Feeds

Python Bytes: #398 Open source makes you rich? (and other myths)

Planet Python - Mon, 2024-08-26 04:00
<strong>Topics covered in this episode:</strong><br> <ul> <li><strong>Open Source Myths</strong></li> <li><a href="https://astral.sh/blog/uv-unified-python-packaging?featured_on=pythonbytes"><strong>uv 0.3.0 and all the excitement</strong></a></li> <li><a href="https://pythontest.com/top-pytest-plugins/?featured_on=pythonbytes"><strong>Top pytest Plugins</strong></a></li> <li><strong><a href="https://github.com/hbmartin/comparison-hosts-serverless-cloud-function-faas-for-python?tab=readme-ov-file&featured_on=pythonbytes">A comparison of hosts / providers for Python serverless functions</a><a href="https://github.com/hbmartin/comparison-hosts-serverless-cloud-function-faas-for-python?tab=readme-ov-file&featured_on=pythonbytes"> </a><a href="https://github.com/hbmartin/comparison-hosts-serverless-cloud-function-faas-for-python?tab=readme-ov-file&featured_on=pythonbytes">(aka</a><a href="https://github.com/hbmartin/comparison-hosts-serverless-cloud-function-faas-for-python?tab=readme-ov-file&featured_on=pythonbytes"> Faas)</a></strong></li> <li><strong>Extras</strong></li> <li><strong>Joke</strong></li> </ul><a href='https://www.youtube.com/watch?v=whaXyRCrrtc' style='font-weight: bold;'data-umami-event="Livestream-Past" data-umami-event-episode="398">Watch on YouTube</a><br> <p><strong>About the show</strong></p> <p>Sponsored by us! Support our work through:</p> <ul> <li>Our <a href="https://training.talkpython.fm/?featured_on=pythonbytes"><strong>courses at Talk Python Training</strong></a></li> <li><a href="https://courses.pythontest.com?featured_on=pythonbytes"><strong>pytest courses and community at PythonTest.com</strong></a></li> <li><a href="https://www.patreon.com/pythonbytes"><strong>Patreon Supporters</strong></a></li> </ul> <p><strong>Connect with the hosts</strong></p> <ul> <li>Michael: <a href="https://fosstodon.org/@mkennedy"><strong>@mkennedy@fosstodon.org</strong></a></li> <li>Brian: <a href="https://fosstodon.org/@brianokken"><strong>@brianokken@fosstodon.org</strong></a></li> <li>Show: <a href="https://fosstodon.org/@pythonbytes"><strong>@pythonbytes@fosstodon.org</strong></a></li> </ul> <p>Join us on YouTube at <a href="https://pythonbytes.fm/stream/live"><strong>pythonbytes.fm/live</strong></a> to be part of the audience. Usually <strong>Monday</strong> at 10am PT. Older video versions available there too.</p> <p>Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to <a href="https://pythonbytes.fm/friends-of-the-show">our friends of the show list</a>, we'll never share it. </p> <p><strong>Brian #1:</strong> <strong>Open Source Myths</strong></p> <ul> <li><a href="https://infosec.exchange/@joshbressers?featured_on=pythonbytes">Josh Bressers</a></li> <li><a href="https://infosec.exchange/@joshbressers/112845039329832564?featured_on=pythonbytes">Mastodon post kicking off a list of open source myths</a></li> <li><a href="https://docs.google.com/document/d/1fzq8I67inb4725EYMhTGHsNhrSUviSU97lFYnt8sgtc/edit?featured_on=pythonbytes">Feedback and additional myths compiled to a doc</a></li> <li>Some favorites <ul> <li>All open source developers live in Nebraska</li> <li>It’s all run by hippies</li> <li>Everything is being rewritten in rust</li> <li>Features are planned</li> <li>If the source code is available, it’s open source</li> <li>A project with no commits for 12 months is abandoned</li> <li>Many eyes make all bugs shallow</li> <li>Open source has worse UX</li> <li>Open source has better UX</li> <li>Open source makes you rich</li> </ul></li> </ul> <p><strong>Michael #2:</strong> <a href="https://astral.sh/blog/uv-unified-python-packaging?featured_on=pythonbytes"><strong>uv 0.3.0 and all the excitement</strong></a></p> <ul> <li>Thanks to Skyler Kasko and John Hagen for the emails.</li> <li><a href="https://simonwillison.net/2024/Aug/20/uv-unified-python-packaging/?featured_on=pythonbytes">Additional write up</a> by Simon Willison</li> <li><a href="https://lucumr.pocoo.org/2024/8/21/harvest-season/?featured_on=pythonbytes">Additional write up</a> by Armin Ronacher</li> <li>End-to-end project management: uv run, uv lock, and uv sync</li> <li>Tool management: uv tool install and uv tool run (aliased to uvx)</li> <li>Python installation: uv python install</li> <li>Script execution: uv can now manage hermetic, single-file Python scripts with inline dependency metadata based on PEP 723.</li> </ul> <p><strong>Brian #3:</strong> <a href="https://pythontest.com/top-pytest-plugins/?featured_on=pythonbytes"><strong>Top pytest Plugins</strong></a></p> <ul> <li>Inspired by (and assisted by) Hugo’s <a href="https://hugovk.github.io/top-pypi-packages/?featured_on=pythonbytes">Top PyPI Packages</a></li> <li>Write up for <a href="https://pythontest.com/pytest/finding-top-pytest-plugins/?featured_on=pythonbytes">Finding the top pytest plugins</a></li> <li>BTW, <a href="https://pypi.org/project/pytest-check/?featured_on=pythonbytes">pytest-check</a> has made it to 25.</li> <li>Same day, <a href="https://micro.webology.dev/2024/08/25/using-claude-sonnet.html?featured_on=pythonbytes">Jeff Triplett throws my code into Claude 3.5 Sonnet and refactors it</a></li> <li>Thanks <a href="https://fosstodon.org/@brianokken/113024832168707843">Jeff Triplett &amp; Hugo for answering how to add Summary and other info</a></li> </ul> <p><strong>Michael #4:</strong> <a href="https://github.com/hbmartin/comparison-hosts-serverless-cloud-function-faas-for-python?tab=readme-ov-file&featured_on=pythonbytes">A comparison of hosts / providers for Python serverless functions</a><a href="https://github.com/hbmartin/comparison-hosts-serverless-cloud-function-faas-for-python?tab=readme-ov-file&featured_on=pythonbytes"> </a><a href="https://github.com/hbmartin/comparison-hosts-serverless-cloud-function-faas-for-python?tab=readme-ov-file&featured_on=pythonbytes">(aka</a><a href="https://github.com/hbmartin/comparison-hosts-serverless-cloud-function-faas-for-python?tab=readme-ov-file&featured_on=pythonbytes"> Faas)</a></p> <ul> <li>Nice feature matrix of all the options, frameworks, costs, and more</li> <li>The WASM ones look particularly interesting to me.</li> </ul> <p><strong>Extras</strong> </p> <p>Brian:</p> <ul> <li><a href="#">When is the next live episode of Python Bytes?</a> - via arewemeetingyet.com <ul> <li>Thanks to Hugo van Kemenade</li> </ul></li> <li>Some <a href="https://github.com/hugovk?featured_on=pythonbytes">more cool projects by Hugo</a> <ul> <li><a href="https://hugovk.github.io/python-logos/?featured_on=pythonbytes">Python Logos</a></li> <li><a href="https://hugovk.github.io/pypi-tools/charts?featured_on=pythonbytes">PyPI Downloads</a> by Python version for various Python tools, in pretty colors</li> <li><a href="https://hugovk.github.io/python-core-devs/?featured_on=pythonbytes">Python Core Developers </a>over time</li> </ul></li> </ul> <p>Michael:</p> <ul> <li><a href="https://www.codeinacastle.com/python-zero-to-hero-2024?featured_on=pythonbytes">Code in a Castle Course event</a> - just a couple of weeks left</li> <li><a href="https://ladybird.org?featured_on=pythonbytes">Ladybird</a>: A truly independent browser</li> <li>“I'm also interested in your video recording setup, would be nice to have that in the extras too :D” <ul> <li><a href="https://obsproject.com?featured_on=pythonbytes">OBS Studio</a></li> <li><a href="https://www.elgato.com/us/en/s/welcome-to-stream-deck?featured_on=pythonbytes">Elgato Streamdeck</a></li> <li><a href="https://www.elgato.com/us/en/p/key-light?featured_on=pythonbytes">Elgato Key light</a></li> <li><a href="https://www.blackmagicdesign.com/products/davinciresolve?featured_on=pythonbytes">DaVinci Resolve</a></li> </ul></li> </ul> <p><strong>Joke:</strong> DevOps Support Group</p> <p>via Blaise</p> <ul> <li>Hi, my name is Bob</li> <li><em>Group</em>: Hi Bob</li> <li>I's been 42 days since I last ssh'd into production.</li> <li><em>Group</em>: Applause</li> <li>But only 4 days since I accidentally took down the website</li> <li><em>Someone in back</em>: Oh Bob…</li> </ul>
Categories: FLOSS Project Planets

Zato Blog: Integrating with Jira APIs

Planet Python - Mon, 2024-08-26 04:00
Integrating with Jira APIs 2024-08-26, by Dariusz Suchojad Overview

Continuing in the series of articles about newest cloud connections in Zato 3.2, this episode covers Atlassian Jira from the perspective of invoking its APIs to build integrations between Jira and other systems.

There are essentially two use modes of integrations with Jira:

  1. Jira reacts to events taking place in your projects and invokes your endpoints accordingly via WebHooks. In this case, it is Jira that explicitly establishes connections with and sends requests to your APIs.
  2. Jira projects are queried periodically or as a consequence of events triggered by Jira using means other than WebHooks.

The first case is usually more straightforward to conceptualize - you create a WebHook in Jira, point it to your endpoint and Jira invokes it when a situation of interest arises, e.g. a new ticket is opened or updated. I will talk about this variant of integrations with Jira in a future instalment as the current one is about the other situation, when it is your systems that establish connections with Jira.

The reason why it is more practical to first speak about the second form is that, even if WebHooks are somewhat easier to reason about, they do come with their own ramifications.

To start off, assuming that you use the cloud-based version of Jira (e.g. https://example.atlassian.net), you need to have a publicly available endpoint for Jira to invoke through WebHooks. Very often, this is undesirable because the systems that you need to integrate with may be internal ones, never meant to be exposed to public networks.

Secondly, your endpoints need to have a TLS certificate signed by a public Certificate Authority and they need to be accessible on port 443. Again, both of these are something that most enterprise systems will not allow at all or it may take months or years to process such a change internally across the various corporate departments involved.

Lastly, even if a WebHook can be used, it is not always a given that the initial information that you receive in the request from a WebHook will already contain everything that you need in your particular integration service. Thus, you will still need a way to issue requests to Jira to look up details of a particular object, such as tickets, in this way reducing WebHooks to the role of initial triggers of an interaction with Jira, e.g. a WebHook invokes your endpoint, you have a ticket ID on input and then you invoke Jira back anyway to obtain all the details that you actually need in your business integration.

The end situation is that, although WebHooks are a useful concept that I will write about in a future article, they may very well not be sufficient for many integration use cases. That is why I start with integration methods that are alternative to WebHooks.

Alternatives to WebHooks

If, in our case, we cannot use WebHooks then what next? Two good approaches are:

  1. Scheduled jobs
  2. Reacting to emails (via IMAP)

Scheduled jobs will let you periodically inquire with Jira about the changes that you have not processed yet. For instance, with a job definition as below:

Now, the service configured for this job will be invoked once per minute to carry out any integration works required. For instance, it can get a list of tickets since the last time it ran, process each of them as required in your business context and update a database with information about what has been just done - the database can be based on Redis, MongoDB, SQL or anything else.

Integrations built around scheduled jobs make most sense when you need to make periodic sweeps across a large swaths of business data, these are the "Give me everything that changed in the last period" kind of interactions when you do not know precisely how much data you are going to receive.

In the specific case of Jira tickets, though, an interesting alternative may be to combine scheduled jobs with IMAP connections:

The idea here is that when new tickets are opened, or when updates are made to existing ones, Jira will send out notifications to specific email addresses and we can take advantage of it.

For instance, you can tell Jira to CC or BCC an address such as zato@example.com. Now, Zato will still run a scheduled job but instead of connecting with Jira directly, that job will look up unread emails for it inbox ("UNSEEN" per the relevant RFC).

Anything that is unread must be new since the last iteration which means that we can process each such email from the inbox, in this way guaranteeing that we process only the latest updates, dispensing with the need for our own database of tickets already processed. We can extract the ticket ID or other details from the email, look up its details in Jira and the continue as needed.

All the details of how to work with IMAP emails are provided in the documentation but it would boil down to this:

# -*- coding: utf-8 -*- # Zato from zato.server.service import Service class MyService(Service): def handle(self): conn = self.email.imap.get('My Jira Inbox').conn for msg_id, msg in conn.get(): # Process the message here .. process_message(msg.data) # .. and mark it as seen in IMAP. msg.mark_seen()

The natural question is - how would the "process_message" function extract details of a ticket from an email?

There are several ways:

  1. Each email has a subject of a fixed form - "[JIRA] (ABC-123) Here goes description". In this case, ABC-123 is the ticket ID.
  2. Each email will contain a summary, such as the one below, which can also be parsed:
Summary: Here goes description Key: ABC-123 URL: https://example.atlassian.net/browse/ABC-123 Project: My Project Issue Type: Improvement Affects Versions: 1.3.17 Environment: Production Reporter: Reporter Name Assignee: Assignee Name
  1. Finally, each email will have an "X-Atl-Mail-Meta" header with interesting metadata that can also be parsed and extracted:
X-Atl-Mail-Meta: user_id="123456:12d80508-dcd0-42a2-a2cd-c07f230030e5", event_type="Issue Created", tenant="https://example.atlassian.net"

The first option is the most straightforward and likely the most convenient one - simply parse out the ticket ID and call Jira with that ID on input for all the other information about the ticket. How to do it exactly is presented in the next chapter.

Regardless of how we parse the emails, the important part is that we know that we invoke Jira only when there are new or updated tickets - otherwise there would not have been any new emails to process. Moreover, because it is our side that invokes Jira, we do not expose our internal system to the public network directly.

However, from the perspective of the overall security architecture, email is still part of the attack surface so we need to make sure that we read and parse emails with that in view. In other words, regardless of whether it is Jira invoking us or our reading emails from Jira, all the usual security precautions regarding API integrations and accepting input from external resources, all that still holds and needs to be part of the design of the integration workflow.

Creating Jira connections

The above presented the ways in which we can arrive at the step of when we invoke Jira and now we are ready to actually do it.

As with other types of connections, Jira connections are created in Zato Dashboard, as below. Note that you use the email address of a user on whose behalf you connect to Jira but the only other credential is that user's API token previously generated in Jira, not the user's password.

Invoking Jira

With a Jira connection in place, we can now create a Python API service. In this case, we accept a ticket ID on input (called "a key" in Jira) and we return a few details about the ticket to our caller.

This is the kind of a service that could be invoked from a service that is triggered by a scheduled job. That is, we would separate the tasks, one service would be responsible for opening IMAP inboxes and parsing emails and the one below would be responsible for communication with Jira.

Thanks to this loose coupling, we make everything much more reusable - that the services can be changed independently is but one part and the more important side is that, with such separation, both of them can be reused by future services as well, without tying them rigidly to this one integration alone.

# -*- coding: utf-8 -*- # stdlib from dataclasses import dataclass # Zato from zato.common.typing_ import cast_, dictnone from zato.server.service import Model, Service # ########################################################################### if 0: from zato.server.connection.jira_ import JiraClient # ########################################################################### @dataclass(init=False) class GetTicketDetailsRequest(Model): key: str @dataclass(init=False) class GetTicketDetailsResponse(Model): assigned_to: str = '' progress_info: dictnone = None # ########################################################################### class GetTicketDetails(Service): class SimpleIO: input = GetTicketDetailsRequest output = GetTicketDetailsResponse def handle(self): # This is our input data input = self.request.input # type: GetTicketDetailsRequest # .. create a reference to our connection definition .. jira = self.cloud.jira['My Jira Connection'] # .. obtain a client to Jira .. with jira.conn.client() as client: # Cast to enable code completion client = cast_('JiraClient', client) # Get details of a ticket (issue) from Jira ticket = client.get_issue(input.key) # Observe that ticket may be None (e.g. invalid key), hence this 'if' guard .. if ticket: # .. build a shortcut reference to all the fields in the ticket .. fields = ticket['fields'] # .. build our response object .. response = GetTicketDetailsResponse() response.assigned_to = fields['assignee']['emailAddress'] response.progress_info = fields['progress'] # .. and return the response to our caller. self.response.payload = response # ########################################################################### Creating a REST channel and testing it

The last remaining part is a REST channel to invoke our service through. We will provide the ticket ID (key) on input and the service will reply with what was found in Jira for that ticket.

We are now ready for the final step - we invoke the channel, which invokes the service which communicates with Jira, transforming the response from Jira to the output that we need:

$ curl localhost:17010/jira1 -d '{"key":"ABC-123"}' { "assigned_to":"zato@example.com", "progress_info": { "progress": 10, "total": 30 } } $

And this is everything for today - just remember that this is just one way of integrating with Jira. The other one, using WebHooks, is something that I will go into in one of the future articles.

More resources

➤ Python API integration tutorial
What is an integration platform?
Python Integration platform as a Service (iPaaS)
What is an Enterprise Service Bus (ESB)? What is SOA?

More blog posts
Categories: FLOSS Project Planets

Haruna 1.2.0

Planet KDE - Sun, 2024-08-25 23:00

Haruna version 1.2.0 is out with a new footer style.

Availability of other package formats depends on your distro and the people who package Haruna.

Windows version:

If you like Haruna then support its development: GitHub Sponsors | Liberapay | PayPal

Feature requests and bugs should be posted on bugs.kde.org, but for bugs make sure to fill in the template and provide as much information as possible.

Changelog: 1.2.0
  • Added floating footer/bottom toolbar style with 2 ways to trigger it:
    • on every mouse movement of the video area
    • only when the mouse is in the lower part of the video area
  • Removed the docbook and moved its content to tooltips
  • Middle clicking the playlist scrolls to the playing item
Categories: FLOSS Project Planets

KDE Goals - Our Cumulative Culture

Planet KDE - Sun, 2024-08-25 20:00

Every two years, the KDE community selects three goals that serve as focal points for the entire community's efforts in the coming years. This cyclical process of goal-setting and community-wide focus is a great example of KDE's Cumulative Culture in action.

This concept, typically observed in human societies, refers to the ability to build upon previous knowledge and innovations to create increasingly complex and effective solutions. In KDE's case, each cycle of goals represents a new layer of accumulated wisdom, i.e. new features and more stability.

The First Cycle (2018-2020)

The first cycle of goals laid the groundwork with its focus on community growth, privacy, and usability.

  • Streamlined Onboarding: Focused on attracting and retaining new contributors by making the onboarding process smoother and more engaging.
  • Privacy Software: Prioritized user privacy and security, ensuring KDE software respects user data and complies with security standards.
  • Usability & Productivity: Aimed to enhance the usability and productivity of KDE software, making it powerful yet easy to use.
The Second Cycle (2020-2022)

The second cycle tackled more complex challenges. Goals like Wayland implementation improvements (which layed the foundation for the Plasma 6 release), improving the app ecosystem, and ensuring consistency in design and functionality.

  • Wayland: This task aimed at stabilizing Wayland support accross KDE apps.
  • All About the Apps: Improved KDE's app infrastructure, enabling more efficient app delivery and better support services.
  • Improve Consistency across the Board: Ensured uniformity in design and functionality across KDE software, improving usability and reducing redundancy.
The Third Cycle (2022-2024)

The third cycle, which is currently coming to an end, was about progress and adaptation. A focus to include environmental responsibility, operational efficiency, and inclusive design.

  • Sustainable Software: Focused on making KDE software more energy-efficient and environmentally friendly by implementing practices that reduce resource consumption and ensure long-term sustainability.
  • Automate and Systematize Internal Processes: Aimed to streamline KDE’s internal workflows by automating repetitive tasks, adding code tests across projects and creating a Quality Assurance team to name a few.
  • KDE For All: Seeked to make KDE software accessible and inclusive for all users.
A New Cycle A Comin' (2024-2026)

Now, as we enter the fourth cycle of the KDE Goals, we see the full power of this cumulative process. Each goal, whether fully achieved or not, contributes to the collective knowledge and capability of the KDE community. Ideas and partial solutions from past cycles become a solid foundation of knowledge and experience that support future efforts.

The commmunity is currently voting on the following proposals for the next KDE Goals cycle that will guide our efforts and shape our focus for the coming years:

KDE Goals at Akademy

The three most voted goals will be announced at Akademy, where there will also be a wrap-up talk about the achievements of the current goals. Also, there will be Birds-of-a-feather (BoF) sessions with the new goal champions.

Join the Matrix room and keep an eye on the website for the latest KDE Goals updates.

Categories: FLOSS Project Planets

Matt Layman: Layman's Guide to Python Built-in Functions

Planet Python - Sun, 2024-08-25 20:00
Quick Jump List A: abs, aiter, all, anext, any, ascii, B: bin, bool, breakpoint, bytearray, bytes, C: callable, chr, classmethod, compile, complex, D: delattr, dict, dir, divmod E: enumerate, eval, exec, F: filter, float, format, frozenset, G: getattr, globals, H: hasattr, hash, help, hex, I: id, input, int, isinstance, issubclass, iter, L: len, list, locals, M: map, max, memoryview, min, N: next, O: object, oct, open, ord, P: pow, print, property, R: range, repr, reversed, round, S: set, setattr, slice, sorted, staticmethod, str, sum, super, T: tuple, type, V: vars, Z: zip, _: __import__,
Categories: FLOSS Project Planets

What's New In The Revised Blue Angel Criteria

Planet KDE - Sun, 2024-08-25 20:00

KDE's Okular is the first software which got awarded with the Blue Angel label for resource and energy-efficient software products. The certification was based on the first version of the criteria for this product criteria which were introduced in 2020. Now the criteria have been updated. What has changed and what does that mean for KDE?

The revised criteria are available as version 4 on the Blue Angel web site. Only the German version is currently available; the English version will follow shortly.

New software categories

The biggest change is the scope of the label. In the past it was limited to desktop software. With the updated version, the criteria also include software on mobile devices and server software or a combination of these categories, such as a web service with mobile and desktop clients.

The biggest challenge is the measurement of the energy and resource efficiency for these new categories, which requires a more flexible approach and must accommodate scenarios where the measurement cannot be done by inserting a meter in front of the power supply of a single device. The new criteria address this by defining applicable methods for the measurement of mobile and server applications.

The extended scope covers a much broader range of software. For KDE the desktop category is most relevant, but of course a lot of software also interacts with a server component, for example an email client like KMail, which could now be treated and assessed as a combined client-server system to give more realistic and relevant results.

More flexible measurement procedure

The expansion in scope requires an expanded view on the measurement of energy and resource efficiency as well. The first version of the criteria was quite strict and prescribed a very specific measurement procedure on specified reference systems. It was based on a comparison of measurements in a representative usage scenario and in idle mode. This gave a realistic impression of what the usage of a computer program meant in terms of energy consumption.

The new criteria allow for more variation in how the measurements are carried out. The original method is still there, but variations which lead to comparable results are possible as well. This change means that a new criterion was introduced to document the way measurements are done.

In addition to the measurement of the usage scenario, a new type of measurement was introduced. This measures total energy consumption of a production system over a longer period of time. This is particular useful for server applications, where this method can lead to more realistic numbers by averaging resource consumption over real-world usage of multiple users.

For mobile applications, the measurement also has to include the data volume transmitted during a standard usage scenario and the list of URLs it has accessed. This is based on the assumption that large volumes of data transfer imply a higher energy usage. It can also be used to assess if the application is using advertisements or is collecting tracking information. Both are forbidden under the revised Blue Angel criteria.

Ongoing assessment of energy and resource efficiency

The original criteria demanded that updates of the software still run on old reference systems and that the energy consumption does not increase more than 10%. They were not very clear in how exactly this should be proven and documented. Especially for software which is released very often, testing every individual update is impractical. For mobile and even more for server software, update cycles can be very short, up to multiple updates a day.

In the updated criteria there is a more precise way of handling updates. The general idea is still there that updated software run on old hardware and energy consumption not increase too much. But it's not tied to individual updates anymore. The required procedure is to do a measurement at least once a year and publish the results as part of the documentation of the software product. This includes documentation of the measurement setups and any changes to it as well as preserving the history of measurements, so that users can judge for themselves how much energy and resource usage is increasing over time.

This procedure clarifies the requirments and opens a pragmatic way of measuring updates. It implies a certain burden on updating documentation.

Consequences for KDE and Okular

KDE holds the Blue Angel label for its PDF viewer Okular. This is desktop software and the standard usage scenario doesn't include any network access. That means that the expanded scope does not change anything for the existing certification. The revised criteria open up the opportunity to apply for the Blue Angel label for mobile software, such as KDE Connect, and mixed scenarios which also include server components, but the eco-certification for Okular is covered as it was before.

The more flexible measurement criteria give us more leeway in how we are doing the measurements. We have set up KEcoLab for being able to regularly do measurements. This setup follows the procedure prescribed in the original criteria. As this is still valid, it also means no change for us, and our measurements still fulfill the criteria. However, it gives us more opportunities to improve the lab and doesn't strictly tie us to the original list of reference systems anymore. We might want to take advantage of that.

The documentation of the measurement system is something we have always done in a transparent way, so this also doesn't require any big changes on our side. We have to consider how to best convey this in the documentation of Okular, but this is mostly a question on how we communicate the existing content.

The ongoing assessment of energy and resource efficiency ties very well into how we handle software updates. We have a continuous release stream with frequent updates and incremental changes. This fits the model of the new criteria. We have to review how we include regular updates of the documentation and measurement data in releases, but this again is mostly a question of how we communicate the existing content.

Conclusion

The revised criteria provide a welcome expansion of the Blue Angel to more categories of software and a more flexible way to do energy and resource efficiency measurements. They continue to align well with how KDE develops software in general and Okular in particular, so we do not see any issues with continuing the Blue Angel certification for Okular.

We would be happy if the new version of the criteria would increase adoption of the Blue Angel ecolabel for resource and energy efficient software. Sustainable software is an important topic and the Blue Angel can be one way of making progress in this area more visible to a broad audience.

Categories: FLOSS Project Planets

NextCloudPi on Raspberry Pi 5

Planet KDE - Sun, 2024-08-25 15:35

I finally took an evening to get NextCloudPi installed on a Raspberry Pi 5 with a large-ish NVMe drive. This was not a smooth ride. For your pleasure, this is how I got it working.

First, use Jeff Geerling’s guide to get the Pi booting from the NVMe drive.

Second, use this guide to move from Debian networking to systemd-networkd, but do not hold the avahi-daemon package.

Third, run the NextCloudPi curl install script.

Next up – the migration from my old instance. I have 1.5TB of files on a spin disk connected via USB that I need to move to the new NVMe storage – but that is for another night.

For the record – I do love NextCloud and NextCloudPi, so no finger pointing here, just sharing some frustration and how I got around the issue.

Categories: FLOSS Project Planets

Thomas Lange: Custom Live Media, also for Newer Hardware

Planet Debian - Sun, 2024-08-25 09:52

At this years Debian conference in South Korea I've presented1 the new feature of the FAIme web service. You can now build your own Debian live media/ISO.

The web interface provides various settings, for e.g. adding a user name and its password, selecting the Debian release (stable or testing), the desktop environment and the language. Additionally you can add your own list of packages, that will be installed into the live environment. It's possible to define a custom script that gets executed during the boot process. For remote access to the live system, you can easily sepcify a github, gitlab or salsa account, whose public ssh key will be used for passwordless root access. If your hardware needs special grub settings, you may also add those. I'm thinking about adding an autologin checkbox, so the live media could be used for a kiosk system.

And finally newer hardware is supported with the help of the backports kernel for the Debian stable release (aka bookworm). This combination is not available from the official Debian live images or the netinst media because the later has some complicated dependencies which are not that easy to resolve2. At DebConf24 I've talked to Alper who has some ideas3 how to improve the Debian installer environment which then may support a backports kernel.

The FAI web service for live ISO is available at

      https://fai-project.org/FAIme/live

  1. https://debconf24.debconf.org/talks/136-a-web-service-for-building-your-own-customized-debian-live-image/ ↩

  2. https://lists.debian.org/debian-cd/2024/07/msg00031.html ↩

  3. https://debconf24.debconf.org/talks/75-ideas-to-move-debian-installer-forward/ ↩

Categories: FLOSS Project Planets

Seth Michael Larson: 2024 Minnesota State Fair foods

Planet Python - Sat, 2024-08-24 20:00
2024 Minnesota State Fair foods AboutBlogNewsletterLinks 2024 Minnesota State Fair foods

Published 2024-08-25 by Seth Larson
Reading time: minutes

If you didn't know, I'm from Minnesota. Minnesotans love their State Fair, and I'm not an exception! My wife and I were lucky enough to go to a State Fair preview for LuLu's Public House for fried ranch dressing among a handful of new drinks. I shared my thoughts on Mastodon and a few folks seemed interested in hearing more: so here's more!

Cajun fried pickles from The Perfect Pickle

These are hands-down the best food at the Minnesota State Fair. You eat an order, ponder getting more (some years we do!) and then wonder to yourself why they put the best of the best right next to the shuttle entrance. Don't go out looking for answers lest they move these further away, sometimes it's best to leave sleeping “pickle dogs” lie.

Seriously, if you like pickles even a little bit, get these pickles. You can get them quick if you're lucky and other folks don't realize there are supposed to be six lines of people taking orders.

They're ripping hot right when they hand them to you, so if you're like me and enjoy food “biting back” then don't delay! 🔥

This year included a noticeable increase in the amount of Cajun seasoning, or we got lucky and someone behind the scenes gave us an extra coating (either way we're not complaining!)

Peanut Butter Bacon Cakes and Blue Cheese & Corn Fritz from The Blue Barn

Celebrating their 10th consecutive year at the Minnesota State Fair, The Blue Barn is always a fan favorite. Seriously, run over there if you get to the fair early to beat the massive lines for food and drinks.

We grabbed the new Peanut Butter Bacon Cakes along with the returning classic Blue Cheese & Corn Fritz which I had never tried before.

The Peanut Butter Bacon Cakes were really great, there was thick-cut bacon griddled inside of pancake batter strips along with jelly and a peanut butter whipped cream. Perfect combo of savory and sweet, and you're in complete control of the ratios. The bacon and pancake flavors reminded me of learning to make pancakes with my late grandfather. Although that bacon was microwave-ready Hormel bacon... I promise this one's delish!

The Blue Cheese & Corn Fritz was really great, I missed out on this one last year. Perfect amount of sweetness from the corn, really well-balanced cheesy little bite! Wish I could have had more than one of these, we were sharing amongst a big group!

Wrangler Waffle Burger, Bacon-Wrapped Pickle Dog, and “Kind of a Big Dill” Lemonade from Nordic Waffles

Another vendor that fills up immediately after opening, Nordic Waffle should be top of your list because of two returning new foods from 2023: the Bacon-Wrapped Pickle Dog and the Pickle Lemonade. Both of these are really great, the lemonade sounds strange but works really well (even if you don't love pickles). The subtle saltiness balances out the sweet and tartness which makes for a dangerously drinkable item.

The Wrangler was good, it's one of those winning combinations of flavors that is really hard to mess up: beef, cheese, caramelized onions, and a mayo-based sauce. The onions being grilled into the waffle was fun but didn't do much flavor-wise (they might as well have been a topping), honestly wish they went all-out on the onions to the point of being noticeable texture-wise in the waffle. The bacon-wrapped pickle dog is as awesome as it sounds, so much more interesting flavor-wise!

I'm also not a fan of their choice of sauce, they went with Whataburger, a famously mid-tier burger joint in Texas, of all places? This is a grave error by Nordic Waffles because Minnesota and Texas have serious State Fair beef. Minnesota seeing the highest single-day attendance over 12 days, where the Texas State Fair sees the highest total attendance over 24 days (it might be obvious which State Fair I think is the true champion).

Sweet Corn Cola Float from Blue Moon Dine-in Theater

This one was interesting! Sweet Corn icecream and house-made “corn Cola”, so I take that to mean corn syrup Cola? Not sure. The flavor definitely gave a “not-too-sweet” vibe which was nice, there was a good amount of a corny and almost “earthy” flavor in the float.

The texture of the corn icecream was a little less smooth than a normal icecream, which landed somewhere between novel and “interesting”. I actually recommend giving this one a good mix before you drink it to blend the flavors together better, you're only given a boba straw to drink it.

Overall, would I get it again? Probably not, because Lift Bridge root beer floats exist and are much better. But worth a try!

Sweet Heat Bacon Crunch from RC's BBQ

Had this one side-by-side with my typical order from RC's which is a bunch of ribs and yeah, it was fine, but if I'm buying barbecue I want ribs or brisket. There was some chili crisp (but not much, maybe because it's Minnesota) and hot honey that got a bit lost in the dish. Can't recommend this one, RC's usual items are much better.

Spam breakfast sandwich from SPAM

Attention all SPAM-lovers at the fair! The SPAM booth has moved from under the Grandstand bridge to the southern edge of the DNR building. I nearly had a heart-attack when I saw the SPAM booth wasn't in its usual spot, I had to sneak away with a fellow SPAM-lover from our group to snag this item.

We got ours with pickles (surprise!) and jalapeños, a little bit of kick and acid to cut through the lovely fatty grilled SPAM. Pretty sure this little sandwich was gone in 4 bites, highly recommend finding this stand if you're a long-time-enjoyer or first-timer of SPAM!

That's all for this year. At this point we kept trying new items, but I suspect not being hungry started to impact my opinions of the foods, so you'll have to try them yourself! :)

Thanks for reading! ♡ Did you find this article helpful and want more content like it? Get notified of new posts by subscribing to the RSS feed or the email newsletter.

This work is licensed under CC BY-SA 4.0

Categories: FLOSS Project Planets

GNUnet News: GSoC Work Product: GNUnet over HTTP3

GNU Planet! - Sat, 2024-08-24 18:00
GSoC Work Product: GNUnet over HTTP/3 Goals of the Project.

This project aimed to implement a new communicator for GNUnet's Transport Next Generation (TNG) using the HTTP/3 protocol.

What I did.

We chose ngtcp2 and nghttp3 for their stability and adherence to RFC standards. I began by studying communicator fundamentals and analyzing relevant code examples. I then created a QUIC communicator using libngtcp2, implementing essential communication features. Building on this, I integrated libnghttp3 to support HTTP/3 layer communication. After establishing basic uni-directional communication, I proceeded to implement bi-directional capabilities. With the help and guidance of my mentors, I completed the above work, including the selection and design of message transmission methods and the implementation of code.

The current state.

We have two branches, dev/shichao/http3 for basic communication and dev/shichao/http3bidirect for bi-directional communication. They can pass the basic tests. However, we found that there were occasional failures during the test. We currently assume that this is caused by the test harness not being able to process the received data packets in time.

What's left to do.

There are still many areas that can be improved in the HTTP/3 communicator, such as using CID map instead of IP address map. In addition, in bi-directional communication, the server's sending rate is slightly lower than the client's transmission rate, and this will be optimized in the future. Finally, integrating the Peer Identity into the TLS handshake in order to authenticate the peers is a natural feature to implement.

What code got merged (or not) upstream.

All the code is available upstream in the master branch and will be available with the next release.

Challenges I Encountered.

Initially, I was unfamiliar with the ngtcp2 and nghttp3 libraries. While there were some examples available, I found limited guidance for more advanced usage. Through careful study and experimentation, I gradually gained a deeper understanding of these libraries. But in this process, I have a deeper understanding of QUIC and HTTP/3 protocols, and also improved my coding skills.

Categories: FLOSS Project Planets

Freelock Blog: The rising costs of site ownership

Planet Drupal - Sat, 2024-08-24 17:36
The rising costs of site ownership Aug 24, 2024 By John Locke

How much do you spend on your website? I'm not asking how much it cost you to create/build -- I mean day to day, what does it cost to own and maintain your site?

And what happens if you stop paying that?

Sustainable/Open Business Read More
Categories: FLOSS Project Planets

Brian Okken: Finding the top pytest plugins

Planet Python - Sat, 2024-08-24 17:00
What are the top downloaded pytest plugins? I want to know this. And I’d like the answer updated regularly. So today I decided to write a script to do that for me. Grab data Let’s start with Top PyPI Packages from Hugo van Kemenade. This list is “A monthly dump of the 8,000 most-downloaded packages from PyPI.” Perfect. Parse Now: Filter for “pytest” in the package name Remove “pytest” itself.
Categories: FLOSS Project Planets

Kalyani Kenekar: Join Us: Contribute to Open Source as Marathi speaking person!

Planet Debian - Sat, 2024-08-24 14:30

GNOME is one of the most widely used free and open-source desktop environments!

Your native language is Marathi and you are using GNOME as your desktop environment? Then me as the coordinator for the Marathi translation team in GNOME is excited to invite you to become part of the team who is working on translating the GNOME Desktop into Marathi!

By this and contributing to the translation of GNOME into Marathi you would be a member of an important project and you can help to make it more accessible to Marathi speakers worldwide and help also to keep our language alive in the open source world.

Why Should You Contribute?
  • Promote Your Language

    By translating GNOME into Marathi, you help to preserve and promote our beautiful language in the digital world.

  • Learn and Grow

    Contributing to open-source projects like GNOME is a great way to improve your language and technical skills, network with like-minded individuals, and gain recognition in the global open-source community.

  • Give Back to the Community

    This is an opportunity to contribute to a project that has a significant impact on users around the world. Your work will enable Marathi speakers to use technology in their native language.

Who Can Contribute?

You don’t need to be a professional translator to join us! If you are fluent in Marathi and have a basic understanding of English, your contributions will be invaluable. Whether you’re a student, a professional, or just someone passionate about your language, your help is needed and really appreciated!

How To Start Translating?

Once you’re familiar with the tools, you can easily begin translating. We have a list of untranslated strings waiting for your contribution!

How To Join The Team?

Follow these steps to join the Marathi translation team for GNOME and start contributing:

  • Step 1: Visit our GNOME Translation Team Page.
  • Step 2: If you’re a new user, click on the “Create Account” option to sign up.
  • Step 3: Once you’ve created your account, log in with your credentials.
  • Step 4: After logging in, click the “Join” button to become a translator for the Marathi team.
  • Step 5: You’ll now see a list of different modules that need translation. Choose one of the files that interests you and download it to your computer.
  • Step 6: Translate the content locally on your computer. Once you’re done, return to the website, click “Browse,” and submit your translated file.
Get Familiar with the Additional Tools Varnam

If you’re not used to typing in Marathi, you can still contribute using the Varnam website, a free and open-source tool that converts English text into Marathi. Here’s how you can get started:

  • Step 1: Visit the Varnam website.
  • Step 2: Click on the “Try Now” button on the website.
  • Step 3: In the language selection menu, choose “Marathi” as your desired language.
  • Step 4: Now you can start typing in English, and Varnam will automatically convert your text into Marathi. If you need more guidance, there’s a help window available on the site that you can explore for additional support.
Need Help Or You Have Questions?

If you have any doubts or need further assistance how you get started with translating GNOME into Marathi, don’t hesitate to reach out. I’m here to help you on every step of the way!

You can connect with me directly at kalyaniknkr@gmail.com Whether you need technical support, guidance on using the tools, or just want to discuss the project, feel free to get in touch.

Let’s work together to make GNOME accessible to Marathi speakers around the world. Your contributions are always invaluable, and I look forward to welcoming you to our team!

Thank you for your interest and support!

Categories: FLOSS Project Planets

Dirk Eddelbuettel: RcppEigen 0.3.4.0.2 on CRAN: Micro Maintenance

Planet Debian - Sat, 2024-08-24 08:37

A new maintenance release of RcppEigen is now on CRAN, and will go to Debian shortly as usual. Eigen is a C++ template library for linear algebra: matrices, vectors, numerical solvers, and related algorithms. RcppEigen is used by 460 other CRAN packages, and has been downloaded 31.9 million times just off the mirrors of CRAN keeping logs for counting.

The recent change switing to Authors@R (now that CRAN mandates it) contained in dual typo in ORCID tags, this releases fixes it.

The complete NEWS file entry follows.

Changes in RcppEigen version 0.3.4.0.2 (2024-08-23)
  • Correct two typos in the ORCID tag

Courtesy of CRANberries, there is also a diffstat report for the most recent release.

If you like this or other open-source work I do, you can sponsor me at GitHub.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Categories: FLOSS Project Planets

Talk Python to Me: #475: Python Language Summit 2024

Planet Python - Sat, 2024-08-24 04:00
Every year the core developers meet to discuss and propose the major changes and trends in Python itself. This invite-only conference of about 50 people happens inside PyCon in the US. Because it's private, we rarely get detailed looks inside this event. On this episode, we have Seth Michael Larson here to give us his account of the sessions and proposals. It's a unique look into the zeitgeist of CPython.<br/> <br/> <strong>Episode sponsors</strong><br/> <br/> <a href='https://talkpython.fm/posit'>Posit</a><br> <a href='https://talkpython.fm/training'>Talk Python Courses</a><br/> <br/> <strong>Links from the show</strong><br/> <br/> <div><b>Seth on Mastodon</b>: <a href="https://fosstodon.org/@sethmlarson" target="_blank" >@sethmlarson@fosstodon.org</a><br/> <b>Seth on Twitter</b>: <a href="https://twitter.com/sethmlarson?featured_on=talkpython" target="_blank" >@sethmlarson</a><br/> <b>Seth on Github</b>: <a href="https://github.com/sethmlarson?featured_on=talkpython" target="_blank" >github.com</a><br/> <br/> <b>The Python Language Summit 2024</b>: <a href="https://pyfound.blogspot.com/2024/06/python-language-summit-2024.html?featured_on=talkpython" target="_blank" >blogspot.com</a><br/> <b>PEP 2026: Calendar versioning for Python</b>: <a href="https://github.com/python/peps/pull/3834?featured_on=talkpython" target="_blank" >github.com</a><br/> <b>PSF authorized as a CVE Numbering Authority</b>: <a href="https://discuss.python.org/t/the-python-software-foundation-has-been-authorized-by-the-cve-program-as-a-cve-numbering-authority-cna/32561?featured_on=talkpython" target="_blank" >python.org</a><br/> <b>Recommends Memory-Safe Programming Languages</b>: <a href="https://pyfound.blogspot.com/2024/02/white-house-recommends-.html?featured_on=talkpython" target="_blank" >blogspot.com</a><br/> <b>Watch this episode on YouTube</b>: <a href="https://www.youtube.com/watch?v=_SdgRaZB8qU" target="_blank" >youtube.com</a><br/> <b>Episode transcripts</b>: <a href="https://talkpython.fm/episodes/transcript/475/python-language-summit-2024" target="_blank" >talkpython.fm</a><br/> <br/> <b>--- Stay in touch with us ---</b><br/> <b>Subscribe to us on YouTube</b>: <a href="https://talkpython.fm/youtube" target="_blank" >youtube.com</a><br/> <b>Follow Talk Python on Mastodon</b>: <a href="https://fosstodon.org/web/@talkpython" target="_blank" ><i class="fa-brands fa-mastodon"></i>talkpython</a><br/> <b>Follow Michael on Mastodon</b>: <a href="https://fosstodon.org/web/@mkennedy" target="_blank" ><i class="fa-brands fa-mastodon"></i>mkennedy</a><br/></div>
Categories: FLOSS Project Planets

Russell Coker: Wifi 6E Mesh

Planet Debian - Sat, 2024-08-24 03:56

I am looking into getting a Wifi mesh network. The aim is to use it for providing access to devices through my home especially for devices on the congested 2.4GHz frequency. Ideally I want 6GHz Wifi6E for the communication between mesh nodes as well as for talking to the few devices that are new enough to support it (I like buying cheap second hand devices). 2.5Gbit ethernet connections on all mesh nodes would be good too.

Wifi 7 is semi-released, you can buy devices even though the specs aren’t entirely finalised. I expect that next year when Wifi 7 devices are more common the second hand prices of Wifi 6E will drop. Currently Wifi 6E devices are somewhat expensive.

One major problem at the moment is “cloud configuration”. Here is a 41 page forum thread of TP-Link customers asking in vain for non-cloud configuration [1]. The problems with cloud configuration are that it doesn’t allow configuration without Internet access (so no fixing things when internet breaks and no use for a private network without Internet), it relies on a proprietary phone app (so a problem with your phone breaks everything), and it adds a dependency on an unpaid service that TP-Link might decide to turn off at some future time. The TP -Link Deco X55 AX3000 looks like a good set of devices, it currently costs $328 for a set of three Wifi 6 (not 6E) devices is a good deal, pity that the poor software options let it down.

TP-Link also seems to be scanning web traffic and sending the analysis to an external site [2], it seems to be operating as malware. The TP-Link software seems to be most accurately described as malware.

There is the OpenWrt project for open firmware on Wifi APs which is a great project [3] but it doesn’t seem to support any Wifi 6 mesh systems yet. If most Wifi hardware requires malware for operation it seems that running a VPN over Wifi is the way to go. A hostile party being able to sniff your home network is much worse than a hostile party sniffing public Internet traffic.

The Google Nest mesh devices have good specs and price, $359 for a three node Wifi 6E mesh that has 2.5Gbit ethernet. But they can only be configured with a Google app for Android or iOS and require a Gmail account. Giving Google the ability to shut down all my stuff by deleting my gmail account is not acceptable. Also Google is well known for cancelling services [4]. A mitigating factor is that there should be enough of those devices sold to make them a good target for an OpenWRT port.

As an aside it looks like the TailScale mesh VPN system could be a solution to the security issues related to malware on Wifi APs problem [5]. There is also HeadScale which is the fully open source variant of that [6]. Even when the vendor isn’t overtly hostile they can make mistakes so encryption is good.

Kogan is selling an own-brand Wifi 6 mesh network package that comes with 1/2/3 devices for $70/$120/$140. It doesn’t do Wifi 6E but supports the better encoding methods of Wifi 6 over Wifi 5 and will be good for bridging a LAN in one part of a house to a Wifi 2.4GHz or Ethernet connected device in another part. They also support up to 7 nodes so you could buy two of the 3 device packages and run one network with 2 and another with 4. The pricing is very competitive and they support web based administration!

I’ve just ordered the $140 pack from Kogan. If it doesn’t do what I want then I can find someone else who will be happy with whatever functionality it gives and $140 is an amount I can risk without concern. If it works well then I might upgrade to Wifi 6E or Wifi 7 next year and deploy the Wifi 6 one for a relative.

Related posts:

  1. Wifi Performance on Linux Wifi usually just works. In the past I haven’t had...
  2. 2 node vs 3+ node clusters A comment on my post about the failure probability of...
  3. Ethernet bonding Bonding is one of the terms used to describe multiple...
Categories: FLOSS Project Planets

Russell Coker: Is Secure Boot Worth Using?

Planet Debian - Fri, 2024-08-23 23:45

With news like this one cited by Bruce Schneier [1] people are asking whether it’s worth using Secure Boot.

Regarding the specific news article, this is always a risk with distributed public key encryption systems. Lose control of one private key and attackers can do bad things. That doesn’t make it bad it just makes it less valuable. If you want to setup a system for a government agency, bank, or other high value target then it’s quite reasonable to expect an adversary to purchase systems of the same make and model to verify that their attacks will work. If you want to make your home PC a little harder to attack then you can expect that the likely adversaries won’t bother with such things. You don’t need security to be perfect, making a particular attack slightly more difficult than other potential attacks gives a large part of the benefit.

The purpose of Secure Boot is to verify the boot loader with a public key signature and then have the boot loader verify the kernel. Microsoft signs the “shim” that is used by each Linux distribution to load GRUB (or another boot loader). So when I configure a Debian system with Secure Boot enabled that doesn’t stop anyone from booting Ubuntu. From the signatures on the boot loader etc there is no difference from my Debian installation and a rescue image from Debian, Ubuntu, or another distribution booted by a hostile party to do things against my interests. The difference between the legitimate OS image and malware is a matter of who boots it and the reason for booting it.

It is possible to deconfigure Microsoft keys from UEFI to only boot from your own key, this document describes what is necessary to do that [2]. Basically if you boot without using any “option ROMs” (which among other things means the ROM from your video card) then you can disable the MS keys.

If it’s impossible to disable the MS keys that doesn’t make it impossible to gain a benefit from the Secure Boot process. You can use a block device decryption process that involves a signature of the kernel and the BIOS being used as part of the decryption for the device. So if a system is booted with the wrong kernel and the user doesn’t recognise it then they will find that they can’t unlock the device with the password. I think it’s possible on some systems to run the Secure Boot functionality in a non-enforcing mode such that it will use a bootloader without a valid signature but still use the hash for TPM calculations, that appears impossible on my Thinkpad Yoga Gen3 which only has enabled and disabled as options but should work on Dell laptops which have an option to run Secure Boot in permissive mode.

I believe that the way of the future is to use something like EFIStub [3] to create unified kernel images with a signed kernel, initrd, and command-line parameters in a single bundle which can be loaded directly by the UEFI BIOS. From the perspective of a distribution developer it’s good to have many people using the current standard functionality of shim and GRUB for EFI as a step towards that goal.

CloudFlare has a good blog post about Linux kernel hardening [4]. In that post they cover the benefits of a full secure boot setup (which is difficult at the current time) and the way that secure boot enables the lockdown module for kernel integrity. When Secure Boot is detected by the kernel it automatically enables lockdown=integrity functionality (see this blog post for an explanation of lockdown [5]). It is possible to enable this by putting “lockdown=integrity” on the kernel command line or “lockdown=confidentiality” if you want even more protection, but it happens by default with Secure Boot. Secure Boot is something you can set to get a selection of security features enabled and get a known minimum level of integrity even if the signatures aren’t used for anything useful, restricting a system to only boot kernels from MS, Debian, Ubuntu, Red Hat, etc is not useful.

For most users I think that Secure Boot is a small increase in security but testing it on a large number of systems allows increasing the overall security of operating systems which benefits the world. Also I think that having features like EFIStub usable for a large portion of the users (possibly the majority of users) is something that can be expected to happen in the lifetime of hardware being purchased now. So ensuring that Secure Boot works with GRUB now will facilitate using EFIStub etc in future years.

The Secure Boot page on the Debian wiki is worth reading, and also worth updating for people who want to contribute [6].

Related posts:

  1. Secure Boot and Protecting Against Root There has been a lot of discussion recently about the...
  2. Question about a “Secure Filesystem” I have just been asked for advice about “secure filesystem”...
  3. Designing a Secure Linux System The Threat Bruce Schneier’s blog post about the Mariposa Botnet...
Categories: FLOSS Project Planets

This week in KDE: per-monitor brightness control and “update then shut down”

Planet KDE - Fri, 2024-08-23 22:28

This week was all about the quality of life features! As we close in on Plasma 6.2 (the soft feature freeze is in four days, eek!), some great work that’s been in progress for a long time got merged.

Notable New Features

Okular now has a “speak text from current page” feature (Athul Raj Kollareth, Okular 24.12.0. Link)

Plasma’s Brightness widget now shows individual brightness sliders for every connected monitor that supports this, so you can control them separately! If you want to adjust all of them together, you can still do that via global shortcut/keyboard key or by scrolling over the widget (Jakob Petsovits, Plasma 6.2.0. Link):

When there’s a pending offline system update, you’ve already got the option to update and then reboot, or just reboot and skip the update. Now, there’s also an option to complete the update and then shut down the computer! This option is exposed both on the logout screen, and also in Discover (Thomas Duckworth, Plasma 6.2.0. Link 1, link 2, and link 3):

Long-pressing an empty area of a Plasma panel using a touchscreen now enters edit mode for that panel (Niccolò Venerandi, Plasma 6.2.0. Link)

Notable UI Improvements

The “Add Widgets” sidebar has received a UX overhaul with numerous usability focused changes, including:

  • Appearing on the right side of the screen when opened from a right-screen-edge panel
  • Using wider grid cells to permit longer text without elision or unnatural word-wrap behaviors
  • Improved appearance of the filter button, so now it looks like it opens a drop-down menu — because it does
  • Sorting is now locale-aware, taking into account, for example, accented characters
  • You access it from buttons and menu items labeled “Add or Manage Widgets,” since it also acts as the place where you get new widgets or delete unwanted ones
  • Spacer widgets can also be found there, no longer only from the panel settings dialog
  • When installing manually-downloaded widgets, the open dialog now accept all valid file types

And believe it or not, that’s not all that’s planned! But the rest will have to wait until next week… (Niccolò Venerandi, Plasma 6.2.0. Link 1, link 2 3, link 4, link 5, link 6, link 7)

When your system is using a non-default power profile, it’s now shown as a badge on the battery icon, so you can see both the power profile and also the battery status at the same time (Louis Moureaux and me: Nate Graham, Plasma 6.2.0. Link 1 and link 2):

At the moment this only works with the Breeze icon theme, and 3rd-party icon themes will have to add some more icons to opt into it. Until then, users of those icon themes will get the old appearance when using a non-default power profile

A panel popup opened from a widget on the end of a limited-width panel now tries its best to align its edge with that of the panel (Niccolò Venerandi, Plasma 6.2.0. Link):

Maybe I just really like clocks, ok?

You can now give a custom display name to your custom command shortcuts (Yifan Zhu and Thenujan Sandramohan, Plasma 6.2.0. Link):

Discover is now more accurate about how it presents licenses, and communicates the subtle distinctions between “proprietary” and “non-free”, rather than branding everything that isn’t free software as proprietary (me: Nate Graham, Plasma 6.2.0. Link):

When you change keyboard layouts, the labels of the language codes that appear in the system tray no longer subtly change in size based on the shape of their letters (Sauf Lvc, Plasma 6.2.0. Link)

Added a Breeze icon for Applet Wallet bundle files (Kai Uwe Broulik, Frameworks 6.6. Link):

Notable Bug Fixes

When Spectacle is configured to save in a format other than PNG by default, pasting a just-copied screenshot now always works in every target app, with the caveat that some apps that don’t advertise support for non-PNG image pasting (like Firefox and Chromium, annoyingly) will get a PNG version anyway, rather than your preferred file format. This is better than it not working at all, at least! (Noah Davis, Spectacle 24.08.1. Link)

You can once again use the arrow keys to move focus out of Kickoff’s favorites grid view (Arjen Hiemstra, Plasma 6.1.5. Link)

Fixed a complex bug that could cause KWin to crash when X11 or XWayland-using apps monkeyed with the window stacking order in specific ways (Vlad Zahorodnii, Plasma 6.1.5. Link. And thanks to the reporter Peter Strick for being incredibly helpful in making the issue reproducible! All bug reports should be so good.)

Fixed an annoying bug that caused text copied from cells in LibreOffice Calc to never make it onto the clipboard unless you changed the clipboard’s settings to always store images (Fushan Wen, Plasma 6.1.5. Link)

Fixed a bug that caused tooltips to appear at the last location the mouse pointer was located at when interacting with the system using a stylus (David Redondo, Plasma 6.1.5. Link)

Fixed a funny bug that could make Plasma crash when you have a Media Player widget on your panel (not the System Tray, directly on a panel) and play certain specific songs whose titles are exactly the right length to trigger an obscure layout bug (Fushan Wen, Plasma 6.2.0. Link)

Fixed a weird issue that made modifier-only global shortcuts in the X11 session fail to switch keyboard layouts as expected while on the lock screen and other places (Yifan Zhu, Plasma 6.2.0. Link)

Exporting your shortcuts on System Settings’ Shortcuts page now includes any custom script shortcuts you’ve created, so that when you import them elsewhere, they work (Akseli Lahtinen and David Redondo, Plasma 6.2.0. Link)

Other bug information of note:

  • 2 Very high priority Plasma bugs (down from 3 as last week). Current list of bugs
  • 36 15-minute Plasma bugs (up from 30 last week; bug triage activities discovered some more old issues that seemed important to fix soon, which were added to the list). Current list of bugs
  • 156 KDE bugs of all kinds fixed over the last week. Full list of bugs
Notable in Performance & Technical

Improved KWin’s HDR tone mapping, allowing it to do a better job of displaying colors in cases where HDR content specifies a brightness level higher than what the screen is capable of outputting. There’s even more that can be done, but it’s already a big improvement. (Xaver Hugl, Plasma 6.2.0. Link)

Even further optimized the system performance impact in KWin of using an ICC profile to change your screen’s color calibration (Xaver Hugl, Plasma 6.2.0. Link)

Improved KWin’s performance for some multi-GPU systems (Xaver Hugl, Plasma 6.2.0. Link)

Added a bunch of autotests for X11-specific behavior in KWin, since fewer people are exercising that code now that 80+% of Plasma 6 users are using Wayland (Vlad Zahorodnii, Plasma 6.2.0. Link)

…And Everything Else

This blog only covers the tip of the iceberg! If you’re hungry for more, check out https://planet.kde.org, where you can find more news from other KDE contributors.

How You Can Help

Otherwise, visit https://community.kde.org/Get_Involved to discover other ways to be part of a project that really matters. Each contributor makes a huge difference in KDE; you are not a number or a cog in a machine! You don’t have to already be a programmer, either. I wasn’t when I got started. Try it, you’ll like it! We don’t bite! Or consider donating instead! That helps too.

Categories: FLOSS Project Planets

Web Review, Week 2024-34

Planet KDE - Fri, 2024-08-23 16:37

Let’s go for my web review for the week 2024-34.

Unbundling Profile: MIT Libraries - SPARC

Tags: research, copyright, open-access

It’s good to see major institutions like this get out of contracts with scientific publishing companies. Those unfortunately became mostly parasitic. Open access should be the norm for research.

https://sparcopen.org/our-work/big-deal-knowledge-base/unbundling-profiles/mit-libraries/


Make Firefox Private Again

Tags: tech, mozilla, privacy

Since they unfortunately turned on private attribution by default (why? Mozilla, why?). Here is an easy automated way to turn it off.

https://make-firefox-private-again.com/


Being on The Semantic Web is easy, and, frankly, well worth the bother

Tags: tech, web, semantic

With all those bots and scripts crawling the Web, some of the semantic web vision got silently implemented.

https://csvbase.com/blog/13


Markov chains are funnier than LLMs

Tags: tech, ai, machine-learning, gpt, markov-chains, funny

Interesting musing. The predictability in tone doesn’t make for very funny content indeed. Also as a side-effect this might help people remember that Markov chain are a thing and much less expensive.

https://emnudge.dev/blog/markov-chains-are-funny/


ugh. I picked up a shitty NUC from ewaste…

Tags: tech, security

Scary thread… developers should know better than do this and ship it on devices around the world. Their data is now anyone for the taking and users’ privacy can’t be ensured.

https://digipres.club/@foone/112990331505043510


NetAlert X

Tags: tech, networking, security, tools

Looks like a nice tool to monitor your network.

https://netalertx.com/


Free, OpenSource IPv6 Textbook

Tags: tech, book, ip, networking

Looks like an interesting resource to learn about IPv6.

https://ipv6textbook.com/


Andries Brouwer on the OOM killer

Tags: tech, linux, kernel, memory

Funny musing about the OOM killer. With nice pointers if you want to dive further into the topic.

https://quuxplusone.github.io/blog/2024/08/22/overcommit/


The Closed-Loop Benchmark Trap

Tags: tech, benchmarking

Be sure to pick the right behavior model when you make a benchmark. Otherwise you might just measure the wrong thing.

https://buttondown.com/jaffray/archive/the-closed-loop-benchmark-trap/


What is std::ref?

Tags: tech, c++

A little refresher about std::ref and std::cref. They come in handy sometimes, but also if you don’t realize you need them you’ll generate more copies than necessary.

https://www.sandordargo.com/blog/2024/08/21/std-ref


SIMD Matters :: Box2D

Tags: tech, cpu, simd, performance, physics, simulation

SIMD is hard to use, not all problems can apply to it. But when they can, the performance gain can be great.

https://box2d.org/posts/2024/08/simd-matters/


uv: Unified Python packaging

Tags: tech, python, tools

Looks like there’s another contender for package management for Python. This is sooo fragmented now… this one is compelling though.

https://astral.sh/blog/uv-unified-python-packaging


Common Causes of Memory Leaks in JavaScript

Tags: tech, javascript, memory, leak

There are many ways to create a memory leak in Javascript. Here is a good list of the things to pay attention to.

https://www.trevorlasn.com/blog/common-causes-of-memory-leaks-in-javascript


Toasts are Bad UX – Max Schmitt

Tags: tech, web, frontend, ux

It’s better than no feedback. It’s a bit lazy and far from perfect though.

https://maxschmitt.me/posts/toasts-bad-ux


Reckoning

Tags: tech, web, frontend, ux, criticism

Interesting series about the rise of the javascript frontend framework, the bad practices which came with them and the very real impacts on the users. There are indeed better ways.

https://infrequently.org/series/reckoning/


Don’t Repeat Yourself and the Strong Law of Small Numbers - iRi

Tags: tech, design, programming

This is a good point. The DRY principle has value but the trick is finding the right time to apply it.

https://jerf.org/iri/post/2024/dry_strong/


Code review antipatterns

Tags: tech, codereview

Starts like a satire, but there’s a serious conclusion in the end. Indeed, mind the power dynamics in code reviews. Be nice, steer away from those antipatterns, especially since you might be on the receiving end the next time.

https://www.chiark.greenend.org.uk/~sgtatham/quasiblog/code-review-antipatterns/


Interview with Ron Jeffries

Tags: tech, agile, history, criticism

Very nice interview. This is an interesting reflection on the past 20+ years of Agile Software Development.

https://ronjeffries.com/articles/-x024/-v04/8/


Decision Logs

Tags: tech, product-management

Nice way to keep in check how and why behavior changes as the requests from various stakeholders come in.

https://buttondown.com/j2kun/archive/decision-logs/


Bug squash: An underrated interview question

Tags: tech, hr, interviews, debugging

This is indeed a nice way to approach technical interviews. Unfortunately it requires quite some effort to setup and maintain. You also have to find the right bugs to put in the interview and this is a rarity.

https://blog.jez.io/bugsquash/


Bye for now!

Categories: FLOSS Project Planets

The Drop Times: For an Independent, Sustainable, Future-Proof DA: Alejandro Moreno

Planet Drupal - Fri, 2024-08-23 09:31
In the final instalment of The DropTimes' "Meet the Candidate" campaign for the Drupal Association's 2024 Board Election, we sit down with Alejandro Moreno Lopez, Partner Manager and Developer Relations at Pantheon. Alejandro discusses his journey within the Drupal community, his vision for reducing the Association's dependency on DrupalCon, and his commitment to fostering collaboration and innovation. With voting open until September 5th, this interview offers key insights into how Alejandro plans to contribute to the future of Drupal.
Categories: FLOSS Project Planets

Pages