Feeds

The Drupal Forge business model

Drupal Forge is a non-profit project of the Drupal community. Our mission is to support vendors that devote a portion of their revenue to sustaining the software and infrastructure Drupal needs to be a great product. Our product launch buttons are part of a business module to sustain contribution. This is what makes them different from launch buttons that hosting vendors offer on their own.

Darren Oh Tue, 09/10/2024 - 15:13 Tags

• Drupal
• Drupal Forge

• Read more about The Drupal Forge business model
• Log in or register to post comments

10 September 2024

Unifont 16.0.01 is now available.  This is a major release.

From the NEWS file:

  * Updates to synchronize Unifont with Unicode 16.0.0 release.

  * Many new upper-plane Chinese ideographs added.

  * New "make" build dependency on ImageMagick's "convert" program
    to build thumbnail images of the Unicode plane bitmaps.

  * unifont-combining-$(VERSION).txt is now included in the
    distribution set to provide spacing information on all
    combining characters.

  * Many other minor updates; see ChangeLog for details.

Download this release from GNU server mirrors at:

     https://ftpmirror.gnu.org/unifont/unifont-16.0.01/

or if that fails,

     https://ftp.gnu.org/gnu/unifont/unifont-16.0.01/

or, as a last resort,

     ftp://ftp.gnu.org/gnu/unifont/unifont-16.0.01/

These files are also available on the unifoundry.com website:

     https://unifoundry.com/pub/unifont/unifont-16.0.01/

Font files are in the subdirectory

     https://unifoundry.com/pub/unifont/unifont-16.0.01/font-builds/

A more detailed description of font changes is available at

      https://unifoundry.com/unifont/index.html

and of utility program changes at

      https://unifoundry.com/unifont/unifont-utilities.html

Enjoy!


Paul Hardy

https://openuk.uk/openuk-september-2024-newsletter-1/

https://www.linkedin.com/feed/update/urn:li:activity:7238138962253344769/

Our 5th annual Awards are open for nominations and our 2024 judges are waiting for your nominations! Hannah Foxwell, Jonathan Riddell, and Nicole Tandy will be selecting winners for 12 categories. ?

Nominations are now open until midnight UK, 8 September 2024. Our 5th Awards again celebrate the UK’s leadership and global collaboration in open technology!

Nominate now! https://openuk.uk/awards/openuk-awards-2024/

Up to 3 shortlisted nominees will be selected in each category by early October and each nominee will be given one place at the Oscars of Open Source, the black tie Awards Ceremony and Gala Dinner for our 5th Awards held at the House of Lords on 28 November, thanks to the sponsorship of Lord Wei.

Join the FSF and friends on Friday, September 13 from 12:00 to 15:00 EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory.

In this tutorial, you will learn how to use Google's Gemini AI model through its API in Python.

Steps to Access Gemini API

Follow the steps below to access the Gemini API and then use it in python.

1. Visit Google AI Studio website.
2. Sign in using your Google account.
3. Create an API key.
4. Install the Google AI Python library for the Gemini API using the command below :
   pip install google-generativeai.

To read this article in full, please click hereThis post appeared first on ListenData

One of the most common tasks that a computer program performs is to display data. The program often displays this information to the program’s user. However, a program also needs to show information to the programmer developing and maintaining it. The information a programmer needs about an object differs from how the program should display the same object for the user, and that’s where .__repr__() vs .__str__() comes in.

A Python object has several special methods that provide specific behavior. There are two similar special methods that describe the object using a string representation. These methods are .__repr__() and .__str__(). The .__repr__() method returns a detailed description for a programmer who needs to maintain and debug the code. The .__str__() method returns a simpler description with information for the user of the program.

The .__repr__() and .__str__() methods are two of the special methods that you can define for any class. They allow you to control how a program displays an object in several common forms of output, such as what you get from the print() function, formatted strings, and interactive environments.

In this video course, you’ll learn how to differentiate .__repr__() vs .__str__() and how to use these special methods in the classes you define. Defining these methods effectively makes the classes that you write more readable and easier to debug and maintain. So, when should you choose Python’s .__repr__() vs .__str__?

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

Python code to remove pages from PDF files. How to delete pages from PDF files. Trim a PDF file. Pull a few pages from the PDF file and make a new one. Reduce PDF file size.

Helen Keller said, “Alone we can do so little; together we can do so much.” Although she wouldn’t have understood this 2024 expression, we know “she nailed it.” It takes many of us working together to truly accomplish great things. That’s why the OSI staff is so excited to welcome Jordan Maris to our team.

As OSI’s European Policy Analyst, Jordan will work to build a bridge between European Union legislators, the OSI and the wider Open Source community. He will monitor upcoming EU policies and flag issues and opportunities, educate and inform EU lawmakers about Open Source and its benefits, represent the OSI at EU-level events and conferences, and provide analysis and support to the OSI’s board and members on EU policy issues. He will also work closely with other Open Source foundations and organizations to make sure the voice of the Open Source community is heard at an EU level.

Jordan comes well-equipped with the experience he needs to excel in this role. He worked for three years with members of the European Parliament. In his previous position as a senior parliamentary policy advisor, he fought for the Open Source community on laws such as the AI Act, European Digital Identity, Data Act, Product Liability Directive, and Cyber-Resilience Act. He is a strong advocate for the Public Money–Public Code principle and a long-time user of and occasional contributor to Open Source software. He speaks English, French and German.

When asked about his vision for the future of Open Source, Jordan replied, “A world where Open Source is the rule — not the exception, and where developers and communities are consistently supported, listened to and valued.” 

Jordan says, “I’m looking forward to being able to devote more time to raising awareness about Open Source among lawmakers and to bringing together the Open Source community and EU lawmakers so that new laws better reflect the needs of the Open Source community.”

Please join me in welcoming Jordan to the team.

Can Contact Forms Be Replaced by AI Chatbots on Drupal Websites? bhavinhjoshi Tue, 09/10/2024 - 17:52

Contact forms have been a staple on websites for years.

But, are they becoming outdated?

Say hello to AI chatbots.

Here’s why an AI chatbot might just be the better choice.

Real-time Engagement 

• Contact forms often mean waiting. Users type out their message, hit send, and then wait for a response. With AI chatbots, the response is instant, providing immediate support and answers.
• Example: A user needs information about your services. Instead of waiting hours (or days) for an email reply, the chatbot instantly provides the details they need.

Enhanced User Experience 

• Chatbots can guide users through their queries, step-by-step. This ensures visitors aren't left guessing, navigating through multiple pages to find answers.
• Example: Someone asks about your pricing. The chatbot not only shares the info but can also offer links to relevant pages, FAQs, and even schedule a meeting with a sales rep.

24/7 Availability 

• Unlike human staff, chatbots never sleep. They're available around the clock, ensuring your site visitors always get the support they need, no matter the time zone.
• Example: A potential client from another continent visits your site at 3 AM. The chatbot assists them in real-time rather than making them wait until your business hours.

Personalisation 

• Modern AI chatbots can personalise interactions based on user data. This means more relevant responses and recommendations tailored to each visitor.
• Example: The chatbot recognises a returning user and picks up the conversation where it left off, making the interaction feel continuous and personal.

But is it all sunshine and rainbows? Not quite.

There are challenges.

Some users may prefer human touch over automation. And, implementing a sophisticated AI chatbot can be resource-intensive.

So, should you replace your contact form with a chatbot?

Maybe not completely. A hybrid approach might work best. Let the chatbot handle routine inquiries and simple tasks, while the contact form can serve for more detailed and specific requests.

What do you think? Can AI chatbots replace traditional contact forms on Drupal websites?

Drupal Drupal 10 AI Drupal Planet Add new comment

Noah’s Page Builder offers Drupal users an intuitive way to create front-end pages quickly, without needing extra modules like Paragraphs. Developed by Julian Chabrillon, this tool provides real-time design changes, a variety of widgets, and CSS configuration options. In this interview, Julian discusses the inspiration, challenges, and future plans for Noah’s, including its impact on the Drupal community with both free and paid versions available for flexible usage.

Non-code contributions in open source communities attract considerable interest. Join a panel discussion with diverse experts who are actively involved in non-code contributions within the Drupal community to bridge a gap between experienced contributors and those considering their first step!

Discover together with Norman Kaemper-Leymann and Yannick Leyendecker a selection of Drupal contrib modules tailored to specific use cases, including Config Patch GitLab API, Content Templates, Frontend Editing, and more!

AI tools like OpenAI's ChatGPT integrate well with Drupal, but identifying the right use cases can be challenging. Explore together with Christoph Breidert the opportunities and limitations of LLMs and learn how to create impactful AI solutions!

Learn together with Artem and Bruno how to simplify content management using the Drupal modules “Content Templates” and “Frontend Editing.” Discover best practices for managing content at scale and improving the editor experience!

Explore the digital transformation of one of Europe’s oldest pharmaceutical companies together with Baddy Breidert, CEO of 1xINTERNET, and Alexander Reisenauer, Director of Global Digital Marketing at Schwabe Group. Discover how strategic decisions led to Drupal becoming a key component of Schwabe's digital ecosystem!

tl;dr

On Thursday 5 September 2024 we performed some system maintenance. It appeared to have gone well, and was completed at the scheduled time (06:20 UTC), but unfortunately there were unexpected knock-on effects that caused issues later on in the day, and further problems on Saturday 7 September. This post gives the details of why we needed to perform the maintenance, what happened, and what we will do to prevent a recurrence.

In our recent newsletter, we incorrectly stated the dates for DrupalCon Europe 2024. The event will take place from September 24 to 27, 2024. We regret the oversight and appreciate your understanding.

While fiddling around, I found a (fairly serious) vulnerability in Zyxel's GS1900-10HP and related switches; today Zyxel released an advisory with updated firmware, so I can publish my side of it as well. (Unfortunately there's no Zyxel bounty program, but Zyxel PSIRT has been forthcoming all along, which I guess is all you can hope for.)

The CVE (CVE-2024-38270) is sparse on details, so I'll simply paste my original message to Zyxel below:

Hi, GS1900-10HP (probably also many other switches in the same series), firmware V2.80(AAZI.0) (also older ones) generate web authentication tokens in an unsafe way. This makes it possible for an attacker to guess them and hijack the session. web_util_randStr_generate() contains code that is functionally the same as this: char token[17]; struct timeval now; gettimeofday(&now, NULL); srandom(now.tv_sec + now.tv_usec); for (int i = 0; i < 16; ++i) { long r = random() % 62; char c; if (r < 10) { c = r + '0'; // 0..9 } else if (r < 36) { c = r + ('A' - 10); // A..Z } else { c = r + ('a' - 36); // a..z } token[i] = c; } token[16] = 0; (random() comes from uclibc, but it has the same generator as glibc, so the code runs just as well on desktop Linux) This token is generated on initial login, and stored in a cookie on the client. This has multiple problems: First, the clock is a known quantity; even if the switch is not on SNTP, it is trivial to get its idea of time-of-day by just doing a HTTP request and looking at the Date header. This means that if an attacker knows precisely when the administrator logged in (for instance, by observing a HTTPS login on the network), they will have a very limited range of possible tokens to check. Second, tv_sec and tv_usec are combined in an improper way, canceling out much of the intended entropy. As long as one assumes that the administrator logged in less than a day ago, the entire range of possible seeds it contained within the range [now - 86400, now + 999999], i.e. only about 1.1M possible cookies, which can simply be tried serially even if one did not observe the original login. There is no brute-force protection on the web interface. I have verified that this attack is practical, by simply generating all the tokens and asking for the status page repeatedly (it is trivial to see whether it returns an authentication success or failure). The switch can sustain about one try every 96 ms on average against an attacker on a local LAN (there is no keepalive or multithreading, so the most trivial code is seemingly also the best one), which means that an attack will succeed on average after about 15 hours; my test run succeeded after a bit under three hours. If there are multiple administrator sessions active, the expected time to success is of course lower, although the tries are also somewhat slower because the switch has to deal with the keepalive traffic from the admins. This is a straightforward case of CWE-330 (Use of Insufficiently Random Values), with subcategories CWE-331, CWE-334, CWE-335, CWE-337, CWE-339, CWE-340, CWE-341 and probably others. The suggested fix is simple: Read entropy from /dev/urandom or another good source, instead of using random(). (Make sure that you don't get bias issues due to the use of modulo; you can use e.g. rejection sampling.) Session timeout does help against this attack (by default, it is 3 minutes), but only as long as the administrator has not kept a tab open. If the tab is left open, that keeps on making background requests that refreshes the token every five seconds, guaranteeing a 100% success rate if given a day or two. There is also _tons_ of outdated software on the switch (kernel from 2008, OpenSSH from 2013, netkit-telnetd which is no longer maintained, a fork of a very old NET-SNMP, etc.), but I did not check whether there are any relevant security holes or whether you have actually backported patches.

I haven't verified what their fix looks like, but it's probably somewhere there in the GPL dump. :-)

Drupal 11 has arrived! Okay, it’s been a month, but we were too busy exploring its new features to write the blog right away. With improved CKEditor integration, performance boosts, a redesigned Field UI, and updated taxonomy term revisions, this version builds on the success of Drupal 10. It introduces new tools and workflows designed to simplify development, improve performance, and streamline content management—making it easier than ever to create and maintain high-quality digital experiences. In this article we’ll talk about what makes Drupal 11 so exciting and even walk you through the upgrade from Drupal 10. Dive in! What’s introduced in Drupal 11 Drupal 11, the latest major release of the Drupal Content Management System, brings powerful new features that enhance the capabilities of developers, site builders, and content owners. This version focuses on modern technologies and best practices to make sites more efficient, scalable, and easier to maintain. Key improvements in Drupal 11 include enhancements to the developer experience, performance boosts, and advanced tools for content creators. With these updates, Drupal 11 empowers users to build and maintain optimized digital experiences with greater ease. Below are the major features and enhancements you can expect in Drupal 11 compared to Drupal 10: Faster real and perceived page performance including interface previews and lazy loading. New Experimental Recipes API. Single Directory Components (SDC) - used to create UI components. Symfony 7 under the hood (replacing Symfony 6). Decoupled menu support improved with Linkset support. Content editing is streamlined with automatic formatting. Menu, taxonomy, block and permission management made easier. What’s removed Several Drupal core modules and themes are deprecated in Drupal 10 and removed in Drupal 11. While they are no longer included in Drupal 11, you can still install and use them if needed: Actions UI Book Tracker Forum Statistics Tour How to Upgrade from Drupal 10 to Drupal 11 Platform requirements This version of Drupal 11 requires specific conditions to be met in your environment. Please ensure you check the following requirements: Update to PHP 8.3 Update to Drush 13 Database: It requires MySQL 8.0+ or MariaDB 10.6+. Otherwise, use the mysql57 module to use Drupal 11 on MySQL 5.7.8+ and MariaDB 10.3.7+. Symfony 7 jQuery 4 PHPUnit 10 Composer 2.7.7 Web server - As of Drupal 11.0.0, it does not support using Microsoft IIS. Other web server requirements remain unchanged.  Upgrade to the latest Drupal 10 Drupal sites running version 10.2.x or earlier must first upgrade to version 10.3.0 or later before updating to Drupal 11. This is necessary because all core updates introduced prior to version 10.3.0 have been removed. Upgrade Status + Drupal Rector Run a deprecation scan using the Upgrade Status module in conjunction with Drupal Rector to identify and address deprecated code before upgrading your Drupal site. The screenshot below shows the upgrade status report for Drupal Core version 10.1. Here is a snapshot of the upgrade status report after upgrading Drupal core to the latest version, 10.3. Update platform requirements as needed Drupal 11 requires PHP 8.3 and the MySQL database driver requires MySQL 8.0. While Drupal 11 does not currently use MySQL 8-specific syntax, future versions will. If you cannot upgrade to MySQL 8.0 immediately, you can use the MySQL 5.7 backport module as a temporary solution. Upgrade Contributed Packages Upgrade contributed modules & themes to the latest compatible version using Composer. For example: composer require drupal/package_name:^x.y --no-updateWhere, ^x.y is the latest available version of the package. For packages without Drupal 11 compatibility, use composer require with mglaman/composer-drupal-lenient and apply necessary patches using cweagans/composer-patches. Update Custom Code Use Upgrade Status and Drupal Rector to assess the readiness of your custom modules and themes for Drupal 11. Replace any code that was deprecated in Drupal 10 and removed in Drupal 11. Update Core to Drupal Core The following provides instructions for updating from Drupal 10.3.x to Drupal 11.x. Temporarily grant write access to protected files and directories: chmod 777 web/sites/default chmod 666 web/sites/default/*settings.php chmod 666 web/sites/default/*services.yml Update the required versions of the core-recommended packages. Use the --no-update option to prevent issues with mutual dependencies during the update process: composer require 'drupal/core-recommended:^11' 'drupal/core-composer-scaffold:^11' 'drupal/core-project-message:^11' --no-update Upgrade drush to version ^13: composer require 'drush/drush:^13' --no-update Perform upgrade to the core using: composer update After successfully running composer update without errors, verify that you can also run composer install. Update the database using drush:  drush updatedb Once complete, restore read-only access to the sites/default directory: chmod 755 web/sites/default chmod 644 web/sites/default/*settings.php chmod 644 web/sites/default/*services.yml For a detailed guide on upgrading, please visit https://www.drupal.org/docs/upgrading-drupal/upgrading-from-drupal-8-or-later/how-to-upgrade-from-drupal-10-to-drupal-11. Final thoughts No need to stress though! Drupal 10 isn’t going anywhere for a while. It will remain supported until Drupal 12 arrives, which is expected around mid to late 2026. But the fact that there are so many exciting updates and features in Drupal 11 means that moving from Drupal 10 to Drupal 11 is an opportunity you won’t want to miss. Transitioning now will set you up for future success and make the most of what Drupal 11 has to offer. Thinking about making the jump to Drupal 11? Our Drupal experts are just an email away!

• For the Debian firmware-nonfree package:
  • I opened the MR:
    • !104: Update to linux-support-6.10.6
  • I reviewed the MRs:
    • !102: Backport firmware-nonfree 20240709-2~bpo12+1 to Bookworm
  • I responded to a query about backporting.
• For the Debian linux package:
  • I opened or updated the MRs:
    • !741: Draft: Fix some reproducibility issues
    • !1153: Update to 6.11
    • !1161: Fix and clean up Build-Depends
    • !1164: d/config: Fix broken configs that were being resolved differently by kconfig
    • !1175: Fix perf build failure on many architectures
  • I reviewed the MRs:
    • !964: tools/arch/x86/intel_sdsi: Add sdsi package for Intel SDSi provisioning tool (merged)
    • !1136: Compile with gcc-14 on all architectures (merged)
    • !1148: [arm64] drivers/phy/marvell: Enable PHY_MVEBU_CP110_UTMI as module (merged)
    • !1149: [arm64] Include modules for Lenovo Yoga C630 and Lenovo Miix 630 (merged)
    • !1150: Draft: debian/lib/python/debian_linux/debian.py: allow more liberal revision suffixes than just \+b\d+
    • !1155: [ia64] Purge ia64 from installer (merged)
    • !1156: [x86] enable mfd components for BXT pmic (merged)
    • !1157: [x86] Enable IPU6 and related camera options (merged)
    • !1163: riscv64 kernel config update for 6.11 (merged)
    • !1173: Update to 6.11-rc5 (merged)
    • !1165: [amd64] Enable DRM_ACCEL_HABANALABS and DRM_ACCEL_IVPU (merged)
    • !1176: [riscv64] fix conflict between kernel-image and mtd-core-modules (merged)
  • I merged my own MRs:
    • !1161: Fix and clean up Build-Depends
    • !1164: d/config: Fix broken configs that were being resolved differently by kconfig
    • !1175: Fix perf build failure on many architectures
  • I uploaded:
    • linux version 6.11~rc4-1~exp1 to experimental.
    • linux version 6.11~rc5-1~exp1 to experimental.
    • linux version 6.10.6-1~bpo12+1 to bookworm-backports.
  • Upstream, I commented on additional backports required to address CVE-2024-26621 and CVE-2024-42258.
  • I responded to bug reports:
    • #1072004: linux: regression in the 9p protocol in 6.8 breaks autopkgtest qemu jobs (affecting debci)
  • Upstream, I submitted the patch aacraid: Fix double-free on probe failure which should fix part of bug #1075855.
  • Upstream, I pointed out that the fix in !1175 is needed in Linux 6.11.
  • I updated the bullseye-security branch to upstream version 5.10.224, but didn’t make a new upload.
  • I updated the bullseye-security-6.1 branch, merging changes from version 6.1.106-3.
• For initramfs-tools:
  • I opened and later merged the MRs:
    • !129: hook_functions: Fix copy_file with source including a directory symlink
    • !130: Fix autopkgtest failures on armhf and ppc64el
    • !131: hook-functions: copy_file: Canonicalise target filename
    • !132: autopkgtest: Run tests as root
    • !133: Backport fixes for bookworm
  • I reviewed the MRs:
    • !128: Put compressed kernel modules and firmware in an uncompressed cpio
  • I uploaded:
    • version 0.144 to Debian unstable.
    • version 0.145 to Debian unstable.
    • version 0.142+deb12u1 to Debian bookworm.
  • I responded to Debian bug reports:
    • #984584: initramfs-tools: autopkgtest amd64-separate-usr fails if TMPDIR is a tmpfs
    • #1079333: initramfs-tools: upgrading causes dpkg(1) to fail
    • #1079150: cryptsetop: Waiting for encrypted source device
    • #1080203: initramfs-tools: USB keyboard stopped working on LUKS prompt
• For the Debian iproute package, I reverted the recent removal of the /usr/sbin/ip symlink and uploaded version 6.10.0-2.
• For kernel-wedge:
  • I fixed a bug in duplicate detection that linux !1176 had revealed.
  • I added support for packages installing modules under /usr/lib/modules, and a test case for this.
  • I uploaded version 2.106 to Debian unstable, including the above and some other bug fixes.
• For the Debian sgt-puzzles package, I responded to and wrote a patch for bug #1079717: sgt-puzzles: [Mozaic] crashes when copying the game.