Feeds

Samuel Henrique: DebConf24 was fun!: Security, curl, wcurl, Debian's quality

Planet Debian - Tue, 2024-09-03 20:00
tl;dr

DebConf24 was fun!

A playlist of all of my talks, with subtitles (en, pt-br) and chapters is available on YouTube.

Overview

DebConf24 was held in Busan, South Korea, between Sunday July 28th to Sunday August 4th 2024.

As usual for DebConfs, I had a great time meeting my friends, but also met new people and got to learn a bit about the interesting things they're working on.

I ended up getting too excited during the talk submission stage of the conference and as a result I presented 5 different activities (3 talks, 1 BoF and 1 lightning talk).

Since I was too busy with the presentations, I did not have a lot of time to actually hang out with folks, or even to go out in the city, I guess I've learned my lesson for next time.

The main purpose of this post is to write about all of the things I presented at the conference. I did want to list some of the interesting talks I've watched, but that I would not be able to be fair as I'm sure I would miss some.

You can get the schedule and the recordings of any talks from the conference's website: https://debconf24.debconf.org/schedule/

wcurl Lightning Talk

The most fun of my presentations, during the second-to-last day of the conference, I've asked for help from Sergio Durigan Junior <sergiodj> to setup an URL containing a whitespace and redirecting that to wcurl's manpage.

I then did a little demo to showcase why me (and a lot others) struggle with downloading things with curl, and how wcurl solves that.

Fixing CVEs on Debian: Everything you probably know already

I've always felt like DebConf was missing security-related talks, so I decided to do something about it and presented a few of the things I've learned when fixing CVEs for Debian.

This is an area where we don't get a lot of new contributors, I'm trying to change that, and this talk can be used to introduce newcomers to it.

The secret sauce of Debian

Debian is not very vocal about all of the nice things it has regarding quality-assurance, testing, or CI, even though it's at the state-of-the-art for a lot of things.

This talk is an initial step towards making people aware of the cool things happening behind the scenes. Ideally we should have it well-documented somewhere.

"I use Debian BTW": fzf, tmux, zoxide and friends

One of my earliest good memories of Debian was when it started coming with a colored PS1 by default, I still remember the feeling of relief whenever I jumped into a Debian server and didn't have to deal with a black and white PS1.

There's still a lot of room for Debian to ship better defaults, and I think some of them can actually happen.

This talk is a bit of a silly one where I'm just making people aware of the existence of a few Golang/Rust CLI tools, and also some dotfiles configurations that should probably be the default.

curl

The curl project does such a great job with their security advisories that it will likely never receive the amount of praise it deserves, but I did my best at mentioning it throughout my CVEs talk.

Maybe I will write more extensively about this someday, but in case I don't:

There's no other project which always consistently mentions the exact range of commits that are affected by a given CVE.

Forget about whether the versions are EOL, curl doesn't have LTS releases, yet they do such a great job at clearly documenting their CVEs that I would take that over having LTS releases anytime (that's for curl at least, I acknowledge some types of projects have a different need for LTS releases).

Not only that, but they are also always careful about explaining alternative mitigations such as configuration changes, build flags that defuse the exploitation, or parameters that you should not use.

Just like we tend to do every time we meet, me and the other Debian curl maintainers spent the first 2 or 3 days of the conference talking about how we wanted to eventually meet up to discuss the package.

It was going to be informal, maybe during the Cheese and Wine party, but then I've realized we should make it part of the official schedule, which would also give us the recordings for later.

And so the "curl maintainers BoF" happened, where we spoke about HTTP3, GnutTLS, wcurl and other things.

wcurl

Right after that BoF, Daniel Stenberg asked if we were interested in having wcurl adopted into curl, which we definitely were, so wcurl is now part of the curl project.

Daniel was also kind enough to design a logo for the project, which makes me especially happy because I can stop with my own approach at a logo (which I had to redo every few days):

And here is the new logo:

Much better, I would say :)

curl Swag

DebConf24 was my chance at forwarding some curl swag items to the other curl maintainers, so both Sergio Durigan Junior <sergiodj> and Carlos Henrique Lima Melara <charles> got the curl-up t-shirt and the very cool curl PCB coaster, both gifted by Daniel Stenberg.

Unfortunately I didn't have any of that for DebConf attendees, but I did drop loads of curl stickers at the stickers table, they were gone very quickly.

For the future

I used to think the most humbling experience you could have as someone who presented a talk was to have to watch it yourself, you notice a lot of mistakes and you instantly think about things that should be done differently.

It turns out the most humbling thing to do is actually to write subtitles for your talks, I noticed every single mistake, often multiple times.

So after spending more than 30 hours writing the subtitles for both English and Brazilian Portuguese for my talks, I feel like it's going to be much easier to avoid committing the same mistakes again. After some time you stop feeling shame about those mistakes and you're just left with feelings of annoyance, and at that point it becomes easier to consciously avoid them.

I am collecting a list of things I wish I had done differently on all of those talks, so if I end up presenting any one of them again, it will be an improved version.

Categories: FLOSS Project Planets

PyCoder’s Weekly: Issue #645 (Sept. 3, 2024)

Planet Python - Tue, 2024-09-03 15:30

#645 – SEPTEMBER 3, 2024
View in Browser »

Using Astropy for Astronomy With Python

This course covers two problems from introductory astronomy to help you play with some Python libraries. You’ll use NumPy, Matplotlib, and pandas to find planet conjunctions, and graph the best viewing times for a star.
REAL PYTHON course

Python Language Summit 2024

Talk Python to Me interviews Seth Michael Larson and they talk about this year’s Python Language Summit. Learn all about what happened at the closed door session for core developers inside PyCon.
KENNEDY & LARSON podcast

Instant PEP 8 Compliance Checks & Fixes With Top AI Code Reviewer

With CodeRabbit, solve your indentation issues and security concerns. CodeRabbit doesn’t just point out issues; it suggests fixes and explains the reasoning behind the suggestion. Elevate code quality with AI-powered, context-aware reviews and 1-click fixes. Sign up for free today →
CODERABBIT sponsor

Layman’s Guide to Python Built-in Functions

This is a plain language guide to every built-in function in Python, paired with a simple example that shows each function in action.
MATT LAYMAN

DjangoCon Europe 2026 Call for Organizers

DJANGO SOFTWARE FOUNDATION

PyPy v7.3.17 Release

PYPY.ORG

Quiz: Python Strings and Character Data

REAL PYTHON

Quiz: Python String Formatting

REAL PYTHON

Articles & Tutorials Sorting Dictionaries in Python: Keys, Values, and More

In this video course, you’ll learn how to sort Python dictionaries. By the end, you’ll be able to sort by key, value, or even nested attributes. But you won’t stop there—you’ll also measure the performance of variations when sorting and compare different key-value data structures.
REAL PYTHON course

Understanding the Template Method Pattern in Python

The Template Method Pattern is when a base class is used to implement a series of steps, and subclasses can override one or more of those steps to customize the process. This article shows an example usage in Python and why you might want to implement it.
LANCE GOYKE

Accelerate Edge Devices With High-Performance AI Power

Experience the power of Edge AI—delivering lightning-fast, real-time processing where it matters. Optimize your applications with low latency, high efficiency, and unparalleled accuracy. Push performance beyond limits with Intel’s OpenVINO toolkit.
INTEL CORPORATION sponsor

Asyncio gather() Limit Concurrency

The asyncio.gather() function allows you to run multiple co-routines concurrently. There are times when you want to control just how much concurrency you have though and this post shows you how to use a semaphore to do just that.
JASON BROWNLEE

Adventures Building a Spreadsheet Engine in Python

Spreadsheets are a fascinating tool: you can both store and structure data, and include formulas that run computations on the contents of a sheet. James has written a spreadsheet engine, and this post talks about how it is done.
JAMES G

What’s New in pip 24.2

In version 24.2, pip learns to use system certificates by default, receives a handful of optimizations, and deprecates legacy (setup.py develop) editable installations. This article covers the changes and why they’ve been made.
RICHARD SI

CPython Compiler Hardening

Nate has been working on the CPython compiler, applying memory hardening guidelines recommended by OpenSSF’s Memory Safety Special Interest Group. This blog post talks about what was applied and how it should improve CPython.
NATE OHLSON

A Comparison of Providers for Python Serverless Functions

This is a comparison chart of the most common host providers that support Python serverless functions. It compares what features are supported, pricing, runtime limits, and more.
HAROLD MARTIN

There Can’t Be Only One

A weird historical first in baseball recently reminded James about how often as programmers we map our data assuming a one-to-one relationship, and how often that’s a bad choice.
JAMES BENNETT

Safety & Security Engineer: First Year in Review

It has been a year since Mike joined the PSF as the Safety & Security Engineer for PyPI. This blog post talks about all the things he’s been involved with.
MIKE FIELDER

Python Developers Survey 2023 Results

Official Python Developers Survey 2023 Results by Python Software Foundation and JetBrains: more than 25k responses from almost 200 countries.
JETBRAINS.COM

Lesser Known Parts of Python Standard Library

This article covers some of the lesser used parts of the Python standard library, including Deque, defaultdict, UserDict, and more.
TRICKSTER DEV

Projects & Code AlgoTree: A Package for Working With Tree Structures

PYPI.ORG • Shared by Alex Towell

anacondacode: Execute Python Directly From Excel

PYPI.ORG

pare: Deploy Python Lambdas Alongside Your Web App

GITHUB.COM/GAUGE-SH

django-admin-action-forms: Forms for Django Admin

GITHUB.COM/MICHALPOKUSA

PromptMage Simplifies Managing LLM Workflows

PROMPTMAGE.IO • Shared by Tobias Sterbak

Events EARL 2024

September 4 to September 6, 2024
DATACOVE.CO.UK

Weekly Real Python Office Hours Q&A (Virtual)

September 4, 2024
REALPYTHON.COM

PyCon Estonia 2024

September 5 to September 7, 2024
PYCON.EE

Canberra Python Meetup

September 5, 2024
MEETUP.COM

Sydney Python User Group (SyPy)

September 5, 2024
SYPY.ORG

PyDelhi User Group Meetup

September 7, 2024
MEETUP.COM

Happy Pythoning!
This was PyCoder’s Weekly Issue #645.
View in Browser »

[ Subscribe to 🐍 PyCoder’s Weekly 💌 – Get the best Python news, articles, and tutorials delivered to your inbox once a week >> Click here to learn more ]

Categories: FLOSS Project Planets

GSoC Final Update

Planet KDE - Tue, 2024-09-03 14:50

This is my last update about my GSoC project (Python bindings for KDE Frameworks).

These weeks have been quieter than usual because I’ve been on vacation, but there are still some new things to share.

I published a mini tutorial on how to generate Python bindings using the new CMake module.

People have started to test the Python bindings and some building issues have been reported (which is good, because that means people have interest in them). Unfortunately I’m going to have less time to contribute as I start university next week, but I’m sure you’ll see me!

Many thanks to Carl (my mentor) and everyone who reviewed my merge requests!

Categories: FLOSS Project Planets

FSF Events: Free Software Directory meeting on IRC: Friday, September 6, starting at 12:00 EDT (16:00 UTC)

GNU Planet! - Tue, 2024-09-03 14:47
Join the FSF and friends on Friday, September 6 from 12:00 to 15:00 EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory.
Categories: FLOSS Project Planets

FSF Blogs: August GNU Spotlight with Amin Bandali

GNU Planet! - Tue, 2024-09-03 12:24
Fifteen new GNU releases in the last month (as of August 31, 2024):
Categories: FLOSS Project Planets

August GNU Spotlight with Amin Bandali

FSF Blogs - Tue, 2024-09-03 12:24
Fifteen new GNU releases in the last month (as of August 31, 2024):
Categories: FLOSS Project Planets

Specbee: Why we switched from GA4 to Matomo and How to set up Matomo in Drupal

Planet Drupal - Tue, 2024-09-03 11:29
For years, digital marketers have loved Universal Analytics (UA) for its simplicity. It made tracking website performance easy. But then came Google Analytics 4 (GA4). Now, things are more complicated. With GA4’s event-based tracking, redefined metrics, and a less intuitive interface, many marketers are struggling to navigate this new, less familiar landscape. Even with GA4's advanced features, the steep learning curve and changes to key functions have left marketers searching for alternatives that offer both power and ease of use. Enter Matomo—a customizable analytics platform that prioritizes privacy and addresses many of the pain points GA4 users face. In this blog, we'll break down the complexities of GA4 and tell you why we moved, explore the challenges of moving from UA, and introduce Matomo as a powerful alternative that might solve your analytics headaches.  We can help if you're having trouble adjusting to GA4's new data model, finding it hard to work with its interface, or searching for a platform that offers you more control over your data. But hey, don’t skip—read the whole article first! Why we made the switch: Google Analytics 4 & its complexities After years of leaning on Universal Analytics (UA), its intuitive interface, familiar metrics, and straightforward reporting made it an indispensable tool for us at Specbee and for digital marketers everywhere. However, with Google’s shift to GA4, we were left grappling with a steep learning curve and several challenges, particularly in reporting.  Here are some details about the challenges faced.  Understanding the new data model Event-based tracking: Unlike Universal Analytics, which relied heavily on a session-based data model, GA4 uses an event-based approach. This means that every interaction, from page views to clicks, is treated as an event. While the event-based approach provides more granular data, it also requires a paradigm shift in how reporting is approached, by mapping the new events to the metrics & dimensions. Custom parameters: GA4 encourages using custom parameters for events, but setting these up is more complex than UA’s straightforward event tracking. The lack of pre-defined event categories, actions, and labels means investing time in defining and standardizing the parameters. Navigating the interface Learning curve: GA4’s interface is markedly different from UA. While it’s designed to be more flexible, it is less intuitive. Features easily accessible in UA, like certain reports and metrics, are now buried deeper in the UI or have been renamed, leading to frustration and additional time spent searching for information. Exploration reports: GA4 introduces Exploration Reports, which offer powerful custom reporting capabilities. However, the flexibility comes with complexity. It takes a considerable amount of time to learn how to effectively use these reports, especially in understanding how to apply filters, segments, and comparisons to get the data I needed. Changes in key metrics New definitions: Some important metrics from Universal Analytics have been redefined or replaced (e.g. engagement rate in GA4). While these changes are aimed at providing a more holistic view of user interaction, they make it difficult to compare data with historical reports from UA. Understanding these new metrics and how they align with business goals is a significant challenge. Conversion tracking: Setting up conversions in GA4 is fundamentally different from UA. The process now involves defining events and marking them as conversions, which is more flexible but also more prone to errors. Misconfigured events lead to discrepancies in conversion data, making it challenging to trust the reports. Limited pre-built reports Fewer default reports: GA4 comes with fewer pre-built reports compared to UA. This is a double-edged sword; while it forces customization to better align with business goals, it also means more time spent creating and configuring reports that were readily available in UA. Audience segmentation: The segmentation features in GA4 are more advanced but also more complex to set up. Building audience segments requires a deep understanding of user behavior and event parameters, thus making it hard to create meaningful insights. Attribution modeling Changes in attribution: GA4 offers more sophisticated attribution models, including data-driven attribution, which is a significant improvement. However, the challenge lies in understanding these models and how they differ from UA’s last-click attribution. The shift requires a reevaluation of marketing strategies and reporting to reflect the new attribution data accurately. Matomo: An Open-Source, Privacy-Centric alternative for web analytics Matomo is a potent open-source web analytics platform that prioritizes data ownership and privacy. In contrast to a lot of popular analytics tools, Matomo gives you total control over your data by letting you host it on your own servers or in the cloud. A wide range of features is available with Matomo, which is well-known for its adaptability and customization. These include advanced analytics tools like heatmaps and session recordings, real-time visitor tracking, and customizable dashboards. It offers a strong and intuitive substitute for systems such as Google Analytics, particularly for individuals who value customized insights and data privacy. Setting up Matomo in Drupal In Drupal, setting up Matomo is a simple process. Matomo’s privacy-focused analytics can be set up in two ways. You can choose to host the Matomo analytics on your server or set it up as a cloud-based analytics platform. You can find more details on the pricing here. Here is a quick guide on how we to set up Matomo on your server: Install Matomo on your server Download Matomo: Visit the official Matomo website and download the latest version of the software. Upload to your server: Use FTP or another file transfer method to upload the Matomo files to your web server. Typically, this will be in a subdirectory of your domain, like `yourdomain.com/matomo`. Run the Installer: Access the directory in your web browser to start the installation process. Follow the on-screen instructions to set up the database and complete the installation. Install the Matomo module in Drupal Download the Module: Go to the Drupal Matomo module page and download the module. You can also install it directly via Drupal’s admin interface by searching for "Matomo." Enable the Module: Once installed, navigate to `Extend` in the Drupal admin menu, find Matomo, and enable it. Configure the Matomo module Access Configuration: Go to `Configuration > Matomo` in your Drupal admin menu. Enter Matomo URL: Provide the URL where your Matomo installation is hosted. This could be something like `https://yourdomain.com/matomo/`. Site ID: In Matomo, every tracked website is assigned a unique Site ID. You can find this ID in your Matomo dashboard under `Administration > Websites`. Enter this ID in the corresponding field in the Drupal configuration. Matomo Token: You’ll also need to enter your Matomo API token, which you can find in your Matomo user profile under `API`. This token allows Drupal to communicate securely with your Matomo installation. You can also add advanced configurations like heatmaps, session recordings, and more, depending on your requirements.  Get your website to the top with our specialized Drupal SEO services. And guess what? Your first SEO audit is on us—completely FREE! Matomo's data insights features Previously known as Piwik, Matomo provides a powerful, privacy-centric alternative to mainstream analytics tools like Google Analytics. Let’s dive into the key features that make Matomo a top choice for businesses and developers.  Customizable dashboards and all websites dashboard Create dashboards tailored to your needs and manage multiple websites from a single interface. Arrange widgets, select metrics, and monitor performance across all your sites efficiently, ensuring you have quick access to the insights that matter most. Real-time data updates Track visitor activity on your website as it happens. Matomo’s real-time data updates provide immediate insights into traffic trends, user behavior, and engagement, allowing for quick decision-making and responsive action. Analytics for ecommerce and goal conversion tracking Monitor your online store’s performance and track specific goals. Matomo allows you to analyze product views, purchases, revenue, and conversion rates to optimize your e-commerce strategy and measure the success of your marketing efforts. Event tracking and Content tracking Monitor interactions with specific elements and content on your website. Track button clicks, video plays, and downloads to understand user engagement and improve content effectiveness. These features provide granular insights into how users interact with your content. Custom dimensions Create custom dimensions to track additional data specific to your business needs. Matomo’s Custom Dimensions feature allows you to customize your analytics setup to gain deeper insights into user behavior and enhance your data analysis capabilities. Geolocation Identify where your visitors are coming from with Matomo’s Geolocation feature. Use geographic data to tailor your marketing efforts and content strategy based on insights into regional user behavior and preferences. User segmentation Segment your audience based on various criteria to gain a deeper understanding of different user groups. Analyze behavior, engagement, and conversion rates for each segment, allowing for targeted marketing strategies and personalized user experiences. Pages transitions and Page overlay Visualize how users navigate through your website. Pages Transitions and Page Overlay help you identify common paths, drop-off points, and popular routes, enabling you to optimize site structure and improve user experience. Analytics campaign tracking and Track traffic from search engines Measure the performance of your marketing campaigns and analyze search engine traffic. Track conversions, understand user journeys, and optimize your marketing efforts based on insights into how visitors find and interact with your site. No data limit Enjoy unlimited data storage with Matomo. Analyze extensive datasets without worrying about data limits, ensuring comprehensive insights into your website performance and the ability to track historical data over long periods. Other powerful features Annotations allow you to add notes to your analytics data, providing context for significant events and changes, which aids in better data analysis.  Scheduled Email Reports keep you informed by delivering customized, automated reports with key metrics directly to your inbox, making it easy to share insights with stakeholders.  Site Search Analytics lets you track and analyze user search queries, helping you identify content gaps and optimize your site's search functionality.  Visits Log and Visitor Profile offers detailed insights into individual user behavior, visit history, and preferences, enabling personalized marketing and a better user experience. Matomo's premium features Matomo's premium features offer deep insights, extensive customization, and advanced tools for confident data-driven decisions. Learn how these features, from heatmaps and session recordings to A/B testing and funnel analysis, can enhance your analytics capabilities. Heatmap analytics and Session recording Gain valuable insights into user behavior with Matomo’s Heatmap Analytics and Session Recording features: Heatmaps: Visual displays of user interactions, helping identify engaging areas and usability issues. Scroll Maps: Understand how far users scroll down a page. Click Maps: See where users are clicking most often. Session Recording: Capture all visitor activities, including clicks, mouse movements, scrolls, window resizes, page changes, and form interactions. Replay these interactions in video format to see exactly how visitors engage with your site and use these insights to improve user experience and troubleshoot issues. A/B testing platform Optimize your websites, apps, and marketing campaigns by running A/B tests: Experiment with different versions of your pages. Determine which performs best to increase conversions. Make data-driven decisions to enhance performance, ensuring that your changes lead to improved user engagement and higher conversion rates. Custom reports Create custom reports tailored to your needs to gain new insights and save time: Pull out the exact information you require for success. Reduce the risk of human error. Generate new reports quickly, streamlining your data analysis process and allowing you to focus on the metrics that matter most to your business. Form analytics Improve form conversions by analyzing where and when visitors abandon your forms: Gain insights into user interactions with your forms. Identify and fix issues that prevent successful submissions. Optimize your forms to enhance user experience and increase conversion rates. Visualize conversion funnels Understand where visitors drop off in your conversion funnels to increase conversions, sales, and revenue with your existing traffic: Identify bottlenecks in the user journey. Optimize your site to improve conversion rates. Make informed decisions to enhance the user experience and drive more conversions. User flow Analyze the most popular paths users take through your website or app with User Flow: Visual representation helps you understand user behavior. Identify common exit points and optimize navigation. Gain insights into how users interact with your site to improve their experience. Multi-channel conversion attribution Understand the contribution of each marketing channel to your conversions: Clarity on how much credit each referrer deserves. Allocate marketing efforts and budgets more effectively. Optimize your marketing strategy to drive better results. Advertising conversion export Get insights into your paid ads, including Google Ads, Microsoft Bing Ads, and Yandex Ads, with better privacy and simplified implementation: Integrates with these platforms, providing comprehensive data without needing third-party tracking codes. Saves implementation time and ensures that your advertising data is accurate and privacy-compliant. Other advanced tools Media Analytics helps you track and optimize video and audio engagement by monitoring views, play duration, and interactions. SEO Web Vitals enhances your website’s performance and search ranking by identifying and addressing key SEO issues, ensuring a seamless user experience.  Roll-Up Reporting saves time by aggregating data from multiple websites and apps, offering a holistic view of your digital properties. User Cohorts allow you to analyze and compare the behavior of different user groups, enabling you to boost retention and satisfaction. Matomo VS GA4 Both Matomo and Google Analytics 4 (GA4) are prominent web analytics platforms that provide valuable insights into website performance and user behavior. However, they differ significantly in features, user experience, data control, and pricing. Here’s a detailed comparison to help you choose the right tool for your needs. Data ownership and privacy Matomo: Offers full data ownership, allowing businesses to ensure compliance with privacy regulations like GDPR. Users can choose where their data is stored, which is a significant advantage for organizations concerned about data privacy.GA4: Data is stored on Google’s servers, which can raise concerns about data privacy and sharing. While GA4 provides robust analytics capabilities, it may not offer the same level of control over data as Matomo. Historical data import Matomo: Supports importing historical data from Universal Analytics, allowing users to maintain continuity in their analytics without losing past insights.GA4: Does not allow importing historical data from Universal Analytics, which means users starting with GA4 will not have access to their previous data, potentially complicating year-over-year comparisons. User interface and usability Matomo: Known for its intuitive and user-friendly interface, Matomo is rated highly for ease of use. Users can quickly navigate the platform and access insights without extensive training.GA4: While it features a modern design, many users find the interface complex and challenging to navigate, especially those accustomed to previous versions of Google Analytics. It requires a steeper learning curve to fully leverage its capabilities. Reporting and insights Matomo: Offers customizable reports and a variety of analytics tools, including conversion tracking and A/B testing. Users can easily create dashboards that reflect their specific needs.GA4: Provides advanced reporting features, including custom reports and data visualization tools. However, its reliance on machine learning can sometimes obscure direct insights, making it less straightforward for some users. Pricing Matomo: Offers both free and paid options, with the free version requiring self-hosting, which may incur additional costs. The paid version is generally more affordable than GA4's premium offerings, making it a cost-effective choice for many businesses.GA4: The free version is powerful but comes with limitations, such as a 14-month data retention policy. The paid version can be expensive, particularly for larger organizations that require extensive data analysis capabilities. Final thoughts Choosing between Matomo and GA4 ultimately depends on your organization's specific needs and priorities. If data ownership, privacy, and ease of use are paramount, Matomo is likely the better choice. Conversely, if you require advanced machine learning features and seamless integration with Google products, GA4 may be more suitable. Both platforms have their strengths and weaknesses, and understanding these can help you make an informed decision that aligns with your analytics goals. With experience working extensively with GA4 and Matomo, we’re ready to help you improve your web analytics and SEO experience. Learn more about our Drupal SEO services and get in touch with us today!
Categories: FLOSS Project Planets

Mike Driscoll: ANN: JupyterLab 101 Kickstarter

Planet Python - Tue, 2024-09-03 10:08

My latest Python book is now available for pre-order on Kickstarter.

JupyterLab 101 mockup

JupyterLab, the latest iteration of the Jupyter Notebook, is a versatile tool for sharing code in an easily understandable format.

Hundreds of thousands of people around the world use Jupyter Notebooks or variations of the Notebook architecture for any or all of the following:

  • teaching
  • presentations
  • learning a computer language
  • numerical simulations
  • statistical modeling
  • data visualization
  • machine learning
  • and much more!

Jupyter Notebooks can be emailed, put on GitHub, or run online. You may also add HTML, images, Markdown, videos, LaTeX, and custom MIME types to your Notebooks. Finally, Jupyter Notebooks support big data integration.

JupyterLab 101 will get you up to speed on the newest user interface for Jupyter Notebooks and the other tools that JupyterLab supports. You now have a tabbed interface that you can use to edit multiple Notebooks, open terminals in your browser, create a Python REPL, and more. JupyterLab also includes a debugger utility to help you figure out your coding issues.

Rest assured, JupyterLab supports all the same programming languages as Jupyter Notebook. The main difference lies in the user interface, which this guide will help you navigate effectively and efficiently.

After reading JupyterLab 101, you will be an expert in JupyterLab and produce quality Notebooks quickly!

What You’ll Learn

In this book, you will learn how about the following:

  • Installation and setup of JupyterLab
  • The JupyterLab user interface
  • Creating a Notebook
  • Markdown in Notebooks
  • Menus in JupyterLab
  • Launching Other Applications (console, terminal, text files, etc)
  • Distributing and Exporting Notebooks
  • Debugging in JupyterLab
  • Testing your notebooks
Rewards to Choose From

As a backer of this Kickstarter, you have some choices to make. You can receive one or more of the following, depending on which level you choose when backing the project:

  • An early copy of JupyterLab 101 + all updates including the final version (ALL BACKERS)
  • A signed paperback copy (If you choose the appropriate perk)
  • Get all by Python courses hosted on Teach Me Python or another site  (If you choose the appropriate perk)
  • T-shirt with the book cover  (If you choose the appropriate perk)

Get the book on Kickstarter today!

The post ANN: JupyterLab 101 Kickstarter appeared first on Mouse Vs Python.

Categories: FLOSS Project Planets

Real Python: Using Pydantic to Simplify Python Data Validation

Planet Python - Tue, 2024-09-03 10:00

Pydantic is a powerful data validation and settings management library for Python, engineered to enhance the robustness and reliability of your codebase. From basic tasks, such as checking whether a variable is an integer, to more complex tasks, like ensuring highly-nested dictionary keys and values have the correct data types, Pydantic can handle just about any data validation scenario with minimal boilerplate code.

In this video course, you’ll learn how to:

  • Work with data schemas with Pydantic’s BaseModel
  • Write custom validators for complex use cases
  • Validate function arguments with Pydantic’s @validate_call
  • Manage settings and configure applications with pydantic-settings

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

Categories: FLOSS Project Planets

Django Weblog: Django security releases issued: 5.1.1, 5.0.9, and 4.2.16

Planet Python - Tue, 2024-09-03 07:00

In accordance with our security release policy, the Django team is issuing releases for Django 5.1.1, Django 5.0.9, and Django 4.2.16. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible.

CVE-2024-45230: Potential denial-of-service vulnerability in django.utils.html.urlize()

urlize and urlizetrunc were subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

Thanks to MProgrammer for the report.

This issue has severity "moderate" according to the Django security policy.

CVE-2024-45231: Potential user email enumeration via response status on password reset

Due to unhandled email sending failures, the django.contrib.auth.forms.PasswordResetForm class allowed remote attackers to enumerate user emails by issuing password reset requests and observing the outcomes.

To mitigate this risk, exceptions occurring during password reset email sending are now handled and logged using the django.contrib.auth logger.

Thanks to Thibaut Spriet for the report.

This issue has severity "low" according to the Django security policy.

Affected supported versions
  • Django main branch
  • Django 5.1
  • Django 5.0
  • Django 4.2
Resolution

Patches to resolve the issue have been applied to Django's main, 5.1, 5.0, and 4.2 branches. The patches may be obtained from the following changesets.

CVE-2024-45230: Potential denial-of-service vulnerability in django.utils.html.urlize() CVE-2024-45231: Potential user email enumeration via response status on password reset The following releases have been issued

The PGP key ID used for this release is Natalia Bidart: 2EE82A8D9470983E

General notes regarding security reporting

As always, we ask that potential security issues be reported via private email to security@djangoproject.com, and not via Django's Trac instance, nor via the Django Forum, nor via the django-developers list. Please see our security policies for further information.

Categories: FLOSS Project Planets

Calligra 4.0.1

Planet KDE - Tue, 2024-09-03 05:25

Calligra 4.0.1 is out. This small releases mostly contains fixes for distributions issues and updated translations.

I fixed some compatibility issues for Flatpak which is since yesterday available on Flathub.

Flathub website showing Calligra

Yaakov Selkowitz fixed the installation of the Okular generators so now if Calligra is installed, you can read your office document in Okular correctly.

Antonio Rojas dropped the unused KPart dependency and reenabled the user documentations.

I removed the old space navigator plugin which didn’t build anymore and was only used to navigate an office document with some retro controllers.

Finally, I fixed a few issues in Stage, I found while dog footing it for my slides for my Akademy presentation.

The updated slides sidebar of Calligra Stage

Get It

Calligra 4.0 is now available on Flathub. It’s also now available on Arch, KDE Neon and OpenBSD and I am aware there is some work in progress for Fedora and Mageia. Thanks everyone for packaging Calligra!

Packager Section

You can find the package on download.kde.org and it has been signed with my GPG key.

Categories: FLOSS Project Planets

Python Bytes: #399 C will watch you in silence

Planet Python - Tue, 2024-09-03 04:00
<strong>Topics covered in this episode:</strong><br> <ul> <li><strong><a href="https://hynek.me/articles/docker-virtualenv/?featured_on=pythonbytes">Why I Still Use Python Virtual Environments in Docker</a></strong></li> <li><a href="https://lp.jetbrains.com/python-developers-survey-2023/?featured_on=pythonbytes"><strong>Python Developer Survey Results</strong></a></li> <li><strong><a href="https://www.anaconda.com/blog/introducing-anaconda-code-add-in-for-microsoft-excel?featured_on=pythonbytes">Anaconda Code add-in for Microsoft Excel</a></strong></li> <li><a href="https://davidism.com/disabling-scheduled-dependency-updates/?featured_on=pythonbytes"><strong>Disabling Scheduled Dependency Updates</strong></a></li> <li><strong>Extras</strong></li> <li><strong>Joke</strong></li> </ul><a href='https://www.youtube.com/watch?v=dpAPT-T5m2g' style='font-weight: bold;'data-umami-event="Livestream-Past" data-umami-event-episode="399">Watch on YouTube</a><br> <p><strong>About the show</strong></p> <p>Sponsored by us! Support our work through</p> <ul> <li>Our <a href="https://training.talkpython.fm/?featured_on=pythonbytes"><strong>courses at Talk Python Training</strong></a></li> <li><a href="https://courses.pythontest.com/?featured_on=pythonbytes"><strong>Hello, pytest! Course</strong></a></li> <li><a href="https://www.patreon.com/pythonbytes"><strong>Patreon Supporters</strong></a></li> </ul> <p><strong>Connect with the hosts</strong></p> <ul> <li>Michael: <a href="https://fosstodon.org/@mkennedy"><strong>@mkennedy@fosstodon.org</strong></a></li> <li>Brian: <a href="https://fosstodon.org/@brianokken"><strong>@brianokken@fosstodon.org</strong></a></li> <li>Show: <a href="https://fosstodon.org/@pythonbytes"><strong>@pythonbytes@fosstodon.org</strong></a></li> </ul> <p>Join us on YouTube at <a href="https://pythonbytes.fm/stream/live"><strong>pythonbytes.fm/live</strong></a> to be part of the audience. Usually <strong>Monday</strong> at 10am PT. Older video versions available there too.</p> <p>Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to <a href="https://pythonbytes.fm/friends-of-the-show">our friends of the show list</a>, we'll never share it.</p> <p><strong>Michael #1:</strong> <a href="https://hynek.me/articles/docker-virtualenv/?featured_on=pythonbytes">Why I Still Use Python Virtual Environments in Docker</a></p> <ul> <li>by Hynek Schlawack</li> <li>I was going to cover <a href="https://hynek.me/articles/docker-uv/?featured_on=pythonbytes">Production-ready Docker Containers with uv</a> but decided to take this diversion instead.</li> <li>Spend a lot of time thinking about the secondary effects of what you do.</li> <li>venvs are well known and well documented. Let’s use them.</li> </ul> <p><strong>Brian #2:</strong> <a href="https://lp.jetbrains.com/python-developers-survey-2023/?featured_on=pythonbytes"><strong>Python Developer Survey Results</strong></a></p> <ul> <li>“… official Python Developers Survey, conducted as a collaborative effort between the Python Software Foundation and JetBrains.”</li> <li>Python w/ Rust rising, but still only 7%</li> <li>““The drop in HTML/CSS/JS might show that data science is increasing its share of Python.” - Paul Everitt</li> <li>37% contribute to open source. Awesome.</li> <li>Favorite Resources: Podcasts <ul> <li>Lots of familiar faces there. Awesome. <ul> <li>Perhaps I shouldn’t have decided to move “Python Test” back to <a href="https://testandcode.com?featured_on=pythonbytes">Test &amp; Code</a></li> </ul></li> </ul></li> <li>Usage <ul> <li>“Data analysis” down, but I think that’s because “data engineering” is added.</li> <li>Data, Web dev, ML, devops, academic, </li> <li>Testing is down <img src="https://paper.dropboxstatic.com/static/img/ace/emoji/1f61e.png?version=8.0.0" alt="disappointed face" /> 23%</li> </ul></li> <li>Python Versions <ul> <li>Still some 2 out there</li> <li>Most folks on 3.10-3.12</li> </ul></li> <li>Install from: mostly python.org</li> <li>Frameworks <ul> <li>web: Flask, Django, Requests, FastAPI …</li> <li>testing: pytest, unittest, mock, doctest, tox, hypothesis, nose (2% might be the Python 2 people)</li> </ul></li> <li>Data science <ul> <li>77% use pandas, 72% NumPy</li> </ul></li> <li>OS: Windows still at 55% </li> <li>Packaging: <ul> <li>venv up to 55%</li> <li>I imaging uv will be on the list next year</li> <li>requirements.txt 63%, pyproject.toml 32%</li> </ul></li> <li>virtual env in containers? 47% say no</li> </ul> <p><strong>Michael #3:</strong> <a href="https://www.anaconda.com/blog/introducing-anaconda-code-add-in-for-microsoft-excel?featured_on=pythonbytes">Anaconda Code add-in for Microsoft Excel</a></p> <ul> <li>Run their Python-powered projects in Excel locally with the Anaconda Code add-in</li> <li>Powered by PyScript, an Anaconda supported open source project that runs Python locally without install and setup</li> <li>Features <ul> <li>Cells Run Independently</li> <li>Range to Multiple Types</li> <li>init.py file is static and cannot be edited, with Anaconda Code, users have the ability to access and edit imports and definitions, allowing you to write top-level functions and classes and reuse them wherever you need. </li> <li>A Customizable Environment </li> </ul></li> </ul> <p><strong>Brian #4:</strong> <a href="https://davidism.com/disabling-scheduled-dependency-updates/?featured_on=pythonbytes"><strong>Disabling Scheduled Dependency Updates</strong></a></p> <ul> <li>David Lord</li> <li>Interesting discussion of as they happen or batching of upsates to dependencies</li> <li>dependencies come in <ul> <li>requirements files</li> <li>GH Actions in CI workflows</li> <li>pre-commit hooks</li> </ul></li> <li>David was seeing 60 PRs per month when set up on monthly updates (3 ecosystems * 20 projects)</li> <li>new tool for updating GH actions: <a href="https://gha-update.readthedocs.io/en/latest/?featured_on=pythonbytes">gha-update</a>, allows for local updating of GH dependencies</li> <li>New process <ul> <li>Run pip-compile, gha-update, and pre-commit locally.</li> <li>Update a project’s dependencies when actively working on the project, not just whenever a dependency updates.</li> <li>Note that this works fine for dev dependencies, less so for security updates from run time dependencies. But for libraries, runtime dependencies are usually not pinned.</li> </ul></li> </ul> <p><strong>Extras</strong> </p> <p>Brian:</p> <ul> <li><a href="https://testandcode.com?featured_on=pythonbytes">Test &amp; Code</a> coming back this week</li> </ul> <p>Michael:</p> <ul> <li><a href="https://www.codeinacastle.com/python-zero-to-hero-2024?featured_on=pythonbytes">Code in a Castle event</a></li> <li><a href="https://github.com/basnijholt/unidep/pull/191#issuecomment-2322392833">Python Bytes badge spotting</a></li> <li><a href="https://news.ycombinator.com/item?id=41385546&featured_on=pythonbytes">Guido’s post removed for moderation</a></li> </ul> <p><strong>Joke:</strong> <a href="https://devhumor.com/media/c-will-watch-in-silence?featured_on=pythonbytes">C will watch in silence</a></p>
Categories: FLOSS Project Planets

The Drop Times: Getting Started with Dresktop: Managing Local Drupal Environments

Planet Drupal - Tue, 2024-09-03 02:21
Discover Dresktop, the open-source tool revolutionizing Drupal management. From local development to cloud integration, Dresktop simplifies the way you handle Drupal environments with its powerful blend of Docker, SSH, and Drush. Whether you're searching for an alternative to Acquia Desktop or a streamlined solution for your Drupal projects, Dresktop offers the features and flexibility you need.
Categories: FLOSS Project Planets

Armin Ronacher: Progress

Planet Python - Mon, 2024-09-02 20:00

As I'm getting older a lot of my social circles are becoming ever more conservative. The focus shifts from building with ambition to fiercly protecting what one has achieved. Shifting the mind on protectionism makes one consider all that can cause damage. It puts the focus on the negative, it makes those negative thoughts feel much more significant than they are and one dwells on the past, instead of envisioning of what opportunity might lie ahead.

Yet, when we look back at history, it becomes clear that progress and fresh ideas tend to prevail over time. Not every new idea will succeed, but the overall trend is undeniable.

I believe that every day presents us with a choice: to step forward with courage and optimism or to cling to the status quo, even as it becomes increasingly untenable. Embracing new ideas carries inherent risks, but so does the refusal to explore them.

Right now we find ourselves slowly sliding down from our local maximum and some people try to pull you back up to where we were standing. On the other hand if you dare to run you will find a bigger and more impressive hill to scale. One that offers a better vantage point and when water rises undoubtedly the better place to be.

In today's political environment, the rhetoric is dominated by a yearning for the past. Some politicians will promote a return to fossil fuels and conservative social norms. They play into your fears of others and promote individualism at cost of the collective. The will uphold every bad news as a reason to fortify borders and strengthen nation-states.

But as time marches on, future generations will likely look back at these regressive inclinations and wonder how we could have been so short-sighted.

Categories: FLOSS Project Planets

Hynek Schlawack: How to Ditch Codecov for Python Projects

Planet Python - Mon, 2024-09-02 20:00

Codecov’s unreliability breaking CI on my open source projects has been a constant source of frustration for me for years. I have found a way to enforce coverage over a whole GitHub Actions build matrix that doesn’t rely on third-party services.

Categories: FLOSS Project Planets

July and August in KDE PIM

Planet KDE - Mon, 2024-09-02 15:20

Here's our bi-monthly update from KDE's personal information management applications team. This report covers progress made in July and August 2024.

Since the last report, 32 people have contributed over 1300 changes to the KDE PIM code base. We also released a new version of the KDE PIM Suite in August with the Gear release

Akademy

The KDE PIM team will be at Akademy from the 7th to the 12th of September in Würzburg (Germany). We will host again a PIM BoF on Monday from 14h to 16h.

Milestones

We have decided to plan and track our work in milestones. Milestones represent concrete goals with clear definitions of what we understand as done, and be achievable within a reasonable time frame. Each milestone is then split into smaller bite-sized tasks that can be worked on independently.

This helps us prioritize important work, make our progress more visible and, most importantly, make it easier for people to get excited about what we are working on. New contributors will also be able to pick a well-defined task and start contributing to PIM.

You can see the milestones on our Gitlab board. If anything there catches your eye and you would like to help, reach out to us on the #kontact:kde.org Matrix channel!

Retiring KJots and KNotes

We made some progress on this front and KNotes was not part of the 24.08 release. The repositories for KNotes and KJots are now archived and the remaining bits related to the Akonadi Note support were removed from KOrganizer, Calendar Support, KDE PIM Runtime, and Event Views.

Moving Protocol Implementations to KDE Frameworks

Volker continued to cleanup and optimize KMime in preparation for moving it to the KDE Frameworks. KMime is the library used to parse and write emails.

Itinerary

Our travel assistant app Itinerary got a new seat information display in the timeline, integration with the Träwelling check-in service, more use of Wikidata/Wikimedia online content and a pretty new website. See its own bi-monthly update for more details.

Kleopatra

Over the last two months the smart card views for the different types of supported smart cards got a facelift to make them look more unified and less crowded (T7018).

Kleopatra now supports disabling OpenPGP certificates (T7216). This is sometimes useful to prevent accidentally using a certificate for encryption.

We improved the usability in

  • signing and encryption (T6485, T7183, T7236),
  • the list of certifications that now only shows the relevant ones (T7231),
  • the certificate group configuration (T6966),
  • changing the expiration of subkeys (T7198, T7215).
Akregator

Akregator is the RSS feed reader integrated into Kontact. Laurent reimplemented the filter bar to avoid multiple clicks and it is now similar to the one from Thunderbird.

Akregator now supports Plasma Activities so you can select which feeds are visible depending on the activity you are in. Similar functionalities are planned for KMail, KOrganizer and KAddressBook.

Finally, Akregator now has a What's New dialog showing the changes from the last version.

KMail

KMail now uses less memory by only loading some widgets when needed.

MimeTreeParser/Merkuro

We have unified the verification message for signed messages between Kleopatra, KMail and Merkuro by moving the implementation to LibKleo.

KAlarm

We replaced the libcanberra audio backend with VLC, since libcanberra is unmaintained and does not recognise recent audio formats. There is also the option for distributions to use MPV as audio backend.

Categories: FLOSS Project Planets

Gunnar Wolf: Free and open source software and other market failures

Planet Debian - Mon, 2024-09-02 15:08
This post is a review for Computing Reviews for Free and open source software and other market failures , a article published in Communications of the ACM

Understanding the free and open-source software (FOSS) movement has, since its beginning, implied crossing many disciplinary boundaries. This article describes FOSS’s history, explaining its undeniable success throughout the 1990s, and why the movement today feels in a way as if it were on autopilot, lacking the “steam” it once had.

The author presents several examples of different industries where, as it happened with FOSS in computing, fundamental innovations happened not because the leading companies of each field are attentive to customers’ needs, but to a certain degree, despite them not even considering those needs, it is typically due to the hubris that comes from being a market leader.

Kemp exemplifies his hypothesis by presenting the messy landscape of the commercial, mutually incompatible systems of Unix in the 1980s. Different companies had set out to implement their particular flavor of “open Unix computers,” but with clear examples of vendor lock-in techniques. He speculates that, “if we had been able to buy a reasonably priced and solid Unix for our 32-bit PCs … nobody would be running FreeBSD or Linux today, except possibly as an obscure hobby.” He states that the FOSS movement was born out of the utter market failure of the different Unix vendors.

The focus of the article shifts then to the FOSS movement itself: 25 years ago, as FOSS systems slowly gained acceptance and then adoption in the “serious market” and at the center of the dot-com boom of the early 2000s, Linux user groups (LUGs) with tens of thousands of members bloomed throughout the world; knowing this history, why have all but a few of them vanished into oblivion?

Kemp suggests that the strength and vitality that LUGs had ultimately reflects the anger that prompted technical users to take the situation into their own hands and fix it; once the software industry was forced to change, the strongly cohesive FOSS movement diluted. “The frustrations and anger of [information technology, IT] in 2024,” Kamp writes, “are entirely different from those of 1991.” As an example, the author closes by citing the difficulty of maintaining–despite having the resources to do so–an aging legacy codebase that needs to continue working year after year.

Categories: FLOSS Project Planets

Talking Drupal: Talking Drupal #465 - Greater Cleveland RTA

Planet Drupal - Mon, 2024-09-02 12:00

Today we are talking about The Greater Cleveland RTA, How they use Drupal, and how they built a Drupal team with guests Mike Cermak & Rithya Lath. We’ll also cover Geofield Directions as our module of the week.

For show notes visit: www.talkingDrupal.com/465

Topics
  • What does the Greater Cleveland RTA do
  • Is the RTA a state agency
  • What kind of Digital Service do you provide
  • How does the GCRTA use Drupal
  • Whay was Drupal selected
  • Let's talk about the team
  • How long has the team existed and how many people
  • What type of skill makeup doest hte team have
  • Local development and deployment
  • Point and click learning, how do you keep up to speed now
  • Day to day responsibilities
  • Drupal con and Starshot
Resources Guests

Rithya Lath - ral1239 Mike Cermak - riderta.com MikeCermak

Hosts

Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi

MOTW Correspondent

Martin Anderson-Clutz - mandclu.com mandclu

  • Brief description:
    • Have you ever wanted to make it easy for visitors to your Drupal site to get directions to a location via Google Maps? There’s a module for that.
  • Module name/project name:
  • Brief history
    • How old: created in Feb 2021 by Christopher Martin (ccjjmartin), though recent releases are by Allan Chappell (generalredneck)
    • Versions available: 1.0.1, compatible with Drupal ^8.8 ^9 || ^10 ^11
  • Maintainership
    • Minimally maintained, Maintenance fixes only
    • Security coverage
    • Test coverage
    • Documentation? Not even a README
    • Number of open issues: 1 open issue, not a bug
  • Usage stats:
    • 26 sites
  • Module features and usage
    • The module provides a new field formatter, so you can install it and then update a view mode to use Geofield Directions. Now your content display will include a link to get directions
    • You can figure the text of the link, whether the link should open in a new tab, the magnification of the destination map, and more
    • The module also includes token support, so you can dynamically include things like the name of the location in the link text
    • I think the only downside I can see is that because this is implemented as a formatter, you have to choose the directions link OR a map, where I could foresee sites wanting to show both
Categories: FLOSS Project Planets

The Drop Times: Simplifying Complexity with Guidance

Planet Drupal - Mon, 2024-09-02 11:37

Dear Readers, With Drupal 11 now in full swing, users have had time to explore the new features and improvements this release brings. As the platform continues to mature, one aspect remains critically important: comprehensive and up-to-date documentation. Whether you're a newcomer or a seasoned Drupal developer, having reliable documentation is key to fully leveraging the capabilities of Drupal 11 and adapting to the changes it introduces.

A major focus of Drupal 11 has been improving user experience, such as simplifying the process for adding fields to entity types. While these changes make Drupal easier to use, they also require clear documentation to guide users through the new workflows. The Documentation and Help Initiative is vital here, ensuring that Drupal's power is accessible to everyone. Led by a dedicated team, this initiative aims to improve Drupal.org's resources and introduce a help system that provides assistance tailored to users' needs.

However, the documentation does more than explain the latest changes-it strategically makes Drupal more accessible to a broader audience. This is particularly true as we look toward the future with the upcoming "Drupal CMS," a product of the Drupal Starshot initiative. Drupal CMS aims to offer a more user-friendly, out-of-the-box experience, making it easier for those who might find Drupal Core's technical depth overwhelming. The documentation will be crucial in helping users understand the differences between Drupal CMS and Drupal Core, empowering them to choose the right tool for their needs and get started quickly.

As Drupal 11 continues to evolve, so too must its documentation. With features like Project Browser and Automatic Updates on the horizon, which promise to simplify Drupal's usability even further, the role of documentation in bridging the gap between technical advancements and user understanding becomes even more vital. 

With that, let's move on to the important stories from last week. 

DropTimes has put together a comprehensive FAQ to clarify the reasoning and implications behind Drupal Starshot's recent naming decision to be "Drupal CMS" instead of simply "Drupal." This guide is designed to help you understand the differences between Drupal Core and Drupal CMS.

In an interview with Kazima Abbaz, Selwyn Polit delves into the meticulous process behind creating "Drupal at Your Fingertips," offering detailed insights into how he curated and organized the content to serve as a comprehensive reference for Drupal developers. This guide aims to serve as a streamlined resource that cuts through the clutter, providing precisely what developers need when they need it.

In a world where tech startups often chase rapid growth at the expense of culture and sustainability, Iztok Smolic offers a refreshing alternative. As the CEO and Managing Director of Agiledrop, he has cultivated a unique company culture that blends traditional values with modern technological practices. In this interview, Iztok sits down with Elma John, a former sub-editor of The DropTimes, to discuss the inspirations and challenges that shaped his career and company.

Drupal GovCon 2024 recently concluded, marking a significant event for the Drupal community. Kazima Abbas has compiled key lessons from Rod Martin and Bree Benesh on Site building and leadership, from a session presented at the event. Mike Gifford, has presented the results from analyzing Drupal's dominance and accessibility in government websites which he had generously shared with The DropTimes.

Lenny Moskalyk has released a progress report on the Starshot initiative for August 2024. The initiative, announced by Dries Buytaert, is advancing through various focused tracks, each dedicated to different components of the platform. 

Twin Cities Drupal Camp 2024 is just around the corner, taking place from September 12 to 13 in Minneapolis/St. Paul. With the event fast approaching, Drupal enthusiasts and web technology professionals are gearing up for two days of intensive learning and networking.

DrupalCon Singapore 2024 has announced a range of financial support options to make the event more accessible to the global Drupal community. DrupalSouth Melbourne 2025 is calling for volunteers to join its Event Committee, playing a crucial role in ensuring the successful execution of the conference.

In the news about DrupalCon Barcelona 2024, the event is set to feature keynotes by Dries Buytaert, Mónica Rikić, Theódór Ragnar Gíslason, and the Drupal Core Initiative Leads. DrupalCon also has a series of dynamic Contribution Events to bring together the global Drupal community to shape the platform's future. These events will run throughout the conference, culminating in a dedicated Contribution Day on Friday. DrupalCon Barcelona is also taking a stand against electronic waste by partnering with Trinijove, an organization dedicated to recycling and refurbishing old electronic devices. 

Centarro has announced the release of Drupal Commerce 2.40 introducing a range of enhancements and new features. GitLab CI templates will soon make Drupal 11 the default version for automated testing, marking a significant transition within the Drupal ecosystem. Fran Garcia-Linares outlined this plan on Drupal.org, noting that GitLab CI currently supports simultaneous testing for both versions, which has allowed module maintainers to prepare for Drupal 11 compatibility.

We acknowledge that there are more stories to share. However, due to selection constraints, we must pause further exploration for now.

To get timely updates, follow us on LinkedIn, Twitter and Facebook. You can also, join us on Drupal Slack at #thedroptimes.

Thank you, 
Sincerely 
Alka Elizabeth 
Sub-editor, The DropTimes.

Categories: FLOSS Project Planets

Open Source AI Definition – Weekly update September 2nd

Open Source Initiative - Mon, 2024-09-02 10:17
Share your thoughts about draft v0.0.9
  • @mkai added concerns about how OSI will address AI-generated content from both open and closed source models, given current legal rulings that such content cannot be copyrighted. He also suggests clarifying the difference between licenses for AI model parameters and the model itself within the Open Source AI Definition.
  • @shujisado added that while media coverage of the OSAID v0.0.9 release is encouraging, he is not supportive of the idea of an enforcement mechanism to flag false open source AI. He believes this approach differs from OSI’s traditional stance and suggests it may be a misunderstanding.
  • @jplorre added that while LINAGORA supports the proposed definition, they propose clarifying the term “equivalent system” to mean systems that produce the same outputs given identical inputs. They also suggest removing the specific reference to “tokenizers” in the definition, as it may not apply to all AI systems.
    • @shujisado agreed with the need for clarification on “equivalent system” but noted that identical outputs cannot always be guaranteed in general LLMs. He suggests that this clarification might be better suited for the checklist rather than the OSAID itself

Draft v.0.0.9 of the Open Source AI Definition is available for comments

  • @adafruit reconnects with @webmink and proposes updates to the Open Source AI Definition, including adding requirements for prompt transparency and data access during AI training. These updates aim to enhance the ability to audit, replicate, and modify AI models by providing detailed logs, documentation, and public access to prompts used during the training phase.
    • @webmink appreciates the proposal but points out that it seems specific to a single approach, suggesting that it may need broader applicability.
  • @thesteve0 criticizes the current definition, arguing that it does not grant true freedom to modify AI models because the weights, which are essential for using the model, cannot be reproduced without access to both the original data and code. He suggests that models sharing only their weights, especially when built on proprietary data, should be labeled as “open weights” rather than “open source.” He also expresses concern about the misuse of the “open source” label by some AI models, citing specific examples where the term is being abused.
Open-washing and unspoken assumptions of OSS
  • @pranesh added that it might be helpful to explicitly state that the governance of open-source AI is out of scope for OSAID, but also notes that neither the OSD nor the free software definition explicitly mention governance, so it may not be necessary.
  • @kjetilk added that while governance issues have traditionally been unspoken, this unspoken nature is a key problem that needs addressing. He suggests that OSI should explicitly declare governance out of scope to allow others to take on this responsibility.
  • @mjbommar added support for making an official statement that OSI does not intend to control governance, noting concerns that some might fear OSI is moving towards a walled governance approach. He references past regrets about not controlling the “open source” trademark as a means to combat open-washing.
  • @nick added assurance that OSI has no intention of creating a walled governance garden, reaffirming the organization’s long-standing position against such control.
  • @shujisado added that there seems to be a consensus within the OSAID process that governance is out of scope, and notes that related statements have already been moved to the FAQ section in recent versions.
Explaining the concept of Data information
  • @pranesh mentions that, from a legal perspective, the percentage of infringement matters, citing the “de minimis” doctrine and defenses like “fair use” that consider the amount and purpose of infringement. He emphasizes that copyright laws in different jurisdictions vary, and not all recognize the same defenses as in the US.
  • @mjbommar argues that the scale and nature of AI outputs make the “de minimis” defense irrelevant, especially when AI models generate significant amounts of copyrighted content. He stresses that the economic impact of AI-generated content is a key factor in determining whether it qualifies as transformative or infringes copyright.
  • @shujisado highlights that in Japan, using copyrighted works for AI training is generally treated as an exception under copyright law, a stance that is also being adopted by neighboring East Asian countries. He suggests that approaches like the EU Directive are unlikely to become mainstream in Asia.
  • @mjbommar acknowledges the global focus on US/EU laws but points out that many commonly used models are developed by Western organizations. He questions how Japan’s updated copyright laws align with international treaties like WCT/DMCA, expressing concern that they may allow practices that conflict with these agreements.
    • @shujisado responds by stating that Japan’s copyright laws, including Article 30-4, were carefully crafted to comply with international standards, such as the Berne Convention and the WIPO Copyright Treaty, ensuring that they meet the required legal frameworks.
Welcome diverse approaches to training data within a unified Open Source AI Definition
  • @arandal emphasizes the importance of the Open Source Definition (OSD) as a unifying framework that accommodates diverse approaches within the open-source community. She argues that AI models, being a combination of source code and training data, should have their diversity in handling data explicitly recognized in the Open Source AI Definition. She proposes specific text changes to the draft to clarify that while some developers may be comfortable with proprietary data, others may not, and both approaches should be supported to ensure the long-term success of open-source AI.
  • @mjbommar appreciates the spirit of Arandal’s proposal but adds that the OSI currently lacks specific licenses for data, which is why it is crucial for the OSI to collaborate with Creative Commons. Creative Commons maintains the ecosystem of “data licenses” that would be necessary under the proposed revisions to the Open Source AI Definition.
  • @arandal agrees with the need for collaboration with organizations like Creative Commons, noting that this coordination is already reflected in checklist v. 0.0.9. She suggests that such collaboration is necessary even without the proposed revisions to ensure the definition accurately addresses data licensing in AI.
  • @nick acknowledges the importance of working with organizations like Creative Commons and mentions that OSI is in ongoing communication with several relevant organizations, including MLCommons, the Open Future Foundation, and the Data and Trust Alliance. He highlights the recent publication of the Data Provenance Standards by the Data and Trust Alliance as an example of the kind of collaborative work that is being pursued.
  • @mjbommar reiterates the need for explicit coordination with Creative Commons, arguing that the OSI cannot realistically finalize the Open Source AI Definition without such collaboration. He also suggests that the OSI should explore AI preference signaling and work with Creative Commons and SPDX/LF to establish shared standards, which should be part of the OSAID standard’s roadmap.

Join this week’s town hall to hear the latest developments, give your comments and ask questions.

Register for the townall
Categories: FLOSS Research

Pages