Feeds
Seth Michael Larson: Python and Sigstore
Published 2024-10-21 by Seth Larson
Reading time: minutes
I was a guest on the Open Source Security podcast this week talking about Sigstore and Python among other things I'm working on at the Python Software Foundation.
Sigstore is a digital signing method that has been used by CPython since 3.11.0 which focuses on ergonomics and uses short-lived keys with strongly-bound human-readable identities via OpenID Connect.
CPython also provides digital signatures using PGP and has been doing so for much longer. Below is a diagram showing the current state of affairs:
Distro (Offline?) Distro (Offline?) python.orgpython.orgGitHubGitHubSource Code (tar.gz)Source Code (tar.gz)PGP SignaturePGP SignatureSigstore Bundle...@python.orgSigstore Bundle...CPython
ReleaseInfraCPython...Distro
Package
(deb, rpm)Distro...Distro
Build
InfraDistro...PGP KeysPGP KeysAccounts (GitHub, Gmail)Accounts (Git...
ReleaseManagerReleaseMan...Rebuild from sourceRebuild from...Not used for verification
Not used for...Text is not SVG - cannot display
CPython offers two verification methods: PGP and Sigstore. Verifiers choose which method to use.
From this diagram you can see the two "sources" of identity provided by PGP and Sigstore both link back to release managers. PGP relies on private keys which are maintained and protected by individual release managers to create signatures of artifacts. Sigstore uses third-parties which support OpenID Connect such as GitHub and Google to bind a human-readable identity like "thomas@python.org" to a signing certificate and signature that can be later verified.
Why Sigstore?The problem is that securely maintaining PGP private keys is not an easy task and the burden rests on volunteers for a minimum of 7 years (1 year of pre-releases then 5 years of bug and security fixes across at least two consecutive releases). Contrast that experience to Sigstore where release managers only need to click a button to OAuth sign-in during the release process.
Sigstore externalizes the operational burden of maintaining long-lived signing keys from individual volunteers to teams of people who run an identity platform professionally and the public-good code-signing certificate authority Fulcio. This seems like a pretty good trade-off, considering we already trust these platforms' identity management teams for things like GitHub accounts.
For this reason, I've authored PEP 761 providing a deprecation and discontinuance plan of PGP signatures for CPython artifacts. You can join the discussion of this PEP on discuss.python.org. Big thank-you to Hugo van Kemenade, the release manager for Python 3.14 for sponsoring my first PEP and helping me with the process and thanks to William Woodruff for reviewing the PEP draft and explaining the nitty-gritty details of Sigstore.
This PEP deprecates the expectation that future CPython releases will provide PGP signatures and sets a timeline for discontinuance (Python 3.14) and a mechanism for that timeline to be extended by a vote of the Steering Council, if necessary.
What do verifiers need?Signatures are only useful if they are verified, so we must weigh the needs of verifiers!
CPython's expected downstream verifiers are primarily "distributions" of CPython, such as through a Linux distro (Debian, Fedora, Gentoo, etc) or in a container image. There are other distributions of Python such as pyenv and python-build-standalone.
These users of CPython's source code are great places to verify signatures, as they're likely to be high value targets themselves and can provide a consistent stream of verifications. If any one signature verification were to fail, it would signal that something is wrong with upstream CPython artifacts or python.org and would likely be investigated and remediated quickly.
This further constrains attackers looking to affect CPython downstream users, as compromising python.org would no longer be enough. Instead, attackers would need to compromise the build infrastructure or CPython source code.
From discussions, the requirements that I've gathered from verifiers are:
- Need a tool for verification that can be packaged by distros. The recommended tool for verifying with a CLI is either Cosign or sigstore-python, both of which have challenges for Linux distro packagers.
- OS packages would require Cosign to be packaged in those OS package managers. This isn't trivial as it requires the Go toolchain to build.
- Docker and other container images want verification tools to be available at the OS level. Needing to pull these externally (from Cosign's GitHub releases) would require multi-stage builds which they want to avoid if possible. Today Cosign is available in Alpine, but not yet in Debian (but there is the beginnings of support), Gentoo, or Fedora.
- Offline verification is important. Many package ecosystems ship the signatures inside the packages to enable "build from source" (such as Gentoo), and there's no guarantee that the package is being built online. It's okay that revocation or root of trust updates can't happen when offline. Cosign and other Sigstore verification tools support offline verification if the root of trust is "bundled" as a file locally.
- Online periodic updates to revocations and root of trust. Cosign and other Sigstore verifiers supports this use-case as the default behavior.
Overall, the availability of Cosign in OS package managers appears to be the biggest blocker to see adoption for verifying CPython's Sigstore signatures.
Why adopt a new signature method?So why have CPython's Sigstore signatures not seen adoption despite being available for multiple years? Here's a short list of self-reinforcing reasons:
- Verifiers don't need to adopt the new signature method (Sigstore), because the existing one (PGP) works and there's no expectation for discontinuance.
- Signers can't migrate away from the old signature method because there's apparent demand from verifiers for the old signature method.
- Verifiers don't try or test the new signature method, so the maintainers of signature tooling can't learn about or improve verifier use-cases.
- Concurrently supporting multiple signature methods is more work for both signers and verifiers.
- There are fewer available signatures using the new signing method, so the value of adopting the method as a verifier is less (but maybe this will change soon?).
Keep in mind that almost everyone involved in the above scenarios are volunteers. Doing work to adopt a new process when existing processes are working can feel like "busy-work", but I don't think that's the case for Sigstore.
Sigstore's benefits for ergonomics paired with its ability to use workload identity are two stand-out features compared to PGP. Workload identity being extra important now that many projects are moving to hosted build infrastructure for releases.
Workload IdentitySigstore supporting workload identity means that release manager accounts can no longer be hijacked to produce bad signatures. Artifacts get signed by the build infrastructure provider directly:
Distro (Offline?)Distro (Offline?)python.orgpython.orgGitHubGitHubSource Code (tar.gz)Source Code (tar.gz)Sigstore Bundlepython/releaseSigstore Bundle...CPython
ReleaseInfraCPython...Distro
Package
(deb, rpm)Distro...Distro
Build
InfraDistro...Accounts (GitHub, Gmail)Accounts (Git...
ReleaseManagerReleaseMan...Rebuild from sourceRebuild from...
Workload identity: verify artifacts came from CPython release infra
Switching to workload identity also means downstream verifiers no longer need to make changes when new release managers join the project, the expected identity would always be gh/python/release-tools/....
We still have a ways to go to adopt workload identity for CPython because our macOS and Windows release processes don't use hosted build platforms that support OpenID Connect and Sigstore. That means that for now we'll keep using release manager identities.
But this future may not be far off for Python packages hosted on PyPI...
Many more signatures are coming!William Woodruff and the team at Trail of Bits have authored PEP 740 which is provisionally accepted. The PEP specifies how attestations that can be verified by PyPI (like Sigstore) using workload identities specified with the secure publishing feature "Trusted Publishers" and then served alongside artifacts on PyPI.
There's a lot more to this story (but it's not for me to tell). Given Trusted Publishers' success, there clearly are exciting times are ahead. Subscribe to the PyPI blog to learn more once the project is complete.
That's all for this post! 👋 If you're interested in more you can read the last report.
Have thoughts or questions? Let's chat over email or social:
Want more articles like this one? Get notified of new posts by subscribing to the RSS feed or the email newsletter. I won't share your email or send spam, only whatever this is!
Want more content now? This blog's archive has ready-to-read articles. I also curate a list of cool URLs I find on the internet.
Find a typo? This blog is open source, pull requests are appreciated.
Thanks for reading! ♡ This work is licensed under CC BY-SA 4.0
︎Bits from Debian: Ada Lovelace Day 2024 - Interview with some Women in Debian
Ada Lovelace Day was celebrated on October 8 in 2024, and on this occasion, to celebrate and raise awareness of the contributions of women to the STEM fields we interviewed some of the women in Debian.
Here we share their thoughts, comments, and concerns with the hope of inspiring more women to become part of the Sciences, and of course, to work inside of Debian.
This article was simulcasted to the debian-women mail list.
Beatrice Torracca1. Who are you?
I am Beatrice, I am Italian. Internet technology and everything computer-related is just a hobby for me, not my line of work or the subject of my academic studies. I have too many interests and too little time. I would like to do lots of things and at the same time I am too Oblomovian to do any.
2. How did you get introduced to Debian?
As a user I started using newsgroups when I had my first dialup connection and there was always talk about this strange thing called Linux. Since moving from DR DOS to Windows was a shock for me, feeling like I lost the control of my machine, I tried Linux with Debian Potato and I never strayed away from Debian since then for my personal equipment.
3. How long have you been into Debian?
Define "into". As a user... since Potato, too many years to count. As a contributor, a similar amount of time, since early 2000 I think. My first archived email about contributing to the translation of the description of Debian packages dates 2001.
4. Are you using Debian in your daily life? If yes, how?
Yes!! I use testing. I have it on my desktop PC at home and I have it on my laptop. The desktop is where I have a local IMAP server that fetches all the mails of my email accounts, and where I sync and back up all my data. On both I do day-to-day stuff (from email to online banking, from shopping to taxes), all forms of entertainment, a bit of work if I have to work from home (GNU R for statistics, LibreOffice... the usual suspects). At work I am required to have another OS, sadly, but I am working on setting up a Debian Live system to use there too. Plus if at work we start doing bioinformatics there might be a Linux machine in our future... I will of course suggest and hope for a Debian system.
5. Do you have any suggestions to improve women's participation in Debian?
This is a tough one. I am not sure. Maybe, more visibility for the women already in the Debian Project, and make the newcomers feel seen, valued and welcomed. A respectful and safe environment is key too, of course, but I think Debian made huge progress in that aspect with the Code of Conduct. I am a big fan of promoting diversity and inclusion; there is always room for improvement.
Ileana Dumitrescu (ildumi)1. Who are you?
I am just a girl in the world who likes cats and packaging Free Software.
2. How did you get introduced to Debian?
I was tinkering with a computer running Debian a few years ago, and I decided to learn more about Free Software. After a search or two, I found Debian Women.
3. How long have you been into Debian?
I started looking into contributing to Debian in 2021. After contacting Debian Women, I received a lot of information and helpful advice on different ways I could contribute, and I decided package maintenance was the best fit for me. I eventually became a Debian Maintainer in 2023, and I continue to maintain a few packages in my spare time.
4. Are you using Debian in your daily life? If yes, how?
Yes, it is my favourite GNU/Linux operating system! I use it for email, chatting, browsing, packaging, etc.
5. Do you have any suggestions to improve women's participation in Debian?
The mailing list for Debian Women may attract more participation if it is utilized more. It is where I started, and I imagine participation would increase if it is more engaging.
Kathara Sasikumar (kathara)1. Who are you?
I'm Kathara Sasikumar, 22 years old and a recent Debian user turned Maintainer from India. I try to become a creative person through sketching or playing guitar chords, but it doesn't work! xD
2. How did you get introduced to Debian?
When I first started college, I was that overly enthusiastic student who signed up for every club and volunteered for anything that crossed my path just like every other fresher.
But then, the pandemic hit, and like many, I hit a low point. COVID depression was real, and I was feeling pretty down. Around this time, the FOSS Club at my college suddenly became more active. My friends, knowing I had a love for free software, pushed me to join the club. They thought it might help me lift my spirits and get out of the slump I was in.
At first, I joined only out of peer pressure, but once I got involved, the club really took off. FOSS Club became more and more active during the pandemic, and I found myself spending more and more time with it.
A year later, we had the opportunity to host a MiniDebConf at our college. Where I got to meet a lot of Debian developers and maintainers, attending their talks and talking with them gave me a wider perspective on Debian, and I loved the Debian philosophy.
At that time, I had been distro hopping but never quite settled down. I occasionally used Debian but never stuck around. However, after the MiniDebConf, I found myself using Debian more consistently, and it truly connected with me. The community was incredibly warm and welcoming, which made all the difference.
3. How long have you been into Debian?
Now, I've been using Debian as my daily driver for about a year.
4. Are you using Debian in your daily life? If yes, how?
It has become my primary distro, and I use it every day for continuous learning and working on various software projects with free and open-source tools. Plus, I've recently become a Debian Maintainer (DM) and have taken on the responsibility of maintaining a few packages. I'm looking forward to contributing more to the Debian community 🙂
Rhonda D'Vine (rhonda)1. Who are you?
My name is Rhonda, my pronouns are she/her, or per/pers. I'm 51 years old, working in IT.
2. How did you get introduced to Debian?
I was already looking into Linux because of university, first it was SuSE. And people played around with gtk. But when they packaged GNOME and it just didn't even install I looked for alternatives. A working colleague from back then gave me a CD of Debian. Though I couldn't install from it because Slink didn't recognize the pcmcia drive. I had to install it via floppy disks, but apart from that it was quite well done. And the early GNOME was working, so I never looked back. 🙂
3. How long have you been into Debian?
Even before I was more involved, a colleague asked me whether I could help with translating the release documentation. That was my first contribution to Debian, for the slink release in early 1999. And I was using some other software before on my SuSE systems, and I wanted to continue to use them on Debian obviously. So that's how I got involved with packaging in Debian. But I continued to help with translation work, for a long period of time I was almost the only person active for the German part of the website.
4. Are you using Debian in your daily life? If yes, how?
Being involved with Debian was a big part of the reason I got into my jobs since a long time now. I always worked with maintaining Debian (or Ubuntu) systems. Privately I run Debian on my laptop, with occasionally switching to Windows in dual boot when (rarely) needed.
5. Do you have any suggestions to improve women's participation in Debian?
There are factors that we can't influence, like that a lot of women are pushed into care work because patriarchal structures work that way, and don't have the time nor energy to invest a lot into other things. But we could learn to appreciate smaller contributions better, and not focus so much on the quantity of contributions. When we look at longer discussions on mailing lists, those that write more mails actually don't contribute more to the discussion, they often repeat themselves without adding more substance. Through working on our own discussion patterns this could create a more welcoming environment for a lot of people.
Sophie Brun (sophieb)1. Who are you?
I'm a 44 years old French woman. I'm married and I have 2 sons.
2. How did you get introduced to Debian?
In 2004 my boyfriend (now my husband) installed Debian on my personal computer to introduce me to Debian. I knew almost nothing about Open Source. During my engineering studies, a professor mentioned the existence of Linux, Red Hat in particular, but without giving any details.
I learnt Debian by using and reading (in advance) The Debian Administrator's Handbook.
3. How long have you been into Debian?
I've been a user since 2004. But I only started contributing to Debian in 2015: I had quit my job and I wanted to work on something more meaningful. That's why I joined my husband in Freexian, his company. Unlike most people I think, I started contributing to Debian for my work. I only became a DD in 2021 under gentle social pressure and when I felt confident enough.
4. Are you using Debian in your daily life? If yes, how?
Of course I use Debian in my professional life for almost all the tasks: from administrative tasks to Debian packaging.
I also use Debian in my personal life. I have very basic needs: Firefox, LibreOffice, GnuCash and Rhythmbox are the main applications I need.
Sruthi Chandran (srud)1. Who are you?
A feminist, a librarian turned Free Software advocate and a Debian Developer. Part of Debian Outreach team and DebConf Committee.
2. How did you get introduced to Debian?
I got introduced to the free software world and Debian through my husband. I attended many Debian events with him. During one such event, out of curiosity, I participated in a Debian packaging workshop. Just after that I visited a Tibetan community in India and they mentioned that there was no proper Tibetan font in GNU/Linux. Tibetan font was my first package in Debian.
3. How long have you been into Debian?
I have been contributing to Debian since 2016 and Debian Developer since 2019.
4. Are you using Debian in your daily life? If yes, how?
I haven't used any other distro on my laptop since I got introduced to Debian.
5. Do you have any suggestions to improve women's participation in Debian?
I was involved with actively mentoring newcomers to Debian since I started contributing myself. I specially work towards reducing the gender gap inside the Debian and Free Software community in general. In my experience, I believe that visibility of already existing women in the community will encourage more women to participate. Also I think we should reintroduce mentoring through debian-women.
Tássia Camões Araújo (tassia)1. Who are you?
Tássia Camões Araújo, a Brazilian living in Canada. I'm a passionate learner who tries to push myself out of my comfort zone and always find something new to learn. I also love to mentor people on their learning journey. But I don't consider myself a typical geek. My challenge has always been to not get distracted by the next project before I finish the one I have in my hands. That said, I love being part of a community of geeks and feel empowered by it. I love Debian for its technical excellence, and it's always reassuring to know that someone is taking care of the things I don't like or can't do. When I'm not around computers, one of my favorite things is to feel the wind on my cheeks, usually while skating or riding a bike; I also love music, and I'm always singing a melody in my head.
2. How did you get introduced to Debian?
As a student, I was privileged to be introduced to FLOSS at the same time I was introduced to computer programming. My university could not afford to have labs in the usual proprietary software model, and what seemed like a limitation at the time turned out to be a great learning opportunity for me and my colleagues. I joined this student-led initiative to "liberate" our servers and build LTSP-based labs - where a single powerful computer could power a few dozen diskless thin clients. How revolutionary it was at the time! And what an achievement! From students to students, all using Debian. Most of that group became close friends; I've married one of them, and a few of them also found their way to Debian.
3. How long have you been into Debian?
I first used Debian in 2001, but my first real connection with the community was attending DebConf 2004. Since then, going to DebConfs has become a habit. It is that moment in the year when I reconnect with the global community and my motivation to contribute is boosted. And you know, in 20 years I've seen people become parents, grandparents, children grow up; we've had our own child and had the pleasure of introducing him to the community; we've mourned the loss of friends and healed together. I'd say Debian is like family, but not the kind you get at random once you're born, Debian is my family by choice.
4. Are you using Debian in your daily life? If yes, how?
These days I teach at Vanier College in Montréal. My favorite course to teach is UNIX, which I have the pleasure of teaching mostly using Debian. I try to inspire my students to discover Debian and other FLOSS projects, and we are happy to run a FLOSS club with participation from students, staff and alumni. I love to see these curious young minds put to the service of FLOSS. It is like recruiting soldiers for a good battle, and one that can change their lives, as it certainly did mine.
5. Do you have any suggestions to improve women's participation in Debian?
I think the most effective way to inspire other women is to give visibility to active women in our community. Speaking at conferences, publishing content, being vocal about what we do so that other women can see us and see themselves in those positions in the future. It's not easy, and I don't like being in the spotlight. It took me a long time to get comfortable with public speaking, so I can understand the struggle of those who don't want to expose themselves. But I believe that this space of vulnerability can open the way to new connections. It can inspire trust and ultimately motivate our next generation. It's with this in mind that I publish these lines.
Another point we can't neglect is that in Debian we work on a volunteer basis, and this in itself puts us at a great disadvantage. In our societies, women usually take a heavier load than their partners in terms of caretaking and other invisible tasks, so it is hard to afford the free time needed to volunteer. This is one of the reasons why I bring my son to the conferences I attend, and so far I have received all the support I need to attend DebConfs with him. It is a way to share the caregiving burden with our community - it takes a village to raise a child. Besides allowing us to participate, it also serves to show other women (and men) that you can have a family life and still contribute to Debian.
My feeling is that we are not doing super well in terms of diversity in Debian at the moment, but that should not discourage us at all. That's the way it is now, but that doesn't mean it will always be that way. I feel like we go through cycles. I remember times when we had many more active female contributors, and I'm confident that we can improve our ratio again in the future. In the meantime, I just try to keep going, do my part, attract those I can, reassure those who are too scared to come closer. Debian is a wonderful community, it is a family, and of course a family cannot do without us, the women.
These interviews were conducted via email exchanges in October, 2024. Thanks to all the wonderful women who participated in this interview. We really appreciate your contributions in Debian and to Free/Libre software.
Russell Coker: MG4 Review
In the past I haven’t had a high opinion of MG cars, decades ago they were small and expensive and didn’t seem to offer anything I wanted. As there’s a conveniently located MG dealer I decided to try out an MG electric car and see if they are any good. I brought two friends along who are also interested in new technology.
I went to the MG dealer without any preconceptions or much prior knowledge of the MG electric cars apart from having vaguely noticed that they were significantly cheaper than Teslas. I told the salesperson that I didn’t have a model in mind and I just wanted to see what MG offers, so they offered me a test driver of a “MG4 64 EXCITE”. The MG web site isn’t very good and doesn’t give an indication of what this model costs, my recollection is that it’s something like $40,000, the base model is advertised at $30,990. I’m not particularly interested in paying for extras above the base model and the only really desirable feature that the “Excite 64” offers over the “Excite 51” is the extra range (the numbers 51 and 64 represent the battery capacity in KWh). The base model has a claimed range of 350KM which is more than I drive in a typical week, generally there are only about 4 days a year when I need to drive more than 300KM in a day and on those rare days I can spend a bit of time at a charging station without much inconvenience.
The experience of driving an MG4 is not much different from other EVs I’ve driven, the difference between that and the Genesis GV60 (which was advertised at $117,000) [1] isn’t significant. The Genesis has some nice camera features giving views from all directions and showing a view of the side on the dash when you put your turn indicator on. Also some models of Genesis (not the one I test drove) have cameras instead of side mirrors. The MG4 lacks most of those cameras but has a very effective reversing camera which estimates the distance to an “obstacle” behind you in cm. Some of the MG electric cars have a sunroof or moonroof (sunroof that just opens to transparent glass not open to the air), the one I tested didn’t have them and I didn’t feel I was missing much. While a moonroof is a nice feature I probably won’t want to pay as much extra as they will demand for it.
The dash of the MG4 doesn’t have any simulation of the old fashioned dash unlike the Genesis GV60 which had a display in the same location as is traditionally used which displays analogue instruments (except when the turn indicators are on). The MG4 has two tablets, a big one in the middle of the front for controlling heating/cooling and probably other things like the radio and a small one visible through the steering wheel which has the instruments. I didn’t have to think about the instruments, they just did the job which is great.
For second hand cars I looked at AutoTrader which seems to be the only Australian site for second hand cars that allows specifying electric as a search criteria [2]. For the EVs advertised on that site the cheapest are around $13,000 for cars about 10 years old and $21,000 for a 5yo LEAF. If you could only afford to spend $21,000 on a car then a 5yo LEAF would definitely be better than nothing, but when comparing a 5yo car for $21,000 and a new car for $31,000 the new car is the obvious choice if you can afford it. There was an Australian company importing used LEAFs and other EVs and selling them over the web for low prices, if they were still around and still selling LEAFs for $15,000 then that would make LEAF vs MG3 a difficult decision for me. But with the current prices for second hand LEAFs the decision is easy.
When I enrolled for the test drive the dealer took my email address and sent me an automated message with details about the test drive and an email address to ask for more information. The email address they used bounced all mail, even from my gmail account. They had a contact form on their web site but that also doesn’t get a response. MG really should periodically test their dealer’s email addresses, they are probably losing sales because of this.
On the same day I visited a Hyundai dealer to see what they had to offer. A salesman there said that the cheapest Hyundai was $60,000 and suggested that I go elsewhere if I am prepared to buy a lesser car to save money. I don’t need to get negged by a car dealer and I really don’t think there’s much scope for a car to be significantly better than the MG3 while also not competing with the Genesis cars. Genesis is a Hyundai brand and their cars are very nice, but the prices are well outside the range I’m prepared to pay.
Next I have to try the BYD. From what I’ve heard they are mostly selling somewhat expensive cars in Australia (a colleague recently got one which was about $60,000 which he is extremely happy with) but hopefully they have some of the cheaper ones available too. I don’t want to flex on my neighbors, I just want a reliable and moderately comfortable car that doesn’t cost too much.
Related posts:
- Genesis GV60 I recently test drove a Genesis GV70, but the GV60...
- review of Australian car web sites It seems that Toyota isn’t alone in having non-functional web...
- Used Car Prices There is an interesting article in The Age about the...
GSoC'24 Okular | Coming to a Close
Hey folks! Apologies for the long gap since my last post. A lot has happened both personally and professionally—I got a new job and relocated, which led to me extending my GSoC deadline to wrap up the remaining tasks. I’m happy to share that I’ve now completed everything, and all the pending MRs related to my GSoC work have been merged. Here’s a quick overview:
MRs merged:- Reset form implementation in Okular : Okular now has form reset functionality, allowing you to clear fields or return them to their default values. !MR1007
- Support for MouseDown, MouseEnter and MouseExit events : The corresponding event object is now generated when these mouse events are triggered. !MR994
- Keystroke, Validate, Calculate and Format event support for Comboboxes : These essential events were previously not triggered for comboboxes. This MR adds support for them. !MR1027
- Fix order of execution of events for text form fields : Keystroke, Validate, Calculate, and Format actions weren’t always executed in the correct order, especially during undo/redo or when modified via JavaScript. This MR fixes that and ensures KVCF actions are only triggered when a field value is committed, improving keyboard usability. !MR1002
- Support for modifying the appearance stream text in form field choice (Poppler) : Added functionality to modify appearance stream text in form fields without altering their actual values. !MR1590
- SubmitForm functionality (Poppler) : Support for reading the SubmitForm action was added to Poppler. While Okular doesn’t yet implement the actual submission process, this lays the groundwork for future integration. !MR1579
Although much progress has been made during GSoC’24, there are still many areas where Okular’s PDF form functionality could be expanded:
- The actual submission of forms in Okular can be built on top of the SubmitForm action now supported by Poppler.
- Adding support for the SelectionChange event in ListBoxes would enhance their interactivity.
- Additional functions could be implemented for CheckBoxes, ComboBoxes, and ListBoxes, such as programmatically checking items, clearing, deleting, inserting, and setting items. Some of these changes would also require updates to Poppler.
- Improving keyboard navigation for form fields could further boost accessibility and ease of use.
Participating in GSoC with KDE and contributing to Okular has been an incredible learning experience, and I’m proud of the contributions made. Huge thanks to my mentor, Albert Astals Cid, for his constant support, guidance, and patience through all my mistakes. Special thanks to Sune Vuorela for his reviews and insights which helped me learn a lot, and to the KDE Mentorship and GSoC teams for their indirect but invaluable help. I’m looking forward to continuing my journey with KDE.
See you next time. Cheers!
This Week in KDE Apps
Welcome to a new issue of "This Week in KDE Apps"! Every week we cover as much as possible of what's happening in the world of KDE apps.
This week we migrated more apps to Qt6, made Dolphin more optimized for mobile and added many new features to Tokodon.
Let's get started!
Cantor KDE Frontend to Mathematical SoftwareCantor has been ported to Qt6. (Alexander Semke, Carl Schwan, Nikita Sirgienko and Stefan Gerlach, 24.12.0. Link)
Cantor's website was ported from Jekyll to Hugo for easier maintenance and a sleeker design. (Carl Schwan, Now! Link)
digiKam Photo Management ProgramPercent values are now correctly translated. (Emir Sari. Link)
Dolphin Manage your filesFrom now on, Dolphin uses a phone-optimized alternative user interface when started on Plasma Mobile. After the addition of a selection mode and improvements to touchscreen-compatibility, Dolphin is surprisingly great on phones now! However, more work is still needed to more closely align the phone user interface with that of a phone app expectations. (Felix Ernst, 24.12.0. Link)
The right-click context menu for the Trash folder now contains actions to sort the Trash, change its view mode, and for cutting and copying items. (Eren Karakas, 24.12.0. Link 1, Link 2)
Quickly pressing the back or forward buttons on a mouse twice is no longer incorrectly interpreted as only wanting to go back or forward once. (Wolfgang Müller, 24.12.0. Link)
Francis Track your timeFrancis now lets you skip the current phase of work or break time. (Joëlle van Essen, 24.12.0. Link)
Gwenview Image ViewerThere is new a setting to disable starting over from the first image when moving forward beyond the last one. (Christian Svensson, 24.12.0. Link)
KDE Connect Seamless connection of your devicesYou can now filter plugins in the plugin settings page. (Carl Schwan, 24.12.0. Link)
We fixed getting default sounds for the "Find this Device" plugin in the Kirigami app. (Carl Schwan, 24.12.0. Link)
Kleopatra Certificate Manager and Unified Crypto GUIImprovements have been made to the debug dialog and it now allows you to run both pre-configured and custom debugging commands. (Tobias Fella, Gear 24.12.0. Link)
KleverNotes Take and manage your notesKleverNotes is now available on Flathub. (Louis Schul. Link)
KMail A feature-rich email applicationKMail's SMTP configuration dialog has been redesigned. (Carl Schwan, 24.12.0. Link)
KRDC Connect with RDP or VNC to another computerKRDC starts just by opening a .rdp file containing the RDP connection configuration. (Fabio Bas, 24.12.0. Link)
Krita Digital Painting, Creative FreedomThere is now an option that lets you select the default color space for EXR files. (Dmitry Kazakov. Link)
KTorrent BitTorrent ClientTooltips that had white on white text (and were thus unreadable) have been fixed. (Albert Astals Cid. 24.08.3. Link)
You now have a more compact date format for the torrent list "Added" column. (George Florea Bănuș, 24.12.0. Link)
LabPlot Interactive Data Visualization and AnalysisLabplot has been ported to Qt6 (Alexander Semke. Link).
Merkuro Calendar Manage your tasks and events with speed and easeVarious small regressions in Merkuro have been fixed. (Claudio Cambra, 24.08.3. Link 1, link 2, link 2, link 3, link 4, link 5, link 6)
NeoChat Chat with your friends on matrixNavigation on mobile has been improved by loading the timeline only when requested. (James Graham, 24.12.0. Link)
The context menu on mobile has been fixed. (James Graham, 24.12.0. Link)
Spacebar SMS/MMS messaging clientSending SMS has been fixed. (Alistair Francis, Plasma 6.2.1. Link)
A warning message is shown when Spacebar is not able to connect to its background service. (Devin Lin, Plasma 6.3.0. Link)
The chat page now makes it easier to distinguish between "single contact conversations" and "groups" when creating a new chat. (Devin Lin, Plasma 6.3.0. Link)
A fake ModemManager has been introduced to help developing Spacebar on laptops without a modem. (Devin Lin, Plasma 6.3.0. Link)
Tokodon Browse the Fediverse"Content Warning" has been changed to "Content Notice" and the warning iconography has been removed. (Joshua Goins, 24.12.0. Link)
Tokodon lets you remove and add users to your lists. (Joshua Goins, 24.12.0. Link)
We added an "unread" notification count and you can now set your notifications to "read". (Joshua Goins, 24.12.0. Link)
A proper grid view for the media tab has been added in the profile page. (Joshua Goins, 24.12.0. Link)
The wording of the private note field's label in the profile page has been improved. (Carl Schwan, 24.12.0. Link)
Support for displaying authorship in preview cards has been added. (Joshua Goins, 24.12.0. Link)
A "News" and a "Users" sections have been added to the Explore page, and the "Tags" section has been renamed to "Hashtag". (Joshua Goins, 24.12.0. Link 1, link 2, link 3)
Network settings have been removed from the login view as they are now available from the welcome page. (Joshua Goins, 24.12.0. Link)
The "joined date" info has been added to the profile information. (Joshua Goins, 24.12.0. Link)
A safety page has been added to the Tokodon settings to manage the list of muted and blocked users. (Joshua Goins, 24.12.0. Link)
The placeholders have been improved for when no posts are loaded. (Joshua Goins, 24.12.0. Link)
Tokodon handles Mastodon 4.3.0's new (moderation warnings and severance events) notifications types. (Joshua Goins, 24.12.0. Link)
The media descriptions (also known as alt text) are now displayed in a popup when clicked. (Joshua Goins, 24.12.0. Link)
And many more improvements and cleanups. (Link)
OthersWe updated the screenshots of many KDE games including Bomber, Granatier, Kapman, KAtomic, KBlocks and more. (Valentyn Bondarenko. Link)
...And Everything ElseThis blog only covers the tip of the iceberg! If you’re hungry for more, check out Nate's blog about Plasma and be sure not to miss his This Week in Plasma series, where every Saturday he covers all the work being put into KDE's Plasma desktop environment.
For a complete view of what's going on, visit KDE's Planet, where you can find all KDE news unfiltered directly from our contributors.
Get InvolvedThe KDE organization has become important in the world, and your time and contributions have helped us get there. As we grow, we're going to need your support for KDE to become sustainable.
You can help KDE by becoming an active community member and getting involved. Each contributor makes a huge difference in KDE — you are not a number or a cog in a machine! You don’t have to be a programmer either. There are many things you can do: you can help hunt and confirm bugs, even maybe solve them; contribute designs for wallpapers, web pages, icons and app interfaces; translate messages and menu items into your own language; promote KDE in your local community; and a ton more things.
You can also help us by donating. Any monetary contribution, however small, will help us cover operational costs, salaries, travel expenses for contributors and in general just keep KDE bringing Free Software to the world.
To get your application mentioned here, please ping us in invent or in Matrix.
Real Python: Quiz: Pydantic: Simplifying Data Validation in Python
In this quiz, you’ll test your understanding of Pydantic. Pydantic is a powerful data validation library for Python. You can also use a related library, pydantic-settings, for settings management.
By working through this quiz, you’ll revisit how to work with data schemas with Pydantic’s BaseModel, write custom validators for complex use cases, validate function arguments with Pydantic’s @validate_call, and manage settings and configure applications with pydantic-settings.
[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]
Julien Tayon: Revisiting hello world : coding print from scratch part I
Most coders will use print during their whole life without actually coding it. However, it is a fun exercise.
The framebuffer
Given you are on linux you probably have a device named /dev/fb0 if you don't, you can't do this. The framebuffer is a view of the linear graphical memory used by your video card where what you see on the screen is stored ... at the condition you are in console mode and you have the rights.
On my debian centric distribution, to give the_user permissions to write in the framebuffer I must add the_user to group_video. This can be done with sudo adduser the_user video or sudo vigr.
Then, you have to be in console mode. To switch from xorg/wayland to the console back and forth I use the Ctrl + Alt + Fn combination to switch off from X and Alt + Fn to switch back to X (it's called switching the virtual console).
Once this is done you check you have rights by doing cat /dev/urandom > /dev/fb0 which should fill your screen with random colors and insult you stating there is no more room left on the device. SNAFU : everyhting works as intended.
The pixel
Framebuffer don't know about pixels made of Red, Green, Blue and alpha (given you have a video card that is less than 20 years old), they are just made of memory. We will have to slowly build up our understanding of what this is all about.
The in memory layout may differ according to the hardware, some are having a RGBA layout, mine, the i915 is having a BGRA layout. The following example may need to be rewritten with different hardware if the output is not consistent with your assumption.
Determining the memory layout and coordinates
We will do a test and validate code session : first we make assumption on where the colours are by writting 3 squares of Red, Blue and Green on the screen, then, we will snapshot the screen.
$ cat fb.py #!/usr/bin/env python3 from struct import pack w,h =map(int, open("/sys/class/graphics/fb0/virtual_size").read().split(",")) midx = w//2 midy = h//2 encode = lambda b,g,r,a : pack("4B",b,g,r,a) with open("/dev/fb0", "wb") as f: for y in range(0,h): for x in range(0,w): f.write(encode( not x%100 and 0xA0 or x<midx and 0xFF or 0, #blue y<midy and 0xFF or 0, #green x>midx and y>midy and 0xFF or 0, #red 0, )) The only « trick » is the use of pack to encode the four colour bytes in a byte array that is written to the framebuffer filehandler. If the code works correctly we should validate the following assumptions:
- coordinates are such as 0 is top left of the screen where green and blue should superpose
- my 1920x1080 screen should have 19 weired stripes (hence validating the geometry)
- each colours should be in its square, red bottom right, green top right, blue bottom left.
- RAM as a char device is accessing a low level file
- a magic number P3 followed by
- width
- height
- the maximum colour value (here 255)
- the 3 colour bytes Red, Blue, Green without Alpha value per pixel
The code for this is straigh forward : $ cat snap.py #!/usr/bin/env python from struct import unpack w,h = map( int,open("/sys/class/graphics/fb0/virtual_size").read().split(",")) # returns b g r a decode = lambda pixel : unpack("4B", pixel) def pr(b,g,r,a): print("%d %d %d" % (r,g,b)) print(f"""P3 {w} {h} 255 """) with open("/dev/fb0", "rb") as fin: while pixel := fin.read(4): pr(*decode(pixel)) Here the only trick is we use the symetrical function of pack, unpack to decode the pixel in the four colour bytes.
wrapping up part one
Asumming you can install fim the framebuffer image wiewer and you installed imagemagick : you can now do ./fb.py && snap.py > this.ppm && convert this.ppm this.jpg && fim this.jpg Doing so, you should have the same picture showing twice without an error like this : As an exercise, you can vary the fb.py to make funny output, or code a PPM viewer that print back your ppm to the screen.
My work in KDE: The end (for this blog series)
Hello again, sorry it’s been a while since the last post. In this case, I’m doing a never-before-seen multi-month post!
This may be the last post in this series, as the KDE Promo team has launched “This Week in KDE Apps” which covers my work here (and I also have plans to contribute to… 😅) Nate Graham typically reports on my Plasma changes in his “This Week in Plasma” series. All that would be left is the uninteresting changes, so I was thinking it might be more sensible to do an emersion-style “Status update” that’s isn’t strictly KDE related. We’ll see!
PlasmaFeature You can now tweak the pen pressure. This is useful if you prefer a specific style to your strokes, and you can’t change this directly in your preferred application. We plan to have add “soft” and “hard” presets to make using the curve easier. This is one of the last items paid for by our NLnet grant, so it’s exciting to see it finally come to fruition! 6.3
The new pen pressure control in the Drawing Tablet KCM.Feature The stylus cursor is now hidden on the Calibration page but this will only work once your distribution switches to Qt 6.8. The credit belongs to Nicolas Fella as he’s the one who put in the work upstream in Qt! 6.2.1
Bugfix The calibration accuracy is now improved slightly and refining your existing calibration further should work closer to how you expect. 6.2.1
Bugfix Added more safety rails in the Calibration code to prevent possible crashes. 6.2.1
Bugfix Made sure the calibration matrix is reset when you hit the “Defaults” button. 6.2.1
Bugfix Now the Calibration window opens on the correct screen. 6.2.1
Bugfix Now the action dialog doesn’t show up in the wrong place when your KCM scrolls a lot, like mine. 6.2.1
TokodonFeature The welcome page when you first open Tokodon now looks much nicer and friendly. Hopefully it makes it clearer what Tokodon is, and also includes an even clearer badge to indicate what service it connects to. 24.12
The new welcome page.Feature Display public servers to ease registration for first-time Mastodon users. Right now there’s not any filtering options, but this is a huge improvement over an empty textbox and expecting users to know where to find a server. 24.12
The new servers page.Feature My post tag display improvement was merged, which limits tags to one line. Note that this isn’t the final design we’ll go with, but they will no longer spill onto multiple lines. 24.12
This is how tags will look when there’s too many to display at once.Feature It seems people want Cohost’s “Following” feed for Mastodon, and of course Tokodon could do it! So that’s what I did, and implemented Cohost’s “Following” feed. Albiet it’s currently limited due to the Mastodon API we have available, so it comes with two big caveats currently: You only see when people were last active by the day, and the pagination kinda sucks. 24.12
The following feed.Feature Added support for managing your social graph within Tokodon. For example if you don’t want someone to follow you anymore, or to quickly unfollow someone from your “Following” list. 24.12
Now you can force remove your followers. Don’t worry, I’m not removing you @patchexcempt!Feature Self-identified bots are now correctly identified on the profile page. 24.12
The LWN Mastodon is now correctly marked as a bot.Feature Due to limitations in the Mastodon API, we now put a button on the account page to denote there are more settings available online. 24.12
Where to find this link in the settings.Feature Changed the media tab to a grid view, making it easy to see a user’s media all at once. This works different compared to Mastodon Web as you can even filter by featured tag in this mode - but it’s not shown in this screenshot. 24.12
Screenshot of the media tab on an artist’s account.Feature Laid the initial groundwork unread notifications. You now have a number indicator in the sidebar for unread notifications, and mark them as read. 24.12
Feature Added list user management, so now you can use lists to their full advantage within Tokodon itself. 24.12
Time to categorize everything KDE-related into a nice list…Feature The warning iconography for “Content Warnings” are now removed, and replaced with “Content Notice” to denote it’s true and more generic purpose. 24.12
How “content warnings” look now.Feature Added support for read markers, allowing you to continue reading where you last left off. 24.12
Feature Now the authorship of links are displayed in link preview cards including a Mastodon account, if available. See this official Mastodon blog post for more details. 24.12
How authors appear in link preview cards now.Feature Added a way to view poll results before voting, finally. 24.12
Finally, I can see it all!Feature Now it’s possible to see which poll options you voted for. 24.12
Finally, I can remember it all!Feature When clicking the “ALT” button, the media description pops up. This could be useful if you want to quickly view what the media is, before unhiding it. 24.12
Feature Tokodon now supports displaying admin report, severed relationship and moderation warning notifications. These notifications can then be configured in the notifications settings as per usual. The details shown in the notifications can still use a bit of work, though. 24.12
These are test notifications, since v4.3.0 is so new I haven’t seen them yet!Feature The Notifications page is redesigned, to better suit non-English languages. I also added a button to go straight to Notification settings from here. 24.12
How the notifications page looks like, on a mobile device.Feature When you’re using Tokodon on a newer and emptier Mastodon account, the application is much friendlier with more helpful explanatory text everywhere. 24.12
No posts in your Home? No bookmarks?
Feature Tokodon’s UI is now more responsive. The sidebar will appear on mobile devices if their screen is wide enough, like the Android tablet I use Tokodon on. 24.12
Feature Timeline streaming and read markers can be turned off, if you prefer. 24.12
The new timeline settings.Feature When viewing someone’s profile, a list of people you follow that you have in common is now shown. Hopefully this will make it easier to find new friends on Mastodon! 24.12
Note that if you make your social graph private, you won’t show up here.Feature You can now edit your profile fields within Tokodon, without having to do it through Mastodon Web. 24.12
YES!Feature You can now see trending links (or “news”) on the Explore page, and also suggested users. I’m intentionally not showing a screenshot since it doesn’t look very good yet. 24.12
Bugfix The font size in the post composer now follows your preferred font setting. 24.12
Bugfix Tapping a post only works by tapping on the content itself, not the margins. 24.12
NeoChatFeature You can open location links in your preferred map application. This is the same Map application under the Applications KCM, so you can choose something like OpenStreetMap or even Marble. 24.12
Clicking this button will do it.Feature The location chooser is now better in general. There’s a toolbar button to re-center the map, and if your device supports positioning then it can use that to center itself. 24.12
Can’t show it here on my desktop, yet.Feature The security page is overhauled and now contains more relevant settings from other pages. 24.12
Hopefully NeoChat can make your experience on Matrix a more secure one.Feature NeoChat’s welcome page when you first open it now looks a bit nicer. 24.12
More settings buttons, woo!Bugfix Now when you only have friend invites and no messages a better icon is displayed, instead of none at all. 24.12
No longer blank!Bugfix The buggy look of the date section header is finally fixed. 24.08.1
ItineraryFeature I added support for United Airlines reservations, so they can be imported to Itinerary and show up in KMail. Paired with Kalendar, this makes it really easy to keep track of my travel plans! I hope to add support for more North American airlines as I fly them, it’s surprisingly easy to write extractors. 24.08.1
How a United reservation shows up in KMail now, much more useful! FrameworksFeature Added support for separator actions in ToolBarLayout in Kirigami. 6.7
Feature Added command names for “Remove Spaces” and “Keep Extra Spaces” in KTextEditor, for a secret future project. 6.7
Feature You can now disable the scrollbar interactivity on ScrollablePages in Kirigami. 6.8
Feature Initial support for QML bindings to the KTextAddons emoticons API. This means that eventually our applications will no longer need to have their own special emoji picker, and our Unicode data will be unified! 1.6
LibrariesBugfix The caption text in applications that use the Kirigami add-ons fullscreen image viewer is now copyable. I usually write alternative text for my artwork in Tokodon first, and then copy it elsewhere. So it’s really cool to be able to do this within Tokodon itself and not have to go through Mastodon Web. 1.6
KDE GoalsThe goal I championed for, “We care about your Input” was selected! You can check it out on the goals page on the KDE website, which also includes links to our public workboard, chat and the original proposal. Let’s make KDE Plasma the perfect desktop environment for artists! (And everyone else too, I guess 😜)
AkademyI also attended Akademy this year! You can read more about it in it’s dedicated blog post if you missed it.
The fountain, again!It’s been almost a year since I started this series, and I can’t believe I’ve done almost a dozen of these. People seem to really like them, and I’m really appreciative of that! Like I said in the beginning, there will most likely not be a next part as it will be rolled into someone else’s blog posts now.
If you want a hint as to what I’ll be about blogging next, you might want to remember where this all began.
My work in KDE for July 2024 HomeGNU Health: GHCon2024, the GNU Health Conference . Palermo, Italy
Dear community:
We’re excited to announce the IX International GNU Health Conference, that will take place in beautiful Sicily, Italy, at the University of Palermo this December 15th.
The GNU Health Conference (GHCon) is the annual conference that brings together enthusiasts and developers of GNU Health, the Libre digital health ecosystem. The conference will have thematic sessions, lightning talks and implementation cases to get to know the GNU Health and other Free/Libre software communities from around the world.
We will show the upcoming features of the Health and Hospital Information System, standards, security, privacy, the GNU Health Federation and MyGNUHealth (the Personal Health Record).
GHCon2024 – The IX International GNU Health Conference
The XVII International Workshop on eHealth in Emerging Economies (IWEEE) is about Social Medicine and addressing the reality of the underprivileged around the world. There will be workshops to debate, and share experiences from humanitarian organizations and from those working in field of Social Medicine.
In the evening we will announce and honor the winners of the GNU Health Social Medicine awards.
We are counting on you to get the most out of the conference. Most importantly, we want you to have fun, feel at home, and enjoy being part
of the GNU Health community.
Looking forward to seeing you in Sicily!
Happy Hacking!
GHCon2024 homepage: https://www.gnuhealth.org/ghcon
Registration: https://my.gnusolidario.org/ghcon2024-registration/
Follow us in Mastodon (https://mastodon.social/@gnuhealth) for the latest news.
You can share the news using the tag #GHCon2024
Python Does What?!: Enums make good singletons
MISSING = object() There's a slightly more verbose construct with some advantages:
import enum class MissingType(enum.Enum): MISSING = "MISSING" MISSING = MissingEnum.MISSING Type checkers understand that MISSING is the only possible value of MissingType; so you can use is checks:
def or_1(val: float | MissingType = MISSING) -> float: if scale is not MISSING: return 1.0 return scale mypy understands this is type correct.
More broadly, the semantics of a single-value enum are the same as a singleton. For example, neither singletons nor enums should have additional instances allocated. Instead of fixing bugs one by one with custom __init__ and __deepcopy__, the correct behaviors come for free.
gnuboot @ Savannah: Nonfree software found in GNU Boot releases again, many distros affected.
The GNU Boot project previously found nonfree microcode in the first
RC1 release (in gnuboot-0.1-rc1_src.tar.xz to be exact).
This was announced in the "GNU Boot December 2023 News"
(https://lists.gnu.org/archive/html/gnuboot-announce/2023-12/msg00000.html). It
was fixed by re-making the affected tarball by hand with the nonfree
software removed and by contacting Canoeboot that had the same issue,
and by bug reporting and proposing patches to fix the issue in Guix as
well (they are still pending as we need to find a reviewer familiar
with Coreboot).
But recently we found a more problematic issue that also affects many
more distributions and all the previous GNU Boot release candidates.
The vboot source code used in Coreboot and in the vboot-utils package
available in many GNU/Linux distributions contains nonfree code in
their test data in tests/futility/data (nonfree microcode, nonfree
BIOS, nonfree Management Engine firmwares, etc).
So we had to re-release all the affected tarballs (like
gnuboot-0.1-rc1_src.tar.xz, gnuboot-0.1-rc2_src.tar.xz, etc).
We made and we improved the process along the way (we now store the
changes in tag inside our git repository and simply regenerate the
tarballs with the build system that is available for a given tag).
We are also in the process of contacting distributions and/or
coordinating with them and we also need help as there are many
distributions to contact.
To do that we started contacting the free GNU/Linux distros
(https://www.gnu.org/distros/free-distros.html) that ship the vboot
source code. We also contacted Replicant that is a free Android distro
that also ships vboot source code.
We also started to contact common distros that require certain
repositories to only have free software (so far we only contacted
Debian as that will help Trisquel fix the issue, but we also need to
contact Fedora for instance). Finding which distro to contact is made
much easier thanks to GNU's review of common distros policies
(https://www.gnu.org/distros/common-distros.html).
We coordinate that work on our bug report system at Savannah,
especially in the bug #66246
(https://savannah.gnu.org/bugs/index.php?66246).
Too many tablets
I’m pretty interested in tablet stuff . Not because I think it makes senseo type long chunks of text using an on-screen keyboard, but they should make for a good drawing and painting experience. I’ve already written about the largest tablet I ever had, a 24″ Cintiq Pro and the Remarkable 2.
Today I’m going to run the gamut of the other tablets I’ve used…
Let’s start at eleven o’clock. That’s an iPad pro, first generation. I got it to see whether painting applications would work on it, and maybe port Krita to it. In the end, I pretty much only used it to read comics on. It’s top-heavy, the pen is top-heavy and I just didn’t like the painting applications I could get for it, like Procreate. I did create a little mock-up Qt-based painting application for testing purposes. But… I really, really hated the Apple Pencil. Like, really. I also dislike iPadOS quite a bit.
Then, at two o’clock, the latest addition to the stable. The Remarkable Paper Pro. It’s bigger than the Remarkable 2, which isn’t necessarily a good thing. It’s supposedly the most advanced color e-ink panel there is, and there’s a front light. That makes it better than my Remarkable 2, which I now handed over to Irina, because without the front light, it’s unusable in anything but the brightest sunlight. That might just be my eyes, of course. The color, though… It’s fine for reading comics or pdf’s, if you like that seventies cheaply printed comic book look. Since the Remarkable runs its own OS, you cannot install Android apps, and since the OS changes quite a bit from version to version, third party apps ten not to work, or even brink the device, despite the device being remarkably open. (Sorry, pun intended.) The device does ooze quality, though! And the pen is great, really great.
Then, at four o’clock, there’s an Onyx Boox. It does run Android, and I wanted to see how well it would run Krita. Well, Krita runs, but the device is a bit slow. The pen is pretty nice, too, even if the cap is dinky. The color is worse than the remarkable’s one, but, again, if you’re reading counterfeit seventies Uncle Scrooge PDF’s, it’s fine. I mostly use this device to learn Hangul and read right-to-left manga. It’s too slow, and the display is too slow, for vertical scrolling manhwa.
Next, at six o’clock, the Samsung Tab S4 Android tablet that we got when we first ported Krita to Android. Despite being really old and not getting any OS updates anymore, it’s still doing fine. I mostly use it to read manga and manhwa using Nihom, and still for testing Krita. The pen is too small to be comfortable, but I only use it for testing. What’s really annoying is that every Saturday morning, I get a notification that Samsung’s legal stuff has changed — even though I don’t get any security updates.
Finally, at eight o’clock, the Frunsi Rubenstab. It’s a bit heavy, a bit small, a bit slow, but on the whole, it’s amazing. It runs Android. It’s mostly designed to be used in landscape mode. The pen is great, the display is good, the large bezels make it easy to hold and it comes with just about too much extra stuff, ranging from ant-static gloves to a brush-like implement.
health @ Savannah: GHcon2024, the GNUHealth Conference will be in Palermo, Italy - December 15th
Dear community:
We're excited to announce the IX International GNU Health Conference, that will take place in beautiful Sicily, Italy, at the University of Palermo this December 15th.
The GNU Health Conference (GHCon) is the annual conference that brings together enthusiasts and developers of GNU Health, the Libre digital health ecosystem. The conference will have thematic sessions, lightning talks and implementation cases to get to know the GNU Health and other Free/Libre software communites from around the world.
We will show the upcoming features of the Health and Hospital Information System, standards, security, privacy, the GNU Health Federation and MyGNUHealth (the Personal Health Record)
The XVII International Workshop on eHealth in Emerging Economies (IWEEE) is about Social Medicine and addressing the reality of the underprivileged around the world. There will be workshops to debate, and share experiences from humanitarian organizations and from those working in field of Social Medicine.
In the evening we will announce and honor the winners of the GNU Health Social Medicine awards.
We are counting on you to get the most out of the conference. Most importantly, we want you to have fun, feel at home, and enjoy being part of the GNU Health community!
Happy Hacking!
Homepage: https://www.gnuhealth.org/ghcon
Registration: https://my.gnusolidario.org/ghcon2024-registration/
Follow us in Mastodon (https://mastodon.social/@gnuhealth) for the latest news.
Happy hacking!
You can share the news using the tag #GHCon2024
This week in Plasma: hardware is hard
At this point we’ve addressed most of the nasty regressions people found in Plasma 6.2. Thankfully most were not widespread, and were instead related to people’s diverse hardware setups. Most seem to have had smooth upgrades, but those whose hardware setups misbehaved with changes made in 6.2 were a focus for rapid response. These kinds of hardware-specific issues are really difficult to test for ahead of time, which is why we’re always asking for more beta testers! For folks whose hardware encountered problems, I expect things to be pretty good with Plasma 6.2.2, which’ll be released in a few days.
In the meantime, the floodgates have been opened for those not working on bug fixes to start landing their feature work for Plasma 6.3! Check it all out below:
Notable New FeaturesIt’s now possible to customize the pressure curve for drawing tablet pens! (Joshua Goins, Plasma 6.3.0. Link):
Added a new page to Info Center that shows technical data extracted from your screens’ EDID blocks (Harald Sitter, Plasma 6.3.0. Link)
In Plasma’s Weather Report widget, added support for nighttime forecasts when using a weather station from the Deutscher Wetterdienst source (Wolfgang Müller, Plasma 6.3.0. Link)
Notable UI ImprovementsIf you manage to mess up your tablet calibration badly enough that it becomes impossible to use it to re-calibrate, System Settings’ drawing Tablet page will now reset the calibration when you click the “Default” button (Joshua Goins, Plasma 6.2.1. Link)
Plasma’s digital Clock widget now displays all events on days with more than five events, making it actually useful for that use case (Tino Lorenz, Plasma 6.3.0. Link)
Improved the way pop-ups using the “Sliding Popups” effect slide out of floating Plasma panels (Niccolò Venerandi, Plasma 6.3.0. Link):
https://i.imgur.com/9313Iz7.mp4Plasma’s Power and Battery widget now shows better placeholder text when you’re managing power using tlp instead of power-profiles-daemon, or when power-profiles-daemon is installed but not supported by the device’s firmware (Natalie Clarius, Plasma 6.3.0. Link)
It’s no longer possible to accidentally resize a Plasma widget’s pop-up from one of its edges that touches the edge of a screen or Plasma panel (Niccolò Venerandi, Plasma 6.3.0. Link)
The upload and download arrows in Plasma’s Networks widget now uses a different character that’s substantially more readable with many fonts (Tem PQD, Plasma 6.3.0. Link)
Notable Bug FixesFixed a regression that could sometimes cause graphical corruption on external screens attached to certain NVIDIA GPUs (Xaver Hugl, Plasma 6.2.1. Link 1 and link 2)
Fixed a regression that caused Kickoff to unexpectedly open after you hold down the Shift key and press Alt, which may seem like it’s an unusual thing to do, but it can be common in certain video games and it’s quite disruptive in that context (Yifan Zhu, Plasma 6.2.1. Link)
Fixed a case where System Settings’ Wallpaper page could crash when previously configured in a way that’s now invalid (Fushan Wen, Plasma 6.2.1. Link)
Fixed a case where the tablet calibration overlay could appear on a monitor where it doesn’t make any sense (Joshua Goins, Plasma 6.2.1. Link)
Fixed three regressions accidentally introduced in Plasma 6.2.1 while fixing other bugs: one causing crashes on multi-GPU systems, the second making the splash screen take too long, and the final one making the cursor not change shape properly when hovering over links in certain apps (Xaver Hugl and David Edmundson, Plasma 6.2.1.1. Link 1, link 2, and link 2)
Fixed a performance regression affecting people using NVIDIA GPUs and the Night Light feature (Xaver Hugl, Plasma 6.2.1.1. Link)
Fixed a regression that caused HDR to stop working properly in games that request absurd brightness levels, like a billion nits of brightness (Xaver Hugl, Plasma 6.2.2. Link)
Fixed a regression that could cause the cursor to misbehave in certain video games (Xaver Hugl, Plasma 6.2.2. Link)
Fixed an issue that caused visual distortion in the clipboard widget’s config window when interacting with it in a very specific way (David Edmundson, Plasma 6.2.2. Link)
Fixed two visual issues in Breeze’s GTK 4 theming (Łukasz Patron, Plasma 6.3.0. Link 1 and link 2)
Fixed a minor issue with widgets on the Plasma desktop that would cause the cursor to inappropriately use the hand shape after dragging them and then later hovering over an edge (Niccolò Venerandi, Plasma 6.3.0. Link)
Some third-party apps handle files in a buggy way, and overwrite your file associations such that certain file types get configured to always open with the kde-open or xdg-open command-line tools. When they do this, the system no longer consumes all CPU and memory resources and crashes; instead opening the file simply doesn’t work (Akseli Lahtinen, Frameworks 6.8. Link)
Opening a “Get New [stuff]” dialog on any System Settings pages no longer sometimes causes the app to secretly stay open after you close it, which would prevent it from being re-opened again and make you want to throw the computer out the window (Harald Sitter, Frameworks 6.8. Link)
Category icons in Kickoff are now symbolic as intended when using the Breeze Dark icon theme. Also put in place some other changes to prevent this happening again in the future (David Redondo, Frameworks 6.8. Link 1 and link 2)
Other bug information of note:
- 4 Very high priority Plasma bug (up from 2 last week). Current list of bugs
- 33 15-minute Plasma bugs (down from 35 last week). Current list of bugs
- 143 KDE bugs of all kinds fixed over the last week. Full list of bugs
Refined the tablet calibration feature so that it produces more accurate calibrations (Joshua Goins, Plasma 6.2.1. Link)
How You Can HelpIf you’re a developer, keep on working to fix Plasma 6.2 regressions! We’ve got ’em on the run, and this is our chance to finish them off!
Otherwise, visit https://community.kde.org/Get_Involved to discover additional ways to be part of a project that really matters. Each contributor makes a huge difference in KDE; you are not a number or a cog in a machine! You don’t have to already be a programmer, either. I wasn’t when I got started. Try it, you’ll like it! We don’t bite! Or consider donating instead! That helps too.
Armin Ronacher: Serendipity
KUnifiedPush 1.0.0 is out!
KUnifiedPush provides push notifications for KDE applications. Push notifications are a mechanism to support applications that occasionally need to receive some kind of information from their server-side part, and where receiving in a timely manner matters. Chat applications or weather and emergency alerts would be examples for that. More technical details about KUnifiedPush are available on Volker's introduction post about KUnifiedPush.
KUnifiedPush provides three possible provider backends for push notifications:
The default provider of KUnifiedPush is Ntfy with unifiedpush.kde.org but you can change it to your own server in the System Settings.
Currently both NeoChat and Tokodon integrates with KUnifiedPush as both Matrix and Mastodon support UnifiedPush. There is also ongoing work for weather and emergency alerts.
Packager SectionYou can find the package on download.kde.org and it has been signed with Carl Schwan's GPG key.
KDE Gear 24.12 release schedule
https://community.kde.org/Schedules/KDE_Gear_24.12_Schedule
Dependency freeze is in around 3 weeks (November 7) and feature freeze one
after that. Get your stuff ready!
Dries Buytaert: My solar-powered and self-hosted website
I'm excited to share an experiment I've been working on: a solar-powered, self-hosted website running on a Raspberry Pi. The website at https://solar.dri.es is powered entirely by a solar panel and battery on our roof deck in Boston.
My solar panel and Raspberry Pi Zero 2 are set up on our rooftop deck for testing. Once it works, it will be mounted properly and permanently.By visiting https://solar.dri.es, you can dive into all the technical details and lessons learned – from hardware setup to networking configuration and custom monitoring.
As the content on this solar-powered site is likely to evolve or might even disappear over time, I've included the full article below (with minor edits) to ensure that this information is preserved.
Finally, you can view the real-time status of my solar setup on my solar panel dashboard, hosted on my main website. This dashboard stays online even when my solar-powered setup goes offline.
BackgroundFor over two decades, I've been deeply involved in web development. I've worked on everything from simple websites to building and managing some of the internet's largest websites. I've helped create a hosting business that uses thousands of EC2 instances, handling billions of page views every month. This platform includes the latest technology: cloud-native architecture, Kubernetes orchestration, auto-scaling, smart traffic routing, geographic failover, self-healing, and more.
This project is the complete opposite. It's a hobby project focused on sustainable, solar-powered self-hosting. The goal is to use the smallest, most energy-efficient setup possible, even if it means the website goes offline sometimes. Yes, this site may go down on cloudy or cold days. But don't worry! When the sun comes out, the website will be back up, powered by sunshine.
My primary website, https://dri.es, is reliably hosted on Acquia, and I'm very happy with it. However, if this solar-powered setup proves stable and efficient, I might consider moving some content to solar hosting. For instance, I could keep the most important pages on traditional hosting while transferring less essential content – like my 10,000 photos – to a solar-powered server.
Why am I doing this?This project is driven by my curiosity about making websites and web hosting more environmentally friendly, even on a small scale. It's also a chance to explore a local-first approach: to show that hosting a personal website on your own internet connection at home can often be enough for small sites. This aligns with my commitment to both the Open Web and the IndieWeb.
At its heart, this project is about learning and contributing to a conversation on a greener, local-first future for the web. Inspired by solar-powered sites like LowTech Magazine, I hope to spark similar ideas in others. If this experiment inspires even one person in the web community to rethink hosting and sustainability, I'll consider it a success.
Solar panel and batteryThe heart of my solar setup is a 50-watt panel from Voltaic, which captures solar energy and delivers 12-volt output. I store the excess power in an 18 amp-hour Lithium Iron Phosphate (LFP or LiFePO4) battery, also from Voltaic.
A solar panel being tested on the floor in our laundry room. Upon connecting it, it started charging a battery right away. It feels truly magical. Of course, it won't stay in the laundry room forever so stay tuned for more ...I'll never forget the first time I plugged in the solar panel – it felt like pure magic. Seeing the battery spring to life, powered entirely by sunlight, was an exhilarating moment that is hard to put into words. And yes, all this electrifying excitement happened right in our laundry room.
A 18Ah LFP battery from Voltaic, featuring a waterproof design and integrated MPPT charge controller. The battery is large and heavy, weighing 3kg (6.6lbs), but it can power a Raspberry Pi for days.Voltaic's battery system includes a built-in charge controller with Maximum Power Point Tracking (MPPT) technology, which regulates the solar panel's output to optimize battery charging. In addition, the MPPT controller protects the battery from overcharging, extreme temperatures, and short circuits.
A key feature of the charge controller is its ability to stop charging when temperatures fall below 0°C (32°F). This preserves battery health, as charging in freezing conditions can damage the battery cells. As I'll discuss in the Next steps section, this safeguard complicates year-round operation in Boston's harsh winters. I'll likely need a battery that can charge in colder temperatures.
The 12V to 5V voltage converter used to convert the 12V output from the solar panel to 5V for the Raspberry Pi.I also encountered a voltage mismatch between the 12-volt solar panel output and the Raspberry Pi's 5-volt input requirement. Fortunately, this problem had a more straightforward solution. I solved this using a buck converter to step down the voltage. While this conversion introduces some energy loss, it allows me to use a more powerful solar panel.
Raspberry Pi modelsThis website is currently hosted on a Raspberry Pi Zero 2 W. The main reason for choosing the Raspberry Pi Zero 2 W is its energy efficiency. Consuming just 0.4 watts at idle and up to 1.3 watts under load, it can run on my battery for about a week. This decision is supported by a mathematical uptime model, detailed in Appendix 1.
That said, the Raspberry Pi Zero 2 W has limitations. Despite its quad-core 1 GHz processor and 512 MB of RAM, it may still struggle with handling heavier website traffic. For this reason, I also considered the Raspberry Pi 4. With its 1.5 GHz quad-core ARM processor and 4 GB of RAM, the Raspberry Pi 4 can handle more traffic. However, this added performance comes at a cost: the Pi 4 consumes roughly five times the power of the Zero 2 W. As shown in Appendix 2, my 50W solar panel and 18Ah battery setup are likely insufficient to power the Raspberry Pi 4 through Boston's winter.
With a single-page website now live on https://solar.dri.es, I'm actively monitoring the real-world performance and uptime of a solar-powered Raspberry Pi Zero 2 W. For now, I'm using the lightest setup that I have available and will upgrade only when needed.
NetworkingThe Raspberry Pi's built-in Wi-Fi is perfect for our outdoor setup. It wirelessly connects to our home network, so no extra wiring was needed.
I want to call out that my router and Wi-Fi network are not solar-powered; they rely on my existing network setup and conventional power sources. So while the web server itself runs on solar power, other parts of the delivery chain still depend on traditional energy.
Running this website on my home internet connection also means that if my ISP or networking equipment goes down, so does the website – there is no failover in place.
For security reasons, I isolated the Raspberry Pi in its own Virtual Local Area Network (VLAN). This ensures that even if the Pi is compromised, the rest of our home network remains protected.
To make the solar-powered website accessible from the internet, I configured port forwarding on our router. This directs incoming web traffic on port 80 (HTTP) and port 443 (HTTPS) to the Raspberry Pi, enabling external access to the site.
One small challenge was the dynamic nature of our IP address. ISPs typically do not assign fixed IP addresses, meaning our IP address changes from time to time. To keep the website accessible despite these IP address changes, I wrote a small script that looks up our public IP address and updates the DNS record for solar.dri.es on Cloudflare. This script runs every 10 minutes via a cron job.
I use Cloudflare's DNS proxy, which handles DNS and offers basic DDoS protection. However, I do not use Cloudflare's caching or CDN features, as that would somewhat defeat the purpose of running this website on solar power and keeping it local-first.
The Raspberry Pi uses Caddy as its web server, which automatically obtains SSL certificates from Let's Encrypt. This setup ensures secure, encrypted HTTP connections to the website.
Monitoring and dashboard The Raspberry Pi 4 (on the left) can run a website, while the RS485 CAN HAT (on the right) will communicate with the charge controller for the solar panel and battery.One key feature that influenced my decision to go with the Voltaic battery is its RS485 interface for the charge controller. This allowed me to add an RS485 CAN HAT (Hardware Attached on Top) to the Raspberry Pi, enabling communication with the charge controller using the Modbus protocol. In turn, this enabled me to programmatically gather real-time data on the solar panel's output and battery's status.
I collect data such as battery capacity, power output, temperature, uptime, and more. I send this data to my main website via a web service API, where it's displayed on a dashboard. This setup ensures that key information remains accessible, even if the Raspberry Pi goes offline.
My main website runs on Drupal. The dashboard is powered by a custom module I developed. This module adds a web service endpoint to handle authentication, validate incoming JSON data, and store it in a MariaDB database table. Using the historical data stored in MariaDB, the module generates Scalable Vector Graphics (SVGs) for the dashboard graphs. For more details, check out my post on building a temperature and humidity monitor, which explains a similar setup in much more detail. Sure, I could have used a tool like Grafana, but sometimes building it yourself is part of the fun.
A Raspberry Pi 4 with an attached RS485 CAN HAT module is being installed in a waterproof enclosure.For more details on the charge controller and some of the issues I've observed, please refer to Appendix 3.
Energy use, cost savings, and environmental impactWhen I started this solar-powered website project, I wasn't trying to revolutionize sustainable computing or drastically cut my electricity bill. I was driven by curiosity, a desire to have fun, and a hope that my journey might inspire others to explore local-first or solar-powered hosting.
That said, let's break down the energy consumption and cost savings to get a better sense of the project's impact.
The tiny Raspberry Pi Zero 2 W at the heart of this project uses just 1 Watt on average. This translates to 0.024 kWh daily (1W * 24h / 1000 = 0.024 kWh) and approximately 9 kWh annually (0.024 kWh * 365 days = 8.76 kWh). The cost savings? Looking at our last electricity bill, we pay an average of $0.325 per kWh in Boston. This means the savings amount to $2.85 USD per year (8.76 kWh * $0.325/kWh = $2.85). Not exactly something to write home about.
The environmental impact is similarly modest. Saving 9 kWh per year reduces CO2 emissions by roughly 4 kg, which is about the same as driving 16 kilometers (10 miles) by car.
There are two ways to interpret these numbers. The pessimist might say that the impact of my solar setup is negligible, and they wouldn't be wrong. Offsetting the energy use of a Raspberry Pi Zero 2, which only draws 1 Watt, will never be game-changing. The $2.85 USD saved annually won't come close to covering the cost of the solar panel and battery. In terms of efficiency, this setup isn't a win.
But the optimist in me sees it differently. When you compare my solar-powered setup to traditional website hosting, a more compelling case emerges. Using a low-power Raspberry Pi to host a basic website, rather than large servers in energy-hungry data centers, can greatly cut down on both expenses and environmental impact. Consider this: a Raspberry Pi Zero 2 W costs just $15 USD, and I can power it with main power for only $0.50 USD a month. In contrast, traditional hosting might cost around $20 USD a month. Viewed this way, my setup is both more sustainable and economical, showing some merit.
Lastly, it's also important to remember that solar power isn't just about saving money or cutting emissions. In remote areas without grid access or during disaster relief, solar can be the only way to keep communication systems running. In a crisis, a small solar setup could make the difference between isolation and staying connected to essential information and support.
Why do so many websites need to stay up?The reason the energy savings from my solar-powered setup won't offset the equipment costs is that the system is intentionally oversized to keep the website running during extended low-light periods. Once the battery reaches full capacity, any excess energy goes to waste. That is unfortunate as that surplus could be used, and using it would help offset more of the hardware costs.
This inefficiency isn't unique to solar setups – it highlights a bigger issue in web hosting: over-provisioning. The web hosting world is full of mostly idle hardware. Web hosting providers often allocate more resources than necessary to ensure high uptime or failover, and this comes at an environmental cost.
One way to make web hosting more eco-friendly is by allowing non-essential websites to experience more downtime, reducing the need to power as much hardware. Of course, many websites are critical and need to stay up 24/7 – my own work with Acquia is dedicated to ensuring essential sites do just that. But for non-critical websites, allowing some downtime could go a long way in conserving energy.
It may seem unconventional, but I believe it's worth considering: many websites, mine included, aren't mission-critical. The world won't end if they occasionally go offline. That is why I like the idea of hosting my 10,000 photos on a solar-powered Raspberry Pi.
And maybe that is the real takeaway from this experiment so far: to question why our websites and hosting solutions have become so resource-intensive and why we're so focused on keeping non-essential websites from going down. Do we really need 99.9% uptime for personal websites? I don't think so.
Perhaps the best way to make the web more sustainable is to accept more downtime for those websites that aren't critical. By embracing occasional downtime and intentionally under-provisioning non-essential websites, we can make the web a greener, more efficient place. The solar panel and battery mounted on our roof deck. Next steps
As I continue this experiment, my biggest challenge is the battery's inability to charge in freezing temperatures. As explained, the battery's charge controller includes a safety feature that prevents charging when the temperature drops below freezing. While the Raspberry Pi Zero 2 W can run on my fully charged battery for about six days, this won't be sufficient for Boston winters, where temperatures often remain below freezing for longer.
With winter approaching, I need a solution to charge my battery in extreme cold. Several options to consider include:
- Adding a battery heating system that uses excess energy during peak sunlight hours.
- Applying insulation, though this alone may not suffice since the battery generates minimal heat.
- Replacing the battery with one that charges at temperatures as low as -20°C (-4°F), such as Lithium Titanate (LTO) or certain AGM lead-acid batteries. However, it's not as simple as swapping it out – my current battery has a built-in charge controller, so I'd likely need to add an external charge controller, which would require rewiring the solar panel and updating my monitoring code.
Each solution has trade-offs in cost, safety, and complexity. I'll need to research the different options carefully to ensure safety and reliability.
The last quarter of the year is filled with travel and other commitments, so I may not have time to implement a fix before freezing temperatures hit. With some luck, the current setup might make it through winter. I'll keep monitoring performance and uptime – and, as mentioned, a bit of downtime is acceptable and even part of the fun! That said, the website may go offline for a few weeks and restart after the harshest part of winter. Meanwhile, I can focus on other aspects of the project.
For example, I plan to expand this single-page site into one with hundreds or even thousands of pages. Here are a few things I'd like to explore:
- Testing Drupal on a Raspberry Pi Zero 2 W: As the founder and project lead of Drupal, my main website runs on Drupal. I'm curious to see if Drupal can actually run on a Raspberry Pi Zero 2 W. The answer might be "probably not", but I'm eager to try.
- Upgrading to a Raspberry Pi 4 or 5: I'd like to experiment with upgrading to a Raspberry Pi 4 or 5, as I know it could run Drupal. As noted in Appendix 2, this might push the limits of my solar panel and battery. There are some optimization options to explore though, like disabling CPU cores, lowering the RAM clock speed, and dynamically adjusting features based on sunlight and battery levels.
- Creating a static version of my site: I'm interested in experimenting with a static version of https://dri.es. A static site doesn't require PHP or MySQL, which would likely reduce resource demands and make it easier to run on a Raspberry Pi Zero 2 W. However, dynamic features like my solar dashboard depend on PHP and MySQL, so I'd potentially need alternative solutions for those. Tools like Tome and QuantCDN offer ways to generate static versions of Drupal sites, but I've never tested these myself. Although I prefer keeping my site dynamic, creating a static version also aligns with my interests in digital preservation and archiving, offering me a chance to delve deeper into these concepts.
Either way, it looks like I'll have some fun ahead. I can explore these ideas from my office while the Raspberry Pi Zero 2 W continues running on the roof deck. I'm open to suggestions and happy to share notes with others interested in similar projects. If you'd like to stay updated on my progress, you can sign up to receive new posts by email or subscribe via RSS. Feel free to email me at dries@buytaert.net. Your ideas, input, and curiosity are always welcome.
Appendix Appendix 1: Sizing a solar panel and battery for a Raspberry Pi Zero 2 WTo keep the Raspberry Pi Zero 2 W running in various weather conditions, we need to estimate the ideal solar panel and battery size. We'll base this on factors like power consumption, available sunlight, and desired uptime.
The Raspberry Pi Zero 2 W is very energy-efficient, consuming only 0.4W at idle and up to 1.3W under load. For simplicity, we'll assume an average power consumption of 1W, which totals 24Wh per day (1W * 24 hours).
We also need to account for energy losses due to inefficiencies in the solar panel, charge controller, battery, and inverter. Assuming a total loss of 30%, our estimated daily energy requirement is 24Wh / 0.7 ≈ 34.3Wh.
In Boston, peak sunlight varies throughout the year, averaging 5-6 hours per day in summer (June-August) and only 2-3 hours per day in winter (December-February). Peak sunlight refers to the strongest, most direct sunlight hours. Basing the design on peak sunlight hours rather than total daylight hours provides a margin of safety.
To produce 34.3Wh in the winter, with only 2 hours of peak sunlight, the solar panel should generate about 17.15W (34.3Wh / 2 hours ≈ 17.15W). As mentioned, my current setup includes a 50W solar panel, which provides well above the estimated 17.15W requirement.
Now, let's look at battery sizing. As explained, I have an 18Ah battery, which provides about 216Wh of capacity (18Ah * 12V = 216Wh). If there were no sunlight at all, this battery could power the Raspberry Pi Zero 2 W for roughly 6 days (216Wh / 34.3Wh per day ≈ 6.3 days), ensuring continuous operation even on snowy winter days.
These estimates suggest that I could halve both my 50W solar panel and 18Ah battery to a 25W panel and a 9Ah battery, and still meet the Raspberry Pi Zero 2 W's power needs during Boston winters. However, I chose the 50W panel and larger battery for flexibility, in case I need to upgrade to a more powerful board with higher energy requirements.
Appendix 2: Sizing a solar panel and battery for a Raspberry Pi 4If I need to switch to a Raspberry Pi 4 to handle increased website traffic, the power requirements will rise significantly. The Raspberry Pi 4 consumes around 3.4W at idle and up to 7.6W under load. For estimation purposes, I'll assume an average consumption of 4.5W, which totals 108Wh per day (4.5W * 24 hours = 108Wh).
Factoring in a 30% loss due to system inefficiencies, the adjusted daily energy requirement increases to approximately 154.3Wh (108Wh / 0.7 ≈ 154.3Wh). To meet this demand during winter, with only 2 hours of peak sunlight, the solar panel would need to produce about 77.15W (154.3Wh / 2 hours ≈ 77.15W).
While some margin of safety is built into my calculations, this likely means my current 50W solar panel and 216Wh battery are insufficient to power a Raspberry Pi 4 during a Boston winter.
For example, with an average power draw of 4.5W, the Raspberry Pi 4 requires 108Wh daily. In winter, if the solar panel generates only 70 to 105Wh per day, there would be a shortfall of 3 to 38Wh each day, which the battery would need to cover. And with no sunlight at all, a fully charged 216Wh battery would keep the system running for about 2 days (216Wh / 108Wh per day ≈ 2 days) before depleting.
To ensure reliable operation, a 100W solar panel, capable of generating enough power with just 2 hours of winter sunlight, paired with a 35Ah battery providing 420Wh, could be better. This setup, roughly double my current capacity, would offer sufficient backup to keep the Raspberry Pi 4 running for 3-4 days without sunlight.
Appendix 3: Observations on the Lumiax charge controllerAs I mentioned earlier, my battery has a built-in charge controller. The brand of the controller is Lumiax, and I can access its data programmatically. While the controller excels at managing charging, its metering capabilities feel less robust. Here are a few observations:
- I reviewed the charge controller's manual to clarify how it defines and measures different currents, but the information provided was insufficient.
- The charge controller allows monitoring of the "solar current" (register 12367). I expected this to measure the current flowing from the solar panel to the charge controller, but it actually measures the current flowing from the charge controller to the battery. In other words, it tracks the "useful current" – the current from the solar panel used to charge the battery or power the load. The problem with this is that when the battery is fully charged, the controller reduces the current from the solar panel to prevent overcharging, even though the panel could produce more. As a result, I can't accurately measure the maximum power output of the solar panel. For example, in full sunlight with a fully charged battery, the calculated power output could be as low as 2W, even though the solar panel is capable of producing 50W.
- The controller also reports the "battery current" (register 12359), which appears to represent the current flowing from the battery to the Raspberry Pi. I believe this to be the case because the "battery current" turns negative at night, indicating discharge.
- Additionally, the controller reports the "load current" (register 12362), which, in my case, consistently reads zero. This is odd because my Raspberry Pi Zero 2 typically draws between 0.1-0.3A. Even with a Raspberry Pi 4, drawing between 0.6-1.3A, the controller still reports 0A. This could be a bug or suggest that the charge controller lacks sufficient accuracy.
- When the battery discharges and the low voltage protection activates, it shuts down the Raspberry Pi as expected. However, if there isn't enough sunlight to recharge the battery within a certain timeframe, the Raspberry Pi does not automatically reboot. Instead, I must perform a manual 'factory reset' of the charge controller. This involves connecting my laptop to the controller – a cumbersome process that requires me to disconnect the Raspberry Pi, open its waterproof enclosure, detach the RS485 hat wires, connect them to a USB-to-RS485 adapter for my laptop, and run a custom Python script. Afterward, I have to reverse the entire process. This procedure can't be performed while traveling as it requires physical access.
- The charge controller has two temperature sensors: one for the environment and one for the controller itself. However, the controller's temperature readings often seem inaccurate. For example, while the environment temperature might correctly register at 24°C, the controller could display a reading as low as 14°C. This seems questionable though there might be an explanation that I'm overlooking.
- The battery's charge and discharge patterns are non-linear, meaning the charge level may drop rapidly at first, then stay steady for hours. For example, I've seen it drop from 100% to 65% within an hour but remain at 65% for over six hours. This is common for LFP batteries due to their voltage characteristics. Some advanced charge controllers use look-up tables, algorithms, or coulomb counting to more accurately predict the state of charge based on the battery type and usage patterns. The Lumiax doesn't support this, but I might be able to implement coulomb counting myself by tracking the current flow to improve charge level estimates.
When buying a solar panel, sometimes it's easier to beg for forgiveness than to ask for permission.
One day, I casually mentioned to my wife, "Oh, by the way, I bought something. It will arrive in a few days."
"What did you buy?", she asked, eyebrow raised.
"A solar panel", I said, trying to sound casual.
"A what?!", she asked again, her voice rising.
Don't worry!", I reassured her. "It's not that big", I said, gesturing with my hands to show a panel about the size of a laptop.
She looked skeptical but didn't push further.
Fast forward to delivery day. As I unboxed it, her eyes widened in surprise. The panel was easily four or five times larger than what I'd shown her. Oops.
The takeaway? Sometimes a little underestimation goes a long way.
Dries Buytaert: Drupal upgrades: tools and workflow
When a new major version of Drupal is released, custom code often requires updates to align with API changes, including the removal of deprecated APIs.
Because I keep forgetting certain aspects of this workflow, I decided to document it for future reference.
Tools overview Tool Interface Functionality Target Audience Upgrade Status module UI in Drupal Identifies deprecated code, hosting environment compatibility, and more Site administrators and developers Drupal Check Command-line Identifies deprecated code Developers, especially during coding and continuous integration (CI) Upgrade Status moduleThe Upgrade Status module assesses a Drupal site's readiness for major version upgrades by checking for deprecated code and other compatibility issues.
Screenshot of a Drupal upgrade status report showing hosting environment compatibility checks.Install the Upgrade Status module like you would install any other Drupal module:
[code bash]$ ddev composer require –dev drupal/upgrade_status[/code]Here, ddev is the tool I prefer for managing my local development environment. composer is a dependency manager for PHP, commonly used to install Drupal modules. The –dev option specifies that the module should be installed as a development requirement, meaning it is necessary for development environments but not installed on production environments.
Enable the Upgrade Status module:
[code bash]$ ddev drush pm-enable upgrade_status[/code]drush stands for "Drupal shell" and is a command-line utility for managing Drupal sites. The command pm:enable (where pm stands for "package manager") is used to enable a module in Drupal.
- After enabling the module, you can access its features by navigating to the Admin > Reports > Upgrade status page at /admin/reports/upgrade-status.
The Upgrade Status module might recommend updating PHP and MySQL, per Drupal's system requirements.
To update the PHP version of DDEV, use the following command:
[code bash]$ ddev config –-php-version 8.3[/code]To upgrade the MySQL version of DDEV and migrate your database content, use the following command:
[code bash]$ ddev debug migrate-database mariadb:10.11[/code]After updating these settings, I restart DDEV and run my PHPUnit tests. Although these tests are integrated into my CI/CD workflow, I also run them locally on my development machine using DDEV for immediate feedback.
Drupal CheckDrupal Check is a command-line tool that scans Drupal projects for deprecated code and compatibility issues.
I always run drupal-check before updating my Drupal site's code and third-party dependencies. This helps ensure there are no compatibility issues with the current codebase before upgrading. I also run drupal-check after the update to identify any new issues introduced by the updated code.
Output of Drupal Check command indicating no deprecated code was found.Installation:
[code bash]$ ddev composer require –dev mglaman/drupal-check[/code]Run Drupal Check from the root of your Drupal installation:
[code bash]$ ./vendor/bin/drupal-check –-memory-limit 500M docroot/modules/custom[/code]I usually have to increase the memory limit, hence the --memory-limit 500M.
In the future, I'd like to evaluate whether using PHPStan directly is simpler. This is a TODO for myself. Drupal Check is essentially a wrapper around PHPStan, offering default configuration such as automatically running at level 2. To achieve the same result with PHPStan, I should be able to simply run:
[code bash]$ php vendor/bin/phpstan analyze -l 2 docroot/modules/custom[/code]