Feeds
OpenSense Labs: Drupal 7 End Of Life: Top Reasons You Should Migrate To Drupal 10
- Log in to post comments
Drupal 10 was released in December 2022 and ever since, the community has been pushing its users to do Drupal 7 to 10 migration. As per w3techs.com, as many as 41.2% of all Drupal sites are running on Drupal 7.
Using an outdated version has downsides. Businesses miss out on technological advancements and new features that can speed up and safeguard their digital properties.
With the release of Drupal 10 and the fact that Drupal 7 end of life is in January 2025, it is crucial to do Drupal 7 to 10 migration soon.
So, if your existing content management system is running on the Drupal 7 version, we suggest looking into OpenSense Labs' Drupal 7 to 10 migration services for guidance and upgrading to Drupal 10 today.
And if you’re still not convinced, let’s look into why enterprises should plan their Drupal 7 to 10 migration now, and not wait until the last moment.
Why Should You Do Drupal 7 To 10 Migration?Drupal 10 brings automated updates, and improved user experience, along with several other feature additions. These components are more secure, user-friendly, and powerful. Let’s dive deep into why enterprises must plan their Drupal 7 to 10 migration right away.
1. Drupal 7 Support From The Community
As an open-source CMS Drupal 7 support that comes from the Drupal community is what keeps Drupal's continuous innovation ongoing. With the Drupal community prioritizing and actively focusing on the security of newer versions, when the Drupal 7 end of life comes, the Drupal 7 support from the community will also seize.
This primarily jeopardizes the security of your Drupal 7 website. This also means that contributed modules and themes that are currently used in your Drupal 7 website, will also lose maintenance support. This would bring challenges in website maintenance.
Also Check Out:
2. New Features And Upgrades
Another consequence of not upgrading to Drupal 10 is that certain functionalities may cease to perform as intended. Or there may be better alternatives available. Not only can this cause extra annoyance among website maintainers, but resolving these issues may incur additional expenditures for your company owing to the time and resources required to do so.
In Drupal 7, while developers had to manually upgrade/update or search for modules from drupal.org, Drupal 10 has simplified this with Automated updates and a Project browser, respectively. A lot of Drupal 7 features are either incorporated out-of-the-box in Drupal 10 or simply removed to maintain ease of use.
Also, the Drupal 7 ‘Seven’ theme from 2009 gave off an out-of-date system impression. Seven was replaced by the new ‘Claro’ theme, which was created by the most recent requirements.
And the front-end theme, ‘Olivero,’ was created to fit with features that are well-liked by users, such as the Layout Builder. The Olivero theme will meet WCAG AA accessibility standards.
The simple finding and installation of modules should empower Drupal newcomers as well as ‘ambitious site builders’. – Dries Buytaert
3. Technical Dependencies
Drupal works on currently supported PHP versions. Choosing the recommended PHP versions is ideal for developing a Drupal site, as they offer extended support over time. Drupal 10 is built on PHP version 8.0 while the Drupal 7 CMS is built on PHP 7 which has also reached its end of life.
This creates technical dependencies in supporting the platform better.
- jQuery, jQuery UI, jQuery Forms: Drupal 7 CMS includes old and unsupported versions of these libraries. jQuery's current version is 3.7.1. Drupal 7 CMS includes 1.4.2. Other libraries have comparable challenges. You may minimize this little with the jQuery Update module, although the most recent version is 3.5.2.
Drupal 8 and later (as well as many other content management systems) make it simple to provide API access to your content. In the age of ‘publish everywhere’, this is a critical feature. Drupal 7 CMS has some basic API support, but if you want a full-fledged API with write support, you'll have to create it yourself, which adds technical debt and possible vulnerabilities. - CKEditor 5 Update From CKEditor 4: With a thorough rebuild and an exciting new feature set, CKEditor 5 gives Drupal 10 a modern, collaborative editor experience. Users of programs like Microsoft Word or Google Docs will be used to the new CKEditor's interface.
It also provides standard collaboration tools such as comments, suggestions for changes, version histories, and other widely accepted editing methods. Additionally, it has outputs to .docx and .pdf files for straightforward conversion to print formats. - Composer 2 And PHP 8 Support: Although the backporting of Composer 2 to Drupal 8 was successful, PHP 8 compatibility was not. PHP 8 will be required for Drupal 10 because PHP 7 was discontinued in November 2022.
OpenSense Labs, as a Drupal organization, is committed to providing active support. Check out our Drupal 7 to Drupal 10 Migration services today for a long-term and fruitful collaboration.
4. Modules That Have Gone Out Of Support
The Drupal 10 core was updated to eliminate a few modules that are redundant or are not frequently used. For uniformity, these modules were transferred to the Contributed Module area. Gathers and presents syndicated material from outside sources (RSS, RDF, and Atom feeds).
-
QuickEdit: In-place content editing
-
HAL: Serializes entities using the Hypertext Application Language
-
Activity Tracker: Users may keep track of recent content with the activity tracker feature
-
RDF: Enhances websites with metadata so that other systems may comprehend their characteristics
You will have to leave Drupal 7 CMS behind. Eventually, the opportunity cost of continuing to use software that is more than 10 years old is substantial, and once Drupal 7 end of life comes, the risk and expense of an uncovered vulnerability increases rapidly.
There are several possibilities available to you, and now is the time for you to choose and make plans for one of them. The ideal option will rely on the expertise level of your team, the amount of business logic you have included in Drupal 7 CMS and your projected budget.
Also Check Out:
CMS Drupal 7 v/s Drupal 10As this article aims to highlight the difficulties associated with the ongoing use of Drupal 7 CMS and to present the most effective solution, below is a comparison of CMS Drupal 7 v/s Drupal 10 to help you understand the benefits of Drupal 10 better.
Our primary objective is to provide you with a comprehensive understanding of how various popular website features, tasks, and workflows are represented in both Drupal 7 CMS and Drupal 10.
1. Mobile Design
Drupal 7 CMS lacks the essential responsive design capabilities needed to develop web pages that adjust their structures to different screen sizes of devices. One can develop websites that are mobile-friendly with Drupal 7 CMS by manually adjusting settings and incorporating extra modules or themes that have been contributed by others.
In Drupal 10, developers can construct responsive pages with greatly streamlined workflows, minimal manual configuration, and without the necessity for additional modules. The contemporary Drupal core features a powerful framework for managing responsive images and breakpoints, which are essential components of responsive design.
Recent advancements include innovative features like Views Responsive Grids, which provide intuitive responsiveness options for grids within Drupal Views. The core themes for both the administration and front end in Drupal 10, known as Claro and Olivero, are inherently responsive.
2. Administrative Interfaces
Drupal 7 CMS features a conventional administrative dashboard organized with tabs and subtabs. The overlay-contributed module enables extensive menu sections to be displayed in modal windows. The user interface of Drupal 7 CMS seems to be antiquated regarding its design and overall user experience.
Accessibility challenges also exist, including problems with colour contrast and the absence of keyboard navigation options. Accessing the administrative dashboard on mobile devices proves to be challenging due to the lack of optimization for smaller screens.
Upon accessing the administrative dashboard in Drupal 10, one is greeted by a contemporary and elegant design offered by the core admin theme, Claro. The design features a tidy and organized appearance. The admin interface has become more intuitive and user-friendly due to a more logical arrangement of settings and actions, accompanied by clearer labels throughout.
Claro has been developed with a focus on responsiveness, enabling your team to perform administrative tasks using mobile devices when necessary. Significant enhancements in accessibility are readily apparent through the noticeable colour contrasts and the use of more legible fonts.
A consistent approach to focus states and styles facilitates the interaction with forms, buttons, form fields, and other interactive components, ensuring accessibility for users who navigate solely via keyboard.
3. Content Authoring
When Drupal 8 was released in 2015, it included a comprehensive text editor by default — CKEditor. Over the years, CKEditor has continually evolved following the latest trends.
CKEditor 5 has emerged as a significant asset for Drupal 10, introducing contemporary and user-friendly balloon panels for ALT text and links, a specialized toolbar for inline media formatting, straightforward table creation, code blocks, special characters, and a variety of additional features.
The range of functionalities offered by CKEditor 5 for Drupal 10 is continually expanding, accompanied by supplementary contributed modules for CKEditor 5. We conducted a comparative analysis of CKEditor 4 and CKEditor 5, examining each feature for the benefit of our readers.
In the case of Drupal 7, it is important to note that it does not come equipped with a WYSIWYG (What-You-See-Is-What-You-Get) editor by default. The content editing form lacks a toolbar that facilitates the addition of links, bold text, italics, headings, bullet points, numbered lists, and other formatting options.
Acquiring a toolbar necessitates the installation of contributed modules that provide different iterations of the WYSIWYG editor. For many years, one of the most effective solutions has been the installation of the CKEditor 4 contributed module.
The module is currently no longer supported, which means that its presence on your website will necessitate additional paid CMS Drupal 7 support to guarantee its proper functionality. There is more to consider than merely the loss of CMS Drupal 7 support for all Drupal 7 modules. The issue is rooted even more profoundly in this situation.
CKEditor 4, a third-party application, officially reached its end-of-life for the open-source version earlier this year.
4. Creating Page Layouts
The process of creating layouts in Drupal 7 CMS is mainly facilitated by contributed modules, particularly Panels, in conjunction with several other dependent modules, including Page Manager and Ctools.
To modify a Drupal 7 CMS layout, it is frequently necessary to possess a certain level of understanding of PHP as well as the ability to configure settings via the administrative interface. In Drupal 10, the Layout Builder feature is integrated into the core, enhancing the intuitiveness and flexibility of layout creation.
It boasts an intuitive interface that includes drag-and-drop functionality. Customizations can be achieved without the necessity of coding, thereby creating new opportunities for individuals who are not developers. The Layout Builder in Drupal 10 is designed to inherently accommodate responsive web design.
The development of visually appealing and consistent responsive layouts in Drupal 10 is becoming increasingly engaging due to innovative methods such as Single Directory Components, as well as contributed modules like Bootstrap UI Kit, among others.
The integration of the Bootstrap framework into Drupal websites enhances their capabilities, streamlines workflows, and increases overall project efficiency.
5. AI Tool Integration
Generative AI can be seamlessly incorporated into a Drupal website, transforming it into a centralized hub where users can enhance their workflows utilizing artificial intelligence.
AI tools are capable of providing responses directly within the Drupal administration interface, producing content, translating text, proposing titles, modifying the tone and voice of written material, creating taxonomy terms, and generating placeholder content complete with images for quality assurance and development teams to evaluate new features, among various other functionalities.
The variety of AI-related modules and their functionalities is continually expanding. All modules developed for AI integration are specifically designed for Drupal 10, and there are none created for Drupal 7. The sole method to obtain it for Drupal 7 CMS is by developing a custom module.
This solution will require payment, which poses a challenge for development due to the limitations of Drupal 7 CMS in integrating with specific APIs or functionalities.
6. Decoupling Opportunities
Today, there will be extensive discussions regarding decoupled architecture. Separating the front end and back end enables developers to use modern JavaScript frameworks designed for creating user interfaces that enhance performance, improve user experience, and boost developer productivity.
Examining the decoupled setup possibilities of Drupal 7 CMS resembles a journey through time. Drupal 7 CMS is a monolithic content management system in which the front end is closely integrated with the backend. The built-in support for REST APIs is limited, and the development of APIs for content sharing necessitates the use of additional modules.
Drupal 10, in contrast, adopts an API-first methodology. The system incorporates integrated RESTful Web Services and JSON:API, facilitating the development of APIs and the distribution of Drupal content to external applications. While these features were introduced before Drupal 10, efforts continue to enhance Drupal with additional exciting functionalities.
One of the recent advancements in Drupal is the development of Decoupled Menus, which is designed to facilitate the consumption of Drupal menus by JavaScript frontends. With the introduction of Drupal 10.1, it is now possible to activate a menu Linkset API endpoint with minimal effort, and additional improvements are on the horizon.
CMS Drupal 7 To 10 Migration ChecklistSo, let us now look into the requirements necessary to successfully execute CMS Drupal 7 to Drupal 10 migration. Although every Drupal 7 to Drupal 10 migration project possesses its distinct characteristics, it can typically be divided into the following steps:
Step 1: Examine Your Drupal 7 Website
CMS Drupal 7 to Drupal 10 migration represents a significant advancement. Consider this an opportunity to strategize for the future of your site by evaluating its structure, content, functionality, and design.
Here are a few questions to help you initiate your exploration:
-
What are your expectations regarding Drupal 10?
-
Is the existing structure functioning effectively?
-
What elements require Drupal 7 to Drupal 10 migration?
-
Is there a necessity for a redesign?
-
Does your code require a comprehensive revision?
-
What is the scale of the task?
Step 2: Verify The Availability Of Modules
Are you utilizing contributed modules to enhance the capabilities of your Drupal 7 site?
If so, you will need to verify their compatibility with Drupal 10 or seek an alternative before proceeding with the CMS Drupal 7 to Drupal 10 migration. You may accomplish this by individually reviewing the page of each module on drupal.org, or by utilizing a tool like the Upgrade Status module.
It is advisable to explore alternative options, even if your current modules are compatible with Drupal 10, as the Drupal community may have developed superior solutions.
Step 3: Develop Your Drupal 10 Website
You are required to develop a completely new website utilizing the most recent version available, which is Drupal 10.3.7 as of the current date. Now, proceed to install the modules that you have chosen in the preceding step. It is important to note that the installation procedure in Drupal 10 differs from that of Drupal 7.
Establish your content frameworks by incorporating blocks, content types, media types, web forms, and navigation menus. It is advisable to utilize Layout Builder, a fundamental module introduced in Drupal 8.5, which serves as a replacement for the Panels module. The robust drag-and-drop capabilities of Layout Builder facilitate the creation of visually appealing and adaptable pages with ease.
Step 4: Revise Your Code
It is advisable to utilize available contributed modules whenever feasible to minimize the necessity for custom coding. Custom themes must be developed anew from the ground up. Adopt optimal methodologies and contemporary coding standards. It is important to note that Drupal 10 necessitates a minimum of PHP 8.1 and has revised its database requirements.
Finally, integrate your personalized modules and themes into your Drupal 10 website.
Step 5: Transfer Your Data
If the amount of content is limited, it may be feasible to transfer it manually from the previous site to the new one. You may wish to consider automating the process instead. Automated Drupal 7 to Drupal 10 migration can be accomplished by utilizing the Migrate API to transfer content and configurations.
It is essential to recognize its limitations and to develop a strategy for addressing them effectively. You might need to regenerate views using the views migration module, for instance. Additional useful modules for CMS Drupal 7 to Drupal 10 migration consist of Migrate Plus, Migrate Tools, and Migrate Scanner.
Step 6: Test Your Newly Developed Website
Conduct thorough testing and quality assurance on your new website to guarantee its security, performance, and accessibility on a range of devices. Ensure that all content and data have been accurately migrated. Finally, obtain the necessary approvals from the relevant stakeholders.
Step 7: Launch!
Inform your audiences about the forthcoming change. This presents an excellent opportunity to demonstrate and articulate the advantages it offers to them. Adjust the DNS settings of your site to direct them to your Drupal 10 website. Re-establish any previous redirects or custom URLs and monitor your logs for any occurrences of 404 errors or other alerts.
Ensure that your previous Drupal 7 site is secure and inaccessible to the public. It may be advisable to ultimately establish a static version and a backup for future reference.
Key Takeaways-
The impending CMS Drupal 7 end of life in January 2025, underscores the importance of doing Drupal 7 to Drupal 10 migration soon.
-
Drupal 10 introduces automated updates, enhances user experience, and includes a variety of additional features.
-
The Drupal community places a strong emphasis on the security of its newer versions, the CMS Drupal 7 support from the community will also come to an end with Drupal 7 end of life in January 2025.
-
One additional consequence of failing to upgrade to Drupal 10 is that specific functionalities may no longer operate as expected.
-
Drupal 10 is developed using PHP version 8.0, whereas Drupal 7 CMS is based on PHP 7, which has also approached its end of life.
Glyph Lefkowitz: It’s Time For Democrats To Get More Annoying
Kamala Harris lost. Here we are. So it goes.
Are you sad? Are you scared?
I am very sad. I am very scared.
But, like everyone else in this position, most of all, I want to know what to do next.
A Mission For ProgressI believe that we should set up a missionary organization for progressive and liberal values.
In 2017, Kayla Chadwick wrote the now-classic article, “I Don’t Know How To Explain To You That You Should Care About Other People”. It resonated with millions of people, myself included. It expresses an exasperation with a populace that seems ignorant of economics, history, politics, and indeed unable to read the news. It is understandable to be frustrated with people who are exercising their electoral power callously and irresponsibly.
But I think in 2024, we need to reckon with the fact that we do, in fact, need to explain to a large swathe of the population that they should care about other people.
We had better figure out how to explain it soon.
Shared Values — A Basis for HopeThe first question that arises when we start considering outreach to the conservative-leaning or undecided independent population is, “are these people available to be convinced?”.
To that, I must answer an unqualified “yes”.
I know that some of you are already objecting. For those of us with an understanding of history and the mechanics of bigotry in the United States, it might initially seem like the answer is “no”.
As the Nazis came to power in the 1920s, they were campaigning openly on a platform of antisemitic violence. Everyone knew what the debate was. It was hard to claim that you didn’t, in spite of some breathtakingly cowardly contemporaneous journalism, they weren’t fooling anyone.
It feels ridiculous to say this, but Hitler did not have support among Jews.
Yet, after campaigning on a platform of defaming immigrants, and Mexican immigrants specifically for a decade, a large part of what drove his victory is that Trump enjoyed a shockingly huge surge of support among the Hispanic population. Even some undocumented migrants — the ones most likely to be herded into concentration camps starting in January — are supporting him.
I believe that this is possible because, in order to maintain support of the multi-ethnic working-class coalition that Trump has built, the Republicans must maintain plausible deniability. They have to say “we are not racist”, “we are not xenophobic”. Incredibly, his supporters even say “I don’t hate trans people” with startling regularity.
Most voters must continue to believe that hateful policies with devastating impacts are actually race-neutral, and are simply going to get rid of “bad” people. Even the ones motivated by racial resentment are mostly motivated by factually incorrect beliefs about racialized minorities receiving special treatment and resources which they are not in fact receiving.
They are victims of a disinformation machine. One that has rendered reality incomprehensible.
If you listen to conservative messaging, you can hear them referencing this all the time. Remember when JD Vance made that comment about Democrats calling Diet Mountain Dew racist?
Many publications wrote about this joke “bombing”1, but the kernel of truth within it is this: understanding structural bigotry in the United States is difficult. When we progressives talk about it, people who don’t understand it think that our explanations sound ridiculous and incoherent.
There’s a reason that the real version of critical race theory is a graduate-level philosophy-of-law course, and not a couple of catch phrases.
If, without context, someone says that “municipal zoning laws are racist”, this makes about as much sense as “Diet Mountain Dew is racist” to someone who doesn’t already know what “redlining” is.
Conservatives prey upon this confusion to their benefit. But they prey on this because they must do so. They must do so because, despite everything, hate is not actually popular among the American electorate. Even now, they have to be deceived into it.
The good news is that all we need to do is stop the deception.
Politics MatterIf I have sold you on the idea that a substantial plurality of voters are available to be persuaded, the next question is: can we persuade them? Do we, as progressives, have the resources and means to do so? We did lose, after all, and it might seem like nothing we did had much of an impact.
Let’s analyze that assumption.
Across the country, Trump’s margins increased. However, in the swing states, where Harris spent money on campaigning, his margins increased less than elsewhere. At time of writing, we project that the safe-state margin shift will be 3.55% towards trump, and the swing-state margin shift will be 1.69%.
This margin was, sadly, too small for a victory, but it does show that the work mattered. Perhaps given more time, or more resources, it would have mattered just a little bit more, and that would have been decisive.
This is to say, in the places where campaign dollars were spent, even against the similar spending of the Trump campaign, we pushed the margin of support 1.86% higher within 107 days. So yes: campaigning matters. Which parts and how much are not straightforward, but it definitely matters.
This is a bit of a nonsensical comparison for a whole host of reasons2, but just for a ballpark figure, if we kept this pressure up continuously during the next 4 years, we could increase support for a democratic candidate by 25%.
We Can Teach, Not SellPolitical junkies tend to overestimate the knowledge of the average voter. Even when we are trying to compensate for it, we tend to vastly overestimate how much the average voter knows about politics and policy. I suspect that you, dear reader, are a political junkie even if you don’t think of yourself as one.
To give you a sense of what I mean, across the country, on Election day and the day after, there was a huge spike in interest for the Google query, “did Joe Biden drop out”.
Consistently over the last decade, democratic policies are more popular than their opponents. Even deep red states, such as Kansas, often vote for policies supported by democrats and opposed by Republicans.
This confusion about policy is not organic; it is not voters’ fault. It is because Republicans constantly lie.
All this ignorance might seem discouraging, but it presents an opportunity: people will not sign up to be persuaded, but people do like being informed. Rather than proselytizing via a hard sales pitch, it should be possible to offer to explain how policy connects to elections. And this is made so much the easier if so many of these folks already generally like our policies.
The Challenge Is EnormousI’ve listed some reasons for optimism, but that does not mean that this will be easy.
Republicans have a tremendously powerful, decentralized media apparatus that reinforces their culture-war messaging all the time.
After some of the post-election analysis, “The Left Needs Its Own Joe Rogan” is on track to become a cliché within the week.3 While I am deeply sympathetic to that argument, the right-wing media’s success is not organic; it is funded by petrochemical billionaires.
We cannot compete via billionaire financing, and as such, we have to have a way to introduce voters to progressive and liberal media. Which means more voters need social connections to liberals and progressives.
Good WorksThe democratic presidential campaign alone spent a billion and a half dollars. And, as shown above, this can be persuasive, but it’s just the persuasion itself.
Better than spending all this money on telling people what good stuff we would do for them if we were in power, we could just show them, by doing good stuff. We should live our values, not just endlessly reiterate them.
A billion dollars is a significant amount of power in its own right.
For historical precedent, consider the Black Panthers’ Free Breakfast For Children program. This program absolutely scared the shit out of the conservative power structure, to the point that Nixon’s FBI literally raided them for giving out free food to children.
Religious missionaries, who are famously annoying, often offset their annoying-ness by doing charitable work in the communities they are trying to reach. A lot of the country that we need to reach are religious people, and nominally both Christians and leftists share a concern for helping those in need, so we should find some cultural common ground there.
We can leverage that overlap in values by partnering with churches. This immediately makes such work culturally legible to many who we most need to reach.
Jobs Jobs JobsWhen I raised this idea with Philip James, he had been mulling over similar ideas for a long time, but with a slightly different tack: free career skills workshops from folks who are obviously “non-traditional” with respect to the average rural voter’s cultural expectations. Recruit trans folks, black folks, women, and non-white immigrants from our tech networks.
Run the trainings over remote video conferencing to make volunteering more accessible. Run those workshops through churches as a distribution network.
There is good evidence that this sort of prolonged contact and direct exposure to outgroups, to help people see others as human beings, very effective politically.
However, job skills training is by no means the only benefit we could bring. There are lots of other services we could offer remotely, particularly with the skills that we in the tech community could offer. I offer this as an initial suggestion; if you have more ideas I’d love to hear them. I think the best ideas are ones where folks can opt in, things that feel like bettering oneself rather than receiving charity; nobody likes getting handouts, particularly from the outgroup, but getting help to improve your own skills feels more participatory.
I do think that free breakfast for children, specifically, might be something to start with because people are far more willing to accept gifts to benefit others (particularly their children, or the elderly!) rather than themselves.
Take CreditDoing good works in the community isn’t enough. We need to do visible good works. Attributable good works.
We don’t want to be assholes about it, but we do want to make sure that these benefits are clearly labeled. We do not want to attach an obligation to any charitable project, but we do want to attach something to indicate where it came from.
I don’t know what that “something” should be. The most important thing is that whatever “something” is appeals to set of partially-overlapping cultures that I am not really a part of — Midwestern, rural, southern, exurban, working class, “red state” — and thus, I would want to hear from people from those cultures about what works best.
But it’s got to be something.
Maybe it’s a little sticker, “brought to you by progressives and liberals. we care about you!”. Maybe it’s a subtle piece of consistent branding or graphic design, like a stylized blue stripe. Maybe we need to avoid the word “democrats”, or even “progressive” or “liberal”, and need some independent brand for such a thing, that is clearly tenuously connected but not directly; like the Coalition of Liberal and Leftist Helpful Neighbors or something.
Famously, when Trump sent everybody a check from the government, he put his name on it. Joe Biden did the same thing, and Democrats seem to think it’s a good thing that he didn’t take credit because it “wasn’t about advancing politics”, even though this obviously backfired. Republicans constantly take credit for the benefits of Democratic policies, which is one reason why voters don’t know they’re democratic policies.
Our broad left-liberal coalition is attempting to improve people’s material conditions. Part of that is, and must be, advancing a political agenda. It’s no good if we provide job trainings and free lunches to a community if that community is just going to be reduced to ruin by economically catastrophic tariffs and mass deportations.
We cannot do this work just for the credit, but getting credit is important.
Let’s You And Me — Yes YOU — Get StartedI think this is a good idea, but I am not the right person to lead it.
For one thing, building this type of organization requires a lot of organizational and leadership skills that are not really my forte. Even the idea of filing the paperwork for a new 501(c)3 right now sounds like rolling Sisyphus’s rock up the hill to me.
For another, we need folks who are connected to this culture, in ways that I am not. I would be happy to be involved — I do have some relevant technical skills to help with infrastructure, and I could always participate in some of the job-training stuff, and I can definitely donate a bit of money to a nonprofit, but I don’t think I can be in charge.
You can definitely help too, and we will need a wide variety of skills to begin with, and it will definitely need money. Maybe you can help me figure out who should be in charge.
This project will be weaker without your support. Thus: I need to hear from you.
You can email me, or, if you’d prefer a more secure channel, feel free to reach out over Signal, where my introduction code is glyph.99 . Please start the message with “good works:” so I can easily identify conversations about this.
If I receive any interest at all, I plan to organize some form of meeting within the next 30 days to figure out concrete next steps.
AcknowledgmentsThank you to my patrons who are supporting my writing on this blog. If you like what you’ve read here and you’d like to read more things like it, or you’d like to support my various open-source endeavors, you can support my work as a sponsor! My aspirations for this support are more in the directions of software development than activism, but needs must, when the devil drives. Thanks especially to Philip James for both refining the idea and helping to edit this post, and to Marley Myrianthopoulos for assistance with the data analysis.
-
Personally I think that the perception of it “bombing” had to do with the microphones during his speech not picking up much in the way of crowd noise. It sounded to me like there were plenty of claps and laughs at the time. But even if it didn’t land with most of the audience, it definitely resonated for some of them. ↩
-
A brief, non-exhaustive list of the most obvious ones:
- This is a huge amount of money raised during a crisis with an historic level of enthusiasm among democrats. There’s no way to sustain that kind of momentum.
- There are almost certainly diminishing returns at some point; people harbor conservative (and, specifically, bigoted) beliefs to different degrees, and the first million people will be much easier to convince than the second million, etc.
- Support share is not fungible; different communities will look different, and some will be saturated much more quickly than others. There is no reason to expect the rate over time to be consistent, nor the rate over geography.
-
I mostly agree with this take, and in the interest of being the change I want to see in the world, let me just share a brief list of some progressive and liberal sources of media that you might want to have a look at and start paying attention to:
- If Books Could Kill
- Some More News
- Behind The Bastards
- Crooked Media, the publishers of Pod Save America, but you should check out everything they have on offer
- Bryan Tyler Cohen
- Hasan Piker
- PhilosophyTube
- Hbomberguy
- FD Signifier
- Citation Needed
- Platformer
Please note that not all of these are to my taste and not all of them may be to yours. They are all at different places along the left-liberal coalition spectrum, but find some sources that you enjoy and trust, and build from there. ↩
Seth Michael Larson: Writing a blog on the internet
Published 2024-11-11 by Seth Larson
Reading time: minutes
Today is the 5-year anniversary of my first blog post in 2019. Since that time I've written nearly 100 articles for my blog, something that I am quite proud of! Writing has had a huge positive impact on my life and career.
I invite you, dear reader, to start writing about topics you're interested in and sharing those writings on the internet. This article is me putting my finger on the scale by sharing what I would do differently if I were to start over again.
2★2★3★3★4★4★3★3★1★1★1★1★Hired at the PSFHired at t...44441313151513139966662★2★3★3★1★1★Writing about securityWriting about se...2222330055223322Q4Q4201920191★1★1★1★Hired at ElasticHired at E...Q2Q2Q3Q3Maintainer of urllib3Maintainer of ur...2233221144Q1Q1Q4Q420202020Q2Q2Q3Q3Q1Q1Q4Q420212021Q2Q2Q3Q3Q1Q1Q4Q420222022Q2Q2Q3Q3Q1Q1Q4Q420232023Q2Q2Q3Q3Q1Q1Q4Q420242024Q2Q2Q3Q3Q1Q1Text is not SVG - cannot displayNumber of blog posts published over time with life events. Blue bars show which posts are my personal favorites. Skip the analytics§
If I were to go back in time and do one thing differently about my blog, analytics would be the one.
When I first started I used Google Analytics and found myself obsessing over the dashboards after publishing an article. This wasn't healthy, as many articles would do fine, but all the time was wasted. I'm apparently not alone in this experience.
Seeing the relatively small numbers of readers for the first few articles (single-digits...) can discourage people from writing more. Building an audience takes a looong time and plenty of persistence. That means you'll need something else to motivate you to keep at it in the mean-time.
If you insist on having analytics: I recommend GoatCounter. GoatCounter supports a mode that removes the visitor numbers and only shows referrers. The service is free for small websites, but don't forget to support them if you can.
Create what you want!The world is a weird place, and you can't control what becomes popular. Create what you want to create for the sake of creating and enjoy the ride!
My most popular article by an extremely wide margin is one I didn't expect: "Move or recover your Wordle stats". I created this little utility for me and my friends and didn't expect hundreds of thousands of people to use it until the New York Times shared the URL on Twitter.
My most recent viral article I wrote in ~15 minutes about an unexpected behavior in Python regular expressions that caused a bug in some of my code.
Own your workPublishing on the internet means deciding where you will publish your work. We've seen far too many platforms either die or become completely user-hostile. To prevent this from happening to your hard work:
- Create the original work in a format that is transformable (such as Markdown or HTML).
- Publish that work to publicly accessible URLs that you can share.
- Share your URLs in many ways, like RSS, email newsletter, social media, or elsewhere.
For easy-to-start publishing platforms, I recommend either GitHub Pages or Bear Blog. If you have the savvy and interest: host content on your own website. There are far too many guides to getting started with this, choose one using a technology that you're interested in.
See also: "Publish on your Own Site, Syndicate Elsewhere".
Let your authenticity shinePlease note that I am a cis white male and has not had to justify my existence or expertise in a space. Unfortunately not all of my friends can be their authentic selves online, but knowing them in real life I certainly wish that the world allowed them to be.
I always enjoy when a blog shows off the author, either through writing style, phrases, personal touches, pictures, jokes, or little pieces of life. Don't be afraid to leave in things you think about when you're writing. I try to strike the right balance between how I might speak about an idea if I were to talk in person and writing for a diverse audience.
Don't put yourself in a boxYou don't have to write about the same one or two topics, forever. I am guilty of this, and I am working on writing about more than only open source and security. Recently I have started to write about video-game preservation.
Again, write about what you want to write about. Writing about something new, even if it's only once, can be very refreshing. Don't let vague feelings about what your audience "expects" to get in the way of creative expression.
Don't think you only need to write about "professional" topics or topics that have broad appeal. You can write about anything at all from rocket science to what's happening in your local community.
Start at the endStart with the conclusion! A reader should be able to know your main ideas without a single page scroll (because almost all readers won't make it past the first few paragraphs). Check out how your draft looks on a phone to confirm this is the case.
After that first page scroll you've already pared down to the more dedicated readers so start giving them details. If you like narrative writing like me, this is a good place to start the actual story.
Keep it shortIn terms of writing, you should be able to write the main points and details of an article quickly, assuming you've done your research beforehand.
Once all the main points are there, resist the urge to make an in-progress article "more grand" or "comprehensive". Instead, link out to resources that already exist or plan on writing follow-up articles later. Many smaller articles are more easily consumable for readers and more writeable for you (double win!)
Ship early instead of neverI've wasted so much time trying to "finish" blog posts. Endlessly trying to polish something into being perfect is not worth it, because it increases the chances that the work won't ever be published!
Try to be okay publishing something that isn't perfect, because your idea of "perfect" will change over time. You need to go through the "research-write-edit-publish" cycle to improve, not by endlessly editing one piece.
Hang up when you're doneDon't worry about "conclusions" or "wrapping-up" a blog post at the end. Just stop writing as soon there's no more to say. I promise almost no one reads all the way to the end (except your most loyal readers: remember they like you!)
Speaking of stopping: this is it! Thanks to everyone who has read this blog 💜
Have thoughts or questions? Let's chat over email or social:
sethmichaellarson@gmail.com
@sethmlarson@fosstodon.org
Want more articles like this one? Get notified of new posts by subscribing to the RSS feed or the email newsletter. I won't share your email or send spam, only whatever this is!
Want more content now? This blog's archive has ready-to-read articles. I also curate a list of cool URLs I find on the internet.
Find a typo? This blog is open source, pull requests are appreciated.
Thanks for reading! ♡ This work is licensed under CC BY-SA 4.0
︎Quansight Labs Blog: The Polars vs pandas difference nobody is talking about
Python Docs Editorial Board: Meeting Minutes: Nov 11, 2024
Dirk Eddelbuettel: inline 0.3.20: Mostly Maintenance
A new release of the inline package got to CRAN today marking the first release in three and half years. inline facilitates writing code in-line in simple string expressions or short files. The package was used quite extensively by Rcpp in the very early days before Rcpp Attributes arrived on the scene providing an even better alternative for its use cases. inline is still used by rstan and a number of other packages.
This release was tickled by changing in r-devel just this week, and the corresponding ‘please fix or else’ email I received this morning. R_NO_REMAP is now the default in r-devel, and while we had already converted most (old-style) calls into the API to using the now mandatory Rf_ prefix, the package contained few remaining cases in examples as well as one in code generation. The release also contains a helpful contributed PR making an error message a little clearer, plus several small and common maintenance changed around continuous integration, package layout and the repository.
The NEWS extract follows and details the changes some more.
Changes in inline version 0.3.20 (2024-11-10)Error message formatting is improved for compileCode (Alexis Derumigny in #25)
Switch to using Authors@R, other general packaging maintenance for continuous integration and repository
Use Rf_ in a handful of cases as R-devel now mandates it
Thanks to my CRANberries, you can also look at a diff to the previous release Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page. Bugs reports are welcome at the GitHub issue tracker as well (where one can also search among open or closed issues).
If you like this or other open-source work I do, you can sponsor me at GitHub.
This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.
Reproducible Builds: Reproducible Builds in October 2024
Welcome to the October 2024 report from the Reproducible Builds project.
Our reports attempt to outline what we’ve been up to over the past month, highlighting news items from elsewhere in tech where they are related. As ever, if you are interested in contributing to the project, please visit our Contribute page on our website.
Table of contents:
- Beyond bitwise equality for Reproducible Builds?
- ‘Two Ways to Trustworthy’ at SeaGL 2024
- Number of cores affected Android compiler output
- On our mailing list…
- diffoscope
- IzzyOnDroid passed 25% reproducible apps
- Distribution work
- Website updates
- Reproducibility testing framework
- Supply-chain security at Open Source Summit EU
- Upstream patches
Jens Dietrich, Tim White, of Victoria University of Wellington, New Zealand along with Behnaz Hassanshahi and Paddy Krishnan of Oracle Labs Australia published a paper entitled “Levels of Binary Equivalence for the Comparison of Binaries from Alternative Builds”:
The availability of multiple binaries built from the same sources creates new challenges and opportunities, and raises questions such as: “Does build A confirm the integrity of build B?” or “Can build A reveal a compromised build B?”. To answer such questions requires a notion of equivalence between binaries. We demonstrate that the obvious approach based on bitwise equality has significant shortcomings in practice, and that there is value in opting for alternative notions. We conceptualise this by introducing levels of equivalence, inspired by clone detection types.
A PDF of the paper is freely available.
On Friday 8th November, Vagrant Cascadian will present a talk entitled Two Ways to Trustworthy at SeaGL in Seattle, WA.
Founded in 2013, SeaGL is a free, grassroots technical summit dedicated to spreading awareness and knowledge about free source software, hardware and culture. Vagrant’s talk:
[…] delves into how two project[s] approaches fundamental security features through Reproducible Builds, Bootstrappable Builds, code auditability, etc. to improve trustworthiness, allowing independent verification; trustworthy projects require little to no trust.
Exploring the challenges that each project faces due to very different technical architectures, but also contextually relevant social structure, adoption patterns, and organizational history should provide a good backdrop to understand how different approaches to security might evolve, with real-world merits and downsides.
Fay Stegerman wrote that the cause of the Android toolchain bug from September’s report that she reported to the Android issue tracker has been found and the bug has been fixed.
the D8 Java to DEX compiler (part of the Android toolchain) eliminated a redundant field load if running the class’s static initialiser was known to be free of side effects, which ended up accidentally depending on the sharding of the input, which is dependent on the number of CPU cores used during the build.
To make it easier to understand the bug and the patch, Fay also made a small example to illustrate when and why the optimisation involved is valid.
On our mailing list this month:
-
Following-up to previous work, James Addison informed the list that the recently-released Sphinx documentation generator includes improvements to the next copyright notice substitutions.
-
Pol Dellaiera wrote to the list in order to seek advice around introducing the concept of reproducibility to computer science Masters students at the University of Mons, Belgium.
-
James Addison also followed-up to a previous thread on “CONFIG_MODULE_SIG and the unreproducible Linux Kernel” to add: “I wonder whether it would be possible to use the Linux kernel’s Integrity Policy Enforcement to deploy a policy that would prevent loading of anything except a set of expected kernel modules.” […]
-
There were also two informative replies from David Wheeler to a broad-based discussion on Reproducible Builds being defined in various standards. […][…]
diffoscope is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues. This month, Chris Lamb made the following changes, including preparing and uploading versions 279, 280, 281 and 282 to Debian:
- Ignore errors when listing .ar archives (#1085257). […]
- Don’t try and test with systemd-ukify in the Debian stable distribution. […]
- Drop Depends on the deprecated python3-pkg-resources (#1083362). […]
In addition, Jelle van der Waa added support for Unified Kernel Image (UKI) files. […][…][…] Furthermore, Vagrant Cascadian updated diffoscope in GNU Guix to version 282. […][…]
The IzzyOnDroid project has reached a good milestone by reaching over 25% of the ~1,200 Android apps provided by their repository (of official APKs built by the original application developers) having been confirmed to be reproducible by a rebuilder.
In Debian this month:
-
Holger Levsen uploaded devscripts version 2.24.2, including many changes to the debootsnap, debrebuild and reproducible-check scripts. This is the first time that debrebuild actually works (using sbuild’s unshare backend). As part of this, Holger also fixed an issue in the reproducible-check script where a typo in the code led to incorrect results […]
-
Recently, a news entry was added to snapshot.debian.org’s homepage, describing the recent changes that made the system stable again:
The new server has no problems keeping up with importing the full archives on every update, as each run finishes comfortably in time before it’s time to run again. [While] the new server is the one doing all the importing of updated archives, the HTTP interface is being served by both the new server and one of the VM’s at LeaseWeb.
The entry list a number of specific updates surrounding the API endpoints and rate limiting.
-
Lastly, 12 reviews of Debian packages were added, 3 were updated and 18 were removed this month adding to our knowledge about identified issues.
Elsewhere in distribution news, Zbigniew Jędrzejewski-Szmek performed another rebuild of Fedora 42 packages, with the headline result being that 91% of the packages are reproducible. Zbigniew also reported a reproducibility problem with QImage.
Finally, in openSUSE, Bernhard M. Wiedemann published another report for that distribution.
There were an enormous number of improvements made to our website this month, including:
-
Alba Herrerias:
-
Chris Lamb:
- Correct the name of Civil Infrastructure Platform name and update image on the Projects page. […]
- Update broken link on the Value Initialization page. […]
- Try and make pipeline/branch builds of the website easier to browse. […][…][…][…]
-
hulkoba
- Contribute to the new ‘Success stories’ page. […]
-
James Addison:
-
Ninette Adhikari:
-
Pol Dellaiera:
Lastly, Holger Levsen filed an extensive issue detailing a request to create an overview of recommendations and standards in relation to reproducible builds.
The Reproducible Builds project operates a comprehensive testing framework running primarily at tests.reproducible-builds.org in order to check packages and other artifacts for reproducibility. In October, a number of changes were made by Holger Levsen, including:
- Add a basic index.html for rebuilderd. […]
- Update the nginx.conf configuration file for rebuilderd. […]
- Document how to use a rescue system for Infomaniak’s OpenStack cloud. […]
- Update usage info for two particular nodes. […]
- Fix up a version skew check to fix the name of the riscv64 architecture. […]
- Update the rebuilderd-related TODO. […]
In addition, Mattia Rizzolo added a new IP address for the inos5 node […] and Vagrant Cascadian brought 4 virt nodes back online […].
The Open Source Summit EU took place recently, and covered plenty of topics related to supply-chain security, including:
- Public Sector & OpenSSF: Principles for Package Repository Security
- The Model Openness Framework: Promoting Completeness and Openness for Reproducibility, Transparency and Usability in AI
- Structured Scorecard Results: Tailor Your Own Supply-Chain Security Policies
- Lightning Talk: Elephant in the Room: How Supply Chain Security Standards Are Not Standard and What to Do About It
- Lightning Talk: Charting the Course for Secure Software Supply Chain with Guac-AI-Mole!
- TPMs, Merkle Trees and TEEs: Enhancing SLSA with Hardware-Assisted Build Environment Verification
- Accountability Taxonomy for AI Software Bill of Materials
- Securing Your Supply Chain with an Open Source Ecosystem
- OSS Supply Chain Threats and Why You Need a Holistic Security Strategy
- A Step Closer to in-Toto’lly Secure: Using in-Toto and OPA Gatekeeper to Verify Artifact Integrity
- Panel Discussion: Improving Supply Chain Integrity with OpenSSF Technologies
- Case Study: 10+ Years of Developing an SBOM System and the Dos and Don’ts
- SBOM in SaaS Environments: An Update
- Securing Git Repositories with Gittuf
The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of such patches, including:
-
Bernhard M. Wiedemann
- apache-ivy (.zip modification time)
- ccache (build failure)
- colord (CPU)
- efivar (CPU/march=native)
- gsl (no check)
- libcamera (date/copyright year)
- libreoffice (possible rpm/build toolchain corruption bug)
- moto (.gz modification time)
- openssl-1_1 (date-related issue)
- python-pygraphviz (benchmark)
- sphinx/python-pygraphviz (benchmark)
- python-panel (package.lock has random port)
- python-propcache (random temporary path)
- python314 (.gz-related modification time)
- rusty_v8 (random .o files)
- scapy (date)
- wine (parallelism)
- ibmtss (FTBFS-2026)
- pymol (date)
- pandas (ASLR)
- linutil (drop date)
- lsof (also filed in openSUSE: uname -r in LSOF_VSTR)
- schily (also filed in openSUSE: uname -r)
- superlu (nocheck)
- util (random test failure)
- ceph (year-2038 variation from embedded boost)
-
Chris Lamb:
-
James Addison:
- #1085112 filed against distro-info.
-
Zbigniew Jędrzejewski-Szmek:
Finally, If you are interested in contributing to the Reproducible Builds project, please visit our Contribute page on our website. However, you can get in touch with us via:
-
IRC: #reproducible-builds on irc.oftc.net.
-
Mastodon: @reproducible_builds@fosstodon.org
-
Mailing list: rb-general@lists.reproducible-builds.org
-
Twitter: @ReproBuilds
GNU Guix: Take the Guix User and Contributor Survey
To understand the views of the Guix community we're running a survey that we'd love you to take part in! The Guix User and Contributor Survey is live now, and should take about 10 minutes to fill out. Perfect for doing with a cup of tea and a biscuit!
The Guix project continues to grow and change, with new contributors and users joining our community. We decided to run this survey as it's the best way to gather good quality feedback across the widest cross-section of the community. Of course, there's lots of interesting topics a survey could ask about! We decided to focus on how Guix is used, and how contributors take part in the project.
The survey is being run on LimeSurvey which is a Free Software project and has been used by many other projects for similar surveys. The survey's hosted on the LimeSurvey SaaS so that we don't have the additional task of operating the software. No personal data is asked for (e.g. email addresses), no tracking data is being collected (e.g. IP addresses) and the entries are anonymised.
We'll be making the results and the anonymised data available under the Creative Commons CCO: that way anyone can analyse the data for further insights.
We hope the results of the survey will be used to understand both the Guix project's strengths and areas we can improve. Which is why your input is so important. If you can, please take the survey!
This Week in KDE Apps: Adopt an App
Welcome to a new issue of "This Week in KDE Apps"! Every week we cover as much as possible of what's happening in the world of KDE apps.
This week, we released KDE Gear 24.08.3 and we are preparing the 24.12.0 release with the beta planned for next week. The final release will happen on December 12th, but, meanwhile, and as part of the 2024 end-of-year fundraiser, you can "Adopt an App" in a symbolic effort to support your favorite KDE app.
This week, we are particularly grateful to @petejones@hcommons.social, @DaisyLee@mastodon.social and Karcsesz for showing their support for Tokodon; manchicken for Merkuro and fat_malama, Alexandru Traistaru and Neeko iko for KDE Connect.
Any monetary contribution, however small, will help us cover operational costs, salaries, travel expenses for contributors and in general just keep KDE bringing Free Software to the world. So consider donating today!
Getting back to all that's new in the KDE App scene, let's dig in!
Alligator Feed reader for mobile devicesThe user can no longer open the feed details page multiple times (Soumyadeep Ghosh, 24.12.0, link).
Falkon Web BrowserIt is now possible to open a context menu with Greasemonkey (Juraj Oravec, 24.12.0, link). Greasemonkey you to run little scripts that make on-the-fly changes to web page content. Juraj also removed the advertised FTP support in Falkon as the support for FTP was removed from Chromium. (Juraj Oravec, 24.12.0, link)
Dolphin Manage your filesWe no longer ask password twice when entering the Dolphin's admin mode (kio-admin) (Felix Ernst, 24.12.0, link).
Felix also improved the keyboard navigation in the toolbar, now the elements are focused in the right order (Felix Ernst, 24.12.0. link 1 and link 2).
KDE Itinerary Digital travel assistantItinerary can now show you a map of the whole trip (Volker Krause, 24.12.0, link).
And display some statistics about your trip, for example the CO2 emission, the distance travelled and the costs (if available) (Volker Krause, 24.12.0, link).
Finally, the alignment of timeline elements in Itinerary is now much more consistent (Carl Schwan, 24.12.0, link).
Okular View and annotate documentsWhen loading PDF files with Ink annotation containing an empty path, Okular won't crash. You shouldn't be able to create such annotations with Okular anyway, but some PDF files out there do contains such annotations (Albert Astals Cid, 24.12.0, link).
We also no longer hide the signing UI prematurely and now ensure it is visible until the signing process is actually finished (Nicolas Fella, 24.12.0, link).
Finally we fixed a small memory leak in Okular's latex support (Nil Admirari, 24.12.0, link).
Kaffeine Multimedia PlayerKaffeine got ported to Qt6/KF6 (Tobias Klausmann, 24.12.0, link).
Calculator A feature rich calculatorKalk will now correctly handle pressing the Esc key and clear the input field like many other calculator applications do, instead of creating strange characters in the input area (Devin Lin, 24.12.0, link).
Kasts Podcast applicationBart de Vries fixed password loading for synchronisation services on Windows (Bart De Vries, 24.12.0 link).
Kate Advanced Text EditorThe performance of displaying the build output has been improved (Waqar Ahmed, 24.12.0 link).
KDevelop Featureful, plugin-extensible IDE for C/C++ and other programming languagesWe addressed certain annoyances when working with the flatpak runtime. This included, for example, improving the handling of .flatpak-manifest.json files which we use in KDE for storing the an application's Flatpak manifest (Aleix Pol Gonzalez, 24.12.0 link).
KMail A feature-rich email applicationKMail and other PIM applications can now be compiled on Windows (Ingo Klöcker and Laurent Montel link 1 and link 2). Having KDE PIM applications work well on Windows is still in early stages of development. There is still a lot of work required to make Kontact a good experienceon that platform.
KMix Sound MixerKMix got ported to Qt6/KF6 (Jonathan Marten, 24.12.0 link).
Krita Digital Painting, Creative FreedomSVGs with clip masks now render faster (Dmitry Kazakov, link).
Konsole Use the command line interfaceKonsole now always creates a cgroup hierarchy when creating new process. This prevents entire applications getting killed in an Out-Of-Memory (OOM) scenarios when a tab consumes too much RAM (David Redondo, 24.12.0, link). David also ensured the subprocess of Konsole are correctly mapped to Konsole's .desktop file (link).
Kwave Sound editorKWave now provides a better visual indication when playback is paused (Mark Penner, 24.12.0, link).
NeoChat Chat on MatrixWe improved the network proxy's config page look to make it more consistent with the other config pages (Joshua Goins, 24.12.0, link).
Joshua Goins and Olivier Beard improved the link preview. Now clicking anywhere on the link preview will take you to the linked webpage (Joshua Goins, 24.12.0, link). The separator shown to the left of the preview and quoted text also got stylish rounded corners (Olivier Beard, 24.12.0, link).
NeoChat now hides non-standard rooms from the room list as most of the time they are used exclusively for holding data (e.g. trip group information from Itinerary) and not meant to be interacted with (Joshua Goins, 24.12.0, link).
We also improved the way polls look (Carl Schwan, 24.12.0, link).
And made sending messages and inserting newline shortcuts configurable (Eren Karakas, 24.12.0, link).
Tokodon Browse the FediverseRight clicking on a link on a post will now show a context menu allowing users to copy or share the URL directly (Arran Ubels, 24.12.0, link).
And all this too...The layout of the About dialog of applications using QtWidgets has been improved (Carl Schwan, KDE Frameworks 6.10.0, link).
Before After ... And Everything ElseThis blog only covers the tip of the iceberg! If you’re hungry for more, check out Nate's blog about Plasma and be sure not to miss his This Week in Plasma series, where every Saturday he covers all the work being put into KDE's Plasma desktop environment.
For a complete overview of what's going on, visit KDE's Planet, where you can find all KDE news unfiltered directly from our contributors.
Get InvolvedThe KDE organization has become important in the world, and your time and contributions have helped us get there. As we grow, we're going to need your support for KDE to become sustainable.
You can help KDE by becoming an active community member and getting involved. Each contributor makes a huge difference in KDE — you are not a number or a cog in a machine! You don’t have to be a programmer either. There are many things you can do: you can help hunt and confirm bugs, even maybe solve them; contribute designs for wallpapers, web pages, icons and app interfaces; translate messages and menu items into your own language; promote KDE in your local community; and a ton more things.
You can also help us by donating. Any monetary contribution, however small, will help us cover operational costs, salaries, travel expenses for contributors and in general just keep KDE bringing Free Software to the world.
To get your application mentioned here, please ping us in invent or in Matrix.
Thorsten Alteholz: My Debian Activities in October 2024
This month I accepted 398 and rejected 22 packages. The overall number of packages that got accepted was 441.
In case your RM bug is not closed within a month, you can assume that either the conversion of the subject of the bug email to the corresponding dak command did not work or you still need to take care of reverse dependencies. The dak command related to your removal bug can be found here.
Unfortunately the bahavior of some project members caused a decline of motivation of team members to work on these bugs. When I look at these bugs, I just copy and paste the above mentioned dak commands. If they don’t work, I don’t have the time to debug what is going wrong. So please read the docs and take care of it yourself. Please also keep in mind that you need to close the bug or set a moreinfo tag if you don’t want anybody to act on your removal bug.
Debian LTSThis was my hundred-twenty-fourth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian. During my allocated time I uploaded or worked on:
- [DLA 3925-1] asterisk security update to fix two CVEs related to privilege escalation and DoS
- [DLA 3940-1] xorg-server update to fix one CVE related to privilege escalation
Last but not least I did a week of FD this month and attended the monthly LTS/ELTS meeting.
Debian ELTSThis month was the seventy-fifth ELTS month. During my allocated time I uploaded or worked on:
- [ELA-1198-1]cups security update for one CVE in Buster to fix the IPP attribute related CVEs.
- [ELA-1199-1]cups security update for two CVEs in Stretch to fix the IPP attribute related CVEs
- [ELA-1216-1]graphicsmagick security update for one CVE in Jessie
- [ELA-1217-1]asterisk security update for two CVEs in Buster related to privilege escalation
- [ELA-1218-1]asterisk security update for two CVEs in Stretch related to privilege escalation and DoS
- [ELA-1223-1]xorg-server security update for one CVE in Jessie, Stretch and Buster related to privilege escalation
I also did a week of FD and attended the monthly LTS/ELTS meeting.
Debian PrintingUnfortunately I didn’t found any time to work on this topic.
Debian MatomoUnfortunately I didn’t found any time to work on this topic.
Debian AstroUnfortunately I didn’t found any time to work on this topic.
Debian IoTThis month I uploaded new upstream or bugfix versions of:
- … pywws (yes, again this month)
This month I uploaded new packages or new upstream or bugfix versions of:
- … osmocom-dahdi-linux (package prepared by Nathan)
- … osmo-bts
This month I uploaded new upstream or bugfix versions of:
New Video by Ramon Miranda: Seamless Templates
We've released a new video! ..Templates! you can create them with Krita to save time in your digital paintings and be more focused on your artwork. They are seamless, they are useful, and they are really easy to generate. So let´s go with another supercool feature of Krita.
Check out the video for download links for the templates themselves!
Jonathan Dowland: Progressively enhancing CGI apps with htmx
I was interested in learning about htmx, so I used it to improve the experience of posting comments on my blog.
It seems much of modern web development is structured around having a JavaScript program on the front-end (browser) which exchanges data encoded in JSON asynchronously with the back-end servers. htmx uses a novel (or throwback) approach: it asynchronously fetches snippets of HTML from the back-end, and splices the results into the live page. For example, a htmx-powered button may request a URI on the server, receive HTML in response, and then the button itself would be replaced by the resulting HTML, within the page.
I experimented with incorporating it into an existing, old-school CGI web app: IkiWiki, which I became a co-maintainer of this year, and powers my blog. Throughout this project I referred to the excellent book Server-Driven Web Apps with htmx.
Comment posting workflowI really value blog comments, but the UX for posting them on my blog was a bit clunky. It went like this:
you load a given page (such as this blog post), which is a static HTML document. There's a link to add a comment to the page.
The link loads a new page which is generated dynamically and served back to you via CGI. This contains a HTML form for you to write your comment.
The form submits to the server via HTTP POST. IkiWiki validates the form content. Various static pages (in particular the one you started on, in Step 1) are regenerated.
the server response to the request in (3) is a HTTP 302 redirect, instructing the browser to go back to the page in Step 1.
First, I wanted the "add a comment" link to present the edit box in the current page. This step was easiest: add four attributes to the "comment on this page" anchor tag:
- hx-get="<CGI ENDPOINT GOES HERE>"
- suppresses the normal behaviour of the tag, so clicking on it doesn't load a new page.
issues an asynchronous HTTP GET to the CGI end-point, which returns the full HTML document for the comment edit form
- hx-select=".editcomment form"
- extract the edit-comment form from within that document
- hx-swap=beforeend and hx-target=".addcomment"
- append (courtesy of beforeend) the form into the source page after the "add comment" anchor tag (.addcomment)
Now, clicking "comment on this page" loads in the edit-comment box below it without moving you away from the source page. All that without writing any new code!
Second step: handling previewsThe old Preview Comment page
In the traditional workflow, clicking on "Preview" loaded a new page containing the edit form (but not the original page or any existing comments) with a rendering of the comment-in-progress below it. I wasn't originally interested in supporting the "Preview" feature, but I needed to for reasons I'll explain later.
Rather than load new pages, I wanted "Preview" to insert a rendering of the comment-in-progress being inserted into the current page's list of comments, marked up to indicate that it's a preview.
IkiWiki provides some templates which you can override to customise your site. I've long overridden page.tmpl, the template used for all pages. I needed to add a new empty div tag in order to have a "hook" to target with the previewed comment.
The rest of this was achieved with htmx attributes on the "Preview" button, similar to in the last step: hx-post to define a target URI when you click the button (and specify HTTP POST); hx-select to filter the resulting HTML and extract the comment; hx-target to specify where to insert it.
Now, clicking "Preview" does not leave the current page, but fetches a rendering of your comment-in-progress, and splices it into the comment list, appropriately marked up to be clear it's a preview.
Third step: handling submitted commentsIkiWiki is highly configurable, and many different things could happen once you post a comment.
On my personal blog, all comments are held for moderation before they are published. The page you were served after submitting a comment was rather bare-bones, a status message "Your comment will be posted after moderator review", without the original page content or comments.
I wanted your comment to appear in the page immediately, albeit marked up to indicate it was awaiting review. Since the traditional workflow didn't render or present your comment to you, I had to cheat.
handling moderated commentsModeration message upon submitting a comment
One of my goals with this project was not to modify IkiWiki itself. I had to break this rule for moderated comments. When returning the "comment is moderated" page, IkiWiki uses HTTP status code 200, the same as for other scenarios. I wrote a tiny patch to return HTTP 202 (Accepted, but not processed) instead.
I now have to write some actual JavaScript. htmx emits the htmx:beforeSwap event after an AJAX call returns, but before the corresponding swap is performed. I wrote a function that is triggered on this event, filters for HTTP 202 responses, triggers the "Preview" button, and then alters the result to indicate a moderated, rather than previewed, comment. (That's why I bothered to implement previews). You can read the full function here: jon.js.
SummaryI've done barely any front-end web development for years and I found working with htmx to be an enjoyable experience.
You can leave a comment on this very blog post if you want to see it in action. I couldn't resist adding an easter egg: Brownie points if you can figure out what it is.
Adding htmx to an existing CGI-based website let me improve one of the workflows in a gracefully-degrading way (without JavaScript, the old method will continue to work fine) without modifying the existing application itself (well, almost) and without having to write very much code of my own at all: nearly all of the configuration was declarative.
September and October in KDE PIM
Here's our bi-monthly update from KDE's personal information management applications team. This report covers progress made in September and October 2024.
Since the last report, 24 people have contributed over 1100 changes to the KDE PIM code base. We also released a two bugfix releases of the KDE PIM Suite with the Gear releases 24.08.1 and 24.08.2
Please note this is the last bi-monthly blog post for KDE PIM. We will continue to work on KDE PIM but weekly improvements to KDE PIM are now included in the This Week in KDE Apps blog.
AkademyThe KDE PIM team was at Akademy from the 7th to the 12th of September in Würzburg (Germany). We hosted again a PIM BoF.
We covered a few topics and made plans. In particular we touched upon contributions blockers, we hope the milestone system will help and also working on the amount of repositories which are not part of KDE Frameworks. Things are progressing in the right direction but slowly. Feel free to reach out to help!
MilestonesTalking about the milestones. You can see what we got in store on the Gitlab board. Some of them are progressing nicely like the resurrection of Kontact for Windows or the port away from QCA.
If you see anything you fancy and you would like to help, reach out to us on the #kontact:kde.org Matrix channel!
Applications ItineraryOur travel assistance app Itinerary got a new two-level trip/timeline view, an extended public transport location search, a new full trip map view and better Android platform integration. Read more in [its own bi-monthly update] (https://volkerkrause.eu/2024/10/03/kde-itinerary-august-september-2024.html).
KAlarmDavid has been working on fixing bugs around sound handling. In particular, repeating audio alarms only playing once have been fixed. Likewise the failure to play sound files using libVLC on some systems is gone. Also the backend to play sound can be changed at build time, it can use VLC or MPV.
But that's not the only bugs which got squashed. It's now possible to wake from suspend when using RTC wake and a crash has been fixed affecting systems where the kernel supports alarm timers.
Last but not least, the GUI has been improved around the run mode options in the preferences dialog.
MerkuroClaudio has been busy fixing regressions and improving the stability of Merkuro. Notably, maps are now displayed again (if the event contains coordinates). Also, the collection combobox in the editors are now initialized with a valid collection and filtering features have been repaired.
KAddressBook and KOrganizerThe general improvements to support Plasma Activities is still on going. It is not enabled by default as it requires Akonadi Resources support to become really useful and the corresponding changes are not there yet.
KMailOn the KMail front the search has been greatly improved. There is now a custom syntax usable in the search text field. One can now use keywords like subject:, body:, to, from, has:attachment, is:important, is:replied and so on to make more precise queries.
For instance one could write "from:vkrause@kde.org to:kde-pim@kde.org is:important" to get only the emails from Volker on the kde-pim mailing list which are also flagged as important.
Fedora KDE Enabling Third Party Repositories
As you may know, Fedora KDE 41 was released a couple of weeks ago.
I wanted to talk about a special feature that our colleague @farchord (with support from upstream developer @Nate Graham) has brought to our Fedora KDE distribution:
Enabling Third Party Repositories With A Single Click!
Thanks to the flexibility of plasma-welcome we can offer this feature
Right after installing Fedora and on first login you will be presented with the Plasma Welcome window:
Before you click on Skip , you can go through the different slides to read about KDE and Fedora and also to decide whether you want to contribute with anonymous metrics or not (note: I personally do not):
Here is where the interesting part comes in, on the next slide:
With a simple click of a button you will enable the most commonly requested by our users Third Party Repositories like rpmfusion! (note: you will be asked for your administrator password)
Once the request is processed, the message will change to:
That’s it! You have successfully enabled Third Party Repositories without needing to modify any file or running any command whatsoever
Before you do anything with your system and your new configuration, I will strongly recommend to update your system via Plasma Discover :
Proceed with all the update and reboot to get the latest and shiniest from our repositories.
Finally, to verify that the Third Party software is available, you can check:
And that is it!
Enjoy!
This is all thanks to farchord, siosm , aleasto and ngraham‘s work!
Ubuntu Summit 2024: A joyful experience filled with sorrow
Has this ever occurred to you? The most joyful moments of your life got filled with sorrow, a grief of loss…
Let’s talk about the Ubuntu Summit first, my international conference and solo travel outside my country. Probably I am the first from my entire extended family to visit a European country. My parents, well-wishers everyone was so happy. Only person didn’t know much about this, my maternal grandfather, whom I called (yes, “called”, he left us on 27th October 2024) Dada. Let me tell you about the summit first.
This Week in Plasma: Everything You Wanted and More
This week was full of major feature work and UI polishing, in addition to a lot of bug-fixing! I'm pretty sure everyone will find something to be excited about here:
Notable New FeaturesYou can now swap the functions of drawing tablet pen buttons if you like the function performed by one of the buttons, but not which button activates it. (Joshua Goins, 6.3.0. Link)
Info Center now shows all of your GPUs, not just one of them. And they are now indicated in a fancy way! (Harald Sitter, 6.3.0. Link 1 and link 2)
Discover now shows you when apps are either packaged directly by their developer, or verified by a trusted third party. (Aleix Pol Gonzalez, 6.3.0. Link)
The Printers widget now shows each printer's print queue inline, right there in the widget! (Kai Uwe Broulik, 6.3.0. Link)
The Task Manager widget now lets you configure whether the "I'm playing audio" icons that appear in the corner of tasks can be clicked to mute the audio. In addition, the audio controls now always appear in the window preview thumbnails, and can't be accidentally disabled. (Petar Margetic, 6.3.0. Link)
When you've set up your system to reboot into the bootloader menu the next time it reboots (and not the firmware screen; that case was already handled), the logout screen how indicates this. (Nikolay Kochulin, 6.3.0. Link)
Notable UI ImprovementsWhen you put a pie chart style System Monitor widget on a really skinny panel, the percentage circle in the center now looks nice, rather than being jagged and overly bold. (Arjen Hiemstra, 6.2.4. Link)
Made the progress indicators on Discover's Updates page more readable. (Nate Graham, 6.2.4. Link)
The Keyboard Indicator widget now indicates when modifier keys are "latched" or "locked", as they can be when using certain accessibility settings. (Nicolas Fella, 6.3.0. Link)
Removed the "Settings" launcher menu category! Now all of its contents have been moved into the "System" category. This reduces the number of categories that don't offer meaningful grouping. (Nate Graham, 6.3.0. Link)
The Printers widget now shows a little busy spinner for any printers that are currently printing, to make them easier to pick out among others when there are a lot of printers available. (Kai Uwe Broulik. 6.3.0. Link)
Widgets placed on the desktop are now very slightly translucent, just like the popups of widgets placed on the panel. (Marco Martin, 6.3.0. Link)
When for some reason the system time zone is set incorrectly or not set at all, the Digital Clock widget now tells you what's going on and offers you the chance to fix it yourself instead of just being broken. (Niccolò Venerandi, 6.3.0. Link)
Added a distinct Breeze icon for System Settings' Shortcuts page. (Joshua Goins, Frameworks 6.9. Link)
Improved the Breeze icon shown on password dialogs. (Kai Uwe Broulik, Frameworks 6.9. Link)
Notable Bug FixesFixed a case where KWin would crash when plugging in external screens. (Xaver Hugl, 6.2.3. Link)
Fixed a regression caused by a version 0.22 of the power-profiles-daemon service that caused power profiles to not be registered properly by Plasma's Power and Battery widget until you manually restarted the Powerdevil service. (Méven Car, 6.2.3. Link)
Discover's auto-update feature once again works for Flatpak apps. (Harald Sitter, 6.2.4. Link)
The speaker test window on System Settings' Audio page now always fits its content, no matter what the name of the device or its audio profile may be. (Ismael Asensio, 6.2.4. Link)
Fixed a strange issue that would make GTK 4 apps look too dark when using HDR mode. Now they're a bit too light, but this is a GTK 4 bug. (Xaver Hugl, 6.2.4. Link)
Plasma panels in "fit content" mode are now compatible with flexible spacers; placing one on a panel no longer causes it to slowly grow to its full width when Plasma starts up — which was hilarious, but wrong. (Niccolò Venerandi, 6.2.4. Link)
Fixed a small visual glitch in KWin's Overview effect that caused windows dragged-and-dropped onto the desktop bar to strangely glide off screen. (Marco Martin, 6.2.4. Link)
Did a major code refactor and bug-fixing spree for desktop icon positioning, which fixes almost all of the outstanding bug reports about icons moving around, and also adds autotests to validate the fixes! You can read more about it here, too. (Akseli Lahtinen, 6.3.0. Link)
Alt key accelerators for items in the Global Menu widget now work on Wayland. (Nicolas Fella, 6.3.0. Link)
Performing a major system update using Discover no longer makes a pointless and invisible authentication prompt appear behind the logout window when you try to reboot to complete the update. (Alessandro Astone, PackageKit 1.3.1. Link)
Other bug information of note:
- 4 Very high priority Plasma bug (same as last week). Current list of bugs
- 37 15-minute Plasma bugs (down from 40 last week). Current list of bugs
- 106 KDE bugs of all kinds fixed over the last week. Full list of bugs
The feature to let you record the screen without re-approval if it's the same as one you did last time now also works when using rectangular region recordings. (David Redondo, 6.3.0. Link)
Implemented support for the Wayland system bell protocol. (David Redondo, 6.3.0. Link)
How You Can HelpKDE has become important in the world, and your time and contributions have helped us get there. As we grow, we need your support to keep KDE sustainable.
You can help KDE by becoming an active community member and getting involved somehow. Each contributor makes a huge difference in KDE — you are not a number or a cog in a machine!
You don’t have to be a programmer, either. Many other opportunities exist:
- Filter and confirm bug reports, maybe even identify their root cause
- Contribute designs for wallpapers, icons, and app interfaces
- Design and maintain websites
- Translate user interface text items into your own language
- Promote KDE in your local community
- …And a ton more things!
You can also help us by donating to our yearly fundraiser! Any monetary contribution — however small — will help us cover operational costs, salaries, travel expenses for contributors, and in general just keep KDE bringing Free Software to the world.
To get a new Plasma feature or a bugfix mentioned here, feel free to push a commit to the relevant merge request on invent.kde.org.
Oliver Davies' daily list: Discussing Drush and Laravel Prompts with Jess Archer
In this week's Beyond Blocks podcast episode, I spoke to Jess Archer - Engineering Team Lead at Laravel.
We discuss Laravel Prompts which was released at Laracon US last year and added to Drush 13, but also about PHP, Laravel, Neovim, working in the terminal and bullet journaling.
Qt Wayland Tablet Improvents
A few weeks ago Qt 6.8 was released, delivering many fixes and improvements for our software. Some of them were contributed by yours truly, and in this post I want to highlight some of them.
They relate to graphics tablet/stylus input on Wayland. Before we go into the fixes let’s have a quick overview of the flow of tablet input events on Wayland:
The genesis of input events is in the kernel driver for the particular tablet, which talks to the hardware (via USB, bluetooth etc). The kernel passes events to userspace via the evdev system. On the userspace side a Wayland compositor reads those events. Most compositors leverage libinput for this, a library that transforms raw evdev events into something more usable for the compositor while applying some cleaning and configuration. The compositor then delivers events to native Wayland applications using the tablet-v2 protocol. For legacy XWayland applications the compositor uses this protocol to send events to XWayland, which translates them into things X11 apps understand. The compositor can apply useful transformations to the input, like which area of the screen the tablet is mapped to, changing the pressure curve of the pen, or binding buttons to keyboard shortcuts.
The application then processes the events, potentially leveraging a UI toolkit like Qt. Qt creates QTabletEvent object for incoming Wayland events and delivers those to all UI elements. In case no UI element reacts to the event Qt will synthesize a mouse event from the tablet event and deliver that to the UI elements. That way most controls like buttons and menus don’t need special code to handle tablet input. Only when doing very low-level input handling or when needing tablet-specific interactions (like reacting to different pressure values) application developers need to explicitly handle tablet events in their code. Most UI toolkits will work somewhat similar to this. If an application doesn’t react to tablet input at all please file a bug against the application.
Qt Wayland had support for tablet input for a few years now, so what exactly needed fixing? The first thing is cursors. In Wayland the application tells the compositor which cursor to use. This can be done either by specifying a surface (i.e. an image) or a named cursor shape. Guess which one Qt used? That’s right: Neither. It just didn’t specify a cursor at all. The result depends on the compositor: KWin would display a cross-hair cursor as a fallback, which is ~okay, but not the cursor the application developer asked for. On other compositors I’ve tested there will be no cursor visible at all, which isn’t okay at all. For Qt 6.8 I implemented the missing cursor support, so now tablets get the same cursor as mouse input (unless of course the application developer wants a different cursor for tablet input).
Another thing that affected mostly non-Plasma users is client-side decorated windows. On Plasma Qt applications usually use the server-side decoration provided by KWin, but e.g. on GNOME Qt is responsible for drawing and handling window decorations. For this Qt features a plugin system so different decorations with different look-and-feels can be swapped out. Unfortunately those decorations didn’t handle tablet input at all, so it wasn’t possible to move around or close windows using a tablet stylus. I fixed this by pretending the tablet input is mouse input to the decorations, which was a simple yet effective solution for the issue. If there is ever a need for decorations to treat tablet input different to mouse input we can revisit this.
Talking about moving windows, a feature most KDE apps have (even if off-by-default these days) is dragging any empty area to move the window. This wasn’t working when using a stylus. Why? For that we need to look at how this works on a Wayland level. The xdg-shell protocol (the one responsible for most application windows) has a move request that asks the compositor to start a move interaction for the window. As part of the request the application must pass a serial, which is a number that corresponds to the last input event the application has received. To avoid applications suddenly deciding to move in the background compositors usually only allow move requests as a result of direct user input, so this serial must match the last input event. Qt wraps this move request inside the QWindow::startSystemMove function. The problem was that Qt didn’t keep track of the serial it received as part of tablet input, so when starting the move it would pass a wrong serial and the compositor (rightfully) refused the move. A few extra lines later the serial was tracked properly and moving windows with a stylus worked, just in time for Nate to disable the feature by default.
The same problem also affected drag-and-drop. When starting a drag with a stylus Qt now passes the correct serial, making drag-and-drop work (at least on the Qt side, there currently is a bug on the KWin side that prevents this from working).
The last fix for today relates to how applications react to the tablet events. Sometimes applications process clicks differently depending on what keyboard modifiers are pressed. For example pressing Ctrl while clicking on files in Dolphin allows to select multiple files. For this to work Qt conveniently delivers the active modifiers with every input event. Alas for tablet input the modifiers got lost along the way, so it wasn’t possible to select multiple files using a stylus. One small fix later it works as expected.
That’s all the Wayland tablet related fixes for today. If you find more issues in Qt/KDE apps related to tablet input on Wayland please report them on bugs.kde.org and I’ll look into them.
That’s not all there is about Wayland tablet improvements though. Fully in the spirit of the “We care about your input!” Goal there are exiting things happening on the KWin/Plasma side that I’ve been involved in. Stay tuned for more!
In my position of Software Platform Engineer at KDE I work on common building blocks for KDE software, like Qt and KDE Frameworks. This work is possible thanks to your generous donations. Check out our end-of-the-year fundraiser if you’d like to see more work like this.