FLOSS Project Planets

In programming, the term constant refers to names representing values that don’t change during a program’s execution. Constants are a fundamental concept in programming, and Python developers use them in many cases. However, Python doesn’t have a dedicated syntax for defining constants. In practice, Python constants are just variables that never change.

To prevent programmers from reassigning a name that’s supposed to hold a constant, the Python community has adopted a naming convention: use uppercase letters. For every Pythonista, it’s essential to know what constants are, as well as why and when to use them.

In this video course, you’ll learn how to:

• Properly define constants in Python
• Identify some built-in constants
• Use constants to improve your code’s readability, reusability, and maintainability
• Apply different approaches to organize and manage constants in a project
• Use several techniques to make constants strictly constant in Python

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

A comprehensive analysis by The DropTimes (TDT) examines CMS usage across 8,134 non-profit and charity organizations in the United States. The findings highlight a dominant preference for Free and Open Source Software (FOSS) solutions, with WordPress being the most widely used CMS. Drupal also shows significant usage, especially among top-ranked websites.

At DrupalCon Portland, Dries announced Starshot during his State of Drupal presentation. Part of Starshot is the idea that we have Drupal CMS and Core. The big difference is that the Drupal CMS offering comes with standard contributed modules used by almost every existing Drupal build. Then, Dries showed a proposed wireframe for the Drupal.org download page. One of the first things I noticed was the "Launch" in the Drupal CMS section. I wasn't sure about the end goal: 

Low-code solutions are a quick and adaptable substitute for the conventional development cycle as digitization picks up speed. 

Low-code developments are quick, flexible, and affordable but perform better at certain tasks than others. Businesses usually use them mainly in these particular areas- Workflow Automation, Customer Relationship Management (CRM), Enterprise Resource Planning (ERP), Data Integration, Mobile and Web Applications, Business Process Management (BPM), Internal Tools and Dashboards, and E-commerce Platforms.

Before this, let’s delve into the concept of low-code development to gain insight into how it benefits businesses.

My Debian contributions this month were all sponsored by Freexian.

• I switched man-db and putty to Rules-Requires-Root: no, thanks to a suggestion from Niels Thykier.
• I moved some files in pcmciautils as part of the /usr move.
• I upgraded libfido2 to 1.15.0.
• I made an upstream release of multipart 0.2.5.
• I reviewed some security-update patches to putty.
• I packaged yubihsm-connector, yubihsm-shell, and python-yubihsm.
• openssh:
  • I did a bit more planning for the GSS-API package split, though decided not to land it quite yet to avoid blocking other changes on NEW queue review.
  • I removed the user_readenv option from PAM configuration (#1018260), and prepared a release note.
• Python team:
  • I packaged zope.deferredimport, needed for a new upstream version of python-persistent.
  • I fixed some incompatibilities with pytest 8: ipykernel and ipywidgets.
  • I fixed a couple of RC or soon-to-be-RC bugs in khard (#1065887 and #1069838), since I use it for my address book and wanted to get it back into testing.
  • I fixed an RC bug in python-repoze.sphinx.autointerface (#1057599).
  • I sponsored uploads of python-channels-redis (Dale Richards) and twisted (Florent ‘Skia’ Jacquet).
  • I upgraded babelfish, django-favicon-plus-reloaded, dnsdiag, flake8-builtins, flufl.lock, ipywidgets, jsonpickle, langtable, nbconvert, requests, responses, partd, pytest-mock, python-aiohttp (fixing CVE-2024-23829, CVE-2024-23334, CVE-2024-30251, and CVE-2024-27306), python-amply, python-argcomplete, python-btrees, python-cups, python-django-health-check, python-fluent-logger, python-persistent, python-plumbum, python-rpaths, python-rt, python-sniffio, python-tenacity, python-tokenize-rt, python-typing-extensions, pyupgrade, sphinx-copybutton, sphinxcontrib-autoprogram, uncertainties, zodbpickle, zope.configuration, zope.proxy, and zope.security to new upstream versions.

You can support my work directly via Liberapay.

It’s time to cast your vote! Voting is open starting today Tuesday, July 2nd, through Friday, July 16th, 2024 2:00 pm UTC. Check the Elections page to see how much time you have left to vote.

How to Vote

If you are a voting member of the PSF that affirmed your intention to participate in this year’s election, you will receive an email from “OpaVote Voting Link <noreply@opavote.com>” with a link to your ballot. The subject line will read “Python Software Foundation Board of Directors Election 2024”. If you haven’t seen your ballot by Wednesday, please check your spam folder for a message from “noreply@opavote.com”. If you don’t see anything get in touch by emailing psf-elections@python.org so we can look into your account and make sure we have the most up-to-date email for you.

Three seats on the board are open, but you can approve as many of the 19 candidates as you like. We’re delighted by how many of you are willing to contribute to the Python community by serving on the PSF Board! Make sure you take some time to look at all the nominee statements and choose your candidates carefully. ATTN: Choose carefully before you press the big green vote button. Once your vote is cast, it cannot be changed.

Who can vote?

You need to be a Contributing, Managing, Supporting, or Fellow member and have affirmed your voting intention by June 25th, 2024, to vote in this election. If you’d like to learn more or sign up as a PSF Member, check out our membership types. You can check your membership status on your User Information page on psfmember.org (you will need to be logged in). If you have questions about your membership or the election please email psf-elections@python.org

<strong>Topics covered in this episode:</strong><br> <ul> <li><a href="https://berglyd.net/blog/2024/06/joining-strings-in-python/"><strong>Joining Strings in Python: A</strong></a><a href="https://berglyd.net/blog/2024/06/joining-strings-in-python/"> </a><a href="https://berglyd.net/blog/2024/06/joining-strings-in-python/"><strong>"Huh"</strong></a><a href="https://berglyd.net/blog/2024/06/joining-strings-in-python/"> <strong>Moment</strong></a></li> <li><a href="https://www.mensurdurakovic.com/hard-to-swallow-truths-they-wont-tell-you-about-software-engineer-job/">10 hard-to-swallow truths they won't tell you about software engineer job</a></li> <li><a href="https://www.xlwings.org/blog/my-thoughts-on-python-in-excel"><strong>My thoughts on Python in Excel</strong></a></li> <li><strong>Extra, extra, extra</strong></li> <li><strong>Extras</strong></li> <li><strong>Joke</strong></li> </ul><a href='https://www.youtube.com/watch?v=Xi9FM1pZQZ0' style='font-weight: bold;'data-umami-event="Livestream-Past" data-umami-event-episode="390">Watch on YouTube</a><br> <p><strong>About the show</strong></p> <p>Sponsored by ScoutAPM: <a href="https://pythonbytes.fm/scout"><strong>pythonbytes.fm/scout</strong></a></p> <p><strong>Connect with the hosts</strong></p> <ul> <li>Michael: <a href="https://fosstodon.org/@mkennedy"><strong>@mkennedy@fosstodon.org</strong></a></li> <li>Brian: <a href="https://fosstodon.org/@brianokken"><strong>@brianokken@fosstodon.org</strong></a></li> <li>Show: <a href="https://fosstodon.org/@pythonbytes"><strong>@pythonbytes@fosstodon.org</strong></a></li> </ul> <p>Join us on YouTube at <a href="https://pythonbytes.fm/stream/live"><strong>pythonbytes.fm/live</strong></a> to be part of the audience. Usually Tuesdays at 10am PT. Older video versions available there too.</p> <p>Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to <a href="https://pythonbytes.fm/friends-of-the-show">our friends of the show list</a>, we'll never share it. </p> <p><strong>Brian #1:</strong> <a href="https://berglyd.net/blog/2024/06/joining-strings-in-python/"><strong>Joining Strings in Python: A</strong></a><a href="https://berglyd.net/blog/2024/06/joining-strings-in-python/"> </a><a href="https://berglyd.net/blog/2024/06/joining-strings-in-python/"><strong>"Huh"</strong></a><a href="https://berglyd.net/blog/2024/06/joining-strings-in-python/"> <strong>Moment</strong></a></p> <ul> <li>Veronica Berglyd Olsen</li> <li><p>Standard solution to “read lines from a file, do some filtering, create a multiline string”:</p> <pre><code>f = open("input_file.txt") filtered_text = "\n".join(x for x in f if not x.startswith("#")) </code></pre></li> <li><p>This uses a generator, file reading, and passes the generator to join.</p></li> <li><p>Another approach is to add brackets and pass that generator to a list comprehension:</p> <pre><code>f = open("input_file.txt") filtered_text = "\n".join([x for x in f if not x.startswith("#")]) </code></pre></li> <li><p>At first glance, this seems to just be extra typing, but it’s actually faster by 16% on CPython due to the implementation of .join() doing 2 passes on input if passed a generator. </p> <ul> <li>From Trey Hunner: “I do know that it’s not possible to do 2 passes over a generator (since it’d be exhausted after the first pass) so from my understanding, the generator version requires an extra step of storing all the items in a list first.”</li> </ul></li> </ul> <p><strong>Michael #2:</strong> <a href="https://www.mensurdurakovic.com/hard-to-swallow-truths-they-wont-tell-you-about-software-engineer-job/">10 hard-to-swallow truths they won't tell you about software engineer job</a></p> <ol> <li>College will not prepare you for the job</li> <li>You will rarely get greenfield projects</li> <li>Nobody gives a BLANK about your clean code</li> <li>You will sometimes work with incompetent people</li> <li>Get used to being in meetings for hours</li> <li>They will ask you for estimates a lot of times</li> <li>Bugs will be your arch-enemy for life</li> <li>Uncertainty will be your toxic friend</li> <li>It will be almost impossible to disconnect from your job</li> <li>You will profit more from good soft skills than from good technical skills</li> </ol> <p><strong>Brian #3:</strong> <a href="https://www.xlwings.org/blog/my-thoughts-on-python-in-excel"><strong>My thoughts on Python in Excel</strong></a></p> <ul> <li>Felix Zumstein</li> <li>Interesting take on one person’s experience with trying Python in Excel.</li> <li>“We wanted an alternative to VBA, but got an alternative to the Excel formula language”</li> <li>“Python runs in the cloud on Azure Container Instances and not inside Excel.”</li> <li>“DataFrames are great, but so are NumPy arrays and lists.”</li> <li>… lots of other interesting takaways.</li> </ul> <p><strong>Michael #4:</strong> <strong>Extra, extra, extra</strong></p> <ul> <li><a href="https://www.codeinacastle.com/python-zero-to-hero-2024?utm_source=pythonbytes">Code in a castle</a> - Michael’s Python Zero to Hero course in Tuscany</li> <li><a href="https://www.bleepingcomputer.com/news/security/polyfillio-javascript-supply-chain-attack-impacts-over-100k-sites/">Polyfill.io JavaScript supply chain attack impacts over 100K sites</a> <ul> <li>Now required reading: <a href="https://blog.wesleyac.com/posts/why-not-javascript-cdn">Reasons to avoid Javascript CDNs</a></li> </ul></li> <li><a href="https://arstechnica.com/security/2024/06/mac-info-stealer-malware-distributed-through-google-ads/">Mac users served info-stealer malware through Google ads</a></li> <li><a href="https://fosstodon.org/@mkennedy/112712603915775986">HTMX for the win</a>!</li> <li>ssh to <a href="https://www.shellhacks.com/ssh-execute-remote-command-script-linux/">run remote commands</a> <pre><code>&gt; ssh user@server "command_to_run --arg1 --arg2" </code></pre></li> </ul> <p><strong>Extras</strong> </p> <p>Brian:</p> <ul> <li><a href="https://ludic.mataroa.blog/blog/i-will-fucking-piledrive-you-if-you-mention-ai-again/?utm_source=pocket_shared">A fun </a><a href="https://ludic.mataroa.blog/blog/i-will-fucking-piledrive-you-if-you-mention-ai-again/">reaction</a><a href="https://ludic.mataroa.blog/blog/i-will-fucking-piledrive-you-if-you-mention-ai-again/?utm_source=pocket_shared"> to AI </a>- I will not be showing the link on our live stream, due to colorful language.</li> </ul> <p>Michael:</p> <ul> <li><a href="https://talkpython.fm/castle">Coding in a Castle</a> Developer Education Event</li> <li><a href="https://www.bleepingcomputer.com/news/security/polyfillio-javascript-supply-chain-attack-impacts-over-100k-sites/">Polyfill.io JavaScript supply chain attack impacts over 100K sites</a> <ul> <li>See <a href="https://blog.wesleyac.com/posts/why-not-javascript-cdn">Reasons to avoid Javascript CDNs</a></li> </ul></li> </ul> <p><strong>Joke:</strong> <a href="https://www.reddit.com/r/programminghumor/comments/1dkfm5p/html/">HTML Hacker</a></p>

July. My recent coding was around my AC controls at home. That's about it.

The free Webform module of Drupal offers out of the box the option to create complex calculators with the Computed Twig element. Here are some tips to help you easily, better, and faster create calculators with Drupal Webforms.

In the last month we focused on speeding-up performance issues, fixing bugs and improving the behaviour of things - building on the changes from our last release. We also added some new features which we would like to introduce to you in this newsletter.

For an in depth overview of the Tryton issues please take a look at our issue tracker or see the issues and merge requests filtered by label.

Changes for the User Sales, Purchases and Projects

We use a dedicated Web Shop-page on the product form which contains web shop related fields.

We’ve added relates from sale and purchase lines to their stock moves and invoice lines.

Purchase and sale amendments now allow to update the secondary unit of its lines.

Now Tryton deletes a purchase request when its related product is deleted. Previously such a purchase request was kept in the system, but we decided that is better to remove it.

Accounting, Invoicing and Payments

Payments with zero amount are allowed again in the system. This allows to correctly handle full refunds for some payment gateways that use zero amounts on them.

Stock, Production and Shipments

When counting inventories with lots we now also show the lot in addition to the product, as a product may have many lots.

User Interface

Sao now uses a grid to display trytond.model.fields.Dict items to add more flexibility.

To make Tryton more accessible we now make the contents of the message-dialog selectable and copiable.

Data and Configuration

We improved the user experience when importing CSV data. This eases the adoption of Tryton by lowering the barrier to load initial data in to the system. Here is a list of the relevant changes:

• The import wizard does no longer close the import window on error.
• Error messages include row and column numbers to ease the manual error correction.
• We raise an user error when the import data has a different number of columns as defined in the import wizard.

The CSV export also got new features. It now supports different languages per column in one export. This is specially useful when working with translatable master data like for example product names.

We now replace the “Accounting Party” user access group by the “Accounting” user access group. There is no need to limit accounting fields from party to a specific group by default.

New Documentation

The ldap_authentication module is now documented.

Did you know, that a Model._rec_name must point to a trytond.model.fields.Char field?

New Releases

We released bug fixes for the currently maintained long term support series
7.0 and 6.0, and for the penultimate series 7.2.

Changes for the System Administrator

We added a new configuration section [report] with option convert_command to be able to use a different document converter.

Now the trytond-admin command validates the email-value. The interactive email input loops until a valid email address is entered.

Changes for Implementers and Developers

We added the option --export-translations to the trytond-admin command. It exports the translation of any activated module to their respective locale folder.

Authors: @dave @pokoli @udono

1 post - 1 participant

Read full topic

Did you know that the first CSS preprocessor was introduced over a decade ago, changing the way we write stylesheets? A CSS Preprocessor extends the limited capabilities of CSS and helps in improving efficiency, maintainability, organization, and reusability.  The tool in focus today is a very popular CSS preprocessor tool - Stylus. Stylus takes your CSS to the next level. With features like variables, nesting, and mixins, Stylus transforms the repetitive, cumbersome aspects of writing CSS into a streamlined, efficient process. It offers a dynamic approach to styling that will enhance your productivity and keep your code organized. Stylus can be integrated with your Drupal theme as well, and we'll discuss how to do that shortly. We’ll also talk about what makes Stylus more flexible than SCSS. What is Stylus CSS Preprocessor Stylus is a CSS preprocessor, which allows you to write CSS in a more dynamic way. It was initially released in 2010 as an open-source project. Stylus gained attention for its minimalist syntax as it is clean, without semicolons and brackets. The latest version is v0.63.0. Compared with SASS, it's newer as the first SASS release made its way to the market in 2006. Why Stylus over SCSS Stylus has a more minimalist syntax compared to SCSS. It allows you to omit brackets and colons and relies on indentation instead of braces and semicolons. Installing Stylus CSS Preprocessor To install Stylus on a local machine, ensure you have Node.js and npm installed, then run the following command: npm install stylus –gCompile Stylus files to CSS files: stylus stylus/index.styl -o css/Add the Stylus Watcher: stylus -w stylus/index.styl -o css/Installation in Drupal Theme It's simple and easy to use Stylus in any CSS-based Drupal theme. First, install Stylus on your local machine using the command provided above. After successful installation, create a folder named ‘stylus’ to hold all files with the .styl extension. There should also be a CSS folder to contain the compiled CSS files. Once both folders and files are ready, run the following command: stylus -w stylus/index.styl -o css/In the case of Stylus, we don’t need to configure any JS file like we do when using a GULP CSS preprocessor. How Stylus is more flexible than SCSS Indentation-based, Less Syntax, More Flexibility: Stylus is indentation-based. Whitespaces are significant, so we substitute the curly braces ({...}) with an indent, which allows us to omit semicolons, braces, and colons as shown in the following code snippet. Example: body color white Built-in Functions: Stylus comes with a rich set of built-in functions for tasks like color manipulation, mathematical operations, and more.    • unit(value, units) - Which converts the specified value to the specified units eg unit(10px, em)   • to-em(value) - Converts the specified value from pixels to em units.   • to-px(value) - Converts the specified value from em units to pixels. Integrated Units: Stylus supports integrated units, which means you can perform calculations with mixed units (e.g., 2px + 1em) without converting them manually. This can be convenient for responsive design and other scenarios where you need to work with different units in your stylesheets. Example: body    width 100px + 1em Using CSS properties as variable lookup: CSS Property values can be used in the same selector. Example: H1  max-width: 100px width: (@max-width/2) Variables Scopes in Stylus: There are two types of variables you can define in Stylus: Local and Global. Variables declared within a block are local or block-scope variables. Global variables take precedence over local variables. Example:  primary-color = "green“ h1 primary-color = “red“ color primary-color h2 color primary-color  OUTPUT CSS:  h1 { color: red; } h2 { color: green } Variables in Stylus: Variables in Stylus are like normal identifier names; they can contain $. Therefore, the following variables are valid with or without $.  header1-font = 25px header2-font = 20px $header3-font = 20px  Stylus Mixins & it’s implémentation buttonmixin { border-radius: 25px; color: white; } button buttonMixin for Loop iteration: For loop iteration in Stylus allows us to harness basic programming features. Here's how we implement a for loop in Stylus:  size-1 = 30px size-2 = 24px size-3 = 20px for i in 1..3 h{i}   font-size: lookup('size-' + i)  The Output:  h1 {font-size: 30px;} h2 {font-size: 24px;}  h3 {font-size: 20px;} Stylus Functions: Functions are similar to mixins however functions return data mixins don’t. In Stylus we can declare and call functions like in any other programming language. widthCalculate(width1,padding1)  width1+padding1  divwidth:widthCalculate(100px,10)Func with Default Argument  widthCalculate(width1,padding1 = 20)  width1+padding1 If you would like to learn more about Stylus, check their documentation page here. Final Thoughts So there you have it—Stylus brings a breath of fresh air to your Drupal projects when it comes to managing CSS. Using Stylus enables you to style effortlessly with variables, nesting, and mixins. Are you revamping an existing theme or starting fresh? Our Drupal experts are here to bring your vision to life. Let's transform your website together. Explore our Drupal development services today and see how we can tailor Stylus to fit your project perfectly.

Understanding API rate-limiting techniques 2024-07-02, by Dariusz Suchojad

Enabling rate-limiting in Zato means that access to Zato APIs can be throttled per endpoint, user or service - including options to make limits apply to specific IP addresses only - and if limits are exceeded within a selected period of time, the invocation will fail. Let's check how to use it all.

API rate limiting works on several levels and the configuration is always checked in the order below, which follows from the narrowest, most specific parts of the system (endpoints), through users which may apply to multiple endpoints, up to services which in turn may be used by both multiple endpoints and users.

• First, per-endpoint limits
• Then, per-user limits
• Finally, per-service limits

When a request arrives through an endpoint, that endpoint's rate limiting configuration is checked. If the limit is already reached for the IP address or network of the calling application, the request is rejected.

Next, if there is any user associated with the endpoint, that account's rate limits are checked in the same manner and, similarly, if they are reached, the request is rejected.

Finally, if the endpoint's underlying service is configured to do so, it also checks if its invocation limits are not exceeded, rejecting the message accordingly if they are.

Note that the three levels are distinct yet they overlap in what they allow one to achieve.

For instance, it is possible to have the same user credentials be used in multiple endpoints and express ideas such as "Allow this and that user to invoke my APIs 1,000 requests/day but limit each endpoint to at most 5 requests/minute no matter which user".

Moreover, because limits can be set on services, it is possible to make it even more flexible, e.g. "Let this service be invoked at most 10,000 requests/hour, no matter which user it is, with particular users being able to invoke at most 500 requests/minute, no matter which service, topping it off with per separate limits for REST vs. SOAP vs. JSON-RPC endpoint, depending on what application is invoke the endpoints". That lets one conveniently express advanced scenarios that often occur in practical situations.

Also, observe that API rate limiting applies to REST, SOAP and JSON-RPC endpoints only, it is not used with other API endpoints, such as AMQP, IBM MQ, SAP, task scheduler or any other technologies. However, per-service limits work no matter which endpoint the service is invoked with and they will work with endpoints such as WebSockets, ZeroMQ or any other.

Lastly, limits pertain to with incoming requests only - any outgoing ones, from Zato to external resources - are not covered by it.

Per-IP restrictions

The architecture is made even more versatile thanks to the fact that for each object - endpoint, user or service - different limits can be configured depending on the caller's IP address.

This adds yet another dimension and allows to express ideas commonly witnessed in API-based projects, such as:

• External applications, depending on their IP addresses, can have their own limits
• Internal users, e.g. employees of the company using VPN, may have hire limits if their addresses are in the 172.x.x.x range
• For performance testing purposes, access to Zato from a few selected hosts may have no limits at all

IP-based limits work hand in hand are an integral part of the mechanism - they do not rule out per-endpoit, user or service limits. In fact, for each such object, multiple IP-using limits can be set independently, thus allowing for highest degree of flexibility.

Exact or approximate

Rate limits come in two types:

• Exact
• Approximate

Exact rate limits are just that, exact - they en that a limit is not exceeded at all, not even by a single request.

Approximate limits may let a very small number of requests to exceed the limit with the benefit being that approximate limits are faster to check than exact ones.

When to use which type depends on a particular project:

• In some projects, it does not really matter if callers have a limit of 1,000 requests/minute or 1,005 requests/minute because the difference is too tiny to make a business impact. Approximate limits work best in this case.

• In other projects, there may be requirements that the limit never be exceeded no matter the circumstances. Use exact limits here.

Python code and web-admin

Alright, let's check how to define the limits in the Zato Dashboard. We will use the sample service below:

# -*- coding: utf-8 -*- # Zato from zato.server.service import Service class Sample(Service): name = 'api.sample' def handle(self): # Return a simple string on response self.response.payload = 'Hello there!\n'

Now, in web-admin, we will configure limits - separately for the service, a new and a new REST API channel (endpoint).

Points of interest:

• Configuration for each type of object is independent - within the same invocation some limits may be exact, some may be approximate
• There can be multiple configuration entries for each object
• A unit of time is "m", "h" or "d", depending on whether the limit is per minute, hour or day, respectively
• All limits within the same configuration are checked in the order of their definition which is why the most generic ones should be listed first

Testing it out

Now, all is left is to invoke the service from curl.

As long as limits are not reached, a business response is returned:

$ curl http://my.user:password@localhost:11223/api/sample Hello there! $

But if a limit is reached, the caller receives an error message with the 429 HTTP status.

$ curl -v http://my.user:password@localhost:11223/api/sample * Trying 127.0.0.1... ... < HTTP/1.1 429 Too Many Requests < Server: Zato < X-Zato-CID: b8053d68612d626d338b02 ... {"zato_env":{"result":"ZATO_ERROR","cid":"b8053d68612d626d338b02eb", "details":"Error 429 Too Many Requests"}} $

Note that the caller never knows what the limit was - that information is saved in Zato server logs along with other details so that API authors can correlate what callers get with the very rate limiting definition that prevented them from accessing the service.

zato.common.rate_limiting.common.RateLimitReached: Max. rate limit of 100/m reached; from:`10.74.199.53`, network:`*`; last_from:`127.0.0.1; last_request_time_utc:`2020-11-22T15:30:41.943794; last_cid:`5f4f1ef65490a23e5c37eda1`; (cid:b8053d68612d626d338b02)

And this is it - we have created a new API rate limiting definition in Zato and tested it out successfully!

More resources

➤ Python API integration tutorial
➤ What is an integration platform?
➤ Python Integration platform as a Service (iPaaS)
➤ What is an Enterprise Service Bus (ESB)? What is SOA?

More blog posts➤

• I continued participating in Debian kernel team meetings.
• For initramfs-tools:
  • I reviewed several more merge requests and merged some of them.
  • I released version 0.143 and uploaded it to Debian experimental.
• For the Debian firmware-free package:
  • I responded to an update on the bug report “firmware-linux-free uses prebuilt blobs instead of building from source” and the accompanying merge request “Build some firmware files from source”.
  • I split off the new issue into a separate bug report “firmware-free: Incomplete source for carl9170-1.fw”, and merged the MR.
  • I made some other necessary changes to the package and uploaded version 20240610-1 to unstable.
• For the Debian linux package:
  • I responded to the following bug reports:
    • linux: ext4 corruption with symlinks I bisected this and (re-)reported it upstream. I tested the upstream fix for this, but it hasn’t yet been applied.
  • I answered questions about its required build environment.
  • I uploaded:
    • linux version 6.9.2-1~exp1 to experimental.
    • linux version 4.19.316-1 to buster-security, for which I issued DLA 3840-1.
    • linux-5.10 version 5.10.218-1~deb10u1 to buster-security, for which I issued DLA 3843-1.
  • I issued DLA 3841-1 and DLA 3842-1 for the earlier uploads of linux-5.10 that I had failed to announce.
  • I reviewed and merged the following merge requests:
    • Update to 6.9.x
    • [arm64] Disable RELR
  • I opened merge requests:
    • d/l/p/debian_linux/firmware.py: Handle RawFile fields
  • I started a backport of Linux 6.1 to bullseye, for when bullseye enters LTS and bullseye-backports is closed.
• For the Debian linux-base package:
  • Following discussion on a systemd merge request and in a kernel team meeting, I added the linux-sysctl-defaults package to provide a default sysctl configuration independent of which init system or kernel packages are used. I also requested that procps Depend on or Recommend it.
  • I updated the debian/copyright file and fixed most of the open bugs.
  • I uploaded version 4.10 and version 4.10.1 to unstable.
• For the Debian firmware-nonfree package:
  • I finished reviewing and merged Diederik de Haas’s major (non-upstream) update to firmware-nonfree.
  • I uploaded version 20230625-3~exp1 to experimental, but it was auto-rejected. I fixed a lintian override to satisfy the older lintian version on ftp-master, then uploaded version 20230625-3~exp2.
  • I merged my changes to support and use wildcards in file lists.
  • Diederik’s changes included package splits that could cause file loss in conjunction with the /usr-move in this release cycle. I applied Helmut Grohne’s fix from the above bug report, then uploaded version 20230625-3~exp3 to unstable.
  • I prepared an update to the latest upstream version.

• For the Debian kernel security tracker:
  • I implemented some static checks in CI.
  • I continued work on automated handling of kernel CVEs, but it is still not quite ready to merge.
  • I implemented improved reporting on top of those changes.
• For the Debian linux package:
  • I reviewed and merged the following merge requests:
    • Update to 6.8.X + 6.8.X-rtY
    • [arm*,riscv64] drivers/pps/clients: Enable PPS_CLIENT_GPIO as module
    • [arm64,riscv64] drivers/leds/rgb: Enable LEDS_GROUP_MULTICOLOR and LEDS_PWM_MULTICOLOR as modules
    • [arm64] Further improve support for SolidRun HoneyComb
    • sound: Enable TAS2781 Smart Amp modules
    • [arm64] net/rfkill: Enable RFKILL_GPIO as module
    • [arm64] Increase max CPU count to 512
    • Enable SND_VIRTIO as module
    • d/templates: Change firmware-linux-free from Recommends to Suggests
  • I reviewed but did not merge:
    • Enable UBSAN_BOUNDS and UBSAN_SHIFT
  • I responded to the following bug reports:
    • linux: Do we still need sched-autogroup-disabled.patch in 2024?
    • linux-image-6.5.0-0.deb12.1-arm64: arm64 kernel upgrade makes systems unresponsive
    • fat-modules: SD corruption upon opening file on Linux desktop
    • bpftool: please build from https://github.com/libbpf/bpftool
  • I opened my own merge requests:
    • d/b/gencontrol.py, d/rules.real: Restore config checks on kernels to be signed
    • d/salsa-ci.yml: Restore Python static checks on scripts
    • Move modules under /usr in signed kernel packages
    • firmware_loader: Remove most Debian-specific logging changes
  • I uploaded:
    • linux-5.10 version 5.10.216-1~deb10u1 to buster-security.
    • linux version 6.1.90-1~bpo11+1 to bullseye-backports.
    • linux version 6.7.12-1~bpo12+1 to bookworm-backports.
    • linux version 6.8.9-1 to unstable.
• I attended the mini-DebConf in Berlin and very much enjoyed it. Thanks to all the organisers, volunteers and presenters.
• I supported Salvatore Bonaccorso’s proposal of regular kernel team meetings, and attended the first one.
• I answered Andreas Tille’s questions about the kernel team.
• I uploaded ktls-utils version 0.10-1 to unstable.
• I uploaded wireless-regdb version 2024.05.08-1 to unstable.
• I reviewed all open merge requests for initramfs-tools, and merged most of them.
• For the Debian firmware-nonfree package:
  • I started reviewing Diederik de Haas’s major (non-upstream) update to firmware-nonfree.
  • I opened a merge request intended to simplify future work: Add support for and start using wildcards in package file lists.
• I uploaded iw version 6.9-1 to unstable.

In just 8 minutes you too will be ready to start using Selenium AT-SPI.

Working to make your apps accessible to everybody, while reducing its power usage and improving its quality by doing more system testing, may seem as daunting as climbing Mount Everest. Luckily, KDE provides a lift to help you, Selenium AT-SPI.

Check out the following four-part guide to get started with this wonderful tool! Part 1 "An Introduction to Selenium" can be viewed here:

Click to watch Part 2 "Setting up Selenium", Part 3 "Identifying Accessibility Issues", and Part 4 "Writing Selenium Tests".

Selenium AT-SPI, originally based on the Selenium web application for automating testing purposes, has been ported to Qt by Harald Sitter. With this tool, KDE can reach all three of its current goals:

• KDE For All
• Sustainable Software
• Automate And Systematize Internal Processes

We are thankful to Season of KDE 2024 contributor Pradyot Ranjan for his excellent work preparing these video guides.

Let's make KDE community's software the best it can be. Have a great time using it!

Interested In Contributing?

Selenium AT-SPI is hosted here. If you are interested in contributing, you can join the Matrix channels KDE Eco and Automation & Systematization Goal and introduce yourself. Thank you to the Season of KDE 2024 admin and mentorship team, the KDE e.V., and the incredible KDE community for supporting this project.

Tuesday, 2 July 2024. Today KDE releases a bugfix update to KDE Plasma 6, versioned 6.1.2.

Plasma 6.1 was released in June 2024 with many feature refinements and new modules to complete the desktop experience.

This release adds a week's worth of new translations and fixes from KDE's contributors. The bugfixes are typically small but important and include:

• Discover: Fix share dialog. Commit. Fixes bug #488976
• Libtaskmanager: improve efficiency when window icon frequently changes. Commit. Fixes bug #487390
• Do not hide panel settings when a panel-parented dialog takes focus. Commit. Fixes bug #487161

View full changelog

Lockdown Mode for Apple devices About • Blog • Newsletter • Links Lockdown Mode for Apple devices

Published 2024-07-02 by Seth Larson
Reading time: minutes

Back in September 2023 the libwebp vulnerability (also known as BLASTPASS) was being actively exploited to target a journalist's mobile device. After reading the report from Citizen Lab I learned about an iOS feature called "Lockdown Mode" for Apple devices.

I've been running Lockdown Mode for almost a year now, and at the time I promised a write-up of my experience with the feature, so here it is!

How does Lockdown Mode keep your phone more secure?

Lockdown Mode prevents some methods of sending or injecting data into your phone without your active engagement (such as preloading data, injecting data into unsecured connections, etc). Data that's processed by your phone automatically, such as images, can exploit flaws in image format parser in order to escape and begin executing code.

BLASTPASS exploited memory safety issues in the libwebp library which processes WebP images. The malicious WebP image was delivered to the target's device via a PassKit attachment which can be sent in a text message.

What does Lockdown Mode disable?

Here's the full list of disabled or degraded features when Lockdown Mode is enabled, quoted from Apple's docs on the feature:

• Most message attachment types are blocked. Some features such as links and link previews are unavailable.
• Certain complex web technologies are blocked. (ie JavaScript JIT)
• FaceTime calls from unknown contacts are blocked. SharePlay and Live Photos are unavailable.
• Photo location information is excluded. Shared Albums are removed and disabled.
• Wi-Fi must be secure for device to connect to a network. 2G cellular support is disabled.
• Mobile Device Management and Configuration Profiles are disabled.

What are the impacts?

The biggest impacts for day-to-day usage is two-fold: Message Links and Search.

With Lockdown Mode enabled, links will not highlight like they typically do, and they won't show the fancy preloaded image that gives you a preview of the content on the other side of a click.

Not having links and link previews in messages is a real inconvenience. The fastest work-around to extract a link in the middle of a text message is to either copy the whole message into your own message box and then copy the URL or to screenshot the message and use Live Text to copy-and-paste directly from your screenshot.

If you're able to persuade your partner to send links in a separate message, that also speeds up the copy-and-paste process by copying the whole message. Persuading your partner is left as an exercise to the reader :)

The other major impact is not being able to search through my messages. This feature is super helpful when you're trying to recall something from years ago, but not something you're using every day usually. This feature being disabled has never been such a problem that I've had a memorable negative outcome, but it definitely is frustrating when you know the answer is somewhere in your messages.

The only other time Lockdown Mode has introduced friction is during Trina and I's wedding. The wedding party was sharing pictures and videos via a Shared Album which aren't available when Lockdown Mode is enabled. Fortunately, I could disable Lockdown Mode for a short time after the wedding was over, copy all the photos that I wanted, and then re-enable Lockdown Mode to work-around this.

Beyond this, some image formats don't load in any context (likely WebP?) and I haven't noticed any slowdown from not having a JavaScript JIT.

Would I recommend Lockdown Mode?

For most people: no. If you have a decent reason to expect you'd be the target of a cyberattack, then you should definitely consider it.

There is a non-zero amount of extra friction to using your phone, but as someone who's trying to actively reduce my phone usage anyway it wasn't a big issue over the year that I've had it enabled.

Bonus tip: Quick one-time disabling of biometric authentication

Privacy gated by biometrics (ie, "Face ID" or fingerprint scanners) doesn't have the same legal protections as a password. Biometrics are quite convenient, especially if you've configured a relatively short amount of time that your phone will lock itself after a lack of use.

So how can one have the benefits of biometrics while maintaining the ability to disable biometrics if needed?

By holding down the volume up and side button on your iPhone you'll bring up the screen that offers to shut down your phone or enter "SOS mode". If you select cancel on this screen your phone will become locked again but will require non-biometric authentication for the next phone unlock.

Give it a try on your phone, so you understand what to do ahead of time.

Because this process is fast (takes less than a second of holding the two buttons) it's great to have in your back pocket in case you need it. It's also useful for one-time activities when you're separated from your device such as crossing a security checkpoint.

Thanks for reading! ♡ Did you find this article helpful and want more content like it? Get notified of new posts by subscribing to the RSS feed or the email newsletter.

This work is licensed under CC BY-SA 4.0

An overview of the different options available for working with sparse arrays in Python

• I answered a query about the continued need for an executable stack on Linux/m68k.
• I reported and fixed some regressions on the Linux 4.19-stable branch.
• I proposed a fix for the regression of rsync and scp support in dput-ng.
• I updated the linux (4.19) package for Debian 10 “buster” to upstream version 4.19.311, but didn’t make an upload this month.
• I started work on more automated handling of kernel CVEs for Debian.

Focus

This month I didn't have any particular focus. I just worked on issues in my info bubble.

Changes

• gt: fix manual page
• Debian wiki pages: CopyrightReviewTools, MassRebuilds, PortsDocs/New, Teams/DPL/New

Issues

• Conffile removal in apparmor
• Features in KDE, rss-blogroll-network
• Warnings in python3-azure, python3-commonmark-bkrs

Communication

• Respond to queries from Debian users and contributors on IRC

Sponsors

All work was done on a volunteer basis.