Feeds

Automatically show this month and next month in a perpetual calendar Anonymous (not verified) Tue, 12/03/2024 - 07:00 Tags Drupal CMS Website management ECA Drupal Planet

• Read more about Automatically show this month and next month in a perpetual calendar
• Add new comment

One of our clients is Programming Librarian, a site for librarians to plan educational programs. Programs, like many events, are often seasonal, oriented around holidays and seasonal activities.

The site has a block for each month of the year, containing content for that month. It has a custom field for the month number.

This blog expands on my DrupalCon Barcelona talk, which I managed to squeeze into a twenty-minute session slot. You can download a copy of my slides. Unfortunately, I could not dedicate enough time to the project and stepped down as the trial track lead. The Drupal CMS trial is no longer based on my WebAssembly work, and an ongoing process is being conducted to provide an official demo.

Dealing with errors and exceptional situations is a common requirement in programming. You can either prevent errors before they happen or handle errors after they’ve happened. In general, you’ll have two coding styles matching these strategies: look before you leap (LBYL), and easier to ask forgiveness than permission (EAFP), respectively. In this video course, you’ll dive into the questions and considerations surrounding LBYL vs EAFP in Python.

By learning about Python’s LBYL and EAFP coding styles, you’ll be able to decide which strategy and coding style to use when you’re dealing with errors in your code.

In this video course, you’ll learn how to:

• Use the LBYL and EAFP styles in your Python code
• Understand the pros and cons of LBYL vs EAFP
• Decide when to use either LBYL or EAFP

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

The Open Source community underpins much of today’s software innovation, but with this power comes responsibility. Security vulnerabilities, unclear licensing, and a lack of transparency in software components pose significant risks to software supply chains. Recognizing this challenge, GitHub recently announced the GitHub Secure Open Source Fund—a transformative initiative aimed at bolstering the security and sustainability of Open Source projects.

What is the Secure Open Source Fund?

Launched with a $1.25 million commitment from partners, the GitHub Secure Open Source Fund is designed to address a critical issue: the often-overlooked necessity of security for widely-used Open Source projects. The fund not only provides financial support to project maintainers but also delivers a comprehensive suite of resources, including but-not-limited-to:

• Hands-on security training: A three-week program offering mentorship, workshops, and expert guidance.
• Community engagement: Opportunities to connect with GitHub’s Security Lab, sponsors, and other maintainers.
• Funding milestones: $10,000 per project, tied to achieving key security objectives.

The program’s cohort-based approach fosters collaboration and equips maintainers with the skills, networking, and funding to enhance the security of their projects sustainably.

Why this matters

The success of Open Source hinges on its trustworthiness. For developers and organizations, the ability to confidently adopt and integrate Open Source projects is paramount. However, without sufficient security measures and transparency, these projects risk introducing vulnerabilities into the software supply chain. GitHub’s Secure Open Source Fund directly tackles this issue by empowering maintainers with the knowledge, community, and funding to make their projects secure and reliable.

Building trust through transparency

The GitHub Secure Open Source Fund aligns with the global push for greater transparency and resilience in software supply chains between creators and consumers of Open Source software. Its focus on security addresses growing concerns highlighted by regulations such as the EU’s Cyber Resilience Act and US Cyber and Infrastructure Security Agency (CISA). By providing maintainers vital funding to prioritize focused-time and with resources to identify and address vulnerabilities, the program strengthens the foundation of Open Source ecosystems.

GitHub has taken an ecosystem-wide approach, where resources and security go hand in hand. The Open Source Initiative (OSI) was invited to become a launch ecosystem partner, and we hope to contribute with valuable input, feedback, and ideas along with other community members. One of our projects, ClearlyDefined, helps organizations to manage SBOMs at scale for each stage on the supply chain by providing easy access to accurate licensing metadata for Open Source components. Together, we hope to foster greater transparency and security for the entire supply chain.

GitHub Secure Open Source Fund Ecosystem Partners A call to action for the Open Source community

As GitHub leads the charge with its Secure Open Source Fund, it’s crucial for the broader community to step up. Here’s how you can get involved:

• Learn more about security: Gain access to workshops, group sessions, and mentorship.
• Maximize transparency: Adopt tools like ClearlyDefined to ensure clear metadata for your components.
• Advocate for funding: Support initiatives that prioritize security, whether through sponsorship or advocacy.

Together, we can create a safer, more transparent, and more sustainable Open Source ecosystem.

To learn more about GitHub’s Secure Open Source Fund and apply, visit their official program page and announcement.

Let’s work collectively to secure the software supply chains that power innovation worldwide.

GitHub Secure Open Source Fund Sponsors

Revolutionizing Content Editing with AI in Drupal

Nowadays, artificial intelligence (AI) has become a powerful tool to enhance the process of creating and managing digital content. Drupal, known for its flexibility and robustness as a content management system (CMS), has already started to integrate this new technology, adding exceptional capabilities for generating and improving content.

In this detailed guide, as a showcase, we will demonstrate how to install and configure the modules AI (Artificial Intelligence) and Image Genie AI in Drupal, the first to integrate AI with CKEditor, thereby improving its editing capabilities, such as text generation, tone alterations, or translations, and the second to generate images, enabling the creation of complete content , quickly and efficiently.

It is worth mentioning that these modules are currently in development phase, so their use in production is currently discouraged.

Prerequisites…

Drupal Advent Calendar day 3 - Contact Form james Tue, 12/03/2024 - 09:00

Today we’re looking at a fairly simple addition to Starshot, but one that can add a lot of power to a site.

While the default Drupal install provides a contact form, it does it through the rather basic “contact” module, that is built into Drupal Core. This has a lot of limitations, and many people prefer to use the more powerful “Webform” module.

Providing this in Drupal CMS saves the somewhat tedious process of adding a contact form to each Drupal installation. It also adds a Webform contact form in a more standard way, so sites are more likely to follow a consistent pattern when adding…

Tags

• Contact Form

Review: Astrid Parker Doesn't Fail, by Ashley Herring Blake

Series: Bright Falls #2 Publisher: Berkley Romance Copyright: November 2022 ISBN: 0-593-33644-5 Format: Kindle Pages: 365

Astrid Parker Doesn't Fail is a sapphic romance novel and a sequel to Delilah Green Doesn't Care. This is a romance style of sequel, which means that it spoils the previous book but involves a different set of protagonists, one of whom was a supporting character in the previous novel.

I suppose the title is a minor spoiler for Delilah Green Doesn't Care, but not one that really matters.

Astrid Parker's interior design business is in trouble. The small town of Bright Falls doesn't generate a lot of business, and there are limits to how many dentist office renovations that she's willing to do. The Everwood Inn is her big break: Pru Everwood has finally agreed to remodel and, even better, Innside America wants to feature the project. The show always works with local designers, and that means Astrid. National TV exposure is just what she needs to turn her business around and avoid an unpleasant confrontation with her domineering, perfectionist mother.

Jordan Everwood is an out-of-work carpenter and professional fuck-up. Ever since she lost her wife, nothing has gone right either inside or outside of her head. Now her grandmother is renovating the favorite place of her childhood, and her novelist brother had the bright idea of bringing her to Bright Falls to help with the carpentry work. The remodel and the HGTV show are the last chance for the inn to stay in business and stay in the family, and Jordan is terrified that she's going to fuck that up too. And then she dumps coffee all over the expensive dress of a furious woman in a designer dress because she wasn't watching where she was going, and that woman turns out to be the designer of the Everwood Inn renovation. A design that Jordan absolutely loathes.

The reader met Astrid in Delilah Green Doesn't Care (which you definitely want to read first). She's a bit better than she was there, but she's still uptight and unhappy and determined not to think too hard about why. When Jordan spills coffee down her favorite dress in their first encounter, shattering her fragile professional calm, it's not a meet-cute. Astrid is awful to her. Her subsequent regret, combined with immediately having to work with her and the degree to which she finds Jordan surprisingly attractive (surprising in part because Astrid thinks she's straight), slowly crack open Astrid's too-controlled life.

This book was, once again, just compulsively readable. I read most of it the same day that I started it, staying up much too late, and then finished it the next day. It also once again made me laugh in delight at multiple points. I am a sucker for stories about someone learning how to become a better person, particularly when it involves a release of anxiety, and oh my does Blake ever deliver on that. Jordan's arc is more straightforward than Astrid's — she just needs to get her confidence back — but her backstory is a lot more complex than it first appears, including a morally ambiguous character who I would hate in person but who I admired as a deft and tricky bit of characterization.

The characters from Delilah Green Doesn't Care of course play a significant role. Delilah in particular is just as much of a delight here as she was in the first book, and I enjoyed seeing the development of her relationship with her step-sister. But the new characters, both the HGTV film crew and the Everwoods, are also great. I think Blake has a real knack for memorable, distinct supporting characters that add a lot of depth to the main romance plot.

I thought this book was substantially more sex-forward than Delilah Green Doesn't Care, with some lust at first or second sight, a bit more physical description of bodies, and an extended section in the middle of the book that's mostly about sex. If this is or is not your thing in romance novels, you may have a different reaction to this book than the previous one.

There is, unfortunately, another third-act break-up, and this one annoyed me more than the one in Delilah Green Doesn't Care because it felt more unnecessary and openly self-destructive. The characters felt like they were headed towards a more sensible and less dramatic resolution, and then that plot twist caught me by surprise in an unpleasant way. After two books, I'm getting the sense that Blake has a preferred plot arc, at least in this series, and I wish she'd varied the story structure a bit more. Still, the third-act conflict was somewhat believable and the resolution was satisfying enough to salvage it.

If it weren't for some sour feelings about the shape of that plot climax, I would have said that I liked this book even better than Delilah Green Doesn't Care, and that's a high bar. This series is great, and I will definitely be reading the third one. I'm going to be curious how that goes since it's about Iris, who so far has worked better for me as a supporting character than a protagonist. But Blake has delivered compulsively readable and thoroughly enjoyable books twice now, so I'm definitely here for the duration.

If you like this sort of thing, I highly recommend this whole series.

Followed by Iris Kelly Doesn't Date in the romance series sense, but as before this book is a complete story with a satisfying ending.

Rating: 9 out of 10

New era of slop security reports for open source About • Blog • Cool URLs New era of slop security reports for open source

Published 2024-12-03 by Seth Larson
Reading time: minutes

I'm on the security report triage team for CPython, pip, urllib3, Requests, and a handful of other open source projects. I'm also in a trusted position such that I get "tagged in" to other open source projects to help others when they need help with security.

Recently I've noticed an uptick in extremely low-quality, spammy, and LLM-hallucinated security reports to open source projects. The issue is in the age of LLMs, these reports appear at first-glance to be potentially legitimate and thus require time to refute. Other projects such as curl have reported similar findings.

Some reporters will run a variety of security scanning tools and open vulnerability reports based on the results seemingly without a moment of critical thinking. For example, urllib3 recently received a report because a tool was detecting our usage of SSLv2 as insecure even though our usage is to explicitly disable SSLv2.

This issue is tough to tackle because it's distributed across thousands of open source projects and due to the security-sensitive nature of reports open source maintainers are discouraged from sharing their experiences or asking for help. Sharing experiences takes time and effort, something that is in short supply amongst maintainers.

Responding to security reports is expensive

If this is happening to a handful of projects that I have visibility for, then I suspect that this is happening on a large scale to open source projects. This is a very concerning trend.

Security is already a topic that is not aligned with why many maintainers contribute their time to open source software, instead seeing security as important to help protect their users. It's critical as reporters to respect this often volunteered time.

Security reports that waste maintainers' time result in confusion, stress, frustration, and to top it off a sense of isolation due to the secretive nature of security reports. All of these feelings can add to burn-out of likely highly-trusted contributors to open source projects.

In many ways, these low-quality reports should be treated as if they are malicious. Even if this is not their intent, the outcome is maintainers that are burnt out and more averse to legitimate security work.

What platforms can do

If you're a platform accepting vulnerability reports on behalf of open source projects, here are things you can do:

• Add systems to prevent automated or abusive creation of security reports. Require reporters to solve CAPTCHAs or heavily rate-limit security report creation using automation.
• Allow a security report to be made public without publishing a vulnerability record. This would allow maintainers to "name-and-shame" offenders and better collaborate as a community how to fight back against low-quality reports. Today many of these reports aren't seen due to being private by default or when closed.
• Remove the public attribution of reporters that abuse the system, even removing previously credited reports in the case of abuse.
• Take away any positive incentive to reporting security issues, for example GitHub showing the number of GitHub Security Advisory "credits" a user appears on.
• Prevent or hamper newly registered users from reporting security issues.

What reporters can do

If you're starting a new campaign of scanning open source projects and reporting potential vulnerabilities upstream:

• DO NOT use AI / LLM systems for "detecting" vulnerabilities. These systems today cannot understand code, finding security vulnerabilities requires understanding code AND understanding human-level concepts like intent, common usage, and context.
• DO NOT run experiments on open source volunteers. My alma-mater the University of Minnesota rightfully had its reputation thrown in the trash in 2021 over their experiment to knowingly socially deceive Linux maintainers.
• DO NOT submit reports that haven't been reviewed BY A HUMAN. This reviewing time should be paid first by you, not open source volunteers.
• DO NOT spam projects, open a handful of reports and then WAIT. You could run the script and open tons of reports all-at-once, but likely you have faults in your process that will cause mass-frustration at scale. Learn from early mistakes and feedback.
• Have someone with experience in open source maintenance for the size of projects you are scanning review your plan before you begin. If that person is not on your team, then pay them for their time and expertise.
• Show up with patches, not just reports. By providing patches this makes the work of maintainers much easier.

Doing all of the above will likely lead to better outcomes for everyone.

What maintainers can do

Put the same amount of effort into responding as the reporter put into submitting a sloppy report: ie, near zero. If you receive a report that you suspect is AI or LLM generated, reply with a short response and close the report:

"I suspect this report is (AI-generated|incorrect|spam). Please respond with more justification for this report. See: https://sethmlarson.dev/slop-security-reports"

If you hear back at all then admit your mistake and you move on with the security report. Maybe the reporter will fix their process and you'll have helped other open source maintainers along the way to helping yourself.

If you don't hear back: great, you saved time and can get back to actually useful work.

Here are some questions to ask of a security report and reporter:

• If you aren't sure: ask for help! Is there someone I trust in my community that I can ask for another look. You are not alone, there are many people around that are willing to help. For Python open source projects you can ask for help from me if needed.

• Does the reporter have a new account, no public identity, or multiple "credited" security reports of low quality? There are sometimes legitimate reasons to want anonymity, but I've seen this commonly on very low-stakes vulnerability reports.

• Is the vulnerability in the proof-of-concept code or the project itself? Oftentimes the proof-of-concept code will be using the project insecurely and thus the vulnerability is in the proof-of-concept code, not your code.

Most vulnerability reporters are acting in good faith

I wanted to end this article with a note that many vulnerability reporters are acting in good faith and are submitting high quality reports. Please keep in mind that vulnerability reporters are humans: not perfect and trying their best to make the world a better place.

Unfortunately, an increasing majority of reports are of low quality and are ruining the experience for others. I hope we're able to fix this issue before it gets out of hand.

Have thoughts or questions? Let's chat over email or social:

sethmichaellarson@gmail.com
@sethmlarson@fosstodon.org

Want more articles like this one? Get notified of new posts by subscribing to the RSS feed or the email newsletter. I won't share your email or send spam, only whatever this is!

Want more content now? This blog's archive has ready-to-read articles. I also curate a list of cool URLs I find on the internet.

Find a typo? This blog is open source, pull requests are appreciated.

Thanks for reading! ♡ This work is licensed under CC BY-SA 4.0

︎

This is bits from DPL for November.

MiniDebConf Toulouse

I had the pleasure of attending the MiniDebConf in Toulouse, which featured a range of engaging talks, complementing those from the recent MiniDebConf in Cambridge. Both events were preceded by a DebCamp, which provided a valuable opportunity for focused work and collaboration.

DebCamp

During these events, I participated in numerous technical discussions on topics such as maintaining long-neglected packages, team-based maintenance, FTP master policies, Debusine, and strategies for separating maintainer script dependencies from runtime dependencies, among others. I was also fortunate that members of the Publicity Team attended the MiniDebCamp, giving us the opportunity to meet in person and collaborate face-to-face.

Independent of the ongoing lengthy discussion on the Debian Devel mailing list, I encountered the perspective that unifying Git workflows might be more critical than ensuring all packages are managed in Git. While I'm uncertain whether these two questions--adopting Git as a universal development tool and agreeing on a common workflow for its use--can be fully separated, I believe it's worth raising this topic for further consideration.

Attracting newcomers

In my own talk, I regret not leaving enough time for questions--my apologies for this. However, I want to revisit the sole question raised, which essentially asked: Is the documentation for newcomers sufficient to attract new contributors? My immediate response was that this question is best directed to new contributors themselves, as they are in the best position to identify gaps and suggest improvements that could make the documentation more helpful.

That said, I'm personally convinced that our challenges extend beyond just documentation. I don't get the impression that newcomers are lining up to join Debian only to be deterred by inadequate documentation. The issue might be more about fostering interest and engagement in the first place.

My personal impression is that we sometimes fail to convey that Debian is not just a product to download for free but also a technical challenge that warmly invites participation. Everyone who respects our Code of Conduct will find that Debian is a highly diverse community, where joining the project offers not only opportunities for technical contributions but also meaningful social interactions that can make the effort and time truly rewarding.

In several of my previous talks (you can find them on my talks page –just search for "team," and don't be deterred if you see "Debian Med" in the title; it's simply an example), I emphasized that the interaction between a mentor and a mentee often plays a far more significant role than the documentation the mentee has to read. The key to success has always been finding a way to spark the mentee's interest in a specific topic that resonates with their own passions.

Bug of the Day

In my presentation, I provided a brief overview of the Bug of the Day initiative, which was launched with the aim of demonstrating how to fix bugs as an entry point for learning about packaging. While the current level of interest from newcomers seems limited, the initiative has brought several additional benefits.

I must admit that I'm learning quite a bit about Debian myself. I often compare it to exploring a house's cellar with a flashlight –you uncover everything from hidden marvels to things you might prefer to discard. I've also come across traces of incredibly diligent people who have invested their spare time polishing these hidden treasures (what we call NMUs). The janitor, a service in Salsa that automatically updates packages, fits perfectly into this cellar metaphor, symbolizing the ongoing care and maintenance that keep everything in order. I hadn't realized the immense amount of silent work being done behind the scenes--thank you all so much for your invaluable QA efforts.

Reproducible builds

It might be unfair to single out a specific talk from Toulouse, but I'd like to highlight the one on reproducible builds. Beyond its technical focus, the talk also addressed the recent loss of Lunar, whom we mourn deeply. It served as a tribute to Lunar's contributions and legacy. Personally, I've encountered packages maintained by Lunar and bugs he had filed. I believe that taking over his packages and addressing the bugs he reported is a meaningful way to honor his memory and acknowledge the value of his work.

Advent calendar bug squashing

I’d like to promote an idea originally introduced by Thorsten Alteholz, who in 2011 proposed a Bug Squashing Advent Calendar for the Debian Med team. (For those unfamiliar with the concept of an Advent Calendar, you can find an explanation on Wikipedia.) While the original version included a fun graphical element —which we’ve had to set aside due to time constraints (volunteers, anyone?)— we’ve kept the tradition alive by tackling one bug per day from December 1st to 24th each year. This initiative helps clean up issues that have accumulated over the year.

Regardless of whether you celebrate the concept of Advent, I warmly recommend this approach as a form of continuous bug-squashing party for every team. Not only does it contribute to the release readiness of your team’s packages, but it’s also an enjoyable and bonding activity for team members.

Best wishes for a cheerful and productive December

Andreas.

A new release of the anytime package arrived on CRAN today—the first is well over four years. The package is fairly feature-complete, and code and functionality remain mature and stable, of course.

anytime is a very focused package aiming to do just one thing really well: to convert anything in integer, numeric, character, factor, ordered, … input format to either POSIXct (when called as anytime) or Date objects (when called as anydate) – and to do so without requiring a format string as well as accomodating different formats in one input vector. See the anytime page, or the GitHub repo for a few examples, and the beautiful documentation site for all documentation.

This release slowly matured over four years. It combines a number of strictly internal repository maintenance such as changes to continuous integration with small enhancements (adding for example some new formats, responding better to an error condition, dealing with logical input as an error) with a relaxation of the C++ compilation standard. While we once needed C++11, it is now a constraint as as R itself is quite proactive (the last two releases defaulted already to C++17, suitable compiler permitting) we can now relax this constraint. The documentation site is new, as some other small changes. See the full list of changes which follows.

Changes in anytime version 0.3.10 (2024-12-02)

• A new documentation site was added.

• Continuous Integration now uses run.sh from r-ci with bspm

• Logical input vectors are now recognised as an error (#121)

• Additional dot-separated format '%Y.%m.%d' is supported

• Other small updates were made throughout the package

• No longer set a C++ compilation standard as the default choices by R are sufficient for the package

• Switch Rcpp include file to Rcpp/Lightest

• We recommend ~/.R/Makevars compiler flag options -Wno-ignored-attributes -Wno-nonnull -Wno-parentheses

• The tinytest runner was simplified

• NA values from conversion now trigger a warning

Courtesy of my CRANberries, there is also a diffstat report of changes relative to the previous release. The issue tracker tracker off the GitHub repo can be use for questions and comments. More information about the package is at the package page, the GitHub repo and the documentation site. If you like this or other open-source work I do, you can now sponsor me at GitHub.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

I thought it had been a full year since I last shared a playlist, but it's been two! I had a plan to produce more, but it seems I haven't. Instead here's a few tracks I've discovered recently which share a common theme.

In August I stumbled across a Sound on Sound video interviewing Pete Cannon, who creates authentically old-school Jungle music using tools and techniques from the time, including AKAI samplers and the Commodore Amiga computer.

Here's three tracks that I found since then. Some 8-bit Amiga-jungle,

by

some slower-paced acid house from someone ostensibly based on Whitley Bay,

by

and a darker piece I heard on the radio.

by

Join the FSF and friends on Friday, December 6 from 12:00 to 15:00 EST (17:00 to 20:00 UTC) to help improve the Free Software Directory.

I just looked at our GitLab page today and thought: Amazing!

I thank you all for the great contributions of the last years.

Let's hope we see even more contributions in the future.

If you are unsure how to contribute, just take a look at the existing merged stuff as reference.

The upcoming 24.12 release will be a good one, we did polish Kate a lot.

I know not all is well on the world, but I still hope you have a good end of the year and an even better start in the new one!

Today we are talking about WEBAssembly, How it’s used, and cool things you can use it for with Drupal with guest Matt Glaman. We’ll also cover Darkmode JS as our module of the week.

For show notes visit: https://www.talkingDrupal.com/478

Topics

• What is WebAssembly
• Progressive Web Aoos
• Open source
• Does it have a community
• Browser support
• How does it work
• Common use cases
• How can you use this with Drupal
• This was an early concept for Drupal trial
• Challenges
• Wordpress playground
• Pieces that do not work for PHP
• Are there risks
• Are there resources for people that want to use WebAssembly
• Do you see it being used with Drupal

Resources

• WEBAssembly
• WEBAssembly history
• Browser support
• 2038
• WordPress Playground
  • https://playground.wordpress.net
  • https://github.com/adamziel
• Slides from Barcelona: The Web APIs powering the Starshot trial:
  • https://mglaman.dev/sites/default/files/2024-09/The Web APIs powering the Starshot trial experience.pdf
  • https://www.youtube.com/watch?v=rJVM_uDGD5I&list=PLpeDXSh4nHjQOfQV-BUgoxHXlr4tHlhPO&index=64

Guests

Matt Glaman - mglaman.dev mglaman

Hosts

Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi Suzanne Dergacheva - evolvingweb.com pixelite

MOTW Correspondent

Martin Anderson-Clutz - mandclu.com mandclu

• Brief description:
  • Have you ever wanted your Drupal site to provide a widget that allows visitors to go over to the dark side of your theme? There’s a module for that.
• Module name/project name:
  • Darkmode JS
• Brief history
  • How old: created in May 2022 by Arthur Baghdasaryan (arthur.baghdasar) of Last Call Media
  • Versions available: 1.0.7 which works with Drupal 9, 10, and 11
• Maintainership
  • Actively maintained
  • Security coverage
  • Number of open issues: 1 open issues which is a bug against the current branch, but is postponed, waiting for more info
• Usage stats:
  • 89 sites
• Module features and usage
  • The module is a wrapper for the DarkmodeJS library which gets 1,000 weekly downloads, according to NPM. That library does have its own demo / tutorial site, so if you want to understand the options it exposes, we will add a link in the show notes
  • The module provides options to control where on the page you want the widget to appear, what colors it should use, whether or not to store a user’s choices in cookies, and whether or not to automatically match a visitor’s OS theme setting of light/dark
  • Installing the module currently requires making some changes to your site’s composer.json file, then configuring how you want the widget to appear, and then placing the block in your site theme
  • The module also doesn’t currently include a schema file for its configuration, which can cause challenges particularly for sites that run automated tests

Watch as I fix a bug in a contrib Drupal module!

Follow along as I (Ashraf Abed of DebugAcademy.com) fix a bug in the contributed Drupal module, Responsive Menus. This embedded video follows as I diagnose the problem, research the issues, create a branch on gitlab, fix the issue locally, test the fix, and submit my fix to Drupal.org for the community to benefit from.

This was done as part of Debug Academy's Drupal Training course.

ashrafabed Mon, 12/02/2024

We’re thrilled to announce Azure Developers – Python Day! Join us on December 5th for a full day of online training and discover the latest services and features in Azure designed specifically for Python developers. You’ll learn cutting-edge cloud development techniques that can save you time and money while providing your customers with the best experience possible.

December 5, 2024 from 9:30 am – 4:00 pm (Pacific Time) / 17:30 – 00:00 (UTC)

Select “Notify Me” on the YouTube Video to ensure you don’t miss the event!

During the event, you’ll hear directly from the experts behind the latest features in Azure designed for Python developers, techniques to save time and money, and a special session on our recently announced AI Toolkit for VS Code.

Whether you’re a beginner or an experienced Python developer, this event is for you. We’ll cover six main topic areas: Application Development, Artificial Intelligence, Cloud Native, Data Services, Security, Serverless, and Developer Productivity.

Agenda Session Title Theme Speaker Time( PT/ UTC) Welcome to Azure Developers – Python Day Dawn Wages, Senior Program Manager

Jay Gordon, Principal Product Manager

9:50 AM / 16:50 Dev Containers and Codespaces for quick skilling and deployments Developer Productivity Sarah Kaiser, Senior Cloud Developer Advocate 10:00 AM / 17:00 Cloudy with a Chance of Jupyter – Install JupyterHub on Azure in 30 mins Data Services Dharhas Pothina, CTO, Quansight 10:30 AM / 17:30 Langchain on Azure SQL to enlighten AI with your own data AI Davide Mauri, Principal Program Manager 11:00 AM / 18:00 Integrating AI into your Python apps with App Service Sidecars AI, App Development Byron Tardif, Principal Mgr, Product Manager

Tulika Chaudharie, Principal Product Manager

Jeff Martinez, Product Manager

11:30 AM / 18:30 Getting started with Python on Azure Cosmos DB App Development Theo Van Kraay, Principal Program Manager 12:00 PM / 19:00 Transforming AI development in VS Code AI, App Development, Developer Productivity Rong Lu, Principal Mgr, Product Manager

Zhidi Shang, Principal Program Manager Lead

12:30 PM / 19:30 Building Scalable GenAI Apps with Azure Cosmos DB & LangChain AI, App Development James Codella, Principal Product Mgr 1:00 PM / 20:00 Python + Azure for Absolute Beginners App Development Rohit Ganguly, Product Manager II 1:30 PM / 20:30 Deploying Python apps with GitHub Copilot for @azure AI, Developer Productivity Pamela Fox, Principal Cloud Developer Advocate 2:00 PM / 21:00 Securing Python Applications Security, Cloud Native Joylynn Kirui, Senior Security Cloud Advocate 2:30 PM / 21:30 Your First Full Stack Python Web Application App Development Renee Noble, Senior Cloud Developer Advocate 3:00 PM / 22:00 Deploying a scalable Django app with Microsoft Azure App Development Velda Kiara, Senior Software Engineer, Python MVP

Abigail Gbadago, Senior Software Engineer, Python MVP

3:30 PM / 22:30 Closing Remarks Dawn Wages, Senior Program Manager

Jay Gordon, Principal Product Manager

4:00 PM / 23:00

Don’t miss this opportunity to build the best applications with Python. Join us on December 5th on the Azure Developers YouTube and Twitch channels. See you there!

The post Announcing: Azure Developers – Python Day appeared first on Python.

Dear Readers,

Ever put your heart and soul into a project, be it an art project back in school or a work thing that sustains your corporate existence? Then you all will be able to relate that more than the work itself, it was the happiness and pride in the eyes of those who saw you, that made all the difference.  For all of us, it's that 'pat on the back' that pushes us to do better each day — the recognition, a token of appreciation. The fuel for motivation is not any different for Drupal, its agencies, and the community.

Did you know the Splash Award made its debut a decade ago? This time it is widening its ambit with the first-ever Splash Awards Drupal Asia at DrupalCon Singapore 2024. 10 years of an exemplary institution for recognizing and inspiring innovation through acknowledging the outstanding websites and digital experiences built with Drupal. The much relevant, nod of approval for the Drupal agencies to tread on. To put organizations and users who are doing extraordinary things in the field of Drupal in the spotlight and add a feather to their hat.

Esmeralda Tijhoff had an opportunity to interview Bert Boerland, one of the pioneers of the award about the genesis and growth of the Splash Awards. The prestigious accord stemmed from the need to promote Drupal better.

“Our dream is to grow into a kind of Eurosplash Awards with the best European entries!"

Drupal Splash Awards Asia will take place on Monday, December 9, 2024, at 5:15 PM inside the Garden Ballroom at PARKROYAL COLLECTION Marina Bay. The evening promises to be a night of glamour and inspiration, as Drupal developers and agencies gather to celebrate the exceptional work being done in the community. 

20 projects by various organizations have been shortlisted across five different categories along with Drupal’s Founder and Project Lead, Dries Buytaert, announcing the "Best in Show" award. This week The DropTimes will bring you a comprehensive overview of all the finalists in the series 'Splash Award Finalists'.

Along with these, other important stories from the last week include;

DrupalCon Singapore 2024 is less than a week away. If you are a first-time attendee, here are a few tips for you to smoothly navigate your first DrupalCon Experience: Countdown to DrupalCon Singapore 2024: Tips for First-Time Attendees

Adding to our happiness in efficiently collaborating with DrupalCon Singapore 2024, The DropTimes is now the official media partner for DrupalCon Vienna 2025. We will act as the prime location for all content surrounding the biggest Drupal event in Europe. This is the third time TDT has been named the official media partner for the European DrupalCon. 

Pantheon has introduced the Content Publisher, bridging Google Docs with WordPress, Drupal, and Next.js for seamless content publishing. The tool streamlines workflows with live previews, robust editorial features, and AI-assisted enhancements. Sign up for the beta to explore this CMS integration solution.

Developed by Anand Toshniwal and recognized by Dries Buytaert himself, a Python script now automates the creation of .component.yml files for Single Directory Components in Drupal. Simplifying workflows and improving accuracy, this tool supports projects like the Starshot Demo Design System, enhancing efficiency for developers.

MidCamp 2025 has opened its call for session proposals, inviting speakers to share their expertise at the annual event. Scheduled for May 20-22, 2025, the proposals are being accepted until January 12, 2025.

Drupal Developer Days 2025 is inviting sponsors to help make the event a success. Scheduled to attract over 200 attendees from across Europe, this four-day gathering is a prime opportunity for organizations to showcase their support for one of the fastest-growing open-source communities. The event is in Leuven, Belgium, from 15 - 18 April 2025.

Read this week’s edition of Events of the Week by The DropTimes, where we highlight notable Drupal gatherings happening around the globe. Whether you're a seasoned developer, site builder, or just starting your Drupal journey, there's something for everyone in this vibrant community.  

Carlos Ospina shared an update on the progress of the IXP Initiative, an effort to support company-IXP engagements within the Drupal community. Carlos replaced the proposed Google Forms tracking system with a proof-of-concept site. Utilizing the ECA and Group modules for the first time, he developed a working solution within two days to handle the entire engagement process.

Artisan, a new Drupal base theme created by Alejandro Cabarcos introduces a robust framework for building customizable and reusable Drupal themes. Developed by Metadrop, Artisan is built on Bootstrap 5 and Sass, offering extensive use of CSS variables to streamline customization and ensure consistent design across projects.  

Nigel Kersten has been appointed Chief Product Officer at Platform.sh to lead Product Strategy and Upsun Development. An influential figure in the DevOps community, Nigel co-founded the State of DevOps Report, introducing DORA metrics that have elevated software delivery practices across the industry. Serving as the primary co-author for 11 years, he pioneered best practices for modernizing complex IT environments through DevOps and platform engineering.

We acknowledge that there are more stories to share. However, due to selection constraints, we must pause further exploration for now.

To get timely updates, follow us on LinkedIn, Twitter and Facebook. You can also join us on Drupal Slack at #thedroptimes.

Thank you, 
Sincerely 
Alka Elizabeth 
Sub-editor, The DropTimes.

After the huge success of the DrupalCon Portland competition, the Drupal Association is excited to announce that the t-shirt design contest will be returning for DrupalCon Atlanta! 

We want to see the Drupal community's design ideas for the official t-shirt, available for all attendees to wear and enjoy. Do you have a fantastic idea in mind? Let’s see your creativity!

The winner will get THEIR design on the front of the official t-shirt for DrupalCon Atlanta 2025!

What the judges are looking for

Judges are looking for a combination of creativity, impact, and relevance to the Drupal community. A design that tells a story and aligns with the values and aspirations of DrupalCon attendees is likely to capture attention.

While exploring bold ideas, consider how your design will resonate with a diverse audience. Think of classic elements that make a T-shirt memorable while pushing creative boundaries.  Avoid overcomplicating things; sometimes less is more, especially if every element adds value to the message. 

Now, for the finer details…

Your design must include the DrupalCon Atlanta Logo and will only be featured on the front of the t-shirt. Sponsor logos will be added to the t-shirt sleeves after the design is finalized. 

Specs: 

• PNG or PDF preferred
• 16 inches tall, 13 inches wide
• graphics need to be 300 dpi

All designs must be submitted by 31 December 2024 at 23:59 UTC, after which the submission form will close.

The Drupal Association will then select four designs to go forward to a public vote.

The top four designs, as chosen by the Drupal Association, will then be voted upon by the public, with voting closing on 18 January at 23:59 UTC. 

The winning design will be printed on the front of the official DrupalCon Atlanta 2025 t-shirt and the winner will receive a complimentary ticket to their choice of either DrupalCon Atlanta 2025 or DrupalCon North America 2026.

How to enter

Simply create your design, then fill out our submission form by 18 December to submit your final design. We also ask that you include a sentence or two describing why you chose your design and how it represents the Drupal community.

So, what are you waiting for? Submit your design now, and please help us spread the word throughout the Drupal community!

Good luck!

** Drupal Association staff and members of the DrupalCon Atlanta Steering Committee will not be permitted to enter this contest.**

We are happy to announce the release of Qt Creator 15!

Qt Creator 15 is here, bringing native support for Windows on ARM, refreshed visuals, and improvements to enhance your productivity. Dive in and explore the enhancements!

Alex Moreno recounts his experience at DrupalCamp Berlin, held at the historic Alte Münze, where vibrant discussions on Drupal’s future, AI integration, and PHP’s evolution took centre stage. The event showcased the Drupal community's commitment to innovation and collaboration, from inspiring sessions by industry leaders to the retro-futuristic charm of Berlin’s C-base hackerspace. Sponsored by Pantheon, Alex reflects on how the event, the city, and people left a lasting impression.