FLOSS Project Planets

Here are my notes about copying PGP keys to external hardware devices such as Yubikeys. Let me begin by saying that the gpg tools are pretty bad at this.

MAKE A COUPLE OF BACKUPS OF ~/.gnupg/ TO DIFFERENT ENCRYPTED USB STICKS BEFORE YOU START. GPG WILL MESS UP YOUR KEYS. SERIOUSLY.

For example, would you believe me if I said that saving changes results in the removal of your private key? Well check this out.

Now that you have multiple safe, offline backups of your keys, here are my notes.

apt install yubikey-manager scdaemon

Plug the Yubikey in, see if it’s recognized properly:

ykman list gpg --card-status

Change the default PIN (123456) and Admin PIN (12345678):

gpg --card-edit gpg/card> admin gpg/card> passwd

Look at the openpgp information and change the maximum number of retries, if you like. I have seen this failing a couple of times, unplugging the Yubikey and putting it back in worked.

ykman openpgp info ykman openpgp access set-retries 7 7 7

Copy your keys. MAKE A BACKUP OF ~/.gnupg/ BEFORE YOU DO THIS.

gpg --edit-key $KEY_ID gpg> keytocard # follow the prompts to copy the first key

Now choose the next key and copy that one too. Repeat till all subkeys are copied.

gpg> key 1 gpg> keytocard

Typing gpg --card-status you should be able to see all your keys on the Yubikey now.

Using the key on another machine

How do you use your PGP keys on the Yubikey on other systems?

Go to another system, if it does have a ~/.gnupg directory already move it somewhere else.

apt install scdaemon

Import your public key:

gpg -k gpg --keyserver pgp.mit.edu --recv-keys $KEY_ID

Check the fingerprint and if it is indeed your key say you trust it:

gpg --edit-key $KEY_ID > trust > 5 > y > save

Now try gpg --card-status and gpg --list-secret-keys, you should be able to see your keys. Try signing something, it should work.

gpg --output /tmp/x.out --sign /etc/motd gpg --verify /tmp/x.out Using the Yubikey with Mutt

If you’re using mutt with IMAP, there is a very simple trick to safely store your password on disk. Create an encrypted file with your IMAP password:

echo SUPERSECRET | gpg --encrypt > ~/.mutt_password.gpg

Add the following to ~/.muttrc:

set imap_pass=`gpg --decrypt ~/.mutt_password.gpg`

With the above, mutt now prompts you to insert the Yubikey and type your PIN in order to connect to the IMAP server.

How do you customize a LLM chatbot to address a collection of documents and data? What tools and techniques can you use to build embeddings into a vector database? This week on the show, Calvin Hendryx-Parker is back to discuss developing an AI-powered, Large Language Model-driven chat interface.

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

KDE had a feature a lot of people didn’t know about. You could run a command when a notification triggered. The feature wasn’t very well documented and nobody really blogged about it.

However with the release of KDE Plasma 6, the feature was removed. I learned about it by accident, as it is tracked by Bug #481069. I really need the feature and I re-implemented it in KDE Plasma 6. I will be available in KDE Plasma 6.1 and KDE Frameworks 6.1.

KDE: Run a command Text-to-Speech for calendar events

I’m using the “Run a command” feature for calendar events. Normally you get a popup notification. The popup notification is small and pop up where all of them are shown. When I’m concentrated and working on some code I simply miss them. If I play a game, I miss them.

The solution for me is to use a Text to Speech (TTS) Engine. I’ve setup speech-dispatcher with piper-tts on my system. When an a reminder triggers it says: “Andreas, you have an appointment in 10 minutes: Samba Meeting”.

You can find the python script I use here.

Endless possibilities

The opportunities endless. Here are some ideas what else you could do:

• Start your meeting/conferencing application prior to the meeting
• Change the desktop activity before a meeting
• Lock the screen if a specific WiFi gets disconnected

If you have some nice idea or already used it in the past, leave a comment to let me know what else you can do.

KStars v3.7.0 is released on 2024.04.05 for Windows, MacOS & Linux. It's a bi-monthly bug-fix release with a couple of exciting features.
CI & CD Infrastructure
We say goodbye to KDE's binary factory as we transition to fully use Gitlab's CI/CD pipelines to build, test, and publish KStars. Over the last two months, Eric Dejouhanet worked with the KDE's Craft & System admin teams to transition KStars pipelines to the new framework. 


Short status on pipelines:

• Merge requests run the custom build and the CI builds
• Master runs the CI build (though there could be other things we run, such as CVE scans)
• Craft recipes are run from the last commit of the master or release branch, they require "build" and "build-and-test-stable" to be run manually beforehand.
• Publishing to Microsoft store is available after the Windows Craft is run.

This is still an ongoing process and we hope to have this process fully automated by 3.7.1 release where we will automatically publish latest releases for both stable and master branches.
Donut Buster
Rejoice Newtonian, SCT, and RC owners! With KStars new Donut Buster feature, your donut focusing woes might be something of the past. John Evans implemented this experimental feature to help protect against outliers that might affect your autofocus routine. In addition to that, the Focus Advisor is now automatically applied when creating new profiles. Based on the type of equipment you have in your optical train, the Focus Advisor would try to guess the optimal focus settings for your setup. Both features are experimental and would benefit from your feedback.
Custom Views
Akarsh Simha introduced the ability to orient the sky map to match the view through any instrument.

A view is a collection of settings: the orientation of the sky map, how the orientation changes as the sky map is panned, whether it is mirrored or not, and optionally the field-of-view to set the map to.
If no views are defined, KStars introduces a set of standard / "demo" views by default. Existing views can be edited and new views can be added using the "Edit Views..." interface. They can also be re-ordered in the interface. The ordering of the views in the "Edit Views..." dialog defines the order in which views will be cycled through using the keyboard shortcuts Shift + Page Up and Shift + Page Down. Thus, you can set up the views for easily switching between naked eye / finder scope / telescope views for easy star-hopping.

Furthermore, there is a new option in the View menu that enables mirroring the sky map so as to be able to match the view through an erecting prism used for example on a Schmidt-Cassegrain or Refracting type telescope.

The rotation feature overlay now also marks East in addition to north and zenith, so as to know easily whether the display is mirrored or not.

Blinking
Hy Murveit added a very useful Blinking feature to the FITS Viewer tool. This adds several ways to blink; that is, compare multiple images.

In Analyze, one can now move from one session to the next (forward or backward).
Keyboard shortcuts are provided for that.
Another set of keyboard shortcuts both advance and show the next image in the same FITS Viewer.
Thus, for example, one can advance through all the captured images of the evening, showing all the captures on the FITS Viewer by repeating a keyboard shortcut.
A useful complement to this might be adding the ability to delete bad captures, but for now that will have to wait for a rainy day.

In the FITS Viewer, the Open File menu command (both in the main KStars top menu, and in the FITS Viewer menu) now allows multiple files to be selected. If they are then the files are opened in individual tabs.
Shift-selecting would select files from the first to the shift-clicked file. Clearly one wouldn't want to select 100 files resulting in 100 tabs, but this can be used to, e.g. compare 10 images.
Going along with the above, keyboard shortcuts have been added to move to the next or previous FITS Viewer tab, Also helpful to the above is a new command to zoom in/out all tabs (not just the current one).
There is a new Blink Directory menu command (in both menus, as above) which will open a single tab with a list of all the images below the directory selected (that is, both in that directory, and in directories below it). It initially displays the first image, but new commands work in that tab to switch to displaying the next (or previous) image file in the list. This could be used to blink hundreds of files.

Sky Flats
Dušan Poizl added an option to capturing sky flats. When shooting flats at sky it often end up in never-ending loop of adjusting exposure because intensity of light change and calculation of exposure break down. Adjust the tolerance to 2000 ADU to higher for a better chance at capturing sky flats.
Scheduler Refactor
Wolfgang Reissenberger continues with his work on Separating Business Logic from UI in Scheduler. Over the years the Scheduler has grown to one of the most complex classes. With this release we refactored the Scheduler class and separated the UI from the underlying state model and its business logic. This opens the door for future development of new scheduling features and a much modular approach towards more flexible sequencing approaches.
Standalone Editor
To add any job to the scheduler, you need at minimum the following:

1. Target
2. Sequence File

The sequence file contains all your sequence settings (e.g. Capture 20x15 LRGB images). To create this file, you first need to add sequence job in the Capture module and then save the corresponding sequence. While this facilitates re-usability across different sessions, some users wanted to create sequence on-the-fly in the scheduler.



Hy Murveit developed the standalone sequence editor in the scheduler module where it relies on settings saved from your last astrophotography session. Now it's easier than ever to plan scheduler jobs without having Ekos or your equipment profile running!
   

When using Qt Quick Layouts, it is necessary for the user to specify the attached properties Layout.fillWidth or Layout.fillHeight to stretch a child component. This process can become cumbersome as more components require it. Inline components may serve as an alternative, but they may not be as effective when dealing with different component types. To tackle these challenges, the size policy feature has been introduced in Qt Quick Controls in version 6.7 (under tech preview), mirroring similar functionality found in widgets.

Drupal is pretty expensive to host and maintain. There is already work well under way to address this with automatic updates and project browser. It’s great, and it’s not enough. What if we could ship drupal with a production-ready webserver that can handle real-time features? What if we could make HTTPS certificate management easier? What if we could significantly improve the performance of Drupal?

Exactly 2 years ago I started to talk about how can drupal scale down and in 2 years things have changed! Last week I attended the very interesting (and well organized) Drupalcamp Rennes 2024 where I saw Kévin Dunglas give a talk about FrankenPHP: The Modern PHP App Server, written in Go. Turns out the last two point on my “drupal scale down” have a solution: it can replace apache/php-fpm and be distributed as a single executable. I haven’t tested it yet, it’s possible to bundle server and application code to ship everything in one executable.

Drupal has always been about giving people more power than they expect (or even want in some cases…). On the content management side of things we’re very, very advanced, even if some interfaces and interactions can look and feel a bit dated. Defining content types, creating custom fields, workflows, content listing, layouts, decoupled, media library, and more we’ve been doing that for a long time, we have a very wide range of modules for practically any use case you can think of. And the vast majority of the modules work together without conflicts, and they’re all free.

What I would like to see is Drupal using FrankenPHP in the worker mode as the default way to put Drupal on production. This will make it possible to host Drupal more easily. Hook the included webserver to a startup/monitoring script (we’ll give examples) and you’re ready to serve the website. No need to install apache, nginx, or even PHP!

Now you can use the server to power your real-time features, without having to write or maintain a separate nodejs server, all in PHP. If we make sure Drupal can work in the worker mode, there won’t be a performance issue for this either. Without doing anything you’ll get a performance boost for all your users thanks to early hints, your CSS and JS will start loading before the HTML even arrives from the server. To get there we need a few steps:

1. Create a configuration file suited to Drupal: #3437187: Add Caddyfile configuration
2. Include FrankenPHP as a webserver option in DDEV: Feature request: FrankenPHP Support #5655
3. Add a FrankenPHP runner to the gitlab testbots: #3438767: Support FrankenPHP as a webserver
4. At this point if Drupal tests pass we’re ready to go, with a bonus step to increase performance.
5. Bonus make Drupal work in the “worker mode”: #2218651: [meta] Make Drupal compatible with persistent app servers like ReactPHP, PHP-PM, PHPFastCGI, FrankenPHP, Swoole
6. Implement early hints for CSS/JS assets in Drupal (issue to be open, proof of concept in the caddyfile issue)

Right now I need help making the DDEV integration work well with the recommended version of FrankenPHP, and making this available to the Drupal testbot. If you have a Drupal website using DDEV you can already try it out with ddev get theodoreb/ddev-frankenphp-drupal && ddev restart and it should mostly work (with some https problems for now). I would love to know what you think, leave a comment or let’s chat in #drupal slack.

If you’re interested in sponsoring me to work on this or other Drupal things, that would be great!

Let’s go for my web review for the week 2024-14. I will be vacationing next week, so I might skip next week post. We’ll see.

German state moving 30,000 PCs to LibreOffice

Tags: tech, foss

Well done LibreOffice! I’d love to see many more announcements like this one.

https://blog.documentfoundation.org/blog/2024/04/04/german-state-moving-30000-pcs-to-libreoffice/

oss-security - backdoor in upstream xz/liblzma leading to ssh server compromise

Tags: tech, ssh, security, supply-chain

Good analysis of the backdoor recently discovered in xz. Really a bad situation. Luckily it was probably detected before it could do any real damage. What’s especially striking is the amount of patience it required, it’s really been put in place over a long stretch of time to reduce chances of detection.

https://www.openwall.com/lists/oss-security/2024/03/29/4

A Microcosm of the interactions in Open Source projects

Tags: tech, foss, community, security

Excellent post showing unhealthy consumer/maintainer dynamics in FOSS projects. This particular example was instrumental in getting the xz backdoor in place.

https://robmensching.com/blog/posts/2024/03/30/a-microcosm-of-the-interactions-in-open-source-projects/

Bullying in Open Source Software Is a Massive Security Vulnerability

Tags: tech, foss, security, burnout

You think the xz vulnerability was a one time event? Think again, this kind of bullying with ulterior motives happen regularly to critical projects.

https://www.404media.co/xz-backdoor-bullying-in-open-source-software-is-a-massive-security-vulnerability/

OSQI

Tags: tech, foss, sustainability, quality, security

Definitely a good idea, we’d need several such institutes across the world. Would governments be willing to try this?

https://www.tbray.org/ongoing/When/202x/2024/04/01/OSQI

Keeping your data from Apple is harder than expected | Aalto University

Tags: tech, apple, privacy

Can we let the myth of Apple being a proper steward with data privacy to rest please? I don’t know why people took their claims for granted to start… with so much opacity, it’s not a claim you could trust.

https://www.aalto.fi/en/news/keeping-your-data-from-apple-is-harder-than-expected

A ‘Law Firm’ of AI Generated Lawyers Is Sending Fake Threats as an SEO Scam

Tags: tech, ai, machine-learning, gpt, scam

AI supercharged scam. I guess we’ll see more of those.

https://www.404media.co/a-law-firm-of-ai-generated-lawyers-is-sending-fake-threats-as-an-seo-scam/

AI bots hallucinate software packages and devs download them • The Register

Tags: tech, ai, machine-learning, copilot, gpt, security, supply-chain

You should be mindful of the dependencies you add. Even more so when the name of the dependency has been proposed by a coding assistant.

https://www.theregister.com/2024/03/28/ai_bots_hallucinate_software_packages/

Towards 1-bit Machine Learning Models

Tags: tech, ai, machine-learning, power, energy

Smaller models with smarter architectures and low-bit quantized models are two venues for more efficient use. I’m really curious how far they’ll go. This article focuses on low-bit quantized models and the prospects are interesting.

https://mobiusml.github.io/1bit_blog/

LLaMA Now Goes Faster on CPUs

Tags: tech, ai, machine-learning, gpt, llama, optimization, performance, cpu

Excellent work to improve Llama execution speed on CPU. It probably has all the tricks of the trade to accelerate this compute kernel.

https://justine.lol/matmul/

Zoomer Tries RSS: In Praise of Yarr - tudor’s website

Tags: tech, rss, social-media

More people turning to RSS as a substitute for social media. There’s hope.

https://tudorr.ro/blog/zoomer-tries-rss/

KDE6 release: D-Bus and Polkit Galore | SUSE Security Team Blog

Tags: tech, processes, dbus, kde, security

Interesting article, shows quite well the complexities of D-Bus and Polkit. Unsurprisingly such complexity easily leads to mistakes which can compromise security. This then hints to interesting things to keep in mind when you have to deal with D-Bus and Polkit.

https://security.opensuse.org/2024/04/02/kde6-dbus-polkit.html

NTP Pool - The Internet Timekeeper | RIPE Labs

Tags: tech, ntp, dns, time

Fascinating article which explores the behavior of the NTP Pool. If you wondered how it gives you an NTP server to query, you’ll know the answer. It also covers the consequences of its restrictive approach. This even raises security concerns. Still even though it’s not perfect this keeps being an essential service mostly run by volunteers.

https://labs.ripe.net/author/giovane_moura/ntp-pool-the-internet-timekeeper/

Fast Development In Rust, Part One

Tags: tech, rust, performance, refactoring, type-systems, memory

Nice balanced view on some of Rust characteristics. This is much less naive than some of the “Rust is great” posts out there.

https://blog.sdf.com/p/fast-development-in-rust-part-one

On Garbage Collection

Tags: tech, memory, system

This is indeed a more interesting way to perceive garbage collection. This also lead to proper questions to explore on the topic.

https://xorvoid.com/on_garbage_collection.html

Optimizing SQLite for servers

Tags: tech, databases, sqlite, server, performance, complexity

With some tuning SQLite can go a long way, even for server type workloads. There are still a few caveats but in some case this can reduce complexity and cost quite a bit.

https://kerkour.com/sqlite-for-servers

Enforcing conventions in Django projects with introspection - lukeplant.me.uk

Tags: tech, craftsmanship, developer-experience, django, python

Another example of enforcing conventions using automated checks. This time using Python and Django tricks.

https://lukeplant.me.uk/blog/posts/enforcing-conventions-in-django-projects-with-introspection/

A proposal to add signals to JavaScript.

Tags: tech, javascript, web, frontend

A proposal for data bindings as first class citizens in JavaScript? This could be a good thing indeed.

https://github.com/proposal-signals/proposal-signals

Git as debugging tool - Lucas Seiki Oshiro

Tags: tech, git, version-control

Or why a clean commit history can help quite a lot to find how and why a bug was introduced. This shows a few nice tricks around git log to speed up the process.

https://lucasoshiro.github.io/posts-en/2023-02-13-git-debug/

Improvements to static analysis in the GCC 14 compiler | Red Hat Developer

Tags: tech, c, memory, static-analyzer, compiler

Improved static analysis for C straight from GCC. This is definitely welcome.

https://developers.redhat.com/articles/2024/04/03/improvements-static-analysis-gcc-14-compiler#

On Invariance and Inconsistency

Tags: tech, programming, safety, logic, mathematics

On the importance of invariants and consistent requirements in our trade. Admittedly it’s a long demonstration but it show the point well.

https://www.hansdieterhiep.nl/blog/on-invariance-and-inconsistency/

TDD’s Missing Skill: Behavioral Composition - by Kent Beck

Tags: tech, tests, tdd, design

This is indeed too often overlooked. Producing a test list and picking the tests in the right order is definitely a crucial skill to practice TDD. It goes hand in hand with software design skills.

https://tidyfirst.substack.com/p/tdds-missing-skill-behavioral-composition

Basic Things

Tags: tech, organization, community, craftsmanship

Lots of good advices of course. It goes a long way to improve the quality of the project and the ease to on-board people. This is quite some initial work though.

https://matklad.github.io/2024/03/22/basic-things.html

Programming Apprenticeships

Tags: tech, teaching, learning, pairing

Funny experiment. This shows what you can achieve in terms of teaching and learning during pair programming setups. Shadowing someone is a powerful approach.

https://two-wrongs.com/programming-apprenticeships.html

Mentorship, coaching, sponsorship: three different — and equally important — tools for developing talent - Jacob Kaplan-Moss

Tags: management, coaching, mentoring

This is a nice way to frame the three activities. They help people progress but in different ways.

https://jacobian.org/2024/apr/1/mentorship-coaching-sponsorship/

Ping Me, Please!

Tags: tech, remote-working, asynchronous, communication

When you’re distributed, this is all about asynchronous communication. You can’t walk to a person desk (and you should probably avoid it anyway if colocated).

https://www.yegor256.com/2024/04/01/ping-me-please.html

Bye for now!

With the Qt WebEngine module, Qt makes it possible to embed a webview component inside an otherwise native application. Under the hood, Qt WebEngine uses the Chromium browser engine, currently the de facto standard engine for such use cases.

While the task of writing a brand new standard-compliant browser engine is infamous as being almost unachievable nowadays (and certainly so with Chromium coming in at 31 million lines of code), the Rust ecosystem has been brewing up a new web rendering engine called Servo. Initially created by Mozilla in 2012, Servo is still being developed today, now under the stewardship of the Linux Foundation.

With the browser inherently being exposed to the internet, it is usually the biggest attack vector on a system. Naturally this makes Servo very attractive as an alternative browser engine, given that it is written in a memory-safe language.

A Servo WebView

At KDAB we managed to embed the Servo web engine inside Qt, by using our CXX-Qt library as a bridge between Rust and C++. This means that we can now use Servo as an alternative to Chromium for webviews in Qt applications.

From a QML perspective this component is similar to the Chromium WebView, such as providing canGoBack, canGoForward, loading, title, url properties and goBack, goForward methods. The QML item itself acts in the same way with the contents being rendered to match its size.

import QtQuick import QtQuick.Window import com.kdab.servo Window { height: 720 width: 1280 title: webView.title visible: true ServoWebView { id: webView anchors.fill: parent url: "https://servo.org/" } }

The screenshot below shows a basic QML application with a toolbar containing back, forward, go buttons and an address bar. We use CXX-Qt to define Qt properties, invokables, and event handlers (e.g. touch events) in Rust and trigger events in the Servo engine. Then any update requests from Servo can trigger an update of the Qt side via the Qt event loop.

As we move towards stabilising CXX-Qt at KDAB, investigating real world use cases, such as exposing Servo to Qt, allows us to identify potential missing functionality and explore what is possible when joining the Rust and Qt ecosystems together.

Technical details

Under the hood most of the heavy lifting is done by our CXX-Qt bindings, which already bridges the obvious gap between the Rust and Qt/C++ worlds. However, some further glue is needed to connect the rendering contexts of Servo to being able to render the surfaces into the actual Qt application. Internally, Servo uses surfman, a Rust library to manage rendering surfaces. At the time of writing, surfman supports OpenGL and Metal, with support for Vulkan being planned.

We use surfman to create a new OpenGL context, that Servo then uses for rendering. To render the result into the QtQuick scene, we borrow the surface from Servo, create a new framebuffer object and blit the framebuffer into a QQuickFrameBufferObject on the Qt side.

Future possibilities

Servo development is active again after a period of less activity, therefore the API is evolving and there is work to improve the API for embedders. This could result in a simpler and documented process for integrating Servo into apps. Also as part of the Tauri and Servo collaboration, a backend for WRY could become available. All of these result in many possible changes for the bridge to Qt, as currently this demo directly constructs Servo components (similar to servoshell) but could instead use a shared library or WRY instead.

On the Qt side, there are areas that could be improved or investigated further. For example, currently we are using a framebuffer object which forces use of the OpenGL backend, but with RHI, developers might want to use other backends. A way to solve this for QML would be to change the implementation to instead use a custom Qt Scene Graph node, which can then have implementations for Vulkan, OpenGL etc and read from the Servo engine.

Alternatively Qt 6.7 has introduced a new QQuickRhiItem element, which is currently a technical preview, but can be used as a rendering API-agnostic alternative to QQuickFrameBufferObject.

If this sounds interesting to your use case or you would like to collaborate with us, the code for this tech demo is available on GitHub under KDABLabs/cxx-qt-servo-webview or contact KDAB directly. We also have a Zulip chat if you want to discuss any parts of bridging Servo or CXX-Qt with us.

Come and see us at Embedded World 2024 where we will have the Servo demo and others on display!

 

The post Embedding the Servo Web Engine in Qt appeared first on KDAB.

For those of you who usually read my blog, it's no news that I dabble with the content management system Drupal. This website is built on Drupal, as well as many of my other websites such as Alla Talar Svenska or the podcast platform Voffor Då Då. Drupal is more or less a Swiss Army knife when it comes to building different kinds of solutions, and behind it is an open-source community that ensures its development and maintenance.

A community that also has a sense of humor. Which is evident when there's a bunch of add-on modules that are more or less made for fun, or to have fun. Here's a dozen of such add-on modules and a brief explanation of what they do.

Pirate

International Talk Like a Pirate Day is a parody holiday created in 1995 by John Baur and Mark Summers. When the 19th of September, which is the special holiday International Talk Like a Pirate Day, arrives, the text on your website changes to pirate talk. A simple text filter in this module makes the magic happen - but only once a year.

Read more and find the module at https://www.drupal.org/project/pirate

Thanos

How's your Marvel knowledge? Do you remember the purple supervillain Thanos who had a mission to ensure the universe's survival - by simply removing 50% of all living beings? This module has the same mission. Kind of. It removes half of your uploaded files. Randomly. Every now and then. Really makes you feel alive, doesn't it?

Read more and find the module at https://www.drupal.org/project/thanos

Christmas lights

Colorful lights hanging from the top of your webpage? Absolutely! And you don't have to feel restricted to Christmas time when setting the dates for when the lights should be displayed - you can simply choose to have them shown from January 1st to December 31st. So you'll always have a bit of Christmas spirit on your website!

Read more and find the module at https://www.drupal.org/project/christmas_lights

Christmas snow

And while you're hanging up the Christmas lights - why not install this module to have a lovely snowfall on your website. "Man it doesn't show signs of stopping, and I brought me some corn for popping, the lights are turned way down low. Let it snow! Let it snow!"

Read more and find the module at https://www.drupal.org/project/christmas_snow

Nyan cat

Every now and then you do things in the Drupal interface that triggers a progress indicator to appear, so you can see, in a user-friendly way, that something is happening. That indicator isn't the sexiest in the world, needless to say. But now you can fix that. With this module, you'll see Nyan cat count up from 0 to 100%. And you'll get the song too! Not bad! Not bad at all!

Read more and find the module at https://www.drupal.org/project/nyan

Konami code

I grew up with a Nintendo 8-bit game console and through the game manufacturer Konami, the Konami code became part of popular culture. You know, you pressed UP UP DOWN DOWN LEFT RIGHT LEFT RIGHT B A and you got more lives, or better weapons, or could become invisible, or something else that made the game a bit easier. This code has found its way into various places, and through this module, you can make different things happen on your website. Such as flipping the text on the page, randomly changing images, sending the visitor to a new web address - or why not have dinosaurs running around on the screen like in Jurassic Park?

Read more and find the module at https://www.drupal.org/project/konamicode

Fun modules for Drupal 7

In 2011, version 7 of Drupal was released and became a favorite among many web developers. That version became so big that its End of Life has been prolonged many times. You could almost say that Drupal 7 is Drupal's version of Windows XP. However, it should be noted that the later versions of Drupal are so much better, so those of you who are still on version 7 - upgrade! But before you do that, you can try out these fun modules, which only work in Drupal 7!

dRuPaul

The fashion model, actor, and drag queen Ru Paul is not entirely unknown, and if you feel like you want more Ru Paul, by activating this module, you can ensure that images are replaced with an animated GIF, provided that the fields for the image use Field API, which is highly likely that they do. Extra credit to the module's maintainer who has one of the funniest project descriptions I've seen on drupal.org.

Read more and test it out at https://www.drupal.org/project/drupaul

Malkovichification

Have you seen "Being John Malkovich"? Then you probably already understand what this module does to your website. It replaces every single word with Malkovich, and then it's Malkovich Malkovich Malkovich, Malkovich Malkovich. Malkovich Malkovich Malkovich Malkovich Malkovich, Malkovich Malkovich Malkovich; Malkovich Malkovich! Malkovich!!!

Read more and test it out at https://www.drupal.org/project/malkovichification

Little helper

Do you remember the Microsoft Office assistant Clippy? Of course you do. That little creature has eternal life through its annoying way of popping up and absolutely not helping in any constructive way! Now you can have the same functionality in Drupal ( 7)! Install, lean back, and look forward to getting annoyed!

Read more and test it out at https://www.drupal.org/project/little_helper

Beer o'clock

When is it time to crack open the beer? With the help of this module, you can easily have a webpage that simply tells you when it's "beer o'clock."

Read more and test it out at https://www.drupal.org/project/beer_o_clock

Lebowski

Another wonderful movie is "The Big Lebowski". This module sends out lovely quotes from the movie. A way to get a little encouraged when visiting your website!

Read more and test it out at https://www.drupal.org/project/lebowski

Cornify

Who doesn't like unicorns and rainbows? Answer: Nobody! This module uses the service cornify.com/ and with a simple click, you'll flood your website with unicorns, pink colors, rainbows, and all sorts of other fun stuff. Highly recommended!

Read more and test it out at https://www.drupal.org/project/cornify_block

Are there more?

Here you have a selection of fun modules for Drupal, both modern versions as well as for Drupal 7. I hope they can brighten up your and your visitors' day a bit. Have I missed your personal favorite? Write in the comments section, it's always fun to get new tips!

For those of you who usually read my blog, it's no news that I dabble with the content management system Drupal. This website is built on Drupal, as well as many of my other websites such as Alla Talar Svenska or the podcast platform Voffor Då Då. Drupal is more or less a Swiss Army knife when it comes to building different kinds of solutions, and behind it is an open-source community that ensures its development and maintenance.

A community that also has a sense of humor. Which is evident when there's a bunch of add-on modules that are more or less made for fun, or to have fun. Here's a dozen of such add-on modules and a brief explanation of what they do.

Pirate

International Talk Like a Pirate Day is a parody holiday created in 1995 by John Baur and Mark Summers. When the 19th of September, which is the special holiday International Talk Like a Pirate Day, arrives, the text on your website changes to pirate talk. A simple text filter in this module makes the magic happen - but only once a year.

Read more and find the module at https://www.drupal.org/project/pirate

Thanos

How's your Marvel knowledge? Do you remember the purple supervillain Thanos who had a mission to ensure the universe's survival - by simply removing 50% of all living beings? This module has the same mission. Kind of. It removes half of your uploaded files. Randomly. Every now and then. Really makes you feel alive, doesn't it?

Read more and find the module at https://www.drupal.org/project/thanos

Christmas lights

Colorful lights hanging from the top of your webpage? Absolutely! And you don't have to feel restricted to Christmas time when setting the dates for when the lights should be displayed - you can simply choose to have them shown from January 1st to December 31st. So you'll always have a bit of Christmas spirit on your website!

Read more and find the module at https://www.drupal.org/project/christmas_lights

Christmas snow

And while you're hanging up the Christmas lights - why not install this module to have a lovely snowfall on your website. "Man it doesn't show signs of stopping, and I brought me some corn for popping, the lights are turned way down low. Let it snow! Let it snow!"

Read more and find the module at https://www.drupal.org/project/christmas_snow

Nyan cat

Every now and then you do things in the Drupal interface that triggers a progress indicator to appear, so you can see, in a user-friendly way, that something is happening. That indicator isn't the sexiest in the world, needless to say. But now you can fix that. With this module, you'll see Nyan cat count up from 0 to 100%. And you'll get the song too! Not bad! Not bad at all!

Read more and find the module at https://www.drupal.org/project/nyan

Konami code

I grew up with a Nintendo 8-bit game console and through the game manufacturer Konami, the Konami code became part of popular culture. You know, you pressed UP UP DOWN DOWN LEFT RIGHT LEFT RIGHT B A and you got more lives, or better weapons, or could become invisible, or something else that made the game a bit easier. This code has found its way into various places, and through this module, you can make different things happen on your website. Such as flipping the text on the page, randomly changing images, sending the visitor to a new web address - or why not have dinosaurs running around on the screen like in Jurassic Park?

Read more and find the module at https://www.drupal.org/project/konamicode

Fun modules for Drupal 7

In 2011, version 7 of Drupal was released and became a favorite among many web developers. That version became so big that its End of Life has been prolonged many times. You could almost say that Drupal 7 is Drupal's version of Windows XP. However, it should be noted that the later versions of Drupal are so much better, so those of you who are still on version 7 - upgrade! But before you do that, you can try out these fun modules, which only work in Drupal 7!

dRuPaul

The fashion model, actor, and drag queen Ru Paul is not entirely unknown, and if you feel like you want more Ru Paul, by activating this module, you can ensure that images are replaced with an animated GIF, provided that the fields for the image use Field API, which is highly likely that they do. Extra credit to the module's maintainer who has one of the funniest project descriptions I've seen on drupal.org.

Read more and test it out at https://www.drupal.org/project/drupaul

Malkovichification

Have you seen "Being John Malkovich"? Then you probably already understand what this module does to your website. It replaces every single word with Malkovich, and then it's Malkovich Malkovich Malkovich, Malkovich Malkovich. Malkovich Malkovich Malkovich Malkovich Malkovich, Malkovich Malkovich Malkovich; Malkovich Malkovich! Malkovich!!!

Read more and test it out at https://www.drupal.org/project/malkovichification

Little helper

Do you remember the Microsoft Office assistant Clippy? Of course you do. That little creature has eternal life through its annoying way of popping up and absolutely not helping in any constructive way! Now you can have the same functionality in Drupal ( 7)! Install, lean back, and look forward to getting annoyed!

Read more and test it out at https://www.drupal.org/project/little_helper

Beer o'clock

When is it time to crack open the beer? With the help of this module, you can easily have a webpage that simply tells you when it's "beer o'clock."

Read more and test it out at https://www.drupal.org/project/beer_o_clock

Lebowski

Another wonderful movie is "The Big Lebowski". This module sends out lovely quotes from the movie. A way to get a little encouraged when visiting your website!

Read more and test it out at https://www.drupal.org/project/lebowski

Cornify

Who doesn't like unicorns and rainbows? Answer: Nobody! This module uses the service cornify.com/ and with a simple click, you'll flood your website with unicorns, pink colors, rainbows, and all sorts of other fun stuff. Highly recommended!

Read more and test it out at https://www.drupal.org/project/cornify_block

Are there more?

Here you have a selection of fun modules for Drupal, both modern versions as well as for Drupal 7. I hope they can brighten up your and your visitors' day a bit. Have I missed your personal favorite? Write in the comments section, it's always fun to get new tips!

Ming Quah at DrupalSouth 2024 Ming’s DrupalSouth 2024 presentation was on Day 2 of the event. The session gave attendees an overview of the NIST domains and showed what Drupal developers and DevOps specialists should do to comply with the NIST CSF. The framework was analysed in the context of seven key layers for Drupal security. View the presentation description on DrupalSouth website

Suchi Garg at DrupalSouth 2024 Suchi’s workshop at DrupalSouth 2024 on Day 2 prepared first-time contributors for the code sprint. The session focused on the dynamics of mentored contribution and explored the benefits and types of contribution, tooling and documentation, and more. View the presentation description on the DrupalSouth website

Gaurav Garg and Govind Kumar Malu at DrupalSouth 2024 Gauravg and Govind’s session was on Day 2 of DrupalSouth 2024 and took attendees through Drupal testing using Cypress and automation. The session showcased practical examples that illustrate how Cypress commands interact with Drupal sites. Attendees learned strategies for executing tests, analysing results and maintaining synchronisation between evolving Drupal applications and the test suite.   View the presentation description on the DrupalSouth website

Steve Worley at DrupalSouth 2024 Steve’s second session at DrupalSouth 2024 (Day 2) was as a co-presenter with Joseph Zhao from GovCMS. They took attendees through how they test and ensure that government websites are strong, safe and easy to use. The presentation also covered practical testing methods and tools that will help government agencies deliver high-quality digital services. View the presentation description on the DrupalSouth website

Amey Mudras and Govind Kumar Malu at DrupalSouth 2024 Amey and Govind’s session at DrupalSouth 2024 focused on simplifying the complex web of structures in Drupal and explored how consolidating components into a single directory can be a game-changer for projects. Attendees left the session armed with practical insights that can be immediately applied to enhance their Drupal projects. View the presentation description on the DrupalSouth website

Recently news went around about explicit sync being merged into Wayland protocols, and in the wake of that I saw a lot of people having questions about it, and why it was such a big deal… So here’s a short-ish explanation of what it is, why it’s needed and what the benefits are over the old model.

Why is synchronization needed?

When applications “render” things, that rendering doesn’t happen immediately. Instead, they effectively record a list of commands with OpenGL or Vulkan for the GPU to execute, and that list then gets handed to the GPU to execute at its own pace.

This is needed for performance reasons: If the CPU had to wait for the GPU to execute each command one by one, both CPU and GPU would often sit around, doing nothing except waiting for the other one to finish its task. By executing commands on the GPU while the CPU does other things, like preparing new commands for the GPU, both can do a lot more work in the same time.

However, in practice, rendering commands don’t stand alone on their own. You might be running one task to render an image, and another one to process the result into something else, or to read it back to the CPU, so that it can be saved as a file on disk. If you do that without synchronization, you might be reading from the image in the middle of rendering, or even before the GPU has started to work on the buffer at all.

The “old” model: Implicit sync

Traditionally with graphics APIs like OpenGL, the necessary synchronization has been done implicitly, without the application’s involvement. This means that the kernel and/or the userspace graphics driver look at the commands the application is sending to the GPU, check which images the commands are using, which previous tasks have to be completed before it, and potentially make the application wait until the dependencies of the commands it wants to execute are resolved.

The so-called dma buffer infrastructure that the Linux graphics stack uses for exchanging images between applications - like Wayland apps and the compositor - also uses the same model. When the render commands from the compositor try to read from an app’s buffer, the kernel will delay the command’s execution until the app has completed its rendering to the buffer.

This model makes it easy for application developers to write correctly working applications, but it can also cause issues. The most relevant of them for Wayland is that the application isn’t aware of which tasks it’s synchronizing to, and it can happen that you accidentally and unknowingly synchronize to GPU commands that don’t have any relevance to your task.

This has been a problem that Wayland compositors have been affected by for a long time: When presenting application images to the screen, compositors picked the latest image that the application has provided, which could still have GPU tasks running on it, instead of an earlier image that’s actually ready for presentation. This meant that sometimes presentation was delayed by the kernel, and you’d see a frame be dropped entirely, instead of just a slightly older image. This issue has been solved for most compositors in the last two years using what’s effectively explicit sync through a backdoor; I won’t explain the details of that here, but you can read Michel Dänzer’s blog post about it instead.

The “new” model: Explicit sync

The name already suggests exactly what it does: Instead of the driver or the kernel doing potentially unexpected things in the background, the application explicitly tells the relevant components (driver / kernel / compositor / other apps) when rendering is complete and what tasks to synchronize to in the first place, using various synchronization primitives.

On the application side, explicit sync is used in Vulkan, and the Wayland protocol specifically is used internally by OpenGL and Vulkan drivers to synchronize with the Wayland compositor.

This explicit way of synchronizing GPU commands doesn’t just help avoid accidental synchronizations, it also helps improve performance by reducing the work drivers have to do. Instead of having to figure out the dependencies of tasks from a relatively opaque list of commands, apps just tell them directly.

An important thing to mention here is that we already had a protocol for explicit sync, zwp_linux_explicit_synchronization_unstable_v1, but it shared a limitation with implicit sync: In order to get a synchronization primitive, it still required the GPU commands to be first submitted to the kernel. The new protocol in contrast allows to create and share synchronization primitives without submitting work to the GPU first, which - at least in theory - will allow applications to squeeze a little bit more performance out of your hardware in the future.

Do keep in mind though that these performance improvements are minor. While there may be some special cases where implicit sync between app and compositor was the bottleneck before, you’re unlikely to notice the individual difference between implicit and explicit sync at all.

Why the big fuzz then?

If we already have “explicit sync through a backdoor”, and explicit sync doesn’t bring major performance improvements for everyone, why is it such big news then?

The answer is simple: The proprietary NVidia driver doesn’t support implicit sync at all, and neither commonly used compositors nor the NVidia driver support the first explicit sync protocol, which means on Wayland you get significant flickering and frame pacing issues. The driver also ships with some workarounds, but they don’t exactly fix the problem either:

• it delays Wayland commits until rendering is completed, but it goes against how graphics APIs work on Wayland and can cause serious issues, even crash apps in extreme cases
• it delays X11 presentation until rendering is completed, but as Xwayland copies window contents sometimes, that still often causes glitches if Xwayland is also using the NVidia GPU for those copies

There’s been a lot of discussions around the internet between people experiencing the issues constantly, and others not seeing any, and now you should know why it doesn’t seem to affect everyone: It’s not a deterministic “this doesn’t work” problem but a lack of synchronization, which means that a lot of factors - like the apps you use, the CPU and GPU you have, the driver version, the kernel, compositor and so on - decide whether or not you actually see the issue.

With the explicit sync protocol being implemented in compositors and very soon in Xwayland and the proprietary NVidia driver, all those problems will finally be a thing of the past, and the biggest remaining blocker for NVidia users to switch to Wayland will be gone.

The diffoscope maintainers are pleased to announce the release of diffoscope version 263. This version includes the following changes:

[ Chris Lamb ] * Add support for the zipdetails(1) tool included in the Perl distribution. Thanks to Larry Doolittle et al. for the pointer to this tool. * Don't use parenthesis within test "skipping…" messages; PyTest adds its own parenthesis, so we were ending up with double nested parens. * Fix the .epub tests after supporting zipdetails(1). * Update copyright years and debian/tests/control. [ FC (Fay) Stegerman ] * Fix MozillaZipContainer's monkeypatch after Python's zipfile module changed to detect potentially insecure overlapping entries within .zip files. (Closes: reproducible-builds/diffoscope#362)

You find out more by visiting the project homepage.

You’ve probably heard of the recent backdoor in xz. There have been a lot of takes on this, most of them boiling down to some version of:

The problem here is with Open Source Software.

I want to say not only is that view so myopic that it pushes towards the incorrect, but also it blinds us to more serious problems.

Now, I don’t pretend that there are no problems in the FLOSS community. There have been various pieces written about what this issue says about the FLOSS community (usually without actionable solutions). I’m not here to say those pieces are wrong. Just that there’s a bigger picture.

So with this xz issue, it may well be a state actor (aka “spy”) that added this malicious code to xz. We also know that proprietary software and systems can be vulnerable. For instance, a Twitter whistleblower revealed that Twitter employed Indian and Chinese spies, some knowingly. A recent report pointed to security lapses at Microsoft, including “preventable” lapses in security. According to the Wikipedia article on the SolarWinds attack was facilitated by various carelessness; including passwords being posted to Github and weak default passwords. They directly distributed malware-infested updates, encouraged customers to disable anti-malware tools when installing SolarWinds products, and so forth.

It would be naive indeed to assume that there aren’t black hat actors among the legions of programmers employed by companies that outsource work to low-cost countries — some of which have challenges with bribery.

So, given all this, we can’t really say the problem is Open Source. Maybe it’s more broad:

The problem here is with software.

Maybe that inches us closer, but is it really accurate? We have all heard of Boeing’s recent issues, which seem to have some element of root causes in corporate carelessness, cost-cutting, and outsourcing. That sounds rather similar to the SolarWinds issue, doesn’t it?

Well then, the problem is capitalism.

Maybe it has a role to play, but isn’t it a little too easy to just say “capitalism” and throw up our hands helplessly, just as some do with FLOSS as at the start of this article? After all, capitalism also brought us plenty of products of very high quality over the years. When we can point to successful, non-careless products — and I own some of them (for instance, my Framework laptop). We clearly haven’t reached the root cause yet.

And besides, what would you replace it with? All the major alternatives that have been tried have even stronger downsides. Maybe you replace it with “better regulated capitalism”, but that’s still capitalism.

Then the problem must be with consumers.

As this argument would go, it’s consumers’ buying patterns that drive problems. Buyers — individual and corporate — seek flashy features and low cost, prizing those over quality and security.

No doubt this is true in a lot of cases. Maybe greed or status-conscious societies foster it: Temu promises people to “shop like a billionaire”, and unloads on them cheap junk, which “all but guarantees that shipments from Temu containing products made with forced labor are entering the United States on a regular basis“.

But consumers are also people, and some fraction of them are quite capable of writing fantastic software, and in fact, do so.

So what we need is some way to seize control. Some way to do what is right, despite the pressures of consumers or corporations.

Ah yes, dear reader, you have been slogging through all these paragraphs and now realize I have been leading you to this:

Then the solution is Open Source.

Indeed. Faults and all, FLOSS is the most successful movement I know where people are bringing us back to the commons: working and volunteering for the common good, unleashing a thousand creative variants on a theme, iterating in every direction imaginable. We have FLOSS being vital parts of everything from $30 Raspberry Pis to space missions. It is brining education and communication to impoverished parts of the world. It lets everyone write and release software. And, unlike the SolarWinds and Twitter issues, it exposes both clever solutions and security flaws to the world.

If an authentication process in Windows got slower, we would all shrug and mutter “Microsoft” under our breath. Because, really, what else can we do? We have no agency with Windows.

If an authentication process in Linux gets slower, anybody that’s interested — anybody at all — can dive in and ask “why” and trace it down to root causes.

Some look at this and say “FLOSS is responsible for this mess.” I look at it and say, “this would be so much worse if it wasn’t FLOSS” — and experience backs me up on this.

FLOSS doesn’t prevent security issues itself.

What it does do is give capabilities to us all. The ability to investigate. Ability to fix. Yes, even the ability to break — and its cousin, the power to learn.

And, most rewarding, the ability to contribute.

We’re excited to announce the April 2024 release of the Python and Jupyter extensions for Visual Studio Code!

This release includes the following announcements:

• Improved debug config flow for Flask and Django
• Module and import analysis on Jupyter’s Run Dependent Cells with Pylance
• Hatch environment discovery
• Automatic environment selection for pipenv, pyenv, and Poetry projects
• Report Issue command improvements

If you’re interested, you can check the full list of improvements in our changelogs for the Python, Jupyter and Pylance extensions.

Improved debug config flow for Flask and Django

Creating launch configurations for Flask and Django apps just got easier! Improvements have been made to detect possible startup files in your workspace when creating a launch.json for your web app. For Django, the Python Debugger extension looks for manage.py or app.py files in the root or a subdirectory one level lower in your workspace. For Flask, the extension looks for wsgi.py, app.py, or init.py files that contain the declaration of a Flask application (for example, app = Flask()). If none of those files are not found in the project, the dropdown shows a Default option for the corresponding project type, even though that file may not be present.

In the case your file was not detected, you can enter the file path directly or browse other files in your directory.

Module and import analysis on Jupyter’s Run Dependent Cells with Pylance

Dependency analysis for Jupyter cells has improved with the latest Pylance pre-release. With these changes, Pylance aids Jupyter in understanding module imports, which is especially useful when you have a cell that imports a module that was defined in a previous cell.

To enable this feature, install the latest Pylance pre-release in VS Code Insiders, and enable the jupyter.executionAnalysis.enabled and notebook.consolidatedRunButton settings.

Hatch environment discovery

Hatch environments are now discovered and activated, by default, similar to other common environments, such as Venv, Conda, and Poetry. Furthermore, in the case of Hatch where an explicit environment identifier is not registered, the extension is able to determine the environment type (Hatch) from the environment locator.

Automatic environment selection for pipenv, pyenv, and Poetry projects

If your workspace contains a pipenv, pyenv, or Poetry environment, the corresponding environment is now automatically selected for your workspace. Previously, the extension correctly discovered these environments, but selected the default global interpreter, requiring you to manually select the appropriate environment for your workspace. Now, the Python extension infers the default environment based on its presence and any corresponding configuration files. For example, in the case of pyenv, the extension looks at the .python-version file to automatically select the appropriate interpreter for the workspace.

Report Issue command improvements

The Python and Python Debugger extensions have adopted changes making it easier for you to report issues to our repos! Filing an issue with the Report Issue command (workbench.action.openIssueReporter) does most of the heavy lifting, prompting you for additional info so our team can efficiently triage the problem you are encountering.

To file an issue using the Report Issue command for @vscode-python or @vscode-python-debugger, choose Python or Python Debugger respectively from the extension dropdown.

Other Changes and Enhancements

We have also added small enhancements and fixed issues requested by users that should improve your experience working with Python and Jupyter Notebooks in Visual Studio Code. Some notable changes include:

• Better error messages when “Move to file” refactoring fails in @pylance-release#4345
• REPL Smart Send (python.REPL.enableREPLSmartSend) is now enabled by default

We would also like to extend special thanks to this month’s contributors:

• @bn-d Update minimum VS Code version in @vscode-black-formatter#445
• @flying-sheep Add support for Hatch environments in @vscode-python#22779

Call for Community Feedback

As we are planning and prioritizing future work, we value your feedback! Below are a few issues we would love feedback on:

• Design proposal for test coverage in (@vscode-python#22827)

Try out these new improvements by downloading the Python extension and the Jupyter extension from the Marketplace, or install them directly from the extensions view in Visual Studio Code (Ctrl + Shift + X or ⌘ + ⇧ + X). You can learn more about Python support in Visual Studio Code in the documentation. If you run into any problems or have suggestions, please file an issue on the Python VS Code GitHub page.

The post Python in Visual Studio Code – April 2024 Release appeared first on Python.

DrupalCamp New Jersey unites hundreds of attendees with varying professional backgrounds to share their knowledge, ideas, and passion for the Drupal project. My first DrupalCamp NJ was in 2023 and it was also my first experience of presenting at a conference! It was a nerve-wracking but fun experience—and since then I’ve delivered 9 conference presentations across Canada, the U.S., and France on topics like accessibility, caching, migrations, and discovery.

Fast forward to March 2024: I returned to DrupalCamp NJ to present another session and deliver training.  Eight of our team members piled into a minivan to make the 700 km road trip from Montreal to New Jersey. The event was held in Princeton University’s Robertson Hall—a stunning piece of architecture set in a beautiful plaza. We joined more than 150 participants for the three-day event, which featured 23 incredible talks and three days of training.

Read on for our highlights! Plus, learn what to expect from your first DrupalCamp.

 

Princeton University hosted DrupalCamp New Jersey, so we got to revisit our client’s stunning campus.
What We Presented

What Non-Developers Should Know About Content Migration

I co-presented this session with my colleague Marien Regnault, Drupal Developer. We shared insights that our team has gained from dozens of complex migrations over the years, including Drupal 7 to Drupal 10 migrations. We helped a non-technical audience understand the process at a high level with a focus on planning, preparation, dealing with common challenges, and collaborating with developers. 

Watch the talk. 

 

Harmonizing Creativity and Code: Collaboration in Design Systems

This session was delivered by my colleagues Bryenne Kay, UX/UI Designer and Robert Ngo, Solutions Architect. It looked at building and maintaining a design system from both a developer’s and designer’s perspective. Bryenne and Robert dived into creating libraries of reusable Single Directory Components (SDCs), streamlining workflows, and improving collaboration between teams. 

Watch the talk. 

 

Bryenne at her first ever DrupalCamp, waiting with Robert to begin their presentation on design systems. 

 

Use Drupal as No-Code Content Platform for Your Next(.js) Decoupled Project

Our Director of Technology, Simon Morvan, talked about the core principles of a decoupled Drupal architecture and why it improves performance, user experience, SEO, and security. He demonstrated that this approach doesn’t require back-end development, making Drupal a low-cost alternative to other no-code options like commercial cloud SaaS solutions. Simon used our collaboration with Planned Parenting Direct (PPD) as an example. Interestingly, the co-founder of Pantheon—which hosts the PPD website—was in the audience! This led to some interesting additional questions and answers at the end of the session. 

 

Revamp or Redesign: Navigating the Crossroads of Website Evolution

Evolving Web has a long-standing relationship with Princeton University, so I was delighted to co-present this session with the institution’s Assistant Director of Web & Digital Initiatives, John Cloys, along with Alex Dergachev, Co-Founder and Technical Lead at Evolving Web. We explored the ever-changing nature of the digital landscape, and addressed the challenge of deciding when to update your website, how, and how much.

Watch the talk. 

 

Drupal Site Building & Tools for Digital Asset Management

It was so much fun to deliver this training session with my colleague Marien and Acquia’s Senior Solutions Architect, Martin Anderson-Clutz. It was my first time providing training in-person since I started at Evolving Web, and I really enjoyed the advantages of being physically present; I was able to see people’s reactions and give more personal support than is possible over Zoom. The course gave participants a run-through of the Drupal site building process—including creating an information architecture in Drupal, and leveraging media management and Acquia DAM on top of Drupal. 
 

“This was my first DrupalCamp. It made me realize that the Drupal community isn’t just a source of modules I can use—it’s a community of people with common goals who collaborate with and support one another.”

– Marien Regnault, Drupal Developer, Evolving Web

What We Attended

Intermediate Drupal Front End Development 

Led by Ashraf Abed at DebugAcademy.com, this course shed light on some of the most powerful aspects of Drupal's front-end system, including render arrays, caching, and twig. It was fascinating to discover how powerful render arrays are for piling on properties all the way down the stack. We heard about useful tools like Twig Xdebug, which allows you to use Xdebug breakpoints with Twig templates. And we learned some best practices for security, such as only translating hardcoded strings to avoid exploits from user-generated content. 

Watch the talk. 

 

Navigating The Migration Landscape: Lessons Learned From Princeton University’s Migration of Over 1000 Drupal Websites To A Single Platform 

Led by Mandee Englert and Jill Moraca, this talk provided an impressive example of a highly complex migration and the planning, organization, and post-migration processes that made it a success. We left with plenty of useful ideas to implement and recommend to clients. 
 

Between sessions, our team enjoyed wandering around Princeton University’s beautiful campus in the sunny weather. 

 

Drupal be DAMed

Ray Saltini and David Hernandez explored key reasons and considerations for adopting a Digital Asset Management (DAM) solution. We really enjoyed their practical insights into preparing, optimizing, and scaling a DAM solution, as well as an exploration of alternatives. Overall, a DAM good session. 

Watch the talk. 

 

Protecting your site with Automatic Updates

We were excited to hear updates from Acquia’s Ted Bowman on his almost-complete work to bring automatic code updates to Drupal deployment. Ted  gave a refresher on the Automatic Updates module, including how to determine if your hosting is compatible and ensure your site is configured to run it securely. 

Watch the talk. 

 

See what you missed at DrupalCamp Florida 2024, too!

 

“It was my 9th visit to Drupalcamp NJ so one of the best parts is seeing old clients, collaborators, and dozens of other amazing Drupal community members who have become friends.”

– Alex Dergachev, Co-Founder & Technical Lead, Evolving Web 

What to Expect From Your First DrupalCamp

DrupalCamps are regional, community-driven events that foster innovation, collaboration, and skill enhancement within the Drupal ecosystem. Each has its own style and flow, but they all have consistent themes at their core:

1. Knowledge sharing. DrupalCamps are a great place to swap ideas, gain skills, and learn best practices. Sessions, workshops, and trainings provide more structured learning, but there’s also a treasure of wisdom to be found simply by chatting to fellow participants at lunch. Success stories and case studies also serve as valuable inspiration for future projects. 
2. Community building. DrupalCamps encourage professionals to connect, collaborate, and develop valuable relationships. The organizers emphasize inclusivity, welcoming the participation of diverse groups and finding ways to lower barriers and increase accessibility. 
3. Volunteerism. DrupalCamps are organized and run by volunteers, making them a sustainable model and a true reflection of the Drupal community’s interests and values. Volunteering opportunities are also a great opportunity to gain exposure and experience through speaking, training, or organizing. 
4. Collaboration. DrupalCamps often feature hackathons, collaborative workshops, and contributions days focused on improving open source projects such as Drupal core, modules, and themes. These activities foster team-work beyond the event, too. More than one Drupal initiative has started out as a conversation at a DrupalCamp or DrupalCon. 
5. Innovation. Participants are encouraged to collaboratively solve real-world problems, and informed about new technologies, trends, and challenges. It’s a chance to not only get ahead of the curve but also to help shape open source innovation. 
6. Feedback. DrupalCamps serve as platforms for gathering UX feedback on community-driven initiatives that support Drupal’s growth. As a Drupal user, this is an opportunity to ensure your needs and priorities are considered. 
7. Professional development. DrupalCamps are a friendly space where you can connect with potential employers, find mentorship, and gain insights from peers and experts. There are sessions where you can develop your technical, strategic, creative, and leadership skills. Also, volunteering to lead a session or workshop can help you gain industry exposure and carve out a niche. 

Interested in attending? Visit drupal.org to find a DrupalCamp near you. 

If you’re looking for an event that covers a wider variety of  topics, with fewer simultaneous talks, check out EvolveDrupal! This unique summit fosters open source innovation and digital transformation with sessions on technology, UX design, digital strategy, content, marketing, higher education, and much more. The next EvolveDrupal summit is taking place in Atlanta on April 12. We hope to see you there!

+ more awesome articles by Evolving Web