoverse report for 2024 shows that Python remains one of the most widely used languages on GitHub, securing its place as a core language in open-source and professional development. Python ranked among the top three most-used languages, demonstrating its continued appeal across industries and experience levels:
As GitHub’s annual report illustrates, Python’s popularity is fueled by its solid role in developing machine learning and artificial intelligence frameworks.
Another takeaway from the Octoverse survey is Python’s strong community engagement. Python developers are not only active in contributing code but also in participating in discussions, filing issues, and reviewing pull requests.
Read the full article at https://realpython.com/python-news-november-2024/ »[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]
death and gravity: reader 3.15 released – Retry-After
Hi there!
I'm happy to announce version 3.15 of reader, a Python feed reader library.
What's new? #Here are the highlights since reader 3.13.
Retry-After #Now that it supports scheduled updates, reader can honor the Retry-After HTTP header sent with 429 Too Many Requests or 503 Service Unavailable responses.
Adding this required an extensive rework of the parser internal API, but I'd say it was worth it, since we're getting quite close to it becoming stable.
Next up in HTTP compliance is to do more on behalf of the user: bump the update interval on repeated throttling, and handle gone and redirected feeds accordingly.
Faster tag filters, feed slugs #OR-only tag filters like get_feeds(tags=[['one', 'two']]) now use an index.
This is useful for maintaining a reverse mapping to feeds/entries, like the feed slugs recipe does to add support for user-defined short URLs:
>>> url = 'https://death.andgravity.com/_feed/index.xml' >>> reader.set_feed_slug(url, 'andgravity') >>> reader.get_feed_by_slug('andgravity') Feed(url='https://death.andgravity.com/_feed/index.xml', ...)(Interested in adopting this recipe as a real plugin? Submit a pull request!)
enclosure_tags improvements #The enclosure_tags plugin fixes ID3 tags for MP3 enclosures like podcasts.
I've changed the implementation to rewrite tags on the fly, instead of downloading the entire file, rewriting tags, and then sending it to the user; this should allow browsers to display accurate download progress.
Some other, smaller improvements:
- Set genre to Podcast if the feed has any tag containing "podcast".
- Prefer feed user title to feed title if available.
- Use feed title as artist, instead of author.
Because feedparser makes PyPI releases at a lower cadence, reader has been using a vendored version of feedparser's develop branch for some time. It is now possible to opt out of this behavior and make reader use the installed feedparser package.
Python versions #reader 3.14 (released back in July) adds support for Python 3.13.
That's it for now. For more details, see the full changelog.
Want to contribute? Check out the docs and the roadmap.
Learned something new today? Share this with others, it really helps! PyCoder's Weekly HN Reddit linkedin Twitter
What is reader? #reader takes care of the core functionality required by a feed reader, so you can focus on what makes yours different.
reader allows you to:
- retrieve, store, and manage Atom, RSS, and JSON feeds
- mark articles as read or important
- add arbitrary tags/metadata to feeds and articles
- filter feeds and articles
- full-text search articles
- get statistics on feed and user activity
- write plugins to extend its functionality
...all these with:
- a stable, clearly documented API
- excellent test coverage
- fully typed Python
To find out more, check out the GitHub repo and the docs, or give the tutorial a try.
Why use a feed reader library? #Have you been unhappy with existing feed readers and wanted to make your own, but:
- never knew where to start?
- it seemed like too much work?
- you don't like writing backend code?
Are you already working with feedparser, but:
- want an easier way to store, filter, sort and search feeds and entries?
- want to get back type-annotated objects instead of dicts?
- want to restrict or deny file-system access?
- want to change the way feeds are retrieved by using Requests?
- want to also support JSON Feed?
- want to support custom information sources?
... while still supporting all the feed types feedparser does?
If you answered yes to any of the above, reader can help.
The reader philosophy #- reader is a library
- reader is for the long term
- reader is extensible
- reader is stable (within reason)
- reader is simple to use; API matters
- reader features work well together
- reader is tested
- reader is documented
- reader has minimal dependencies
So you can:
- have full control over your data
- control what features it has or doesn't have
- decide how much you pay for it
- make sure it doesn't get closed while you're still using it
- really, it's easier than you think
Obviously, this may not be your cup of tea, but if it is, reader can help.
Programiz: Python f-string
Vincent Bernat: Customize Caddy's plugins with Nix
Caddy is an open-source web server written in Go. It handles TLS certificates automatically and comes with a simple configuration syntax. Users can extend its functionality through plugins1 to add features like rate limiting, caching, and Docker integration.
While Caddy is available in Nixpkgs, adding extra plugins is not simple.2 The compilation process needs Internet access, which Nix denies during build to ensure reproducibility. When trying to build the following derivation using xcaddy, a tool for building Caddy with plugins, it fails with this error: dial tcp: lookup proxy.golang.org on [::1]:53: connection refused.
{ pkgs }: pkgs.stdenv.mkDerivation { name = "caddy-with-xcaddy"; nativeBuildInputs = with pkgs; [ go xcaddy cacert ]; unpackPhase = "true"; buildPhase = '' xcaddy build --with github.com/caddy-dns/powerdns@v1.0.1 ''; installPhase = '' mkdir -p $out/bin cp caddy $out/bin ''; }Fixed-output derivations are an exception to this rule and get network access during build. They need to specify their output hash. For example, the fetchurl function produces a fixed-output derivation:
{ stdenv, fetchurl }: stdenv.mkDerivation rec { pname = "hello"; version = "2.12.1"; src = fetchurl { url = "mirror://gnu/hello/hello-${version}.tar.gz"; hash = "sha256-jZkUKv2SV28wsM18tCqNxoCZmLxdYH2Idh9RLibH2yA="; }; }To create a fixed-output derivation, you need to set the outputHash attribute. The example below shows how to output Caddy’s source code, with some plugin enabled, as a fixed-output derivation using xcaddy and go mod vendor.
pkgs.stdenvNoCC.mkDerivation rec { pname = "caddy-src-with-xcaddy"; version = "2.8.4"; nativeBuildInputs = with pkgs; [ go xcaddy cacert ]; unpackPhase = "true"; buildPhase = '' export GOCACHE=$TMPDIR/go-cache export GOPATH="$TMPDIR/go" XCADDY_SKIP_BUILD=1 TMPDIR="$PWD" \ xcaddy build v${version} --with github.com/caddy-dns/powerdns@v1.0.1 (cd buildenv* && go mod vendor) ''; installPhase = '' mv buildenv* $out ''; outputHash = "sha256-F/jqR4iEsklJFycTjSaW8B/V3iTGqqGOzwYBUXxRKrc="; outputHashAlgo = "sha256"; outputHashMode = "recursive"; }With a fixed-output derivation, it is up to us to ensure the output is always the same:
- we ask xcaddy to not compile the program and keep the source code,3
- we pin the version of Caddy we want to build, and
- we pin the version of each requested plugin.
You can use this derivation to override the src attribute in pkgs.caddy:
pkgs.caddy.overrideAttrs (prev: { src = pkgs.stdenvNoCC.mkDerivation { /* ... */ }; vendorHash = null; subPackages = [ "." ]; });Check out the complete example in the GitHub repository. To integrate into a Flake, add github:vincentbernat/caddy-nix as an overlay:
{ inputs = { nixpkgs.url = "nixpkgs"; flake-utils.url = "github:numtide/flake-utils"; caddy.url = "github:vincentbernat/caddy-nix"; }; outputs = { self, nixpkgs, flake-utils, caddy }: flake-utils.lib.eachDefaultSystem (system: let pkgs = import nixpkgs { inherit system; overlays = [ caddy.overlays.default ]; }; in { packages = { default = pkgs.caddy.withPlugins { plugins = [ "github.com/caddy-dns/powerdns@v1.0.1" ]; hash = "sha256-Vh7JP6RK23Y0E5IDJ3zbBCnF3gKPIav05OMI4ALIcZg="; }; }; }); }-
This article uses the term “plugins,” though Caddy documentation also refers to them as “modules” since they are implemented as Go modules. ↩︎
-
This is a feature request since quite some time. A proposed solution has been rejected. The one described in this article is a bit different. ↩︎
-
This is not perfect: if the source code produced by xcaddy changes, the hash would change and the build would fail. ↩︎
Django Weblog: Announcing DjangoCon Europe 2025 in Dublin, Ireland! 🍀
We're thrilled to announce the much-anticipated return of DjangoCon Europe, set to take place in the vibrant city of Dublin, Ireland, in 2025! DjangoCon Europe has been a cornerstone of the Django community, bringing together developers and enthusiasts from all over Europe and beyond to celebrate and advance the Django web framework.
Save the DatesMark your calendars for DjangoCon Europe 2025, which will be held from April 23th to 27th. The conference will host a balanced mix of insightful talks, hands-on workshops, and ample opportunities for networking and socialising with fellow Django enthusiasts.
Explore DublinWith its rich history and vibrant tech scene, Dublin is the perfect backdrop for this year's conference. Dublin's thriving tech community and innovative spirit make it an ideal host for DjangoCon Europe. Plus, the city's lively culture, breathtaking architecture, and friendly locals are sure to provide an unforgettable experience.
Call for ProposalsDjangoCon Europe wouldn't be the same without the insightful and diverse talks contributed by our community. We encourage you to consider submitting a proposal to share your knowledge, experiences, and insights with the Django community. Keep an eye out for the Call for Proposals (CFP) announcement. This is your chance to contribute to the conference program and help make DjangoCon Europe 2025 exceptional.
Get InvolvedDjangoCon Europe is a community-driven event, and we rely on the active participation and support of our community members. Here are a few ways you can get involved:
- Attend: Join us in Dublin for a week of learning, networking, and fun.
- Speak: Share your expertise by submitting a talk proposal when the CFP opens.
- Sponsor: Support the conference financially and gain visibility in the Django community (email us at sponsors@djangocon.eu)
- Volunteer: Help us make the conference run smoothly by volunteering your time and skills (https://forms.gle/xmwxssiheMa1oCvPA)
Stay tuned for updates on registration, sponsorship opportunities, and more by following DjangoCon Europe on Twitter and Linkedin.
Stay InformedTo stay up-to-date with the latest DjangoCon Europe 2025 news, visit our website and follow us on Twitter & Linkedin. We will be sharing details about the schedule, speakers, and more in the coming months, so make sure you're on the list!
We can't wait to see you in Dublin for DjangoCon Europe 2025. Get ready for a week of learning, networking, and celebrating all things Django. It's going to be an unforgettable event, and we look forward to sharing this experience with you. Thank you for being a part of our amazing Django community!
See you in Dublin! 🍀
PS: Keep an eye on our social media for special offer we will have during the upcoming holiday season 😉
OpenSense Labs: Drupal 7 End Of Life: Top Reasons You Should Migrate To Drupal 10
- Log in to post comments
Drupal 10 was released in December 2022 and ever since, the community has been pushing its users to do Drupal 7 to 10 migration. As per w3techs.com, as many as 41.2% of all Drupal sites are running on Drupal 7.
Using an outdated version has downsides. Businesses miss out on technological advancements and new features that can speed up and safeguard their digital properties.
With the release of Drupal 10 and the fact that Drupal 7 end of life is in January 2025, it is crucial to do Drupal 7 to 10 migration soon.
So, if your existing content management system is running on the Drupal 7 version, we suggest looking into OpenSense Labs' Drupal 7 to 10 migration services for guidance and upgrading to Drupal 10 today.
And if you’re still not convinced, let’s look into why enterprises should plan their Drupal 7 to 10 migration now, and not wait until the last moment.
Why Should You Do Drupal 7 To 10 Migration?Drupal 10 brings automated updates, and improved user experience, along with several other feature additions. These components are more secure, user-friendly, and powerful. Let’s dive deep into why enterprises must plan their Drupal 7 to 10 migration right away.
1. Drupal 7 Support From The Community
As an open-source CMS Drupal 7 support that comes from the Drupal community is what keeps Drupal's continuous innovation ongoing. With the Drupal community prioritizing and actively focusing on the security of newer versions, when the Drupal 7 end of life comes, the Drupal 7 support from the community will also seize.
This primarily jeopardizes the security of your Drupal 7 website. This also means that contributed modules and themes that are currently used in your Drupal 7 website, will also lose maintenance support. This would bring challenges in website maintenance.
Also Check Out:
2. New Features And Upgrades
Another consequence of not upgrading to Drupal 10 is that certain functionalities may cease to perform as intended. Or there may be better alternatives available. Not only can this cause extra annoyance among website maintainers, but resolving these issues may incur additional expenditures for your company owing to the time and resources required to do so.
In Drupal 7, while developers had to manually upgrade/update or search for modules from drupal.org, Drupal 10 has simplified this with Automated updates and a Project browser, respectively. A lot of Drupal 7 features are either incorporated out-of-the-box in Drupal 10 or simply removed to maintain ease of use.
Also, the Drupal 7 ‘Seven’ theme from 2009 gave off an out-of-date system impression. Seven was replaced by the new ‘Claro’ theme, which was created by the most recent requirements.
And the front-end theme, ‘Olivero,’ was created to fit with features that are well-liked by users, such as the Layout Builder. The Olivero theme will meet WCAG AA accessibility standards.
The simple finding and installation of modules should empower Drupal newcomers as well as ‘ambitious site builders’. – Dries Buytaert
3. Technical Dependencies
Drupal works on currently supported PHP versions. Choosing the recommended PHP versions is ideal for developing a Drupal site, as they offer extended support over time. Drupal 10 is built on PHP version 8.0 while the Drupal 7 CMS is built on PHP 7 which has also reached its end of life.
This creates technical dependencies in supporting the platform better.
- jQuery, jQuery UI, jQuery Forms: Drupal 7 CMS includes old and unsupported versions of these libraries. jQuery's current version is 3.7.1. Drupal 7 CMS includes 1.4.2. Other libraries have comparable challenges. You may minimize this little with the jQuery Update module, although the most recent version is 3.5.2.
Drupal 8 and later (as well as many other content management systems) make it simple to provide API access to your content. In the age of ‘publish everywhere’, this is a critical feature. Drupal 7 CMS has some basic API support, but if you want a full-fledged API with write support, you'll have to create it yourself, which adds technical debt and possible vulnerabilities. - CKEditor 5 Update From CKEditor 4: With a thorough rebuild and an exciting new feature set, CKEditor 5 gives Drupal 10 a modern, collaborative editor experience. Users of programs like Microsoft Word or Google Docs will be used to the new CKEditor's interface.
It also provides standard collaboration tools such as comments, suggestions for changes, version histories, and other widely accepted editing methods. Additionally, it has outputs to .docx and .pdf files for straightforward conversion to print formats. - Composer 2 And PHP 8 Support: Although the backporting of Composer 2 to Drupal 8 was successful, PHP 8 compatibility was not. PHP 8 will be required for Drupal 10 because PHP 7 was discontinued in November 2022.
OpenSense Labs, as a Drupal organization, is committed to providing active support. Check out our Drupal 7 to Drupal 10 Migration services today for a long-term and fruitful collaboration.
4. Modules That Have Gone Out Of Support
The Drupal 10 core was updated to eliminate a few modules that are redundant or are not frequently used. For uniformity, these modules were transferred to the Contributed Module area. Gathers and presents syndicated material from outside sources (RSS, RDF, and Atom feeds).
-
QuickEdit: In-place content editing
-
HAL: Serializes entities using the Hypertext Application Language
-
Activity Tracker: Users may keep track of recent content with the activity tracker feature
-
RDF: Enhances websites with metadata so that other systems may comprehend their characteristics
You will have to leave Drupal 7 CMS behind. Eventually, the opportunity cost of continuing to use software that is more than 10 years old is substantial, and once Drupal 7 end of life comes, the risk and expense of an uncovered vulnerability increases rapidly.
There are several possibilities available to you, and now is the time for you to choose and make plans for one of them. The ideal option will rely on the expertise level of your team, the amount of business logic you have included in Drupal 7 CMS and your projected budget.
Also Check Out:
CMS Drupal 7 v/s Drupal 10As this article aims to highlight the difficulties associated with the ongoing use of Drupal 7 CMS and to present the most effective solution, below is a comparison of CMS Drupal 7 v/s Drupal 10 to help you understand the benefits of Drupal 10 better.
Our primary objective is to provide you with a comprehensive understanding of how various popular website features, tasks, and workflows are represented in both Drupal 7 CMS and Drupal 10.
1. Mobile Design
Drupal 7 CMS lacks the essential responsive design capabilities needed to develop web pages that adjust their structures to different screen sizes of devices. One can develop websites that are mobile-friendly with Drupal 7 CMS by manually adjusting settings and incorporating extra modules or themes that have been contributed by others.
In Drupal 10, developers can construct responsive pages with greatly streamlined workflows, minimal manual configuration, and without the necessity for additional modules. The contemporary Drupal core features a powerful framework for managing responsive images and breakpoints, which are essential components of responsive design.
Recent advancements include innovative features like Views Responsive Grids, which provide intuitive responsiveness options for grids within Drupal Views. The core themes for both the administration and front end in Drupal 10, known as Claro and Olivero, are inherently responsive.
2. Administrative Interfaces
Drupal 7 CMS features a conventional administrative dashboard organized with tabs and subtabs. The overlay-contributed module enables extensive menu sections to be displayed in modal windows. The user interface of Drupal 7 CMS seems to be antiquated regarding its design and overall user experience.
Accessibility challenges also exist, including problems with colour contrast and the absence of keyboard navigation options. Accessing the administrative dashboard on mobile devices proves to be challenging due to the lack of optimization for smaller screens.
Upon accessing the administrative dashboard in Drupal 10, one is greeted by a contemporary and elegant design offered by the core admin theme, Claro. The design features a tidy and organized appearance. The admin interface has become more intuitive and user-friendly due to a more logical arrangement of settings and actions, accompanied by clearer labels throughout.
Claro has been developed with a focus on responsiveness, enabling your team to perform administrative tasks using mobile devices when necessary. Significant enhancements in accessibility are readily apparent through the noticeable colour contrasts and the use of more legible fonts.
A consistent approach to focus states and styles facilitates the interaction with forms, buttons, form fields, and other interactive components, ensuring accessibility for users who navigate solely via keyboard.
3. Content Authoring
When Drupal 8 was released in 2015, it included a comprehensive text editor by default — CKEditor. Over the years, CKEditor has continually evolved following the latest trends.
CKEditor 5 has emerged as a significant asset for Drupal 10, introducing contemporary and user-friendly balloon panels for ALT text and links, a specialized toolbar for inline media formatting, straightforward table creation, code blocks, special characters, and a variety of additional features.
The range of functionalities offered by CKEditor 5 for Drupal 10 is continually expanding, accompanied by supplementary contributed modules for CKEditor 5. We conducted a comparative analysis of CKEditor 4 and CKEditor 5, examining each feature for the benefit of our readers.
In the case of Drupal 7, it is important to note that it does not come equipped with a WYSIWYG (What-You-See-Is-What-You-Get) editor by default. The content editing form lacks a toolbar that facilitates the addition of links, bold text, italics, headings, bullet points, numbered lists, and other formatting options.
Acquiring a toolbar necessitates the installation of contributed modules that provide different iterations of the WYSIWYG editor. For many years, one of the most effective solutions has been the installation of the CKEditor 4 contributed module.
The module is currently no longer supported, which means that its presence on your website will necessitate additional paid CMS Drupal 7 support to guarantee its proper functionality. There is more to consider than merely the loss of CMS Drupal 7 support for all Drupal 7 modules. The issue is rooted even more profoundly in this situation.
CKEditor 4, a third-party application, officially reached its end-of-life for the open-source version earlier this year.
4. Creating Page Layouts
The process of creating layouts in Drupal 7 CMS is mainly facilitated by contributed modules, particularly Panels, in conjunction with several other dependent modules, including Page Manager and Ctools.
To modify a Drupal 7 CMS layout, it is frequently necessary to possess a certain level of understanding of PHP as well as the ability to configure settings via the administrative interface. In Drupal 10, the Layout Builder feature is integrated into the core, enhancing the intuitiveness and flexibility of layout creation.
It boasts an intuitive interface that includes drag-and-drop functionality. Customizations can be achieved without the necessity of coding, thereby creating new opportunities for individuals who are not developers. The Layout Builder in Drupal 10 is designed to inherently accommodate responsive web design.
The development of visually appealing and consistent responsive layouts in Drupal 10 is becoming increasingly engaging due to innovative methods such as Single Directory Components, as well as contributed modules like Bootstrap UI Kit, among others.
The integration of the Bootstrap framework into Drupal websites enhances their capabilities, streamlines workflows, and increases overall project efficiency.
5. AI Tool Integration
Generative AI can be seamlessly incorporated into a Drupal website, transforming it into a centralized hub where users can enhance their workflows utilizing artificial intelligence.
AI tools are capable of providing responses directly within the Drupal administration interface, producing content, translating text, proposing titles, modifying the tone and voice of written material, creating taxonomy terms, and generating placeholder content complete with images for quality assurance and development teams to evaluate new features, among various other functionalities.
The variety of AI-related modules and their functionalities is continually expanding. All modules developed for AI integration are specifically designed for Drupal 10, and there are none created for Drupal 7. The sole method to obtain it for Drupal 7 CMS is by developing a custom module.
This solution will require payment, which poses a challenge for development due to the limitations of Drupal 7 CMS in integrating with specific APIs or functionalities.
6. Decoupling Opportunities
Today, there will be extensive discussions regarding decoupled architecture. Separating the front end and back end enables developers to use modern JavaScript frameworks designed for creating user interfaces that enhance performance, improve user experience, and boost developer productivity.
Examining the decoupled setup possibilities of Drupal 7 CMS resembles a journey through time. Drupal 7 CMS is a monolithic content management system in which the front end is closely integrated with the backend. The built-in support for REST APIs is limited, and the development of APIs for content sharing necessitates the use of additional modules.
Drupal 10, in contrast, adopts an API-first methodology. The system incorporates integrated RESTful Web Services and JSON:API, facilitating the development of APIs and the distribution of Drupal content to external applications. While these features were introduced before Drupal 10, efforts continue to enhance Drupal with additional exciting functionalities.
One of the recent advancements in Drupal is the development of Decoupled Menus, which is designed to facilitate the consumption of Drupal menus by JavaScript frontends. With the introduction of Drupal 10.1, it is now possible to activate a menu Linkset API endpoint with minimal effort, and additional improvements are on the horizon.
CMS Drupal 7 To 10 Migration ChecklistSo, let us now look into the requirements necessary to successfully execute CMS Drupal 7 to Drupal 10 migration. Although every Drupal 7 to Drupal 10 migration project possesses its distinct characteristics, it can typically be divided into the following steps:
Step 1: Examine Your Drupal 7 Website
CMS Drupal 7 to Drupal 10 migration represents a significant advancement. Consider this an opportunity to strategize for the future of your site by evaluating its structure, content, functionality, and design.
Here are a few questions to help you initiate your exploration:
-
What are your expectations regarding Drupal 10?
-
Is the existing structure functioning effectively?
-
What elements require Drupal 7 to Drupal 10 migration?
-
Is there a necessity for a redesign?
-
Does your code require a comprehensive revision?
-
What is the scale of the task?
Step 2: Verify The Availability Of Modules
Are you utilizing contributed modules to enhance the capabilities of your Drupal 7 site?
If so, you will need to verify their compatibility with Drupal 10 or seek an alternative before proceeding with the CMS Drupal 7 to Drupal 10 migration. You may accomplish this by individually reviewing the page of each module on drupal.org, or by utilizing a tool like the Upgrade Status module.
It is advisable to explore alternative options, even if your current modules are compatible with Drupal 10, as the Drupal community may have developed superior solutions.
Step 3: Develop Your Drupal 10 Website
You are required to develop a completely new website utilizing the most recent version available, which is Drupal 10.3.7 as of the current date. Now, proceed to install the modules that you have chosen in the preceding step. It is important to note that the installation procedure in Drupal 10 differs from that of Drupal 7.
Establish your content frameworks by incorporating blocks, content types, media types, web forms, and navigation menus. It is advisable to utilize Layout Builder, a fundamental module introduced in Drupal 8.5, which serves as a replacement for the Panels module. The robust drag-and-drop capabilities of Layout Builder facilitate the creation of visually appealing and adaptable pages with ease.
Step 4: Revise Your Code
It is advisable to utilize available contributed modules whenever feasible to minimize the necessity for custom coding. Custom themes must be developed anew from the ground up. Adopt optimal methodologies and contemporary coding standards. It is important to note that Drupal 10 necessitates a minimum of PHP 8.1 and has revised its database requirements.
Finally, integrate your personalized modules and themes into your Drupal 10 website.
Step 5: Transfer Your Data
If the amount of content is limited, it may be feasible to transfer it manually from the previous site to the new one. You may wish to consider automating the process instead. Automated Drupal 7 to Drupal 10 migration can be accomplished by utilizing the Migrate API to transfer content and configurations.
It is essential to recognize its limitations and to develop a strategy for addressing them effectively. You might need to regenerate views using the views migration module, for instance. Additional useful modules for CMS Drupal 7 to Drupal 10 migration consist of Migrate Plus, Migrate Tools, and Migrate Scanner.
Step 6: Test Your Newly Developed Website
Conduct thorough testing and quality assurance on your new website to guarantee its security, performance, and accessibility on a range of devices. Ensure that all content and data have been accurately migrated. Finally, obtain the necessary approvals from the relevant stakeholders.
Step 7: Launch!
Inform your audiences about the forthcoming change. This presents an excellent opportunity to demonstrate and articulate the advantages it offers to them. Adjust the DNS settings of your site to direct them to your Drupal 10 website. Re-establish any previous redirects or custom URLs and monitor your logs for any occurrences of 404 errors or other alerts.
Ensure that your previous Drupal 7 site is secure and inaccessible to the public. It may be advisable to ultimately establish a static version and a backup for future reference.
Key Takeaways-
The impending CMS Drupal 7 end of life in January 2025, underscores the importance of doing Drupal 7 to Drupal 10 migration soon.
-
Drupal 10 introduces automated updates, enhances user experience, and includes a variety of additional features.
-
The Drupal community places a strong emphasis on the security of its newer versions, the CMS Drupal 7 support from the community will also come to an end with Drupal 7 end of life in January 2025.
-
One additional consequence of failing to upgrade to Drupal 10 is that specific functionalities may no longer operate as expected.
-
Drupal 10 is developed using PHP version 8.0, whereas Drupal 7 CMS is based on PHP 7, which has also approached its end of life.
Glyph Lefkowitz: It’s Time For Democrats To Get More Annoying
Kamala Harris lost. Here we are. So it goes.
Are you sad? Are you scared?
I am very sad. I am very scared.
But, like everyone else in this position, most of all, I want to know what to do next.
A Mission For ProgressI believe that we should set up a missionary organization for progressive and liberal values.
In 2017, Kayla Chadwick wrote the now-classic article, “I Don’t Know How To Explain To You That You Should Care About Other People”. It resonated with millions of people, myself included. It expresses an exasperation with a populace that seems ignorant of economics, history, politics, and indeed unable to read the news. It is understandable to be frustrated with people who are exercising their electoral power callously and irresponsibly.
But I think in 2024, we need to reckon with the fact that we do, in fact, need to explain to a large swathe of the population that they should care about other people.
We had better figure out how to explain it soon.
Shared Values — A Basis for HopeThe first question that arises when we start considering outreach to the conservative-leaning or undecided independent population is, “are these people available to be convinced?”.
To that, I must answer an unqualified “yes”.
I know that some of you are already objecting. For those of us with an understanding of history and the mechanics of bigotry in the United States, it might initially seem like the answer is “no”.
As the Nazis came to power in the 1920s, they were campaigning openly on a platform of antisemitic violence. Everyone knew what the debate was. It was hard to claim that you didn’t, in spite of some breathtakingly cowardly contemporaneous journalism, they weren’t fooling anyone.
It feels ridiculous to say this, but Hitler did not have support among Jews.
Yet, after campaigning on a platform of defaming immigrants, and Mexican immigrants specifically for a decade, a large part of what drove his victory is that Trump enjoyed a shockingly huge surge of support among the Hispanic population. Even some undocumented migrants — the ones most likely to be herded into concentration camps starting in January — are supporting him.
I believe that this is possible because, in order to maintain support of the multi-ethnic working-class coalition that Trump has built, the Republicans must maintain plausible deniability. They have to say “we are not racist”, “we are not xenophobic”. Incredibly, his supporters even say “I don’t hate trans people” with startling regularity.
Most voters must continue to believe that hateful policies with devastating impacts are actually race-neutral, and are simply going to get rid of “bad” people. Even the ones motivated by racial resentment are mostly motivated by factually incorrect beliefs about racialized minorities receiving special treatment and resources which they are not in fact receiving.
They are victims of a disinformation machine. One that has rendered reality incomprehensible.
If you listen to conservative messaging, you can hear them referencing this all the time. Remember when JD Vance made that comment about Democrats calling Diet Mountain Dew racist?
Many publications wrote about this joke “bombing”1, but the kernel of truth within it is this: understanding structural bigotry in the United States is difficult. When we progressives talk about it, people who don’t understand it think that our explanations sound ridiculous and incoherent.
There’s a reason that the real version of critical race theory is a graduate-level philosophy-of-law course, and not a couple of catch phrases.
If, without context, someone says that “municipal zoning laws are racist”, this makes about as much sense as “Diet Mountain Dew is racist” to someone who doesn’t already know what “redlining” is.
Conservatives prey upon this confusion to their benefit. But they prey on this because they must do so. They must do so because, despite everything, hate is not actually popular among the American electorate. Even now, they have to be deceived into it.
The good news is that all we need to do is stop the deception.
Politics MatterIf I have sold you on the idea that a substantial plurality of voters are available to be persuaded, the next question is: can we persuade them? Do we, as progressives, have the resources and means to do so? We did lose, after all, and it might seem like nothing we did had much of an impact.
Let’s analyze that assumption.
Across the country, Trump’s margins increased. However, in the swing states, where Harris spent money on campaigning, his margins increased less than elsewhere. At time of writing, we project that the safe-state margin shift will be 3.55% towards trump, and the swing-state margin shift will be 1.69%.
This margin was, sadly, too small for a victory, but it does show that the work mattered. Perhaps given more time, or more resources, it would have mattered just a little bit more, and that would have been decisive.
This is to say, in the places where campaign dollars were spent, even against the similar spending of the Trump campaign, we pushed the margin of support 1.86% higher within 107 days. So yes: campaigning matters. Which parts and how much are not straightforward, but it definitely matters.
This is a bit of a nonsensical comparison for a whole host of reasons2, but just for a ballpark figure, if we kept this pressure up continuously during the next 4 years, we could increase support for a democratic candidate by 25%.
We Can Teach, Not SellPolitical junkies tend to overestimate the knowledge of the average voter. Even when we are trying to compensate for it, we tend to vastly overestimate how much the average voter knows about politics and policy. I suspect that you, dear reader, are a political junkie even if you don’t think of yourself as one.
To give you a sense of what I mean, across the country, on Election day and the day after, there was a huge spike in interest for the Google query, “did Joe Biden drop out”.
Consistently over the last decade, democratic policies are more popular than their opponents. Even deep red states, such as Kansas, often vote for policies supported by democrats and opposed by Republicans.
This confusion about policy is not organic; it is not voters’ fault. It is because Republicans constantly lie.
All this ignorance might seem discouraging, but it presents an opportunity: people will not sign up to be persuaded, but people do like being informed. Rather than proselytizing via a hard sales pitch, it should be possible to offer to explain how policy connects to elections. And this is made so much the easier if so many of these folks already generally like our policies.
The Challenge Is EnormousI’ve listed some reasons for optimism, but that does not mean that this will be easy.
Republicans have a tremendously powerful, decentralized media apparatus that reinforces their culture-war messaging all the time.
After some of the post-election analysis, “The Left Needs Its Own Joe Rogan” is on track to become a cliché within the week.3 While I am deeply sympathetic to that argument, the right-wing media’s success is not organic; it is funded by petrochemical billionaires.
We cannot compete via billionaire financing, and as such, we have to have a way to introduce voters to progressive and liberal media. Which means more voters need social connections to liberals and progressives.
Good WorksThe democratic presidential campaign alone spent a billion and a half dollars. And, as shown above, this can be persuasive, but it’s just the persuasion itself.
Better than spending all this money on telling people what good stuff we would do for them if we were in power, we could just show them, by doing good stuff. We should live our values, not just endlessly reiterate them.
A billion dollars is a significant amount of power in its own right.
For historical precedent, consider the Black Panthers’ Free Breakfast For Children program. This program absolutely scared the shit out of the conservative power structure, to the point that Nixon’s FBI literally raided them for giving out free food to children.
Religious missionaries, who are famously annoying, often offset their annoying-ness by doing charitable work in the communities they are trying to reach. A lot of the country that we need to reach are religious people, and nominally both Christians and leftists share a concern for helping those in need, so we should find some cultural common ground there.
We can leverage that overlap in values by partnering with churches. This immediately makes such work culturally legible to many who we most need to reach.
Jobs Jobs JobsWhen I raised this idea with Philip James, he had been mulling over similar ideas for a long time, but with a slightly different tack: free career skills workshops from folks who are obviously “non-traditional” with respect to the average rural voter’s cultural expectations. Recruit trans folks, black folks, women, and non-white immigrants from our tech networks.
Run the trainings over remote video conferencing to make volunteering more accessible. Run those workshops through churches as a distribution network.
There is good evidence that this sort of prolonged contact and direct exposure to outgroups, to help people see others as human beings, very effective politically.
However, job skills training is by no means the only benefit we could bring. There are lots of other services we could offer remotely, particularly with the skills that we in the tech community could offer. I offer this as an initial suggestion; if you have more ideas I’d love to hear them. I think the best ideas are ones where folks can opt in, things that feel like bettering oneself rather than receiving charity; nobody likes getting handouts, particularly from the outgroup, but getting help to improve your own skills feels more participatory.
I do think that free breakfast for children, specifically, might be something to start with because people are far more willing to accept gifts to benefit others (particularly their children, or the elderly!) rather than themselves.
Take CreditDoing good works in the community isn’t enough. We need to do visible good works. Attributable good works.
We don’t want to be assholes about it, but we do want to make sure that these benefits are clearly labeled. We do not want to attach an obligation to any charitable project, but we do want to attach something to indicate where it came from.
I don’t know what that “something” should be. The most important thing is that whatever “something” is appeals to set of partially-overlapping cultures that I am not really a part of — Midwestern, rural, southern, exurban, working class, “red state” — and thus, I would want to hear from people from those cultures about what works best.
But it’s got to be something.
Maybe it’s a little sticker, “brought to you by progressives and liberals. we care about you!”. Maybe it’s a subtle piece of consistent branding or graphic design, like a stylized blue stripe. Maybe we need to avoid the word “democrats”, or even “progressive” or “liberal”, and need some independent brand for such a thing, that is clearly tenuously connected but not directly; like the Coalition of Liberal and Leftist Helpful Neighbors or something.
Famously, when Trump sent everybody a check from the government, he put his name on it. Joe Biden did the same thing, and Democrats seem to think it’s a good thing that he didn’t take credit because it “wasn’t about advancing politics”, even though this obviously backfired. Republicans constantly take credit for the benefits of Democratic policies, which is one reason why voters don’t know they’re democratic policies.
Our broad left-liberal coalition is attempting to improve people’s material conditions. Part of that is, and must be, advancing a political agenda. It’s no good if we provide job trainings and free lunches to a community if that community is just going to be reduced to ruin by economically catastrophic tariffs and mass deportations.
We cannot do this work just for the credit, but getting credit is important.
Let’s You And Me — Yes YOU — Get StartedI think this is a good idea, but I am not the right person to lead it.
For one thing, building this type of organization requires a lot of organizational and leadership skills that are not really my forte. Even the idea of filing the paperwork for a new 501(c)3 right now sounds like rolling Sisyphus’s rock up the hill to me.
For another, we need folks who are connected to this culture, in ways that I am not. I would be happy to be involved — I do have some relevant technical skills to help with infrastructure, and I could always participate in some of the job-training stuff, and I can definitely donate a bit of money to a nonprofit, but I don’t think I can be in charge.
You can definitely help too, and we will need a wide variety of skills to begin with, and it will definitely need money. Maybe you can help me figure out who should be in charge.
This project will be weaker without your support. Thus: I need to hear from you.
You can email me, or, if you’d prefer a more secure channel, feel free to reach out over Signal, where my introduction code is glyph.99 . Please start the message with “good works:” so I can easily identify conversations about this.
If I receive any interest at all, I plan to organize some form of meeting within the next 30 days to figure out concrete next steps.
AcknowledgmentsThank you to my patrons who are supporting my writing on this blog. If you like what you’ve read here and you’d like to read more things like it, or you’d like to support my various open-source endeavors, you can support my work as a sponsor! My aspirations for this support are more in the directions of software development than activism, but needs must, when the devil drives. Thanks especially to Philip James for both refining the idea and helping to edit this post, and to Marley Myrianthopoulos for assistance with the data analysis.
-
Personally I think that the perception of it “bombing” had to do with the microphones during his speech not picking up much in the way of crowd noise. It sounded to me like there were plenty of claps and laughs at the time. But even if it didn’t land with most of the audience, it definitely resonated for some of them. ↩
-
A brief, non-exhaustive list of the most obvious ones:
- This is a huge amount of money raised during a crisis with an historic level of enthusiasm among democrats. There’s no way to sustain that kind of momentum.
- There are almost certainly diminishing returns at some point; people harbor conservative (and, specifically, bigoted) beliefs to different degrees, and the first million people will be much easier to convince than the second million, etc.
- Support share is not fungible; different communities will look different, and some will be saturated much more quickly than others. There is no reason to expect the rate over time to be consistent, nor the rate over geography.
-
I mostly agree with this take, and in the interest of being the change I want to see in the world, let me just share a brief list of some progressive and liberal sources of media that you might want to have a look at and start paying attention to:
- If Books Could Kill
- Some More News
- Behind The Bastards
- Crooked Media, the publishers of Pod Save America, but you should check out everything they have on offer
- Bryan Tyler Cohen
- Hasan Piker
- PhilosophyTube
- Hbomberguy
- FD Signifier
- Citation Needed
- Platformer
Please note that not all of these are to my taste and not all of them may be to yours. They are all at different places along the left-liberal coalition spectrum, but find some sources that you enjoy and trust, and build from there. ↩
Seth Michael Larson: Writing a blog on the internet
Published 2024-11-11 by Seth Larson
Reading time: minutes
Today is the 5-year anniversary of my first blog post in 2019. Since that time I've written nearly 100 articles for my blog, something that I am quite proud of! Writing has had a huge positive impact on my life and career.
I invite you, dear reader, to start writing about topics you're interested in and sharing those writings on the internet. This article is me putting my finger on the scale by sharing what I would do differently if I were to start over again.
2★2★3★3★4★4★3★3★1★1★1★1★Hired at the PSFHired at t...44441313151513139966662★2★3★3★1★1★Writing about securityWriting about se...2222330055223322Q4Q4201920191★1★1★1★Hired at ElasticHired at E...Q2Q2Q3Q3Maintainer of urllib3Maintainer of ur...2233221144Q1Q1Q4Q420202020Q2Q2Q3Q3Q1Q1Q4Q420212021Q2Q2Q3Q3Q1Q1Q4Q420222022Q2Q2Q3Q3Q1Q1Q4Q420232023Q2Q2Q3Q3Q1Q1Q4Q420242024Q2Q2Q3Q3Q1Q1Text is not SVG - cannot displayNumber of blog posts published over time with life events. Blue bars show which posts are my personal favorites. Skip the analytics§
If I were to go back in time and do one thing differently about my blog, analytics would be the one.
When I first started I used Google Analytics and found myself obsessing over the dashboards after publishing an article. This wasn't healthy, as many articles would do fine, but all the time was wasted. I'm apparently not alone in this experience.
Seeing the relatively small numbers of readers for the first few articles (single-digits...) can discourage people from writing more. Building an audience takes a looong time and plenty of persistence. That means you'll need something else to motivate you to keep at it in the mean-time.
If you insist on having analytics: I recommend GoatCounter. GoatCounter supports a mode that removes the visitor numbers and only shows referrers. The service is free for small websites, but don't forget to support them if you can.
Create what you want!The world is a weird place, and you can't control what becomes popular. Create what you want to create for the sake of creating and enjoy the ride!
My most popular article by an extremely wide margin is one I didn't expect: "Move or recover your Wordle stats". I created this little utility for me and my friends and didn't expect hundreds of thousands of people to use it until the New York Times shared the URL on Twitter.
My most recent viral article I wrote in ~15 minutes about an unexpected behavior in Python regular expressions that caused a bug in some of my code.
Own your workPublishing on the internet means deciding where you will publish your work. We've seen far too many platforms either die or become completely user-hostile. To prevent this from happening to your hard work:
- Create the original work in a format that is transformable (such as Markdown or HTML).
- Publish that work to publicly accessible URLs that you can share.
- Share your URLs in many ways, like RSS, email newsletter, social media, or elsewhere.
For easy-to-start publishing platforms, I recommend either GitHub Pages or Bear Blog. If you have the savvy and interest: host content on your own website. There are far too many guides to getting started with this, choose one using a technology that you're interested in.
See also: "Publish on your Own Site, Syndicate Elsewhere".
Let your authenticity shinePlease note that I am a cis white male and has not had to justify my existence or expertise in a space. Unfortunately not all of my friends can be their authentic selves online, but knowing them in real life I certainly wish that the world allowed them to be.
I always enjoy when a blog shows off the author, either through writing style, phrases, personal touches, pictures, jokes, or little pieces of life. Don't be afraid to leave in things you think about when you're writing. I try to strike the right balance between how I might speak about an idea if I were to talk in person and writing for a diverse audience.
Don't put yourself in a boxYou don't have to write about the same one or two topics, forever. I am guilty of this, and I am working on writing about more than only open source and security. Recently I have started to write about video-game preservation.
Again, write about what you want to write about. Writing about something new, even if it's only once, can be very refreshing. Don't let vague feelings about what your audience "expects" to get in the way of creative expression.
Don't think you only need to write about "professional" topics or topics that have broad appeal. You can write about anything at all from rocket science to what's happening in your local community.
Start at the endStart with the conclusion! A reader should be able to know your main ideas without a single page scroll (because almost all readers won't make it past the first few paragraphs). Check out how your draft looks on a phone to confirm this is the case.
After that first page scroll you've already pared down to the more dedicated readers so start giving them details. If you like narrative writing like me, this is a good place to start the actual story.
Keep it shortIn terms of writing, you should be able to write the main points and details of an article quickly, assuming you've done your research beforehand.
Once all the main points are there, resist the urge to make an in-progress article "more grand" or "comprehensive". Instead, link out to resources that already exist or plan on writing follow-up articles later. Many smaller articles are more easily consumable for readers and more writeable for you (double win!)
Ship early instead of neverI've wasted so much time trying to "finish" blog posts. Endlessly trying to polish something into being perfect is not worth it, because it increases the chances that the work won't ever be published!
Try to be okay publishing something that isn't perfect, because your idea of "perfect" will change over time. You need to go through the "research-write-edit-publish" cycle to improve, not by endlessly editing one piece.
Hang up when you're doneDon't worry about "conclusions" or "wrapping-up" a blog post at the end. Just stop writing as soon there's no more to say. I promise almost no one reads all the way to the end (except your most loyal readers: remember they like you!)
Speaking of stopping: this is it! Thanks to everyone who has read this blog 💜
Have thoughts or questions? Let's chat over email or social:
sethmichaellarson@gmail.com
@sethmlarson@fosstodon.org
Want more articles like this one? Get notified of new posts by subscribing to the RSS feed or the email newsletter. I won't share your email or send spam, only whatever this is!
Want more content now? This blog's archive has ready-to-read articles. I also curate a list of cool URLs I find on the internet.
Find a typo? This blog is open source, pull requests are appreciated.
Thanks for reading! ♡ This work is licensed under CC BY-SA 4.0
︎Quansight Labs Blog: The Polars vs pandas difference nobody is talking about
Python Docs Editorial Board: Meeting Minutes: Nov 11, 2024
Dirk Eddelbuettel: inline 0.3.20: Mostly Maintenance
A new release of the inline package got to CRAN today marking the first release in three and half years. inline facilitates writing code in-line in simple string expressions or short files. The package was used quite extensively by Rcpp in the very early days before Rcpp Attributes arrived on the scene providing an even better alternative for its use cases. inline is still used by rstan and a number of other packages.
This release was tickled by changing in r-devel just this week, and the corresponding ‘please fix or else’ email I received this morning. R_NO_REMAP is now the default in r-devel, and while we had already converted most (old-style) calls into the API to using the now mandatory Rf_ prefix, the package contained few remaining cases in examples as well as one in code generation. The release also contains a helpful contributed PR making an error message a little clearer, plus several small and common maintenance changed around continuous integration, package layout and the repository.
The NEWS extract follows and details the changes some more.
Changes in inline version 0.3.20 (2024-11-10)Error message formatting is improved for compileCode (Alexis Derumigny in #25)
Switch to using Authors@R, other general packaging maintenance for continuous integration and repository
Use Rf_ in a handful of cases as R-devel now mandates it
Thanks to my CRANberries, you can also look at a diff to the previous release Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page. Bugs reports are welcome at the GitHub issue tracker as well (where one can also search among open or closed issues).
If you like this or other open-source work I do, you can sponsor me at GitHub.
This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.
Reproducible Builds: Reproducible Builds in October 2024
Welcome to the October 2024 report from the Reproducible Builds project.
Our reports attempt to outline what we’ve been up to over the past month, highlighting news items from elsewhere in tech where they are related. As ever, if you are interested in contributing to the project, please visit our Contribute page on our website.
Table of contents:
- Beyond bitwise equality for Reproducible Builds?
- ‘Two Ways to Trustworthy’ at SeaGL 2024
- Number of cores affected Android compiler output
- On our mailing list…
- diffoscope
- IzzyOnDroid passed 25% reproducible apps
- Distribution work
- Website updates
- Reproducibility testing framework
- Supply-chain security at Open Source Summit EU
- Upstream patches
Jens Dietrich, Tim White, of Victoria University of Wellington, New Zealand along with Behnaz Hassanshahi and Paddy Krishnan of Oracle Labs Australia published a paper entitled “Levels of Binary Equivalence for the Comparison of Binaries from Alternative Builds”:
The availability of multiple binaries built from the same sources creates new challenges and opportunities, and raises questions such as: “Does build A confirm the integrity of build B?” or “Can build A reveal a compromised build B?”. To answer such questions requires a notion of equivalence between binaries. We demonstrate that the obvious approach based on bitwise equality has significant shortcomings in practice, and that there is value in opting for alternative notions. We conceptualise this by introducing levels of equivalence, inspired by clone detection types.
A PDF of the paper is freely available.
On Friday 8th November, Vagrant Cascadian will present a talk entitled Two Ways to Trustworthy at SeaGL in Seattle, WA.
Founded in 2013, SeaGL is a free, grassroots technical summit dedicated to spreading awareness and knowledge about free source software, hardware and culture. Vagrant’s talk:
[…] delves into how two project[s] approaches fundamental security features through Reproducible Builds, Bootstrappable Builds, code auditability, etc. to improve trustworthiness, allowing independent verification; trustworthy projects require little to no trust.
Exploring the challenges that each project faces due to very different technical architectures, but also contextually relevant social structure, adoption patterns, and organizational history should provide a good backdrop to understand how different approaches to security might evolve, with real-world merits and downsides.
Fay Stegerman wrote that the cause of the Android toolchain bug from September’s report that she reported to the Android issue tracker has been found and the bug has been fixed.
the D8 Java to DEX compiler (part of the Android toolchain) eliminated a redundant field load if running the class’s static initialiser was known to be free of side effects, which ended up accidentally depending on the sharding of the input, which is dependent on the number of CPU cores used during the build.
To make it easier to understand the bug and the patch, Fay also made a small example to illustrate when and why the optimisation involved is valid.
On our mailing list this month:
-
Following-up to previous work, James Addison informed the list that the recently-released Sphinx documentation generator includes improvements to the next copyright notice substitutions.
-
Pol Dellaiera wrote to the list in order to seek advice around introducing the concept of reproducibility to computer science Masters students at the University of Mons, Belgium.
-
James Addison also followed-up to a previous thread on “CONFIG_MODULE_SIG and the unreproducible Linux Kernel” to add: “I wonder whether it would be possible to use the Linux kernel’s Integrity Policy Enforcement to deploy a policy that would prevent loading of anything except a set of expected kernel modules.” […]
-
There were also two informative replies from David Wheeler to a broad-based discussion on Reproducible Builds being defined in various standards. […][…]
diffoscope is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues. This month, Chris Lamb made the following changes, including preparing and uploading versions 279, 280, 281 and 282 to Debian:
- Ignore errors when listing .ar archives (#1085257). […]
- Don’t try and test with systemd-ukify in the Debian stable distribution. […]
- Drop Depends on the deprecated python3-pkg-resources (#1083362). […]
In addition, Jelle van der Waa added support for Unified Kernel Image (UKI) files. […][…][…] Furthermore, Vagrant Cascadian updated diffoscope in GNU Guix to version 282. […][…]
The IzzyOnDroid project has reached a good milestone by reaching over 25% of the ~1,200 Android apps provided by their repository (of official APKs built by the original application developers) having been confirmed to be reproducible by a rebuilder.
In Debian this month:
-
Holger Levsen uploaded devscripts version 2.24.2, including many changes to the debootsnap, debrebuild and reproducible-check scripts. This is the first time that debrebuild actually works (using sbuild’s unshare backend). As part of this, Holger also fixed an issue in the reproducible-check script where a typo in the code led to incorrect results […]
-
Recently, a news entry was added to snapshot.debian.org’s homepage, describing the recent changes that made the system stable again:
The new server has no problems keeping up with importing the full archives on every update, as each run finishes comfortably in time before it’s time to run again. [While] the new server is the one doing all the importing of updated archives, the HTTP interface is being served by both the new server and one of the VM’s at LeaseWeb.
The entry list a number of specific updates surrounding the API endpoints and rate limiting.
-
Lastly, 12 reviews of Debian packages were added, 3 were updated and 18 were removed this month adding to our knowledge about identified issues.
Elsewhere in distribution news, Zbigniew Jędrzejewski-Szmek performed another rebuild of Fedora 42 packages, with the headline result being that 91% of the packages are reproducible. Zbigniew also reported a reproducibility problem with QImage.
Finally, in openSUSE, Bernhard M. Wiedemann published another report for that distribution.
There were an enormous number of improvements made to our website this month, including:
-
Alba Herrerias:
-
Chris Lamb:
- Correct the name of Civil Infrastructure Platform name and update image on the Projects page. […]
- Update broken link on the Value Initialization page. […]
- Try and make pipeline/branch builds of the website easier to browse. […][…][…][…]
-
hulkoba
- Contribute to the new ‘Success stories’ page. […]
-
James Addison:
-
Ninette Adhikari:
-
Pol Dellaiera:
Lastly, Holger Levsen filed an extensive issue detailing a request to create an overview of recommendations and standards in relation to reproducible builds.
The Reproducible Builds project operates a comprehensive testing framework running primarily at tests.reproducible-builds.org in order to check packages and other artifacts for reproducibility. In October, a number of changes were made by Holger Levsen, including:
- Add a basic index.html for rebuilderd. […]
- Update the nginx.conf configuration file for rebuilderd. […]
- Document how to use a rescue system for Infomaniak’s OpenStack cloud. […]
- Update usage info for two particular nodes. […]
- Fix up a version skew check to fix the name of the riscv64 architecture. […]
- Update the rebuilderd-related TODO. […]
In addition, Mattia Rizzolo added a new IP address for the inos5 node […] and Vagrant Cascadian brought 4 virt nodes back online […].
The Open Source Summit EU took place recently, and covered plenty of topics related to supply-chain security, including:
- Public Sector & OpenSSF: Principles for Package Repository Security
- The Model Openness Framework: Promoting Completeness and Openness for Reproducibility, Transparency and Usability in AI
- Structured Scorecard Results: Tailor Your Own Supply-Chain Security Policies
- Lightning Talk: Elephant in the Room: How Supply Chain Security Standards Are Not Standard and What to Do About It
- Lightning Talk: Charting the Course for Secure Software Supply Chain with Guac-AI-Mole!
- TPMs, Merkle Trees and TEEs: Enhancing SLSA with Hardware-Assisted Build Environment Verification
- Accountability Taxonomy for AI Software Bill of Materials
- Securing Your Supply Chain with an Open Source Ecosystem
- OSS Supply Chain Threats and Why You Need a Holistic Security Strategy
- A Step Closer to in-Toto’lly Secure: Using in-Toto and OPA Gatekeeper to Verify Artifact Integrity
- Panel Discussion: Improving Supply Chain Integrity with OpenSSF Technologies
- Case Study: 10+ Years of Developing an SBOM System and the Dos and Don’ts
- SBOM in SaaS Environments: An Update
- Securing Git Repositories with Gittuf
The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of such patches, including:
-
Bernhard M. Wiedemann
- apache-ivy (.zip modification time)
- ccache (build failure)
- colord (CPU)
- efivar (CPU/march=native)
- gsl (no check)
- libcamera (date/copyright year)
- libreoffice (possible rpm/build toolchain corruption bug)
- moto (.gz modification time)
- openssl-1_1 (date-related issue)
- python-pygraphviz (benchmark)
- sphinx/python-pygraphviz (benchmark)
- python-panel (package.lock has random port)
- python-propcache (random temporary path)
- python314 (.gz-related modification time)
- rusty_v8 (random .o files)
- scapy (date)
- wine (parallelism)
- ibmtss (FTBFS-2026)
- pymol (date)
- pandas (ASLR)
- linutil (drop date)
- lsof (also filed in openSUSE: uname -r in LSOF_VSTR)
- schily (also filed in openSUSE: uname -r)
- superlu (nocheck)
- util (random test failure)
- ceph (year-2038 variation from embedded boost)
-
Chris Lamb:
-
James Addison:
- #1085112 filed against distro-info.
-
Zbigniew Jędrzejewski-Szmek:
Finally, If you are interested in contributing to the Reproducible Builds project, please visit our Contribute page on our website. However, you can get in touch with us via:
-
IRC: #reproducible-builds on irc.oftc.net.
-
Mastodon: @reproducible_builds@fosstodon.org
-
Mailing list: rb-general@lists.reproducible-builds.org
-
Twitter: @ReproBuilds
GNU Guix: Take the Guix User and Contributor Survey
To understand the views of the Guix community we're running a survey that we'd love you to take part in! The Guix User and Contributor Survey is live now, and should take about 10 minutes to fill out. Perfect for doing with a cup of tea and a biscuit!
The Guix project continues to grow and change, with new contributors and users joining our community. We decided to run this survey as it's the best way to gather good quality feedback across the widest cross-section of the community. Of course, there's lots of interesting topics a survey could ask about! We decided to focus on how Guix is used, and how contributors take part in the project.
The survey is being run on LimeSurvey which is a Free Software project and has been used by many other projects for similar surveys. The survey's hosted on the LimeSurvey SaaS so that we don't have the additional task of operating the software. No personal data is asked for (e.g. email addresses), no tracking data is being collected (e.g. IP addresses) and the entries are anonymised.
We'll be making the results and the anonymised data available under the Creative Commons CCO: that way anyone can analyse the data for further insights.
We hope the results of the survey will be used to understand both the Guix project's strengths and areas we can improve. Which is why your input is so important. If you can, please take the survey!
This Week in KDE Apps: Adopt an App
Welcome to a new issue of "This Week in KDE Apps"! Every week we cover as much as possible of what's happening in the world of KDE apps.
This week, we released KDE Gear 24.08.3 and we are preparing the 24.12.0 release with the beta planned for next week. The final release will happen on December 12th, but, meanwhile, and as part of the 2024 end-of-year fundraiser, you can "Adopt an App" in a symbolic effort to support your favorite KDE app.
This week, we are particularly grateful to @petejones@hcommons.social, @DaisyLee@mastodon.social and Karcsesz for showing their support for Tokodon; manchicken for Merkuro and fat_malama, Alexandru Traistaru and Neeko iko for KDE Connect.
Any monetary contribution, however small, will help us cover operational costs, salaries, travel expenses for contributors and in general just keep KDE bringing Free Software to the world. So consider donating today!
Getting back to all that's new in the KDE App scene, let's dig in!
Alligator Feed reader for mobile devicesThe user can no longer open the feed details page multiple times (Soumyadeep Ghosh, 24.12.0, link).
Falkon Web BrowserIt is now possible to open a context menu with Greasemonkey (Juraj Oravec, 24.12.0, link). Greasemonkey you to run little scripts that make on-the-fly changes to web page content. Juraj also removed the advertised FTP support in Falkon as the support for FTP was removed from Chromium. (Juraj Oravec, 24.12.0, link)
Dolphin Manage your filesWe no longer ask password twice when entering the Dolphin's admin mode (kio-admin) (Felix Ernst, 24.12.0, link).
Felix also improved the keyboard navigation in the toolbar, now the elements are focused in the right order (Felix Ernst, 24.12.0. link 1 and link 2).
KDE Itinerary Digital travel assistantItinerary can now show you a map of the whole trip (Volker Krause, 24.12.0, link).
And display some statistics about your trip, for example the CO2 emission, the distance travelled and the costs (if available) (Volker Krause, 24.12.0, link).
Finally, the alignment of timeline elements in Itinerary is now much more consistent (Carl Schwan, 24.12.0, link).
Okular View and annotate documentsWhen loading PDF files with Ink annotation containing an empty path, Okular won't crash. You shouldn't be able to create such annotations with Okular anyway, but some PDF files out there do contains such annotations (Albert Astals Cid, 24.12.0, link).
We also no longer hide the signing UI prematurely and now ensure it is visible until the signing process is actually finished (Nicolas Fella, 24.12.0, link).
Finally we fixed a small memory leak in Okular's latex support (Nil Admirari, 24.12.0, link).
Kaffeine Multimedia PlayerKaffeine got ported to Qt6/KF6 (Tobias Klausmann, 24.12.0, link).
Calculator A feature rich calculatorKalk will now correctly handle pressing the Esc key and clear the input field like many other calculator applications do, instead of creating strange characters in the input area (Devin Lin, 24.12.0, link).
Kasts Podcast applicationBart de Vries fixed password loading for synchronisation services on Windows (Bart De Vries, 24.12.0 link).
Kate Advanced Text EditorThe performance of displaying the build output has been improved (Waqar Ahmed, 24.12.0 link).
KDevelop Featureful, plugin-extensible IDE for C/C++ and other programming languagesWe addressed certain annoyances when working with the flatpak runtime. This included, for example, improving the handling of .flatpak-manifest.json files which we use in KDE for storing the an application's Flatpak manifest (Aleix Pol Gonzalez, 24.12.0 link).
KMail A feature-rich email applicationKMail and other PIM applications can now be compiled on Windows (Ingo Klöcker and Laurent Montel link 1 and link 2). Having KDE PIM applications work well on Windows is still in early stages of development. There is still a lot of work required to make Kontact a good experienceon that platform.
KMix Sound MixerKMix got ported to Qt6/KF6 (Jonathan Marten, 24.12.0 link).
Krita Digital Painting, Creative FreedomSVGs with clip masks now render faster (Dmitry Kazakov, link).
Konsole Use the command line interfaceKonsole now always creates a cgroup hierarchy when creating new process. This prevents entire applications getting killed in an Out-Of-Memory (OOM) scenarios when a tab consumes too much RAM (David Redondo, 24.12.0, link). David also ensured the subprocess of Konsole are correctly mapped to Konsole's .desktop file (link).
Kwave Sound editorKWave now provides a better visual indication when playback is paused (Mark Penner, 24.12.0, link).
NeoChat Chat on MatrixWe improved the network proxy's config page look to make it more consistent with the other config pages (Joshua Goins, 24.12.0, link).
Joshua Goins and Olivier Beard improved the link preview. Now clicking anywhere on the link preview will take you to the linked webpage (Joshua Goins, 24.12.0, link). The separator shown to the left of the preview and quoted text also got stylish rounded corners (Olivier Beard, 24.12.0, link).
NeoChat now hides non-standard rooms from the room list as most of the time they are used exclusively for holding data (e.g. trip group information from Itinerary) and not meant to be interacted with (Joshua Goins, 24.12.0, link).
We also improved the way polls look (Carl Schwan, 24.12.0, link).
And made sending messages and inserting newline shortcuts configurable (Eren Karakas, 24.12.0, link).
Tokodon Browse the FediverseRight clicking on a link on a post will now show a context menu allowing users to copy or share the URL directly (Arran Ubels, 24.12.0, link).
And all this too...The layout of the About dialog of applications using QtWidgets has been improved (Carl Schwan, KDE Frameworks 6.10.0, link).
Before After ... And Everything ElseThis blog only covers the tip of the iceberg! If you’re hungry for more, check out Nate's blog about Plasma and be sure not to miss his This Week in Plasma series, where every Saturday he covers all the work being put into KDE's Plasma desktop environment.
For a complete overview of what's going on, visit KDE's Planet, where you can find all KDE news unfiltered directly from our contributors.
Get InvolvedThe KDE organization has become important in the world, and your time and contributions have helped us get there. As we grow, we're going to need your support for KDE to become sustainable.
You can help KDE by becoming an active community member and getting involved. Each contributor makes a huge difference in KDE — you are not a number or a cog in a machine! You don’t have to be a programmer either. There are many things you can do: you can help hunt and confirm bugs, even maybe solve them; contribute designs for wallpapers, web pages, icons and app interfaces; translate messages and menu items into your own language; promote KDE in your local community; and a ton more things.
You can also help us by donating. Any monetary contribution, however small, will help us cover operational costs, salaries, travel expenses for contributors and in general just keep KDE bringing Free Software to the world.
To get your application mentioned here, please ping us in invent or in Matrix.
Thorsten Alteholz: My Debian Activities in October 2024
This month I accepted 398 and rejected 22 packages. The overall number of packages that got accepted was 441.
In case your RM bug is not closed within a month, you can assume that either the conversion of the subject of the bug email to the corresponding dak command did not work or you still need to take care of reverse dependencies. The dak command related to your removal bug can be found here.
Unfortunately the bahavior of some project members caused a decline of motivation of team members to work on these bugs. When I look at these bugs, I just copy and paste the above mentioned dak commands. If they don’t work, I don’t have the time to debug what is going wrong. So please read the docs and take care of it yourself. Please also keep in mind that you need to close the bug or set a moreinfo tag if you don’t want anybody to act on your removal bug.
Debian LTSThis was my hundred-twenty-fourth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian. During my allocated time I uploaded or worked on:
- [DLA 3925-1] asterisk security update to fix two CVEs related to privilege escalation and DoS
- [DLA 3940-1] xorg-server update to fix one CVE related to privilege escalation
Last but not least I did a week of FD this month and attended the monthly LTS/ELTS meeting.
Debian ELTSThis month was the seventy-fifth ELTS month. During my allocated time I uploaded or worked on:
- [ELA-1198-1]cups security update for one CVE in Buster to fix the IPP attribute related CVEs.
- [ELA-1199-1]cups security update for two CVEs in Stretch to fix the IPP attribute related CVEs
- [ELA-1216-1]graphicsmagick security update for one CVE in Jessie
- [ELA-1217-1]asterisk security update for two CVEs in Buster related to privilege escalation
- [ELA-1218-1]asterisk security update for two CVEs in Stretch related to privilege escalation and DoS
- [ELA-1223-1]xorg-server security update for one CVE in Jessie, Stretch and Buster related to privilege escalation
I also did a week of FD and attended the monthly LTS/ELTS meeting.
Debian PrintingUnfortunately I didn’t found any time to work on this topic.
Debian MatomoUnfortunately I didn’t found any time to work on this topic.
Debian AstroUnfortunately I didn’t found any time to work on this topic.
Debian IoTThis month I uploaded new upstream or bugfix versions of:
- … pywws (yes, again this month)
This month I uploaded new packages or new upstream or bugfix versions of:
- … osmocom-dahdi-linux (package prepared by Nathan)
- … osmo-bts
This month I uploaded new upstream or bugfix versions of:
New Video by Ramon Miranda: Seamless Templates
We've released a new video! ..Templates! you can create them with Krita to save time in your digital paintings and be more focused on your artwork. They are seamless, they are useful, and they are really easy to generate. So let´s go with another supercool feature of Krita.
Check out the video for download links for the templates themselves!
Jonathan Dowland: Progressively enhancing CGI apps with htmx
I was interested in learning about htmx, so I used it to improve the experience of posting comments on my blog.
It seems much of modern web development is structured around having a JavaScript program on the front-end (browser) which exchanges data encoded in JSON asynchronously with the back-end servers. htmx uses a novel (or throwback) approach: it asynchronously fetches snippets of HTML from the back-end, and splices the results into the live page. For example, a htmx-powered button may request a URI on the server, receive HTML in response, and then the button itself would be replaced by the resulting HTML, within the page.
I experimented with incorporating it into an existing, old-school CGI web app: IkiWiki, which I became a co-maintainer of this year, and powers my blog. Throughout this project I referred to the excellent book Server-Driven Web Apps with htmx.
Comment posting workflowI really value blog comments, but the UX for posting them on my blog was a bit clunky. It went like this:
you load a given page (such as this blog post), which is a static HTML document. There's a link to add a comment to the page.
The link loads a new page which is generated dynamically and served back to you via CGI. This contains a HTML form for you to write your comment.
The form submits to the server via HTTP POST. IkiWiki validates the form content. Various static pages (in particular the one you started on, in Step 1) are regenerated.
the server response to the request in (3) is a HTTP 302 redirect, instructing the browser to go back to the page in Step 1.
First, I wanted the "add a comment" link to present the edit box in the current page. This step was easiest: add four attributes to the "comment on this page" anchor tag:
- hx-get="<CGI ENDPOINT GOES HERE>"
- suppresses the normal behaviour of the tag, so clicking on it doesn't load a new page.
issues an asynchronous HTTP GET to the CGI end-point, which returns the full HTML document for the comment edit form
- hx-select=".editcomment form"
- extract the edit-comment form from within that document
- hx-swap=beforeend and hx-target=".addcomment"
- append (courtesy of beforeend) the form into the source page after the "add comment" anchor tag (.addcomment)
Now, clicking "comment on this page" loads in the edit-comment box below it without moving you away from the source page. All that without writing any new code!
Second step: handling previewsThe old Preview Comment page
In the traditional workflow, clicking on "Preview" loaded a new page containing the edit form (but not the original page or any existing comments) with a rendering of the comment-in-progress below it. I wasn't originally interested in supporting the "Preview" feature, but I needed to for reasons I'll explain later.
Rather than load new pages, I wanted "Preview" to insert a rendering of the comment-in-progress being inserted into the current page's list of comments, marked up to indicate that it's a preview.
IkiWiki provides some templates which you can override to customise your site. I've long overridden page.tmpl, the template used for all pages. I needed to add a new empty div tag in order to have a "hook" to target with the previewed comment.
The rest of this was achieved with htmx attributes on the "Preview" button, similar to in the last step: hx-post to define a target URI when you click the button (and specify HTTP POST); hx-select to filter the resulting HTML and extract the comment; hx-target to specify where to insert it.
Now, clicking "Preview" does not leave the current page, but fetches a rendering of your comment-in-progress, and splices it into the comment list, appropriately marked up to be clear it's a preview.
Third step: handling submitted commentsIkiWiki is highly configurable, and many different things could happen once you post a comment.
On my personal blog, all comments are held for moderation before they are published. The page you were served after submitting a comment was rather bare-bones, a status message "Your comment will be posted after moderator review", without the original page content or comments.
I wanted your comment to appear in the page immediately, albeit marked up to indicate it was awaiting review. Since the traditional workflow didn't render or present your comment to you, I had to cheat.
handling moderated commentsModeration message upon submitting a comment
One of my goals with this project was not to modify IkiWiki itself. I had to break this rule for moderated comments. When returning the "comment is moderated" page, IkiWiki uses HTTP status code 200, the same as for other scenarios. I wrote a tiny patch to return HTTP 202 (Accepted, but not processed) instead.
I now have to write some actual JavaScript. htmx emits the htmx:beforeSwap event after an AJAX call returns, but before the corresponding swap is performed. I wrote a function that is triggered on this event, filters for HTTP 202 responses, triggers the "Preview" button, and then alters the result to indicate a moderated, rather than previewed, comment. (That's why I bothered to implement previews). You can read the full function here: jon.js.
SummaryI've done barely any front-end web development for years and I found working with htmx to be an enjoyable experience.
You can leave a comment on this very blog post if you want to see it in action. I couldn't resist adding an easter egg: Brownie points if you can figure out what it is.
Adding htmx to an existing CGI-based website let me improve one of the workflows in a gracefully-degrading way (without JavaScript, the old method will continue to work fine) without modifying the existing application itself (well, almost) and without having to write very much code of my own at all: nearly all of the configuration was declarative.