FLOSS Project Planets

The other day I uploaded a new version of the VLC bittorrent plugin to Debian, version 2.14-4, to fix a few packaging issues. This plugin extend VLC allowing it to stream videos directly from a bittorrent source using both torrent files and magnet links, as easy as using a HTTP or local file source. I believe such protocol support is a vital feature in VLC, allowing efficient streaming from sources such at the 11 million movies in the Internet Archive. Bittorrent is one of the most efficient content distribution protocols on the Internet, without centralised control, and should be used more.

The new version is now both in Debian Unstable and Testing, as well as Ubuntu. While looking after the package, I decided to ask the VLC upstream community if there was any hope to get Bittorrent support into the official VLC program, and was very happy to learn that someone is already working on it. I hope we can see some fruits of that labour next year, but do not hold my breath. In the mean time we can use the plugin, which is already installed by 0.23 percent of the Debian population according to popularity-contest. It could use a new upstream release, and I hope the upstream developer soon find time to polish it even more.

It is worth noting that the plugin store the downloaded files in ~/Downloads/vlc-bittorrent/, which can quickly fill up the user home directory during use. Users of the plugin should keep an eye with disk usage when streaming a bittorrent source.

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

GNU Boot December 2023 News

Announcements:

The last project announcement was made in the gnuboot mailing
list[1][2] at a time where we didn't have a website or an announce
mailing list yet.

So this announce and the next ones will be published in multiple
places:

- On the gnuboot[3] and gnuboot-announce[4] mailing lists

- On the GNU Boot website[5].

GNU Boot 0.1 RC3:

We just released GNU Boot 0.1 RC3. We also need help from testers for
this release, especially because few intrusive changes were made.

We also release GNU Boot 0.1 RC2 just before but some bugs that don't
affect the installable images were introduced in the last minute fixes
so we ended up making an RC3 as well (some tests were broken and some
website pages also needed fixes).

Nonfree software found in the source release of GNU Boot 0.1 RC1.

In the GNU Boot source release (gnuboot-0.1-rc1_src.tar.xz) we found
the 3 files (F12MicrocodePatch03000002.c, F12MicrocodePatch0300000e.c,
F12MicrocodePatch03000027.c) that contain microcode in binary form,
without corresponding source code. GNU Boot 0.1 RC1 corresponding
source code tarball was remade without these files (and renamed). The
images for the Asus KCMA-D8, KFSN4-DRE and KGPE-D16 were also removed
as they may contain the nonfree code as well. The rest of the files
are unaffected.

Website:

Since the last announce a lot of work was done on the code to deploy
the website to make to make it easy for contributors and maintainers
to do changes to the website and review them.

The website has also been published. Not everything is ready in
it, but it contains enough to understand how to contribute to GNU Boot.

The pages that are not ready yet were also published with a special
banner to indicate that.

Since we now have a website, contribution instructions[6], and even a
list of areas where we are looking for contributions[6], we can now
accept patches.

The website is also now integrated in the GNU Boot source code and we
have special code to make it easy to test it locally (and deploy it
semi-automatically). So it should make contributions easier.

Testing:

We would also like to thank all the people who tested GNU Boot 0.1 RC1
since the last announce, especially since this can be a lot of
work, especially because there are many computers to test.

The following computers were tested with GNU Boot 0.1 RC1 and they all
boot fine:

• Lenovo Thinkpad R400, T400, T500, T60, W500, X60, X60T, X200, X301
• Asus: KGPE-D16
• Apple: MacBook 2.1

Since some popular computers were tested[7], we are now also looking
for testers and contributions on the installation instructions. Even
if GNU Boot 0.1 RC3 has already been published, it's probably easier
to do the tests with GNU Boot 0.1 RC1 and a computer that was already
tested (unless the computer is an Asus KCMA-D8, see above for more
details) as there is no changes that could affect the installation
instructions between 0.1 RC1 and 0.1 RC3.

The following computers / mainboards weren't tested yet with the 0.1
RC1 yet so we also need testers for them (ideally on the 0.1 RC3):

• Chromebook: C201
• Intel: D410PT, D510MO, D945GCLF2D
• Gigabyte: D945GCLF, GA-G41M-ES2L
• Asus: KCMA-D8, KFSN4-DRE
• Apple: MacBook 1.1, iMac 5,2
• Lenovo Thinkpads: R500, T400s, X60s, X200s, X200T, X60T.

And as stated above we also need to re-test with the RC3 the computers
that were already tested with the RC1 to make sure that we didn't
break anything.

GNU Boot running nonfree software:

GNU Boot is still in its early stages and many of the directions the
project can take are still being evaluated.

So it's a good time to warn people that in some cases GNU Boot does
run nonfree software on computers other than laptops, and that it
may change in the future (we have to decide how to deal with this
problem).

The issue is that ATI and Nvidia external GPUs do contain nonfree
software. That nonfree software is stored on the card in a memory chip.

At least in some configurations[8], if such GPU is present, GNU Boot
downloads and executes that software. Then later on in the boot,
Linux-libre also downloads and execute another nonfree software from
that same GPU.

If we decide to block that (it's relatively easy to do that in GNU
Boot) then users won't be able to use such GPU anymore. If we don't
block it, many users will not know about this freedom issue and will
think that they only run free software while nonfree software is
being executed behind their back.

This is also why the FSF RYF (Respect Your freedom) certification[9] is
important: it takes care of details like that and these GPUs or systems
with such GPUs are not certified by it.

Work in progress and future directions:

Work also started to improve the build system to make it easier to
understand and contribute. We also started adding tests along the way.

Though we still use old versions of Coreboot especially for the Asus
KCMA-D8, KFSN4-DRE and KGPE D16. Compiling GNU Boot images for these
computers requires specific distributions like PureOS 10 (byzantium)
or Trisquel 10 (nabia).

We plan to try to change that after the GNU Boot 0.1 release.

To do it we plan to update the versions of the software we build (like
Coreboot, GRUB, etc) but also to progressively switch to Guix to build
more and more parts of the images.

So far we managed to use Guix to building a GRUB payload (part of
that work was already upstreamed in Guix) and to build a custom Flashrom
that can be used to do installation on the I945 Thinkpads (X60, T60,
etc) but more work is needed (code cleanup, documentation, making it
easy to use for contributors) before we can integrate that code.

Integrating it now instead of waiting for the release would increase
the risk of introducing new bugs and inconsistencies (for instance in
the documentation), and reduce the amount of help we can get, and
since it is a big task there is also the risk of never finishing
it[10]. So we chose to do that step by step without breaking the
documentation or current usage of GNU Boot.

As for the website we are currently using Untitled, a static website
generator that use files in markdown with a custom header format.

We plan to migrate at least part of the website to Texinfo to generate a
proper manual with it and we already have code to convert from the
special markdown used to Texinfo, but the conversion sometimes needs
some manual intervention.

We're also not ready yet to do that conversion as keeping the markdown
a bit longer might make it easier for contributors to help us fix the
website.

We also evaluated Haunt, a static website generator that supports
markdown and Texinfo and that is also used by Guix for their website.

We managed to validate that we could easily write code to make it use
the custom markdown used by untitled. However we didn't invest time in
trying to make it generate a website (by default it generate blog
posts), so if some people already know haunt well or want to learn it
and are interested in helping it could be very useful. For that the
best would be to contact us on the gnuboot mailing list.

This is also important because according to its author, Untitled has
some design issues (and it is written in shell scripts) and so it will
most likely be rewritten from scratch in another programming language
by its author at some point.

In the meantime we sent patches upstream to fix some of the issues we
had with it and the patches were accepted.

Toward the 0.1 release:

What is missing before we release GNU Boot 0.1 is basically more
testing and help on the website, especially the installation
instructions.

References:

 [1]"Testers needed for GNU Boot 0.1 RC1".

 [2]https://lists.gnu.org/archive/html/gnuboot/2023-09/msg00000.html

 [3]https://lists.gnu.org/mailman/listinfo/gnuboot

 [4]https://lists.gnu.org/mailman/listinfo/gnuboot-announce

 [5]https://gnu.org/software/gnuboot/web/news/gnuboot-december-2023.html

 [6]https://www.gnu.org/software/gnuboot/web/git.html

 [7]https://savannah.gnu.org/bugs/?64754

 [8]We know for sure that when SeaBIOS is used, it will download and
    execute nonfree software from GPU cards that are added to the
    computer. But we're not sure what happens if SeaBIOS is not
    used. An easy way to find out is if the GPU works under GNU/Linux
    and that the display is initialized, then at least some nonfree
    bytecode has been downloaded and executed by the operating system.

 [9]https://ryf.fsf.org/

[10]See "General tips on maintaining GNU software" in
    https://www.gnu.org/software/maintainer-tips for more details
    about common issues when maintaining a new project.

2023 year in review About • Blog • Newsletter • Links 2023 year in review

Published 2023-12-31 by Seth Larson
Reading time: minutes

2023 was a great year! So much happened, but a few things in particular stood out to be when putting together this post.

I got married to my wife, Trina after 9 years of being together. We met in college and fell in love with each others' passion for adventure, food, and life. Our ceremonies included both of our cultures and we had family and friends from all over the globe together to celebrate with us.

"Vu Quy" or "tea ceremony" with family. Photo credit: Summer Street Photography

We were married near where we first met on the University of Minnesota east bank campus and the Mississippi river. The photo below is my favorite of the whole day:

Stone Arch Bridge with the Minneapolis downtown in the background. Photo credit: Summer Street Photography

I traveled to many new places this year and got to see friends everywhere I went. This was my first year traveling to New York, Florida, Texas, Rhode Island, and northern Nevada. Places I'm looking forward to exploring in 2024 include Japan, Seattle, and Pittsburgh (see you at PyCon US!)

Elastic had its first Engineering All Hands in-person since COVID to start off 2023 where I got to meet my long-time friend and colleague Quentin Pradet. Quentin and I have been working on open source together for over 5 years and this was our first opportunity to meet in person.

Quentin and I together at Elastic EAH 2023

After 3 great years at Elastic I was hired by the Python Software Foundation to be the Security Developer-in-Residence. I still have days when I think I'm dreaming, I'm so grateful I have the opportunity to work full-time serving a community I love.

Banner included in OpenSSF's announcement of my hiring.

This blog saw a huge burst of activity thanks to my new position where I publish weekly reports on what I've been working on. There were 34 new publications to the blog in 2023 (up from 12 in 2022), of those 24 were related to the Security Developer-in-Residence role.

The top posts by readership for this year were:

• Python 3.12.0 from a supply-chain perspective
• Quirks of Python package versioning (PEP 440)
• Visualizing the CPython release process
• Patching the libwebp vulnerability across the Python ecosystem
• Python Security Response Team handling of CVE-2023-40217

If I had to pick a favorite post outside of this list it would be “For You” is not for me discussing my current outlook on internet consumption. Look forward to more posts on the blog, hopefully continuing the trend that I'm on of shorter but more frequent publications.

Outside of software I plan to spend more time playing games (beat Pikmin 4 and Super Mario RPG is in-progress) and learning some hardware-hacking for retro gaming like Gameboy and GameCube modding.

Hope you all had a lovely 2023, looking forward to what we can do in 2024! 🥳

Thanks for reading! ♡ Did you find this article helpful and want more content like it? Get notified of new posts by subscribing to the RSS feed or the email newsletter.

This work is licensed under CC BY-SA 4.0

As in 2022 I took another look back at what changed in Phosh in 2023 and instead of just updating my notes why not share it here. In short: While collecting these bits I became really impressed about the progress we made 🚀: Some numbers Link to heading We were discussing at this years Phosh Community Get Together at Froscon if we should lengthen the Phosh release cycle a bit but we kept the one release per month schedule to get improvements out to users quickly.

The review of my 2023, trying to remember all the things done in this year, in which more than anyone I met many fantastic people and visited new countries.

A few weeks ago, right before the holidays, some chatter in the VDG channel happened where the desire to change our icons to a 24x24px size came up.

Most modern interfaces use this icon size as a base. Plasma has been encouraged many times to adopt this size. However, manpower is always something not readily available.

The conversation picked my interest. In the past, I have worked making icons using Inkscape. At the time, the interface didn’t have all the shortcut helpers that it does today. Also, with the advent of UI-specific graphical applications like Figma and Penpot, I figured it might be much easier to edit icons today than in the past. I am talking many years, FYI.

With this in mind, I downloaded a copy of the most current Breeze icon collection, accessed the 22px folder for actions and begun editing.

At first sight, most might think this is just a matter of mass-resizing from 22 to 24 and merge. However, the reality is much different. These icons feature mostly 1px lines. They also contain pixel fractions that lead to misalignment and blurriness. Since we don’t have the actual graphical original files, as they have been flattened in export, the shapes are only workable through editing nodes, which is a pain!

Another issue is that our Breeze icons contain a css sheet that correlates colors to colors in Plasma. This allows for easy color transformations on the system without much hassle. However, graphical applications like Figma and Penpot remove the css.

For this reason @manuelijin created a nice plugin for Figma called Icon Jetpack. This plugin will allow designers to export the updated icons with all the necessary pieces for production.

In the public Figma file, I created the colors needed for action icons and they are now embedded into the exported file.

Another criticism of our current icons we would like to address is how thin they feel in high-DPI screens. To address this, we have been making our lines 2px (for the most part) where it makes sense.

Given this is an update, and who knows how long it will take for another time when an update is done, I also feel it’s necessary to update many of the shapes we have. We are using rounding for making shapes a little more approachable. Some icons have been transformed inspired by the original files. For other files, I usually check on other icon providers to see how different or similar we are to most icons today. That way, if there is a need for more editing, we can land on something recognizable.

The editing process that seems the fastest involves recreating the shapes, using an icon grid, aligning to the grid as much as possible, reusing icons for consistency. This should help future designers consult the Figma file and edit en-masse.

For now, we are in the middle of editing icons. My intention is that we do a first pass and seek feedback. Do another refinement pass and then see how the community reacts to the edits. Hopefully the work is useful and can be merged eventually.

We have a total of 1206 icons. So far, we have edited 262.

Here is a before/after:

There are some more edits at the bottom of the file that I didn’t include.

Hope you like.

I also made a couple of videos to show the process and see if any other designers would like to contribute some time to update the icons.

Discover the Debian Project's evolution and aspirations through an insightful interview with the Debian Project Lead, Jonathan Carter. Learn about the Debian ecosystem's path, objectives, problems, and future ambitions, shining light on Debian's transforming landscape, attracting contributors, DPL's role complexities, Debian's progress, and the project's guiding values. Jonathan's experiences unveil the dynamic world of Debian, shaping the future of this influential open-source project.

49th issue of Andrei Neagoie's must-read monthly Python Newsletter: Python Errors, Tools in Python Land, Architecting Monorepos, and much more. Read the full newsletter to get up-to-date with everything you need to know from last month.

Looking at the options for blocking ads, people usually first look at browser extensions. Google's plan is to disable adblock extensions in 2024. The alternative is usually an app (on phones) or a "VPN" that does filtering for you. All these methods are quite heavyweight, and require installing software on your phone or PC. What is less known, is that you can you DNS-over-TLS or DNS-over-HTTPS for ad blocking. What is DNS-over-TLS and DNS-over-HTTPS Since Android 9, Google has provided a setting calledPrivate DNS. Traditional DNS is unencrypted UDP so anyone can monitor your requests and/or return false records. With private DNS, DNS-over-TLS or DNS-over-HTTPS is used to guarantee the DNS request is sent to the server you configured. Which Google hopes is of course Google's own public servers. If you do so, your ISP and hotspot providers no longer can monitor, monetize and enshittify your DNS requests - only Google can do so. Subverting private DNS for ad blocking This is where AdGuard DNS comes useful. By setting the AdGuard DNS server as your "private DNS" server following the instructions,you can start blocking right away. Note, on PC you can also configure the Adguard DNS server on the Browser settings (Firefox -> Enable secure DNS and Chrome -> Use Secure DNS) instead of configuring a system-wide DNS server. Blocking via DNS, of course, limits effectiveness to ads distributed from 3rd party servers. Other uses for AdGuard DNS If you register for Adguard DNS, you get your "own", customizable DNS server address to point to. You can, for example, create your own /etc/hosts style records that are now available to all you devices you have connected to the Adguard DNS server - whether your a are home or not. Of course, you choose to use the personal DNS server, your DNS query privacy is in the hands of AdGuard. Going further What else is ruining the web than Ads? Well commercial social media. An article ("Ei näin! – Algoritmiähky") from the latest Finnish Magazine SKROLLI (mainos: jos luet suomeksi, Tilaa skrolli!) hit a chord for me. The algorithms of social media sites are designed not to serve you, but to addict you. For example, If you stop to watch a hateful meme image, the algorithm will record "The user spent time watching this, show more of the same!". It doesn't help block or mute - yeah that spefic hate engager will be blocked, but all the dozens similar hate pages will still be shown to you. Worse, the social media sites are being overrun by AI-generated crap. Unfortunately the addictive nature of the algorithms works. You reload in vain, hoping this time the algorithmic god will show something your friends share. How do you cure addiction? By blocking yourself out:

Epilogue I didn't block myself out of Fediverse - yet. It's not engineered to be addictive, which is also probably why it isn't as popular as the commercial alternatives...

From Shopping Carts to Conversions: Why Drupal Commerce Should Be Your Top Choice kanapatrick Sat, 12/30/2023 - 09:39

When it comes to building an e-commerce website, choosing the right platform is crucial for success. With so many options available, it can be overwhelming to decide which one is the best fit for your business. However, if you want a flexible and powerful solution, Drupal Commerce should be at the top of your list.

Explore the best Drupal hosting solutions! Our guide helps you navigate the options, find the perfect match, and optimize your project's performance. Make an informed choice for seamless Drupal hosting.

Recently, I presented an online session for the TechCohear community at Infosys, focusing on the Schema.org Blueprints module. This module developed by Jacob Rockowitz simplifies building structured websites. It's a significant leap for Drupal in managing and distributing structured data.

In Drupal, the default behaviour of entity reference fields allows us to select unpublished content if the content creator has permission to view unpublished content, which can be useful in specific scenarios where we need to establish relationships even with unpublished content. However, in many cases, we want to refer only to published content. The problem arises when we add references during content creation without verifying whether the referenced items are published. This can lead to confusion later when we wonder why the referenced contents are not visible when viewing the content. Here's a step-by-step guide on how to use a Drupal view to filter the values appearing in an entity reference field

Adaptability and swift implementation of feature requests from business owners are important for successful digital ventures. When faced with the challenge of meeting the dynamic demands of the operations team and ever-changing business requirements, relying solely on native implementations can lead to prolonged deployment times and missed opportunities. Learn how we have leveraged no-code, low-code solutions and Drupal to quickly deploy a feature that made a media portal's lead management process efficient.

ICFOSS and Zyxware Technologies organized the 5th season of the "Back-To-Work" program for women, with the topic being "Building digital experiences with Drupal". As part of the event, The Director of Programs at the Drupal Association, Von R. Eaton, gave a presentation covering various aspects of Drupal, Drupal.org, and the Drupal Association, followed by a question and answer session with participants. The questions addressed topics such as the cost of Drupal, the necessary skills to work in the Drupal Association, mentoring opportunities, and payment for freelancers contributing to Drupal.

This article discusses 4 Drupal modules useful for implementing standard features required by public sector websites.

Drupal Earns Digital Public Good Status: Recognized by the UN for Helping Achieve Sustainable Development Goals. Drupal's recognition as a Digital Public Good by the DPGA is a significant achievement that invites more governments and non-profit organisations to explore the benefits of using Drupal.

Learn how to improve your website's conversion rates by conducting a digital marketing experiment using Drupal and a website personalization engine.

The "Back to Work for Women" program is a residential training program organised by ICFOSS (International Centre for Free and Open Source Software) designed to help women who took a career break due to personal commitments to re-enter the workforce by acquiring new skills in the free software domain—the 5th edition of the program which was centred around using Drupal to develop digital experience platforms. The program was organised by ICFOSS, with support from various organisations such as Kerala Knowledge Economy Mission (KKEM), Kerala Development and Innovation Strategy Council (K-DISC), and as part of the Gender & Technology initiative by the government of Kerala. Zyxware Technologies, a leading digital transformation firm, participated in the program by providing training on Drupal technology to expand the talent pool of Drupal developers and the Drupal community in general.

Review: The Hound of Justice, by Claire O'Dell

Series: Janet Watson Chronicles #2 Publisher: Harper Voyager Copyright: July 2019 ISBN: 0-06-269938-5 Format: Kindle Pages: 325

The Hound of Justice is a near-future thriller novel with Sherlock Holmes references. It is a direct sequel to A Study in Honor. This series is best read in order.

Janet Watson is in a much better place than she was in the first book. She has proper physical therapy, a new arm, and a surgeon's job waiting for her as soon as she can master its features. A chance meeting due to an Inauguration Day terrorist attack may even develop into something more. She just needs to get back into the operating room and then she'll feel like her life is back on track.

Sara Holmes, on the other hand, is restless, bored, and manic, rudely intruding on Watson's date. Then she disappears, upending Watson's living arrangements. She's on the trail of something. When mysterious destructible notes start appearing in Watson's books, it's clear that she wants help.

The structure of this book didn't really work for me. The first third or so is a slice-of-life account of Watson's attempt to resume her career as a surgeon against a backdrop of ongoing depressing politics. This part sounds like the least interesting, but I was thoroughly engrossed. Watson is easy to care about, hospital politics are strangely interesting, and while the romance never quite clicked for me, it had potential. I was hoping for another book like A Study in Honor, where Watson's life and Holmes's investigations entwine and run in parallel.

That was not to be. The middle third of the book pulls Watson away to Georgia and a complicated mix of family obligations and spy-novel machinations. If this had involved Sara's fae strangeness, verbal sparring, and odd tokens of appreciation, maybe it would have worked, but Sara Holmes is entirely off-camera. Watson is instead dealing with a minor supporting character from the first book, who drags her through disguises, vehicle changes, and border stops in a way that felt excessive and weirdly out of place. (Other reviews say that this character is the Mycroft Holmes equivalent; the first initial of Micha's name fits, but nothing else does so far as I can tell.)

Then the last third of the novel turns into a heist.

I like a heist novel as much as the next person, but a good heist story needs a team with chemistry and interplay, and I didn't know any of these people. There was way too little Sara Holmes, too much of Watson being out of her element in a rather generic way, and too many steps that Watson is led through without giving the reader a chance to enjoy the competence of the team. It felt jarring and disconnected, like Watson got pulled out of one story and dropped into an entirely different story without a proper groundwork.

The Hound of Justice still has its moments. Watson is a great character and I'm still fully invested in her life. She was pulled into this mission because she's the person Holmes knows with the appropriate skills, and when she finally gets a chance to put those skills to use, it's quite satisfying.

But, alas, the magic of A Study in Honor simply isn't here, in part because Sara Holmes is missing for most of the book and her replacements and stand-ins are nowhere near as intriguing. The villain's plan seems wildly impractical and highly likely to be detected, and although I can come up with some explanations to salvage it, those don't appear in the book. And, as in the first book, the villain seems very one-dimensional and simplistic. This is certainly not a villain worthy of Holmes.

Fittingly, given the political movements O'Dell is commenting on, a lot of this book is about racial politics. O'Dell contrasts the microaggressions and more subtle dangers for Watson as a black woman in Washington, D.C., with the more explicit and active racism of the other places to which she travels over the course of the story. She's trying very hard to give the reader a feeling for what it's like to be black in the United States. I don't have any specific complaints about this, and I'm glad she's attempting it, but I came away from this book with a nagging feeling that Watson's reactions were a tiny bit off. It felt like a white person writing about racism rather than a black person writing about racism: nothing is entirely incorrect, but the emotional beats aren't quite where black authors would put them. I could be completely wrong about this, and am certainly much less qualified to comment than O'Dell is, but there were enough places that landed slightly wrong that I wanted to note it.

I would still recommend A Study in Honor, but I'm not sure I can recommend this book. This is one of those series where the things that I enjoyed the most about the first book weren't what the author wanted to focus on in subsequent books. I would read more about the day-to-day of Watson's life, and I would certainly read more of Holmes and Watson sparring and circling and trying to understand each other. I'm less interested in somewhat generic thrillers with implausible plots and Sherlock Holmes references.

At the moment, this is academic, since The Hound of Justice is the last book of the series so far.

Rating: 6 out of 10