Feeds

Haruna version 1.1.1 is out.

You can get it now on flathub:

Windows versions:

• haruna-1.1.1-windows-gcc-x86_64.exe
• haruna-1.1.1-windows-gcc-x86_64.7z
• haruna-1.1.1-windows-gcc-x86_64-dbg.7z

Availability of other package formats depends on your distro and the people who package Haruna.

If you like Haruna then support its development: GitHub Sponsors | Liberapay | PayPal

Feature requests and bugs should be posted on bugs.kde.org, but for bugs make sure to fill in the template and provide as much information as possible.

Changelog: 1.1.1

Bugfixes:

• Subtitles menu not including manually added subtitles
• Duration in the playlist being 0
• Preview popup being visible for audio files
• AB loop not resetting

1.1.0

Features:

• Setting to open playlist items with single click

Bugfixes:

• Video opening in a separate window when using mpv version 0.38.0
• Mute resetting when opening a new file
• Playing item in playlist is no longer bold, it made text hard to read under certain conditions

Why would you need a mobile app for your business? Here are the main advantages of mobile apps that can help you drive your business forward.

The Drupal community has introduced a survey for the IXP Fellowship Initiative, aiming to support inexperienced developers by defining core competencies. This initiative encourages companies to mentor new talent, bridging the gap between training and real-world projects.

The 13th edition of Drupal Camp Poland 2024 in Warsaw was a success, featuring learning, networking, and community spirit.

Sorry to annoy you, I would prefer not to deal with politics either, but considering that Mastodon recently lost its status as a nonprofit organisation in Germany without an explanation we cannot ignore that there very much is a direct impact of politics on what we do.

As someone who is collaborating with an international group of nice and smart people every day, it might not come as a surprise that I am opposed to all those parties that keep blaming migration and foreigners for every political failure. Let us try to support the innocent people who are being attacked by terrorist groups or nations. Way too many parties are hostile towards people who try to have a happy, honest life while ignoring or understating the importance of fair taxation and reducing greenhouse gas emissions.

You might say: “But all the parties are corrupt!” – Well, true. In every group there is a share of psychopaths. We even have some in KDE! (Surprisingly few though!) This should not deter you from contributing. Please be the change you want to see in the world and vote for the party that sucks the least! Or don't, it's your life and I am not your mom. Thanks for reading. :^)

I attended the school Yarra Valley Grammer (then Yarra Valley Anglican School which I will refer to as “YV”) and completed year 12 in 1990. The school is currently in the news for a spreadsheet some boys made rating girls where “unrapeable” was one of the ratings. The school’s PR team are now making claims like “Respect for each other is in the DNA of this school”. I’d like to know when this DNA change allegedly occurred because respect definitely wasn’t in the school DNA in 1990! Before I go any further I have to note that if the school threatens legal action against me for this post it will be clear evidence that they don’t believe in respect. The actions of that school have wronged me, several of my friends, many people who aren’t friends but who I wish they hadn’t had to suffer and I hadn’t had to witness it, and presumably countless others that I didn’t witness. If they have any decency they would not consider legal action but I have learned that as an institution they have no decency so I have to note that they should read the Wikipedia page about the Streisand Effect [1] and keep it in mind before deciding on a course of action.

I think it is possible to create a school where most kids enjoy being there and enjoy learning, where hardly any students find it a negative experience and almost no-one finds it traumatic. But it is not possible to do that with the way schools tend to be run.

When I was at high school there was a general culture that minor sex crimes committed by boys against boys weren’t a problem, this probably applied to all high schools. Things like ripping a boy’s pants off (known as “dakking”) were considered a big joke. If you accept that ripping the pants off an unwilling boy is a good thing (as was the case when I was at school) then that leads to thinking that describing girls as “unrapeable” is acceptable. The Wikipedia page for “Pantsing” [2] has a reference for this issue being raised as a serious problem by the British Secretary of State for Education and Skills Alan Johnson in 2007. So this has continued to be a widespread problem around the world. Has YV become better than other schools in dealing with it or is Dakking and Wedgies as well accepted now as it was when I attended? There is talk about schools preparing kids for the workforce, but grabbing someone’s underpants without consent will result in instant dismissal from almost all employment. There should be more tolerance for making mistakes at school than at work, but they shouldn’t tolerate what would be serious crimes in other contexts. For work environments there have been significant changes to what is accepted, so it doesn’t seem unreasonable to expect that schools can have a similar change in culture.

One would hope that spending 6 years wondering who’s going to grab your underpants next would teach boys the importance of consent and some sympathy for victims of other forms of sexual assault. But that doesn’t seem to happen, apparently it’s often the opposite.

When I was young Autism wasn’t diagnosed for anyone who was capable of having a normal life. Teachers noticed that I wasn’t like other kids, some were nice, but some encouraged other boys to attack me as a form of corporal punishment by proxy – not a punishment for doing anything wrong (detentions were adequate for that) but for being different. The lesson kids will take from that sort of thing is that if you are in a position of power you can mistreat other people and get away with it. There was a girl in my year level at YV who would probably be diagnosed as Autistic by today’s standards, the way I witnessed her being treated was considerably worse than what was described in the recent news reports – but it is quite likely that worse things have been done recently which haven’t made the news yet. If this issue is declared to be over after 4 boys were expelled then I’ll count that as evidence of a cover-up. These things don’t happen in a vacuum, there’s a culture that permits and encourages it.

The word “respect” has different meanings, it can mean “treat a superior as the master” or “treat someone as a human being”. The phrase “if you treat me with respect I’ll treat you with respect” usually means “if you treat me as the boss then I’ll treat you as a human being”. The distinction is very important when discussing respect in schools. If teachers are considered the ultimate bosses whose behaviour can never be questioned then many boys won’t need much help from Andrew Tate in developing the belief that they should be the boss of girls in the same way. Do any schools have a process for having students review teachers? Does YV have an ombudsman to take reports of misbehaving teachers in the way that corporations typically have an ombudsman to take reports about bad managers? Any time you have people whose behaviour is beyond scrutiny or oversight you will inevitably have bad people apply for jobs, then bad things will happen and it will create a culture of bad behaviour. If teachers can treat kids badly then kids will treat other kids badly, and this generally ends with girls being treated badly by boys.

My experience at YV was that kids barely had the status of people. It seemed that the school operated more as a caretaker of the property of parents than as an organisation that cares for people. The current YV website has a Whistleblower policy [3] that has only one occurrence of the word “student” and that is about issues that endanger the health or safety of students. Students are the people most vulnerable to reprisal for complaining and not being listed as an “eligible whistleblower” shows their status. The web site also has a flowchart for complaints and grievances [4] which doesn’t describe any policy for a complaint to be initiated by a student. One would hope that parents would advocate for their children but that often isn’t the case. When discussing the possibility of boys being bullied at school with parents I’ve had them say things like “my son wouldn’t be so weak that he would be bullied”, no boy will tell his parents about being bullied if that’s their attitude! I imagine that there are similar but different issues of parents victim-blaming when their daughter is bullied (presumably substituting immoral for weak) but don’t have direct knowledge of the topic. The experience of many kids is being disrespected by their parents, the school system, and often siblings too. A school can’t solve all the world’s problems but can ideally be a refuge for kids who have problems at home.

When I was at school the culture in the country and the school was homophobic. One teacher when discussing issues such as how students could tell him if they had psychological problems and no-one else to talk to said some things like “the Village People make really good music” which was the only time any teacher said anything like “It’s OK to be gay” (the Village People were the gayest pop group at the time). A lot of the bullying at school had a sexual component to it. In addition to the wedgies and dakking (which while not happening often was something you had to constantly be aware of) I routinely avoided PE classes where a shower was necessary because of a thug who hung around by the showers and looked hungrily at my penis, I don’t know if he had a particular liking to mine or if he stared at everyone that way. Flashing and perving was quite common in change rooms. Presumably as such boy-boy sexual misbehaviour was so accepted that led to boys mistreating girls.

I currently work for a company that is active in telling it’s employees about the possibility of free psychological assistance. Any employee can phone a psychologist to discuss problems (whether or not they are work related) free of charge and without their manager or colleagues knowing. The company is billed and is only given a breakdown of the number of people who used the service and roughly what the issue was (work stress, family, friends, grief, etc). When something noteworthy happens employees are given reminders about this such as “if you need help after seeing a homeless man try to steal a laptop from the office then feel free to call the assistance program”. Do schools offer something similar? With the school fees paid to a school like YV they should be able to afford plenty of psychologist time. Every day I was at YV I saw something considerably worse than laptop theft, most days something was done to me.

The problems with schools are part of larger problems with society. About half of the adults in Australia still support the Liberal party in spite of their support of Christian Porter, Cardinal Pell, and Bruce Lehrmann. It’s not logical to expect such parents to discourage their sons from mistreating girls or to encourage their daughters to complain when they are mistreated. The Anglican church has recently changed it’s policy to suggesting that victims of sexual abuse can contact the police instead of or in addition to the church, previously they had encouraged victims to only contact the church which facilitated cover-ups. One would hope that schools associated with the Anglican church have also changed their practices towards such things.

I approve of the “respect is in our DNA” concept, it’s like Google’s former slogan of “Don’t be evil” which is something that they can be bound to.

Here’s a list of questions that could be asked of schools (not just YV but all schools) by journalists when reporting on such things:

1. Do you have a policy of not trying to silence past students who have been treated badly?
2. Do you take all sexual assaults seriously including wedgies and dakking?
3. Do you take all violence at school seriously? Even if there’s no blood? Even if the victim says they don’t want to make an issue of it?
4. What are your procedures to deal with misbehaviour from teachers? Do the students all know how to file complaints? Do they know that they can file a complaint if they aren’t the victim?
5. Does the school have policies against homophobia and transphobia and are they enforced?
6. Does the school offer free psychological assistance to students and staff who need it? NB This only applies to private schools like YV that have huge amounts of money, public schools can’t afford that.
7. Are serious incidents investigated by people who are independent of the school and who don’t have a vested interest in keeping things quiet?
8. Do you encourage students to seek external help from organisations like the ones on the resources list of the Grace Tame Foundation [5]? Having your own list of recommended external organisations would be good too.

Counter Arguments

I’ve had practice debating such things, here’s some responses to common counter arguments.

• Teachers are nice people how dare you criticise them. Teachers like any other large group of people includes good and bad people. The issue is how well the good people are supported in doing good things, how much effort is spent on tracking down and removing the bad people, and how much effort is spent training people to be the best version of themselves. Also my father worked as a teacher so I really don’t think that all teachers are bad.
• Teachers are overworked and underpaid and you shouldn’t criticise them. When a school has 25 students in a class whose parents each pay $30,000 per annum the school can afford to pay as much as is necessary. Arguments about teachers being overworked and underpaid are a criticism of the organisation of private school and of government priorities for public schools not a counter argument to criticisms of the way schools operate.
• When I went to school no bad things happened. Did you go to YV? If not then your experience isn’t relevant to this post.
• I was a prefect at YV and didn’t see any bad things, if you saw bad things you should have reported it to me. I was not aware of any prefect who had a history of opposing bullying in previous years, I can think of some who had a history of encouraging it. Prefects were selected on the basis of supporting the system so anyone who would be expected to try to change things would have been rejected.
• Children will make false and frivolous claims so we should ignore most of what they say, therefore complaints should only come from parents. Children have considerably less ability to lie than adults and the senior teachers are much better at detecting lies than most people. Sorting out accurate claims from false ones shouldn’t be difficult but if you reject all criticism as false claims then you will definitely miss reports of bad things and allow problems to continue.
• I had a hard time at school and I turned out fine. If having bad things done to you doesn’t make you want to protect others from the same things then you didn’t turn out fine at all.
• Kids need to toughen up to survive the real world. The “real world” that I live in doesn’t involve much violence at all, even having someone raise their voice at work is uncommon. Of the situations where being “tough” due to my experience at YV has been useful almost all of them involve me choosing to help someone I don’t know in a dangerous situation while other men pretend that they didn’t even notice it. The real solution is to create a world with less violence and a large part of that involves improving schools.

Conclusion

I don’t think that YV is necessarily worse than other schools, although I’m sure that representatives of other private schools are now working to assure parents of students and prospective students that they are.

I don’t think that all the people who were employed as teachers there when I attended were bad people, some of them were nice people who were competent teachers. But a few good people can’t turn around a bad system. I will note that when I attended all the sports teachers were decent people, it was the only department I could say such things about. But sports involves situations that can lead to a bad result, issues started at other times and places can lead to violence or harassment in PE classes regardless of how good the teachers are.

Teachers who know that there are problems need to be able to raise issues with the administration. When a teacher quits teaching to join the clergy and another teacher describes it as “a loss for the clergy but a gain for YV” it raises the question of why the bad teacher in question couldn’t have been encouraged to leave earlier.

A significant portion of the population will do whatever is permitted. If you say “no teacher would ever bully a student so we don’t need to look out for that” then some teacher will do exactly that.

I hope that this will lead to changes both in YV and in other schools. But if they declare this issue as resolved after expelling 4 students then something similar or worse will happen again. At least now students know that when this sort of thing happens they can send evidence to journalists to get some action.

• [1] https://en.wikipedia.org/wiki/Streisand_effect
• [2] https://en.wikipedia.org/wiki/Pantsing
• [3] https://www.yvg.vic.edu.au/siteassets/Whistleblower-Policy-FINAL.pdf
• [4] https://tinyurl.com/254crjqr
• [5] https://www.thegracetamefoundation.org.au/resources

Related posts:

1. Keating College Some time ago I spoke to Craig Keating about his...
2. Preventing Children from Accessing Porn The following was written by Stefano Cosentino in regard to...
3. Porn For Children James Purser writes about the current plans for Internet filtering...

Drupal Starshot: A New Challenge for Developers kanapatrick Mon, 05/20/2024 - 11:12

The world of web development is constantly evolving, and content platforms like Drupal are at the heart of this transformation. Drupal Starshot, a new initiative by Dries Buytaert, the creator of Drupal, aims to revolutionize the way developers create and manage their websites.

For a while I’d wished there was an easy way to get notified when my favourite open-source packages release a new version. I’d often see something on social media, but that tended to only be for the larger packages – and I wanted to keep up with the smaller ones too.

When I actually bothered to put five minutes of work into finding out if this was possible, I found it was pretty easy. So, here’s how to do it:

1. Go to the Github repository page for the package you’re interested in.

2. Click the down arrow next to the ‘Watch’ badge at the top right of the header:

3. Click ‘Custom’ and then tick ‘Releases’ and click ‘Apply’:

And that’s it! Now you’ll get a notification email when a new release is created on Github. Of course, this relies on the specific project using Github Releases, which not all open-source projects do, but a fairly high proportion of them seem to. After doing this you’ll get an email when there is a new release, with the details of the release and links to see it on Github. An example email for the stac-fastapi repository is below:

Update: Peter in the comments informed me that you can also get an Atom feed for use in your RSS reader by going to https://github.com/{owner}/{repo}/releases.atom. For example, this link for my Py6S package

De 27 a 30 de abril de 2024 foi realizada a MiniDebConf Belo Horizonte 2024 no Campus Pampulha da UFMG - Universidade Federal de Minas Gerais, em Belo Horizonte - MG.

Esta foi a quinta vez que uma MiniDebConf (como um evento presencial exclusivo sobre Debian) aconteceu no Brasil. As edições anteriores foram em Curitiba (2016, 2017, e 2018), e em Brasília 2023. Tivemos outras edições de MiniDebConfs realizadas dentro de eventos de Software Livre como o FISL e a Latinoware, e outros eventos online. Veja o nosso histórico de eventos.

Paralelamente à MiniDebConf, no dia 27 (sábado) aconteceu o FLISOL - Festival Latino-americano de Instalação de Software Livre, maior evento da América Latina de divulgação de Software Livre realizado desde o ano de 2005 simultaneamente em várias cidades.

A MiniDebConf Belo Horizonte 2024 foi um sucesso (assim como as edições anteriores) graças à participação de todos(as), independentemente do nível de conhecimento sobre o Debian. Valorizamos a presença tanto dos(as) usuários(as) iniciantes que estão se familiarizando com o sistema quanto dos(as) desenvolvedores(as) oficiais do projeto. O espírito de acolhimento e colaboração esteve presente em todos os momentos.

Números da edição 2024

Durante os quatro dias de evento aconteceram diversas atividades para todos os níveis de usuários(as) e colaboradores(as) do projeto Debian. A programação oficial foi composta de:

• 06 salas em paralelo no sábado;
• 02 auditórios em paralelo na segunda e terça-feira;
• 30 palestras/BoFs de todos os níveis;
• 05 oficinas para atividades do tipo mão na massa;
• 09 lightning talks sobre temas diversos;
• 01 performance Live Eletronics com Software Livre;
• Install fest para instalar Debian nos notebook dos(as) participantes;
• BSP (Bug Squashing Party - Festa de Caça à Bugs);
• Uploads de pacotes novos ou atualizados.

Os números finais da MiniDebConf Belo Horizonte 2024 mostram que tivemos um recorde de participantes.

• Total de pessoas inscritas: 399
• Total de pessoas presentes: 224

Dos 224 participantes, 15 eram contribuidores(as) oficiais brasileiros sendo 10 DDs (Debian Developers) e 05 (Debian Maintainers), além de diversos(as) contribuidores(as) não oficiais.

A organização foi realizada por 14 pessoas que começaram a trabalhar ainda no final de 2023, entre elas o Loïc Cerf do Departamento de Computação que viabilizou o evento na UFMG, e 37 voluntários(as) que ajudaram durante o evento.

Como a MiniDebConf foi realizado nas instalações da UFMG, tivemos a ajuda de mais de 10 funcionários da Universidade.

Veja a lista com os nomes das pessoas que ajudaram de alguma forma na realização da MiniDebConf Belo Horizonte 2024.

A diferença entre o número de pessoas inscritas e o número de pessoas presentes provavelmente se explica pelo fato de não haver cobrança de inscrição, então se a pessoa desistir de ir ao evento ela não terá prejuízo financeiro.

A edição 2024 da MiniDebconf Belo Horizonte foi realmente grandiosa e mostra o resultado dos constantes esforços realizados ao longo dos últimos anos para atrair mais colaboradores(as) para a comunidade Debian no Brasil. A cada edição os números só aumentam, com mais participantes, mais atividades, mais salas, e mais patrocinadores/apoiadores.

Atividades

A programação da MiniDebConf foi intensa e diversificada. Nos dias 27, 29 e 30 (sábado, segunda e terça-feira) tivemos palestras, debates, oficinas e muitas atividades práticas.

Já no dia 28 (domingo), ocorreu o Day Trip, um dia dedicado a passeios pela cidade. Pela manhã saímos do hotel e fomos, em um ônibus fretado, para o Mercado Central de Belo Horizonte. O pessoal aproveitou para comprar várias coisas como queijos, doces, cachaças e lembrancinhas, além de experimentar algumas comidas locais.

Depois de 2 horas de passeio pelo Mercado, voltamos para o ônibus e pegamos a estrada para almoçarmos em um restaurante de comida típica mineira.

Com todos bem alimentados, voltamos para Belo Horizonte para visitarmos o principal ponto turístico da cidade: a Lagoa da Pampulha e a Capela São Francisco de Assis, mais conhecida como Igrejinha da Pampulha.

Voltamos para o hotel e o dia terminou no hacker space que montamos na sala de eventos para o pessoal conversar, empacotar, e comer umas pizzas.

Financiamento coletivo

Pela terceira vez fizemos uma campanha de financiamento coletivo e foi incrível como as pessoas contribuíram! A meta inicial era arrecadar o valor equivalente a uma cota ouro de R$ 3.000,00. Ao atingirmos essa meta, definimos uma nova, equivalente a uma cota ouro + uma cota prata (R$ 5.000,00). E novamente atingimos essa meta. Então propusermos como meta final o valor de uma cota ouro + prata + bronze, que seria equivalente a R$ 6.000,00. O resultado foi que arrecadamos R$ 6.706,79 com a ajuda de mais de 100 pessoas!

Muito obrigado as pessoas que contribuíram com qualquer valor. Como forma de agradecimento, listamos os nomes das pessoas que doaram.

Bolsas de alimentação, hospedagem e/ou passagens para participantes

Cada edição da MiniDebConf trouxe alguma inovação, ou algum benefício diferente para os(a) participantes. Na edição deste ano em Belo Horizonte, assim como acontece nas DebConfs, oferecemos bolsas de alimentação, hospedagem e/ou passagens para ajudar aquelas pessoas que gostariam de vir para o evento mas que precisariam de algum tipo de ajuda.

No formulário de inscrição, colocamos a opção para a pessoa solicitar bolsa de alimentação, hospedagem e/ou passagens, mas para isso, ela deveria se identificar como contribuidor(a) (oficial ou não oficial) do Debian e escrever uma justificativa para o pedido.

Número de pessoas beneficiadas:

• Alimentação: 69
• Hospedagem: 20
• Passagens: 18

A bolsa de alimentação forneceu almoço e jantar todos os dias. Os almoços incluíram pessoas que moram em Belo Horizonte e região. Já o jantares foram pagos para os(as) participantes que também receberam a bolsa de hospedagem e/ou passagens. A hospedagem foi realizada no Hotel BH Jaraguá. E as passagens incluíram de avião ou de ônibus, ou combustível (para quem veio de carro ou moto).

Boa parte do dinheiro para custear as bolsas vieram do Projeto Debian, principalmente para as passagens. Enviamos um orçamento o então líder do Debian Jonathan Carter, e ele prontamente aprovou o nosso pedido.

Além deste orçamento do evento, o líder também aprovou os pedidos individuais enviados por alguns DDs que preferiram solicitar diretamente para ele.

A experiência de oferecer as bolsas foi realmente muito boa porque permitiu a vinda de várias pessoas de outras cidades.

Fotos e vídeos

Você pode assistir as gravações das palestras nos links abaixo:

• Youtube
• Peertube
• video.debian.net

E ver as fotos feitas por vários(as) colaboradores(as) nos links abaixo:

• Google photos
• Nextcloud

Agradecimentos

Gostaríamos de agradecer a todos(as) os(as) participantes, organizadores(as), voluntários(as), patrocinadores(as) e apoiadores(as) que contribuíram para o sucesso da MiniDebConf Belo Horizonte 2024.

Patrocinadores

Ouro:

• Collabora

Prata:

• Jedai.ai
• Toradex Brasil
• Globo.com
• Policorp Tecnologia

Bronze:

• BRDSoft - Tecnologias para TI e Telecomunicações
• EITA - Cooperativa de Trabalho Educação, Informação e Tecnologia para Autogestão

Apoiadores

• ICTL - Instituto para Conservação de Tecnologias Livres
• Nazinha Alimentos
• DACOMPSI

Organização

• Projeto Debian
• Comunidade Debian Brasil
• Comunidade Debian MG
• DCC/UFMG - Departamento de Ciência da Computação da Universidade Federal de Minas Gerais

SSH commands as API microservices 2024-05-20, by Dariusz Suchojad

This is a quick guide on how to turn SSH commands into a REST API service. The use-case may be remote administration of devices or equipment that does not offer a REST interface or making sure that access to SSH commands is restricted to selected external REST-based API clients only.

Python

The first thing needed is code of the service that will connect to SSH servers. Below is a service doing just that - it receives name of the command to execute and host to run in on, translating stdout and stderr of SSH commands into response documents which Zato in turn serializes to JSON.

# -*- coding: utf-8 -*- # stdlib from traceback import format_exc # Zato from zato.server.service import Service class SSHInvoker(Service): """ Accepts an SSH command to run on a remote host and returns its output to caller. """ # A list of elements that we expect on input input = 'host', 'command' # A list of elements that our responses will contain output = 'is_ok', 'cid', '-stdout', '-stderr' def handle(self): # Local aliases host = self.request.input.host command = self.request.input.command # Correlation ID is always returned self.response.payload.cid = self.cid try: # Build the full command full_command = f'ssh {host} {command}' # Run the command and collect output output = self.commands.invoke(full_command) # Assign both stdout and stderr to response self.response.payload.stdout = output.stdout self.response.payload.stderr = output.stderr except Exception: # Catch any exception and log it self.logger.warn('Exception caught (%s), e:`%s', self.cid, format_exc()) # Indicate an error self.response.payload.is_ok = False else: # Everything went fine self.response.payload.is_ok = True Dashboard

In the Zato Dashboard, let's go ahead and create an HTTP Basic Auth definition that a remote API client will authenticate against:

Now, the SSH service can be mounted on a newly created REST channel - note the security definition used and that data format is set to JSON. We can skip all the other details such as caching or rate limiting, for illustration purposes, this is not needed.

Usage

At this point, everything is ready to use. We could make it accessible to external API clients but, for testing purposes, let's simply invoke our SSH API gateway service from the command line:

$ curl "api:password@localhost:11223/api/ssh" -d \ '{"host":"localhost", "command":"uptime"}' { "is_ok": true, "cid": "27406f29c66c2ab6296bc0c0", "stdout": " 09:45:42 up 37 min, 1 user, load average: 0.14, 0.27, 0.18\n"} $ Note that, at this stage, the service should be used in trusted environments only, e.g. it will run any command that it is given on input which means that in the next iteration it could be changed to only allow commands from an allow-list, rejecting anything that is not recognized.

And this completes it - the service is deployed and made accessible via a REST channel that can be invoked using JSON. Any command can be sent to any host and their output will be returned to API callers in JSON responses.

Next steps

• Read more about using Python in API integrations
• Start the tutorial which will guide you how to design and build Python API services for automation and integrations

More blog posts➤

A few weeks ago (Time flies!) I attended the KDE Goals Sprint in Berlin. I didn't have concrete plans, but I intended to look into accessibility. Quite some time ago I had improved the accessibility of Kleopatra and at Akademy 2023 in Thessaloniki I gave a talk about it. Back then I had taken the easy route fixing everything directly in Kleopatra and working around several issues in Qt instead of fixing the issues in Qt itself so that all apps could profit. Time to do something about it.

(In-)Accessible icon-only buttons

A common problem for accessibility is icon-only buttons. If a button doesn't have text then screen readers can only tell their user that there's a button. That's not very helpful. Sometimes the developers have at least assigned a tool tip to the button. This can be read out by the screen readers (Qt provides the tool tip as accessible description of the button.), but it's often too verbose. To make a button without text accessible the developer has to set the accessible name property of the widget or, in case of a Qt Quick app, the name property of the Accessible QML Type. Unfortunately, that's often forgotten if the UI isn't designed with accessibility in mind.

At the sprint I discussed several ideas with other participants to help developers remember to set the accessible name:

• A helper class to instantiate in your app which inspects the app's windows and prints a report at the end with all inaccessible icon-only buttons it has found. A bit like Qt's QAbstractItemModelTester or the different compiler sanitizers. I implemented a prototype of such a class, but didn't pursue this further. The downside of this approach is that the developer needs to open each window of the app to find all inaccessible buttons. If they are already aware of the problem then it's probably easier to search the code.
• Instead of using a helper class to inspect the widget tree from the inside one could inspect the accessibility tree of the app from the outside. This could be built into our Appium-driven UI test framework so that developers don't have to do anything special. Except that they need to write UI tests that open each and every window of their app. I think it's still worth to look into this.
• Last but not least, we pondered writing a clazy test. Thinking about the many different ways a text can be set on a button (e.g. with KGuiItem::assign) we doubted that it would be feasible to write such a test.

In the end the easiest approach could be education. If the developers are aware of the problem then there's a good chance that they remember to set an accessible name the next time they add an icon-only button to their app.

Accessible date/time inputs

Volker, Carl, David, Harald and me discussed and explored some ideas to make the date and time inputs in Qt Quick apps like Itinerary accessible. In Kleopatra I resorted to allow the user to enter the date in a simple text input instead of trying to make the complex UI of KDE's date picker accessible. Read Volker's blog and David's blog to find out which solutions they found for Qt Quick apps.

A small automation interlude

One advantage of sitting with other people in the same room is that you may overhear them talking about a mistake (e.g. a faulty commit) and you know exactly how to prevent this kind of mistake in the future. In this case the problem was a missing quote character in some YAML file. And the preventive measure was adding a YAML linter CI job. While I was at it I removed some unnecessary code from the CI job and added the job to a second repository.

List views with underlying multi-column model

In several widgets that show or use a simple list of items Qt allows using a model with multiple columns, e.g. QListView, QComboBox, QCompleter. In general this works well except that Qt has a long-standing bug: When navigating through the list screen readers read the entries of the underlying model column by column instead of reading only the entries in the selected model column (QTBUG-33786). In Kleopatra I worked around this bug with a proxy model which pretended that the model only had one column.

During the sprint I finally sat down and prepared a fix for Qt. For better readability I split my changes in five separate commits which resulted in five separate patches for Qt: 556857, 556858, 556859, 556860, 556861. Being used to multi-commit MRs in GitLab I wondered if I had done something wrong when I submitted my changes, but apparently that's Gerrit's way of handling patch reviews. The first two commits are code clean-ups, the third commit changes one aspect of the accessibility test for list views, the fourth commit is the actual fix, and the fifth commit adds a few more unit tests I find useful. The first three commits have been merged, but the actual fix is still waiting for a review.

After that I looked into the problem that QListView emitted an accessibility focus event when the current item changed even if the list view didn't have focus. I found out that this had been fixed recently by a fellow Qt contributor who ran into the same problem independently of me. This meant that I could remove the workaround in Kleopatra for new enough Qt.

Thanks to MBition for hosting us and to Aleix for making sure we don't starve. And many thanks to those donating to KDE which makes these sprints possible.

Links and References For My PyCon US Keynote

It’s another year, and that means it’s time for another PyCon US. This event offers an opportunity to bring together a vibrant and diverse community of engineers, data scientists, researchers, students, and enthusiasts who use the Python programming language for work and for fun.

It also presents a unique opportunity to highlight entrepreneurs building the future of the Python ecosystem. 2024 marks the thirteenth year that PyCon US has invited early-stage companies to present their ventures on Startup Row. Tools and platforms like Pandas, Plotly, and more—now fixtures of the Python software ecosystem—were built by companies that were featured on Startup Row. And with each new year there’s an opportunity to catch a glimpse of what’s next.

PyCon US organizers and the Python Software Foundation are thrilled to welcome seven companies to Startup Row at PyCon US 2024.The Startup Row Lineup at PyCon US 2024DAGWorks

Alexander Hamilton and Aaron Burr might’ve been historic rivals, but the two open-source Python libraries named after them—Hamilton and Burr—work together quite nicely. The company behind Hamilton and Burr, DAGWorks, was founded with the goal of standardizing the way developers build data, LLM, and RAG pipelines, as well as managing and observing application state; both libraries also come with optional self-hosted UIs. Hamilton is the older of the two projects and is used in production by many companies, from banks to startups, to government departments, through to enterprise conglomerates. DAGWorks is based in the San Francisco Bay Area and was founded by Hamilton and Burr co-creators Stefan Krawczyk and Elijah ben Izzy, who previously worked together at Stitch Fix where they built the styling service’s MLOps stack. DAGWorks participated in Y Combinator’s Winter 2023 accelerator batch.

Dispatch

Building and maintaining distributed systems is a complex and often frustrating exercise. A given function might go rogue, either firing too frequently or silently failing to execute when needed. Dispatch is a startup aiming to make building reliable distributed systems a breeze. Its platform offers developers the ability to make any async function resumable by simply wrapping it with a @dispatch.function decorator, enabling durable workflows and robust error handling. Quoting a customer, ““I love the API design, just tuck in a decorator and you’re done, almost feels like cheating!” The company was founded by engineers with experience building high-scale distributed systems at companies like Meta, Segment, and Twilio, among others.

dltHub

Dealing with data can be a chore for developers. One has to actually get the data, clean it up, and that data has to get loaded somewhere for it to be useful. At least for that last step, there’s dlt (a.k.a. data load tool), an open source Python library that takes the hassle out of shepherding data from one place to another. The library features out of the box integrations for dozens of verified data sources and destinations, making it easy to fetch data from places like Facebook Ads, Pandas dataframes, or even Chess.com and then load data into destinations ranging from Databricks and Snowflake to Postgres and DuckDB. dltHub, the company behind the popular dlt library, is based in Berlin and New York City. “Today it is easier to pip install dlt and write a custom source in Python than to setup and configure a traditional ETL platform,” said CEO and co-founder Matthaus Krzykowski. The startup is backed by Dig Ventures and technical founders from companies like Huggingface, Miro, Matillion, and others.

Exaloop

What gets called “big” data is constantly shifting. Not too long ago, anything over a handful of gigabytes was pretty big. Now, working datasets can be several orders of magnitude larger, which presents a challenge for data scientists and developers who just want to write Python. Enter Exaloop. The MIT spinout company’s platform enables data scientists and engineers to write and run Python workflows that execute extremely fast (10x-100x faster than vanilla Python), even when dealing with truly massive data. The secret sauce: Codon, a high-performance Python compiler that uses LLVM. Codon has garnered a fair bit of attention from the developer community, racking up nearly 14,000 stars on Github. The company is planning to release a new entirely cloud-based platform, enabling users to leverage Exaloop’s tech and performance benefits conveniently within a browser window.

Pandas AI

Data analysis packages like Pandas are, to most users, pretty intuitive. Someone with a bit of Python knowledge can get the hang of these tools pretty quickly. But not everyone knows Python, and many others find the prospect of writing code intimidating. For those who prefer to ask questions rather than write complex queries, there’s PandasAI. PandasAI allows users to connect to a database or import a CSV, making data interaction conversational. “We want to make it easy for anyone, in any company, to be able to derive valuable insights from data. That shouldn’t be limited to a small team of engineers and analysts,” said PandasAI founder and CEO Gabriele Venturi. Users can write queries in natural language (e.g. “In my database of ecommerce transactions, which customer Id appears most often?”) and even command PandasAI to plot out the data they’re analyzing. The library is compatible with several LLM providers and model variants, reducing the risk of model lock-in. PandasAI is open source and has over 11,000 stars on Github. The company participated in Y Combinator’s Winter 2024 batch.

Pixee

When it comes to application security, many developers wish for the equivalent of magical fairy dust they can sprinkle on their codebase to fix bugs and vulnerabilities. Pixee is about as close as developers can get to that magical fairy dust. The D.C. metro area-based security startup is the maker of Pixeebot, a virtual security engineer that automatically triages and fixes potential security issues before they can be exploited in production. The bot is built on Codemodder, an open source framework created and maintained by Pixee, that can find and fix issues in Python and Java. Pixee intends to extend language support to JavaScript, and Node.js in the near future'

Trellis

There’s nothing better than clean, well-structured data. It’s easy to query, easy to work with, and easy to add value to any enterprise or personal use case. The problem is that data rarely comes so neatly packaged. Trellis helps developers ingest and extract insights from unstructured data sources like sales calls, regulatory filings, business contracts, large-scale web scrapes, and more. Trellis users can define their data schema in natural language, which is transformed into a structured SQL format that can integrate with hundreds of data sources and LLM-augmented workflows. The company is based in San Francisco and participated in Y Combinator’s Winter 2024 accelerator batch.

A Quick Look Back at 2023’s Startup Row Alumni

Startup founders make no small plans. Startups are inherently risky and not all are destined for greatness, but the 2023 batch of Startup Row companies seems to be on the path to success.

• 🦄 Imbue, a generative AI company developing agentic models that can reason and code, raised $200M+ in Series B funding at a $1B+ valuation. Investors in that deal include NVIDIA, Astera Institute, Notion co-founder Simon Last, and former Cruise CEO Kyle Vogt, among others. The company was formerly known as Generally Intelligent.
• Neptyne continued expanding its Python-included spreadsheet tools and launched a Google Sheets extension that brings real, live Python to Google’s spreadsheet software. Neptyne also launched API integrations, giving its users credits to call OpenAI, Bing web search, web page rendering through PhantomJsCloud, Google’s geocoder, and financial information within their spreadsheet environments.
• Nixtla released TimeGPT (ArXiv). Considering the company’s whole raison d'être is building time series data modeling and projection tools, this seems like a great use of transformer models’ next-token prediction capabilities. Nixtla’s open source tools continue to gain popularity.
• ❄️ Ponder Data, maker and maintainer of Modin, was acquired by Snowflake to expand the Python capabilities of its data cloud platform. Modin is used by hundreds of thousands of users and serves as a drop-in replacement for the ever popular Pandas library.
• Predibase. A month or so after PyCon 2023, the company announced that it had raised another $12.2 million from Felicis Ventures to bring total Series A funding up to $28M. In November the company released its LoRA Exchange (LoRAX) framework to the open source community under an Apache 2.0 license. According to Predibase’s announcement, “[the framework] makes it possible to serve hundreds of fine-tuned LLMs at the cost of one GPU with minimal degradation in throughput and latency.” In February the company launched LoRA Land, an LLM playground featuring 25 fine-tuned open source LLMs that “rival or outperform GPT-4” on specific tasks.
• Reflex is the new name of the company formerly known as Pynecone, and its open-source web application framework is garnering more attention than ever. Back in August the YC alumni company announced that it raised $5M in seed funding led by Lux Capital to continue building out its platform and develop and launch a revenue-generating hosting service for Reflex apps. The company’s open source framework has over 17,000 stars on Github.
• Wherobots, a geospatial data platform founded by the creators of Apache Sedona, announced $5.5 million in seed funding to build out its enterprise platform. Apache Sedona has been downloaded over 20 million times and is among the top one percent of most-downloaded packages on PyPI.

Needless to say, we’re pleased to be at least a small part of these companies’ ongoing success.

Thank You’s & AcknowledgementsStartup Row is made possible by the trust, logistical support, and tireless efforts of countless folks.
A heartfelt thanks goes out to the organizers and volunteers who work diligently to ensure PyCon US is a positive and engaging event, both in-person and virtually.
We also extend our gratitude to the many entrepreneurs who, despite their undoubtedly busy schedules, applied to Startup Row. Your time and attention are valuable, and we appreciate the thought you put into your applications.
A special thanks goes to the selection committee. Scoring such a competitive applicant pool is a significant commitment, and their time and expertise is greatly appreciated.
Lastly, our deepest thanks to the 7 companies that traveled to Pittsburgh to share their innovations with over 2,700 PyCon US attendees. Thank you all once again.

This is a brief overview of the project that I will be doing this summer as part of Google Summer of Code. As the title of this post says, I will create Python bindings for KDE Frameworks. There are more than 70 libraries, so the aim is to add support for three of them: KWidgetsAddons, KCoreAddons and KI18n. As predicting how much time we’ll need for each one is a little bit complex, I might end adding support to other libraries if the time allows.

Sunday, 19 May 2024

KDE today announces the release of KDE Frameworks 5.116.0.

KDE Frameworks are 83 addon libraries to Qt which provide a wide variety of commonly needed functionality in mature, peer reviewed and well tested libraries with friendly licensing terms. For an introduction see the KDE Frameworks release announcement.

This release is part of a series of planned monthly releases making improvements available to developers in a quick and predictable manner.

New in this version Breeze Icons

• Add audio/ogg and audio/x-vorbis+ogg icons
• Add audio/vnd.wave MIME type

Extra CMake Modules

• ECMAddQch: drop trying to set IMPORTED on targets with installed config
• Remove extraneous docs-build CI job that is no longer needed following the switch of api.kde.org to Gitlab CI

KActivitiesStats

• resultset: fix agent escape string

KCalendarCore

• Fix Calendar::updateNotebook event visibility updates

KContacts

• Restore country detection tests on FreeBSD
• Disable FreeBSD tests that recently started to fail in the CI

KDED

• Wait until kconf_update finished

KFileMetaData

• fix handling of attribute namespacing

KI18n

• KF5I18nMacros.cmake.in - don't look for python[2,3] on Windows
• KCountrySubdivision: unbreak support of iso-codes >= 4.16

KImageFormats

• TGA: added options support (bug 479612)
• More header checks (CCBUG: 479612) (bug 479612))

KIO

• Strip trailing slash in iconForStandardPath

KItemModels

• Trivial fix for crash in buddy() when sourceModel isn't set yet

KPackage Framework

• testpackage: Add a website so that the tests succeed

KRunner

• Add default arg to AbstractRunner QVariantList constructor

KService

• Fix warning: mimeType "x-scheme-handler/file" not found (bug 442721)

QQC2StyleBridge

• Localization support

Syntax Highlighting

• fix refs
• use (?:sub){0,2} to work with all pcre versions

Security information

The released code has been GPG-signed using the following key: pub rsa2048/58D0EE648A48B3BB 2016-09-05 David Faure faure@kde.org Primary key fingerprint: 53E6 B47B 45CE A3E0 D5B7 4577 58D0 EE64 8A48 B3BB

I don't like slow software. So I use profilers to make software faster. What I like even less, is slow profilers! And perf is sometimes slow for completely unavoidable reasons; to resolve source line information (needed primarily for figuring out inlining, at least in the default settings), you need to go ask libbfd. But libbfd comes from binutils, and binutils is GPLv3. And perf is part of the Linux kernel, which famously is GPLv2. So if you build perf against libbfd, the result is… nondistributable. Distros cannot ship them. Not Spiderman pointing at Spiderman, but Stallman pointing at Stallman. perf has to resort to calling out to addr2line over a pipe, which sometimes works well and sometimes… well, not. A couple of years ago, I suggested an improvement here that got me a small amount of attention, but it still isn't a really reliable way to do things.

But over the last 20 years, some other group has been busy making compilers and linkers and disassemblers and low-level binary stuff. And they were pretty careful to make their stuff GPLv2-compatible. So I give you… perf using libllvm for source line lookup (and disassembling).

Hoping for a constructive review process and that I can reach the 6.11 merge window :-)

New Addition to Education Case Studies - Italy

All Italian-Language Schools in South Tyrol Migrated to Free Software

I released a new Swift library, DotEnvy. It's a parser and loader for dotenv files.

Dotenv is a vaguely specified format that is supported by libraries found for most languages used in server-side development. The idea is that a twelve-factor app is supposed to read its configuration from environment variables, which can be a hassle to maintain during development. So you store them in a non-version controlled file called .env your application reads upon startup.

The format looks more or less like this:

KEY1=VALUE1 KEY2="VALUE2" KEY3="MULTILINE VALUE" KEY4='REFERENCE TO ${KEY3}'

The Swift libraries I could find seemed to lack features and had not seen updates in years. I don't think a library like this needs a huge number of features, but multiline strings and variable references were something I wanted. And writing parsers is fun.

DotEnvy has good test coverage and online documentation. There's also pretty good error reporting.

There's also a command line tool that allows you to syntax check a dotenv file or convert it to JSON. I was going add a launcher (i.e. run dotenv-tool launch sh and it'd export the environment from .env and run sh), but discovered that pseudo terminals are a pain and my Stevens has gone missing. Patches are welcome.

I accidentally used the same name as a Rust dotenv library, but I decided there's enough namespacing provided by the language support that the risk of confusion isn't too great.

fzf is one of my favorite shell tools. I have a ton of scripts where I use it for selection. Here's one for searching git history. git log -Gpattern allows you to search for commits that contain pattern in the patch text. Combine it with fzf and you get a pretty decent history search tool.

I have this saved as ~/bin/git-search-log, so I can invoke it as git search-log pattern or git search-log pattern branch:

#!/bin/bash set -euo pipefail # Ensure compatibility with fish etc by ensuring fzf uses bash for the preview command export SHELL=/bin/bash git log -G$@ --oneline | fzf \ --preview-window=bottom,80% \ --preview "echo {} | sed 's/ .*//g' | xargs git show --color" \ --bind 'enter:execute(commit=$(echo {} | sed "s/ .*//g") && git diff-tree --no-commit-id --name-only $commit -r | fzf --preview-window=bottom,80% --preview "git show --color $commit -- $(git rev-parse --show-toplevel)/\{}")'

When you run it you get an selection of matching commits, one per line, with a preview window showing the patch. If you hit enter on a commit, you get another fzf screen, this time allowing you to select files modified in that commit. Hit enter again and you're back in the first one.

In Python, "change" can mean two different things. Assignment changes which object a variable points to. Mutation, changes the object itself.

Table of contents

1. Remember: variables are pointers
2. Mutating a list
3. Mutation
4. Assignment
5. Assignments versus mutations
6. Changing variables and changing objects

Remember: variables are pointers

When talking about Python code, if I say we changed X, there are two different things that I might mean.

Let's say we have two variables that point to the same value:

>>> a = [2, 1, 3, 4] >>> b = a

Remember that variables in Python are pointers. That means that two variables can point to the same object. That's actually what we've done here.

Let's change the object that the variable b points to.

Mutating a list

If we append a number …

Read the full article: https://www.pythonmorsels.com/assignment-versus-mutation/