FLOSS Project Planets

In the face of rapid technological advancements, particularly in artificial intelligence (AI), developers must adapt to exponential change or risk obsolescence. This article by Jay Callicott explores the significance of understanding exponential growth, the transformative power of AI in development, and the critical role of prompt engineering. By harnessing AI tools like the DrupalAI module, developers can innovate with unprecedented speed and efficiency, navigating the accelerating pace of change in the digital landscape.

Here's what I've been working on for my LocalGov Drupal contributions this week. Thanks to Big Blue Door for sponsoring the time to work on these.

RSS is a great way to syndicate your content, but setting up a feed correctly displaying your articles can be tricky. In this blog post I will show you how to use Views to build the perfect feed in Drupal 10 or Drupal 11.

My students at LIDSOL (Laboratorio de Investigación y Desarrollo de Software Libre, Free Software Research and Development Lab) at Facultad de Ingeniería, UNAM asked me to help them get the needed hardware to set up a mirror for various free software projects. We have some decent servers (not new servers, but mirrors don’t require to be top-performance), so…

A couple of weeks ago, I approached the Debian Project Leader (DPL) and suggested we should buy two 16TBhard drives for this project, as it is the most reasonable cost per byte point I found. He agreed, and I bought the drives. Today we had a lab meeting, and I handed them over the hardware.

Of course, they are very happy and thankful with the Debian project 😃 In the last couple of weeks, they have already set up an Archlinux mirror (https://archlinux.org/mirrors/fi-b.unam.mx), and now that they have heaps of storage space, plans are underway to set up various other mirrors (of course, a Debian mirror will be among the first).

Krita 5.2.3 is released after several weeks of testing of the beta. This is a bugfix release, that primarily brings a complete overhaul of our build system, making it so that our CI system can now build for all 4 platforms (a Continuous Integration system basically builds a program after every change, runs some tests and based on that helps us track down mistakes we made when changing Krita's code).

Beyond the rework of the build system, this release also has numerous fixes, particularly with regards to animated transform masks, jpeg-xl support, shortcut handling on Windows and painting assistants.

In addition to the core team, special thanks goes out to to Freya Lupen, Grum 999, Mathias Wein, Nabil Maghfur Usman, Alvin Wong, Deif Lou, Maciej Jesionowski and Rasyuqa A. H. for various fixes, as well as the first time contributors in this release cycle (Each mentioned after their contribution).

Changes since 5.2.3 beta:

• Various fixes to tool canvas input shortcut behaviour (Thanks, Aqaao)
• Improved icons for Android (Bug 463043, thanks Jesse 205!)
• Various fixes to how we use MLT for synchronising audio to animation.
• Python SIP type stub generation, this will help autocompletion in external python editors that support using these stubs (Thanks Kate Corcoran)
• Crash fix with adding animation keyframe column on locked layer (Bug 486893)
• Fix update of "read-only" state of the document when loading and saving (Bug 487544)
• Ask to use PSD data in TIFF only if any was found (Bug 488024)
• Reworked default FFmpeg profiles (Bug 455006, 450790, 429326, 485515, 485514, thanks Ralek Kolemios!)
• Fix issue in KisMergeLabeledLayersCommand when masks where involved (Bug 486419)
• Update batch exporter Python plugin to fix trim option issue (Bug 488343, thanks Nathan Lovato!)
• Welcome Page: Fix "DEV BUILD" button going to a 404 (Thanks Joshua Goins!)
• Tablet Tester: Fix extreme lag with S Pen on Android (Thanks Joshua Goins!)
• Fix canvas fade-out when in 16-bit-uint mode on Angle (Bug 488126)
• WEBP & JPEG-XL: preemptive check for animation (Bug 476761)
• Fix copy-pasting selection of File Layer (Bug 459849)
• Fix color sampler in wrap around mode (Bug 478190)
• Replace old QML touch docker with QWidget-based touch docker to avoid problems on Android (Bug 476690)
• Add support for XSIMD13
• Redraw layers docker thumbnails if the canvas checkers color was changed
• Fix animation playback freezes when pausing past the end of audio (Bug 487371 and 478185)

Download Windows

If you're using the portable zip files, just open the zip file in Explorer and drag the folder somewhere convenient, then double-click on the Krita icon in the folder. This will not impact an installed version of Krita, though it will share your settings and custom resources with your regular installed version of Krita. For reporting crashes, also get the debug symbols folder.

Note that we are not making 32 bits Windows builds anymore.

• 64 bits Windows Installer: krita-5.2.3-setup.exe
• Portable 64 bits Windows: krita-5.2.3.zip
• Debug symbols. (Unpack in the Krita installation folder)

Linux

• 64 bits Linux: krita-5.2.3-x86_64.appimage

The separate gmic-qt AppImage is no longer needed.

(If, for some reason, Firefox thinks it needs to load this as text: to download, right-click on the link.)

macOS

Note: We're not supporting MacOS 10.13 anymore, 10.14 is the minimum supported version.

• macOS disk image: krita-5.2.3.dmg

Android

We consider Krita on ChromeOS as ready for production. Krita on Android is still beta. Krita is not available for Android phones, only for tablets, because the user interface requires a large screen.

We are no longer building the 32 bits Intel CPU APK, as we suspect it was only installed by accident and none of our users actually used it. We are hoping for feedback on this matter.

• 64 bits Intel CPU APK
• 64 bits Arm CPU APK
• 32 bits Arm CPU APK

Source code

• krita-5.2.3.tar.gz
• krita-5.2.3.tar.xz

md5sum

For all downloads, visit https://download.kde.org/stable/krita/5.2.3/ and click on Details to get the hashes.

Key

The Linux AppImage and the source .tar.gz and .tar.xz tarballs are signed. You can retrieve the public key here. The signatures are here (filenames ending in .sig).

My colleague Ben Vingar wrote a tool called Counterscale which I would describe as “deploy your own analytics”. Except there is a catch: it needs Cloudflare to run. Is it really self hosted if your only way to deploy it is some proprietary cloud vendor?

What's a Stack?

Many years ago we talked about software stacks. A common one happened to be “LAMP”. Short for: Linux, Apache, MySQL and typically PHP, though Python and Perl were choices for the P just as well. LAMP lends itself very well for self hosting because all of it is Open Source software you can run and operate yourself free of charge. There was however also a second stack which was not entirely unpopular: “WAMP“ (The W meaning Microsoft Windows). You would not necessarily run it yourself if you had a choice, but I deployed more than one of these. Why? Because some SMEs were already running Windows. If you wrote some software in PHP, having people run the software on their already existing Windows servers was preferable to also running some Linux thing they did not know how to operate.

What makes LAMP, WAMP and whatever work are a few basic technological choices. Originally one of those abstractions was a protocol called CGI which allowed you to marry a programming language to the web server. Later also things like FastCGI appeared to deal with some of the performance challenges that CGI brought and there were also attempts to move PHP right into the web server as embedded language with mod_php. For the database the abstraction in many cases was a dialect of SQL. I built a tool a long time ago that a company ended up running on Microsoft's SQL server with rather minimal changes. So in some sense what made this work was that one was targeting some form of abstraction.

What's Self Hosted?

Counterscale targets something that the open source ecosystem does not really have abstracted today: an analytics engine and some serverless runtime. What was CGI and SQL in case of Counterscale is some serverless runtime environment and a column store. All these things do exist in the Open Source ecosystem. All the pieces are there to build your own serverless runtime and all the things are there to build an analytics store on top of ClickHouse, DuckDB or similar databases and Kafka. But we did not agree on protocols and we definitely did not really have that stuff today in a neatly packaged and reusable thing.

Now of course you can build software that runs entirely on Open Source software. In case of Counterscale you don't even have to look very far: Plausible exists. It's also Open Source, it's also an analytics tool, but rather than being like a “CGI script” in spirit, it's a pretty heavy thing. You gotta run docker containers, run a rather beefy ClickHouse installation, I believe it needs Kafka etc. Running Plausible yourself is definitely not neatly as easy as setting up Counterscale. You do however, have the benefit of not relying on Cloudflare.

Level up the Protocols

So what does that leave us with? I'm not sure but I'm starting to think that the web needs new primitives. We now run some things commonly but the abstractions over them are not ideal. So people target (proprietary) systems directly. The modern web needs the CGI type protocols for queues, for authentication, for columns stores, for caches etc. Why does it need that? I think it needs it to lower the cost of building small scale open source software.

The reason it's so easy and appealing to build something like Counterscale directly against Cloudflare or similar services is that they give you higher level abstractions than you would find otherwise. You don't have to think about scaling workers, you don't have to think about scaling databases. The downside of course is that it locks you against that platform.

But what would be necessary to have your “own Cloudflare” thing you can run once and then run all your cool mini CGI like scripts above? We miss some necessary protocols. Yet building these protocols is tricky because you target often the least common denominator. Technology also here is hardly the problem. Don't need any new innovative technology here, but you need the social contract and the mindset. Those are hard things, they require dedication and marketing. I have not yet seen that, but I'm somewhat confident that we might see it.

We probably want these protocols and systems built on top of it because it makes a lot of things easier. Sometimes of the cost of doing something drops low enough, it enables a whole new range of things to exist.

Many times when you start building abstractions over these things, you simplify. Even CGI was an incredibly high level abstraction over HTTP if you think about it. CGI in many ways is the original serverless. It abstracts over both HTTP and how a process spawns and its lifecycle. Serverless is bringing back a bit of that, but so far not in a way where this is actually portable between different clouds.

Abstract over Great Ideas

If you have ever chucked up an OG CGI app you might remember the magic. You write a small script, throw it into a specific folder and you are off to the races. No libraries, no complex stuff. CGI at its core was a great idea: make a web server dynamic via a super trivial protocol anyone can implement. There are more ideas like that. Submitting tasks to a worker queue is a great idea, batch writing a lot of data into a system is a great idea, kafka like topics are a great idea, caches are a great idea, so are SQL databases, column stores and much more.

Laravel Forge does a tiny bit of that I feel. Forge goes a bit in to that direction in the sense that it says quite clearly that some components are useful: databases, caches, SSL, crons etc. However it's ambition stops at the boundary of the Laravel ecosystem which is understandable.

Yet maybe over time we can see more of a “SaaS in a box” kind of experience. A thing you run, that you can plug your newfangled, serverless mini tools in, that can leverage auth and all the needs of a modern web application like queues, column stores, caches etc.

#635 – JUNE 25, 2024
View in Browser »

PEP 2026: Calendar Versioning for Python

This PEP proposes updating the versioning scheme for Python to include the calendar year. This aims to make the support lifecycle clear by making it easy to see when a version was first released, and easier to work out when it will reach end of life (EOL). Associated discussion
PYTHON

Rounding Numbers in Python

In this video course, you’ll learn about the mistakes you might make when rounding numbers and how to best manage or avoid them. It’s a great place to start for the early to intermediate Python developer who’s interested in using Python for finance, data science, or scientific computing.
REAL PYTHON course

Pair Your Weekly Dose of Python With a Free Training Course

Stay up to date with the latest advancements in technology by joining the NVIDIA Developer community. Get access to the latest tools, training, and experts. Join the community today and get a free course from the Deep Learning Institute →
NVIDIA sponsor

Testing With Python (Part 7)

The latest in a series of articles on testing in Python, this one shows you how to generate test data on the fly, in a repeatable way.
BITECODE

Quiz: Creating Great README Files for Your Python Projects

Take this quiz to test your understanding of how a great README file can make your Python project stand out and how to create your own README files.
REAL PYTHON

NumPy 2.0.0 Released

NUMPY

Articles & Tutorials Ruff: A Python Linter for Error-Free and Maintainable Code

Ruff is an extremely fast, modern linter with a simple interface, making it straightforward to use. It also aims to be a drop-in replacement for other linting and formatting tools, like Pylint, isort, and Black. It’s no surprise it’s quickly becoming one of the most popular Python linters.
REAL PYTHON

Detecting Outliers in Your Data With Python

How do you find the most interesting or suspicious points within your data? What libraries and techniques can you use to detect these anomalies with Python? This week on the show, we speak with author Brett Kennedy about his book “Outlier Detection in Python.”
REAL PYTHON podcast

On Heroku? Read Our Ultimate Guide to Autoscaling

Autoscaling is critical for any resilient, cost-conscious deployment. Are you running Django, Flask, Celery, RQ? This is for you. You’ll learn the ups and downs 😎 of autoscaling in our illustrated guide →
JUDOSCALE sponsor

Why Does SQLite (In Production) Have Such a Bad Rep?

SQLite has improved a lot over the years, but its non-production reputation seems to have stuck. This is despite the fact that it is in almost every phone on the planet. This short post from Avinash talks about why it has the reputation it does.
AVINASH SAJJANSHETTY

Narwhals, scikit-lego, and Dataframe-Agnosticism

scikit-lego is a library that adds extra estimators for machine learning in scikit-learn. Its most recent release takes advantage of the Narwhals package to support dataframes from a variety of packages.
MARCO GORELLI • Shared by Marco Gorelli

How to Publish a Python Package to PyPI

Do you have a Python package that you’d like to share with the world? You should publish it on the Python Package Index (PyPI). This article gives a short example of what you need to do to publish.
MIKE DRISCOLL

Joining Strings in Python: A “Huh” Moment

A post on Mastodon caused Veronica to go down a rabbit hole. Turns out that in one particular situation, a generator isn’t faster than a list. Learn why str.join() doesn’t like generators.
VERONICA BERGLYD OLSEN

Prohibiting Outlook Email Domains

Due to an inordinate amount of bot accounts coming from outlook.com and hotmail.com, PyPI has disallowed new account sign-ups with email addresses from these domains.
THE PYTHON PACKAGE INDEX BLOG

Python Wheel Filenames Have No Canonical Form

Turns out there are no canonical rules for the names of wheel files. This can cause some confusion when determining if two files are for the same version of a module.
WILLIAM YOSSARIAN

Optimal SQLite Settings for Django 5.1

The alpha version of Django 5.1 contains new features for setting pragma controls for databases. This article describes the best choices when working with SQLite.
GIOVANNI COLLAZO

Managing My Motivation as a Solo Dev

“One of the biggest sticking points of being a solo dev is maintaining motivation.” This post from Marcus discusses some of the things he does to stay motivated.
MARCUS BUFFETT

R or Python for Bioinformatics?

If you’re in the bioinformatics field and thinking of learning to code, is R or Python your better choice? This article and video highlight the differences.
MING TANG

My Thoughts on Python in Excel

Microsoft’s new Python in Excel functionality was released almost a year ago. Having now had time to play with it, Felix gives his take.
FELIX ZUMSTEIN

NumPy 2.0: An Evolutionary Milestone

Lots has changed and been added with the release of NumPy 2.0. This article gives you the highlights.
SCIENTIFIC PYTHON BLOG

Projects & Code redis-py: Redis Python Client

GITHUB.COM/REDIS

Automate WordPress Page Creation

GITHUB.COM/MAUBORRE

pyodmongo: ODM for MongoDB

GITHUB.COM/MAURO-ANDRE

wavepde: Wave Partial Differential Equation Solver in Python

GITHUB.COM/SALASTRO

simpleaudiostretch: Change Audio Files Speed

GITHUB.COM/MEWS

Events Weekly Real Python Office Hours Q&A (Virtual)

June 26, 2024
REALPYTHON.COM

SPb Python Drinkup

June 27, 2024
MEETUP.COM

North Bay Python 2024

June 29 to June 30, 2024
NORTHBAYPYTHON.ORG

PyDelhi User Group Meetup

June 29, 2024
MEETUP.COM

PythOnRio Meetup

June 29, 2024
PYTHON.ORG.BR

Happy Pythoning!
This was PyCoder’s Weekly Issue #635.
View in Browser »

[ Subscribe to 🐍 PyCoder’s Weekly 💌 – Get the best Python news, articles, and tutorials delivered to your inbox once a week >> Click here to learn more ]

PyCharm 2024.1.4 is here! View and navigate to URLs directly from the Editor tab, get context-based model suggestions for Hugging Face, and enjoy smart code assistance for TypedDict (PEP 692).

You can download the latest version from our download page, or update your current version through our free Toolbox App. 

Download PyCharm 2024.1.4 Key Features  Gutter actions and inlay hints for URLs

New gutter icons provide an easy way to manage URLs in Flask, FastAPI, and Django projects. In just a few clicks, you can test an endpoint by running the request in the HTTP Client, view all lower-level endpoints, and more.

Furthermore, new inlay hints with endpoint URLs further contribute to code readability for Python web frameworks.

PEP 692: Smart code assistance for TypedDict

With support for PEP 692, keyword arguments defined as TypedDict are now available when you invoke parameter info (⌘P / Ctrl+P), in code completion, and in the quick documentation popup (F1 / Ctrl+Q). Now you have access to yet another tool that lets you use the latest type hinting capabilities in Python to develop an easy-to-understand codebase.

Learn more Hugging Face: Model suggestions

PyCharm can now suggest a list of relevant Hugging Face models that best suit your needs. This allows you to decide which model to use and install without ever having to leave the IDE. Decide what you would like the model to do, and PyCharm will provide a list of options to choose from! 

After selecting a model, PyCharm will suggest inserting a code snippet that allows you to use this model directly in the open file, and it will download and install all of the missing packages on which this model depends.

Warnings for uninstalled packages in requirements.txt

PyCharm now underlines packages that are listed in requirements.txt but that are not installed on the current Python interpreter with a yellow squiggly line. Hover over the package name and click Install all missing packages to immediately set up your development environment.

Download PyCharm 2024.1.4

Get all of the details in our release notes so you don’t miss out on anything new!

If you come across any bugs, please let us know in our issue tracker so we can fix them right away. Connect with us on X (formerly Twitter) and share your thoughts on PyCharm 2024.1.4! 

I received a mail today from Google (noreply-findmydevice@google.com) notifying me that they would unconditionally enable the Find my device functionality I have been repeatedly marking as unwanted in my Android phone.

The mail goes on to explain this functionality works even when the device is disconnected, by Bluetooth signals (aha, so “turn off Bluetooth” will no longer turn off Bluetooth? Hmmm…)

Of course, the mail hand-waves that only I can know the location of my device. «Google cannot see or use it for other ends». First, should we trust this blanket statement? Second, the fact they don’t do it now… means they won’t ever? Not even if law enforcement requires them to? The devices will be generating this information whether we want it or not, so… it’s just a matter of opening the required window.

Of course, it is a feature many people will appreciate and find useful. And it’s not only for finding lost (or stolen) phones, but the mail also mentions tags can be made available to store in your wallet, bike, keys or whatever. But it should be opt-in. As it is, it seems it’s not even to opt out of it.

Even though web and mobile applications appear to have taken over the software development market, there’s still demand for traditional graphical user interface (GUI) desktop applications. If you’re interested in building these kinds of applications in Python, then you’ll find a wide variety of libraries to choose from. They include Tkinter, wxPython, PyQt, PySide, and a few others.

In this video course, you’ll learn the basics of building GUI desktop applications with Python and PyQt.

In this video course, you’ll learn how to:

• Create graphical user interfaces with Python and PyQt
• Connect the user’s events on the app’s GUI with the app’s logic
• Organize a PyQt app using a proper project layout
• Create a fully functional GUI application with PyQt

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

At the beginning of May, over a thousand people converged on the Oregon Convention Center in Portland, Oregon, for four days packed with announcements, learning opportunities, and comradery with the larger Drupal community. Among the many attendees, twenty-eight members of the Tag1 Team joined sessions, discussions, and led three impactful presentations – including the introduction of Gander as part of the Initiatives Keynote. Now that our team has slept off the jetlag and unpacked their bags, we’re reflecting on DrupalCon Portland and, specifically, Tag1’s highlights. Initiatives Keynote: Introducing Gander Tag1’s Strategic Growth and Innovation Manager, Janez Urevc , was invited to speak as part of the Drupal Project Initiatives Keynote on Day 3 of the conference. Gander was a hit! It was standing room only, and attentive attendees took notes and snagged the links to review more information at a later time. “While I presented at many DrupalCons in the past,” Janez said, “this was my first DrupalCon keynote. I spent significantly more time (and it was more stressful) preparing for those 6.5 minutes than for my entire 45-minute talk. But it was all worth it and I really enjoyed doing it at the end.” Janez introduced Gander , the...

Read more Jeremy Tue, 06/25/2024 - 06:57

As part of the PSF Board Election, there are three proposed changes to the PSF Bylaws which will be on the upcoming ballot. We have received a significant amount of feedback relating to proposed change #3 (allowing for the removal of Fellows by a majority vote of the Board of Directors). We have been working on a response, which has taken us some time because we want to be as transparent as possible, and there have been many questions raised over the last week or so. Thank you for voicing feedback and your patience with us while we worked on our response.

Please keep in mind that as we are the group who is responsible for the health of the Foundation, we need to be conscious about our statements. There may be direct consequences for our words, and some of the specifics are legally privileged.

The broad categories of questions we’ve included are about the importance of this change, alternatives that were considered and rejected, how the Board is structured against abuse of this change, and a few general questions.

If your specific question isn’t answered here, please join the PSF Board Election Bylaws Office Hour session on Thursday June 27th at 1PM UTC in the #psf-elections channel on the PSF Discord. You can also email your questions to either psf-elections@pyfound.org or membership-wg@pyfound.org or by responding to the For your consideration: Proposed bylaws changes to improve our membership experience thread on the PSF Discuss forum.

We hope that our transparency, the Office Hour session, and our responses in the FAQ below encourage you to vote in favor of all three of the proposed Bylaw changes.

With thanks,

- The PSF Board of Directors

 

Importance of a measure like this
 Q: Why is this even necessary? What kind of legal advice did you ask for?

A: The Board has a responsibility to act in the interests of the Foundation. Our legal counsel has advised us of a possibility where knowingly allowing a bad actor to continue to operate with our implied endorsement would open us up to certain kinds of liability. Our Bylaws do not currently have a mechanism for revoking the Fellow designation, and this change is intended to close that gap.

The text of all three Bylaws changes were proposed or vetted by our legal counsel, and we are confident that the text as proposed allows us to act according to the intent we described in our original post.

Q: Is this in response to a specific event?

A: The Board needs to balance transparency with our duty to act in the best interest of the Foundation. We can’t discuss any events that would hypothetically lead to removing a Fellow, or even whether there have even been any events that would warrant a removal, because releasing details — or even the existence — of investigations where we failed to remove a fellow would open us up to the possibility of liability.

Q: Does the Board stand by this amendment? Was this a majority or a unanimous decision?

A: The board voted unanimously in favor of this amendment, 10 in favor, 0 against, 0 abstentions. While the Bylaws do not allow proxy votes to be formally counted, both Board members who could not attend the meeting also explicitly registered their support for the amendment with other Board members.

Q: Why can’t we publicly discuss Fellows who have received complaints and decide together as a community?

A: Some people will not make Code of Conduct reports if they are likely to go to a large public discussion or are unlikely to be acted on. The current lifelong nature of the Fellow designation has created a special group of people who are functionally exempt from the effects of the Code of Conduct.

Q: Does the Board retain legal counsel?

A: Even though there is no longer a full-time General Counsel as part of the Board of Directors, the PSF retains legal counsel. Legal advice was sought, provided, and followed as part of this amendment process.

Q: How do changes to the Bylaws work?

A: The PSF’s Bylaws define the legal structure of the Foundation, the Membership, and how the organization is governed. If an aspect of Membership or the Board’s ability to make decisions needs to be changed, the Bylaws need to be changed. This usually happens by discussion amongst the Board, working groups, or even directly from the Membership, resulting in a proposal to amend the Bylaws.

To change the Bylaws, the Board must vote on a proposed amendment, and then the Membership usually has the opportunity to vote to approve those changes. As an organization that represents a diverse community, we strongly value the consent and community buy-in that comes from a vote.

There are other ways to change the bylaws, including not seeking Member approval, or by Membership seeking Bylaws changes without Board approval, but these have never been used.

Alternatives considered and rejected
 Q: Why does this only require a majority vote, not a supermajority?

A: This amendment as written already requires a higher standard than most business the Board handles. It requires a majority of the full Board of Directors, not merely a majority of the quorum (as is otherwise required in Section 5.8).

With the current size of the Board, a majority is 7 Directors, and a supermajority (two thirds) is 8. The Board would be open to amending the requirements to a supermajority in the future, but we wish to highlight how small the difference would be in practice.

Q: Why does this not require a unanimous vote?

A: A unanimous vote requirement would create scope for abuse. A unanimous vote requirement would allow for a single dissenting Director to prevent the removal of a problematic Fellow, opening the Foundation to liability.

In certain cases, that liability could extend to individual Directors, even those who voted to remove the Fellow, simply because the action failed to pass due to one dissenting vote (subject to the provisions of Article XII “Limits on Liability of Directors”).

This personal liability would be a significant barrier to many community members' willingness to serve on the Board.

Protections against misuse
 Q: Why does the Board need to act responsibly?

A: The Board needs to act in the service of the Foundation’s mission, and has a responsibility to the community to keep vital infrastructure like PyPI running, providing fiscal sponsorship to community groups like PyLadies chapters, or giving grants to international communities.

Acting against the interests of the membership would cause the community to lose trust in us, and threaten our ability to keep Python’s infrastructure running.

Q: What protections are available to prevent the Board from misusing this provision?

A: This proposed Bylaws amendment requires a Member to fail a “condition of membership” to be removed. Such a condition would need to have been previously enacted by the Board and would apply to any Member in that class of Membership. This prevents the Board from removing a Member arbitrarily.

The Membership regularly holds the Board accountable through annual elections. Should there be an immediate need to act, the Membership can call a special meeting of the Board or the Membership and hold the Board to account. The proposed change allows a removed Member 15 business days before their removal is final, during which time they can use the tools available to hold the Board to account.

Q: What if a future board becomes controlled by a large group of untrustworthy and like-minded people?

A: The Board is elected in cohorts, such that usually only 3-4 seats are open each year. Any “hostile takeover” would need to be conducted over the course of a few years and could not be engineered by any company or other formal entity because we already have rules preventing Board capture in our Bylaws (section 5.15).

“No more than one quarter (1/4) of the members of the Board of Directors may share a common affiliation.”  

Other questions
 Q: Why does this offer the possibility of covering non-Code of Conduct policies?

A: The Amendment gives the Board the right to add other qualifications to membership, and the Bylaws do not prevent the Board from amending the Code of Conduct (and we have done so multiple times before). If we were to change the Bylaws such that the only policy that allowed us to remove members was the Code of Conduct, this would have the perverse effect of incentivizing the Board to amend the Code of Conduct to cover other cases where removing a Member may be a necessity. This would make the Code of Conduct too long, complicated, and unfocused to be effective in the cases where it is already used.

Q: Why did the Board single out Fellows in the announcement?

A: It is true that the amended text covers all classes of Membership, however, in practice the only truly new ability granted to the board is being able to remove Fellows.

The text of the Bylaws already grants mechanisms that could allow the Board to make Members in other classes ineligible for Membership, including the ability to set “alternate eligibility criteria” (section 4.6-4.7) beyond those in the Bylaws or an “applicable membership fee” (section 4.5). The only class of membership for which there is no way to restrict eligibility on existing Members are the Fellows, who are granted life membership, except if they are removed by a vote of the Membership. This amendment makes it possible to remove Members, no matter which class, using the same tools.

Q: Who comprises the Code of Conduct Work Group? Is it diverse? Are they accepting new members?

A: The current membership and the past members of the Conduct Work Group are listed in the charter which can be found on the Code of Conduct Work Group Charter page. The group consists of diverse representatives from around the world. The charter lists the process for applying to join the Work Group.

python3 -m pip install -U pygame==2.6.0 Read the release notes to find out what changed.

Please file an issue if you notice a problem:
https://github.com/pygame/pygame/issues

Drupal Developer Days Burgas 2024, from June 26-28 at Burgas Free University, features sessions, workshops, and discussions on AI integration, Drupal 7 support, and community collaboration. Key organizers and speakers share their insights and expectations for the event.

A new FAI version was released and the FAIme service is using this new release. You can now also create installation images for Debian 13 (testing aka Trixie).

https://fai-project.org/FAIme/

Another new feature of the FAIme service will be announced at DebConf24 in August.

Hash-o-Matic 1.0.1 is out! Hash-o-Matic is a tool to compare and generate checksum for your files to verify the authenticity of them. It also verify files via their use PGP signatures.

This new release of Hash-o-Matic provides updated translations and some small visual changes. In the background, the application was ported to the new QML type registration, we now support building Hash-o-Matic on Haiku and we now require released version of KDE Frameworks instead of pre-released version.

Packager Section

You can find the package on download.kde.org and it has been signed with my GPG key.

Qt Academy, the free online platform for learning Qt framework and tools, is constantly updated with new content. Our new learning path made up of 9 courses, is specifically designed for Squish, and offers an ideal baseline for those interested in automated GUI testing. Created by Qt's team of Customer Success Engineers, this path features a comprehensive guide to mastering Squish and will equip you with all the necessary skills to get started with ease. 

KRdp in Plasma 6.1

It's been a while since I posted about KRdp. For those who missed it, KRdp implements a server that exposes a running Plasma session to be controlled by other machines through the RDP protocol.

The biggest news here is that KRdp is now part of Plasma and is being shipped along with the rest of Plasma 6.1. Originally we hoped to be able to include it for Plasma 6.0, but due to the amount of work getting everything else ready for Plasma 6.0 we decided to postpone inclusion to Plasma 6.1. This allowed us to include some fairly important changes that we wanted to include.

What's New

One of the most important changes to be included for Plasma 6.1 is that there is now a KCM in System Settings to configure Remote Desktop support:

Image The new Remote Desktop page in System Settings.

This removes the need for setting things up manually and should make it a lot simpler to get started. This also adds support for logging in with multiple users. This work was mainly done by Akseli Lahtinen, who has been taking over more of the general development work for KRdp.

We also did a fair amount of work on the underlying libraries used for video encoding to improve encoding speed and reduce latency. This should mean that even with software encoding and a slow client, things should remain fairly responsive, even though video quality might suffer somewhat.

Virtual Session Support

One thing that is being asked somewhat often is whether KRdp would allow a remote user to login without a currently running session. Unfortunately, currently that is not supported and there is no clear roadmap for when it will be supported. Remote login requires quite some extra infrastructure to fully work, not only in Plasma but other projects as well.

If you feel this is an important use case for you and you have the ability to work on something like this, feel free to reach out to us to discuss things. Ultimately having someone who is passionate about a use case working on it will ensure things get developed a lot quicker. See the Get Involved page on the KDE Community wiki on how to get started. For KRdp specific questions, feel free to ask them in #plasma on Matrix.

Discuss this post on KDE Discuss

ahiemstra Tue, 06/25/2024 - 10:45

The following text is in German, since we're announcing a regional user group meeting in Düsseldorf, Germany.

Ankündigung

Das nächste Python Meeting Düsseldorf findet an folgendem Termin statt:

03.07.2024, 18:00 Uhr
Raum 1, 2.OG im Bürgerhaus Stadtteilzentrum Bilk
Düsseldorfer Arcaden, Bachstr. 145, 40217 Düsseldorf

Programm Bereits angemeldete Vorträge

• Charlie Clark:
  Reflections on the importance of APIs in Python
  
• Klaus Bremer:
  Nox
  
• Marc-Andre Lemburg:
  Shipping ready-to-run Python apps without the need to install Python
  
• Jens Diemer:
  Django Find My Device
  
  

Weitere Vorträge können gerne noch angemeldet werden. Bei Interesse, bitte unter info@pyddf.de melden. Startzeit und Ort

Wir treffen uns um 18:00 Uhr im Bürgerhaus in den Düsseldorfer Arcaden.

Das Bürgerhaus teilt sich den Eingang mit dem Schwimmbad und befindet sich an der Seite der Tiefgarageneinfahrt der Düsseldorfer Arcaden.

Über dem Eingang steht ein großes "Schwimm’ in Bilk" Logo. Hinter der Tür direkt links zu den zwei Aufzügen, dann in den 2. Stock hochfahren. Der Eingang zum Raum 1 liegt direkt links, wenn man aus dem Aufzug kommt.

>>> Eingang in Google Street View

⚠️ Wichtig: Bitte nur dann anmelden, wenn ihr absolut sicher seid, dass ihr auch kommt. Angesichts der begrenzten Anzahl Plätze, haben wir kein Verständnis für kurzfristige Absagen oder No-Shows. Einleitung

Das Python Meeting Düsseldorf ist eine regelmäßige Veranstaltung in Düsseldorf, die sich an Python Begeisterte aus der Region wendet.

Einen guten Überblick über die Vorträge bietet unser PyDDF YouTube-Kanal, auf dem wir Videos der Vorträge nach den Meetings veröffentlichen.

Veranstaltet wird das Meeting von der eGenix.com GmbH, Langenfeld, in Zusammenarbeit mit Clark Consulting & Research, Düsseldorf:

Format

Das Python Meeting Düsseldorf nutzt eine Mischung aus (Lightning) Talks und offener Diskussion.

Vorträge können vorher angemeldet werden, oder auch spontan während des Treffens eingebracht werden. Ein Beamer mit HDMI und FullHD Auflösung steht zur Verfügung.

(Lightning) Talk Anmeldung bitte formlos per EMail an info@pyddf.de

Kostenbeteiligung

Das Python Meeting Düsseldorf wird von Python Nutzern für Python Nutzer veranstaltet.

Da Tagungsraum, Beamer, Internet und Getränke Kosten produzieren, bitten wir die Teilnehmer um einen Beitrag in Höhe von EUR 10,00 inkl. 19% Mwst. Schüler und Studenten zahlen EUR 5,00 inkl. 19% Mwst.

Wir möchten alle Teilnehmer bitten, den Betrag in bar mitzubringen.

Anmeldung

Da wir nur 25 Personen in dem angemieteten Raum empfangen können, möchten wir bitten, sich vorher anzumelden.

Meeting Anmeldung bitte per Meetup

Weitere Informationen

Weitere Informationen finden Sie auf der Webseite des Meetings:

              https://pyddf.de/

Viel Spaß !

Marc-Andre Lemburg, eGenix.com

Before diving into the differences between SAML (Security Assertion Markup Language) and OAuth 2.0, let's first discuss what they have in common. Both are protocols used for authentication and authorization. While these terms are sometimes mistakenly used interchangeably, they serve distinct purposes. Authentication asks, “Who are you?”, whereas authorization asks, “What are you allowed to do?”.  This means that SAML and OAuth 2.0 are used for very distinctive purposes and work on different mechanisms. The good news is that Drupal integrates really well with both these protocols. In this article, we’ll talk about how different the protocols are from each other and also how to implement them in your Drupal 10 website. What is SAML SAML is an XML-based authentication system that works across different domains. It lets you do Single Sign-On (SSO), so you can access multiple applications with just one set of credentials. Key components of SAML 1. Assertions Assertions are the heart of SAML transactions. They contain information about a user, such as their identity, attributes, and authentication status. SAML defines three types of assertions: Authentication, Attribute, and Authorization Decision. 2. Identity Provider (IdP) The IdP is responsible for authenticating users and generating SAML assertions. It acts as a trusted entity that asserts the identity of users to service providers. 3. Service Provider (SP) It is the application or service a user is trying to access. The SP consumes SAML assertions and makes access control decisions based on the information provided by the IdP. 4. Single Sign-On (SSO): SAML enables SSO, allowing users to authenticate once with the IdP and access multiple SPs without re-entering credentials. The SAML Workflow User Access RequestA user attempts to access a service or application (SP). SP Initiated SSOThe Service Provider (SP) creates an SAML authentication request, initiating the process by redirecting the user to the Identity Provider (IdP). IdP AuthenticationThe IdP authenticates the user. SAML Assertion GenerationUpon successful authentication, the IdP generates a SAML assertion containing user information. Assertion Delivery to SPThe IdP sends the SAML assertion to the user's browser, which then delivers it to the SP. SP ValidationThe SP validates the SAML assertion, and if successful, grants the user access. Image source: Drupal.org Implementing SAML in Drupal 10 Ensure that you have Drupal 10 installed and configured. Ensure that Composer is installed on your local system before proceeding. Install the miniorange_saml Authentication Module: composer require 'drupal/miniorange_saml:^3.0' Enable the module: drush en miniorange_saml Configure your SP’s by following the steps mentioned in the “Readme.md” file of module. Checkout the official documentation of SSO using Google Apps as Identity Provider (IDP).Note: We can also configure SAML to work as an IdP for others which they can use to get sign into other’s platform using our IdP platform (Drupal). For more information please checkout the official documentation here. What is OAuth2 OAuth 2.0 authentication is a method of granting users access to a protected resource, such as a website or application, without sharing their username and password. Instead, the user grants permission to a third-party application, which then accesses the protected resource on their behalf.  This provides an extra layer of security and allows for more control over the user's data.OAuth2 is commonly used for social media, email, and other online services. The thing to note here is that OAuth2 is an authorization mechanism, not an authentication mechanism. Key Components of OAuth2 1. Resource Owner (User) The Resource Owner is an entity (typically a user) that owns the protected resources. These resources could include data, images, or any other type of information. 2. Client The Client, representing the application or service, initiates requests for access to protected resources on behalf of the Resource Owner. It may take the form of a web application, mobile app, or any other software application. 3. Authorization Server This is responsible for authenticating the Resource Owner(User), obtaining their consent, and issuing access tokens. It plays a pivotal role in the OAuth2 workflow, ensuring secure authorization processes. 4. Resource Server The Resource Server is the host for the protected resources that the Client intends to access. It verifies the validity of access tokens provided by the Client and provides the requested resources if the token is deemed valid. 5. Access Token The Access Token is a credential representing the authorization granted to the Client. It is a string that the Client includes in its requests to the Resource Server to access the protected resources. 6. Authorization Grant An Authorization Grant is a credential representing the Resource Owner's authorization for the Client to access their protected resources. There are various types of authorization grants, including authorization codes, implicit grants, client credentials, and resource owner passwords. 7. Redirection URI During the OAuth2 flow, the Client specifies a Redirection URI where the Authorization Server sends the user after authentication and consent. This URI is used to deliver the authorization code or access token back to the Client. 8. Scope The Scope parameter defines the range of the access that the Client is requesting. It specifies the permissions the Client is seeking from the Resource Owner. Scopes can be predefined or defined by the application. 9. Token Endpoint The Token Endpoint is an endpoint on the Authorization Server used by the Client to exchange the Authorization Grant for an Access Token. It plays a crucial role in the OAuth2 Token Exchange process. 10. Refresh Token The Refresh Token is an optional credential that can be used by the Client to obtain a new Access Token without requiring the Resource Owner to reauthenticate. It provides a way to extend the validity of the access. The OAuth2 Workflow The client initiates the authentication process by redirecting the user to the authorization server. The user authenticates with the authorization server and grants permissions to the client. The authorization server grants an access token to the client. The client presents the access token to the resource server to access protected resources on behalf of the user. Image Source: Oracle Implementing OAuth 2.0 in Drupal Let’s take an example of logging into a Drupal site using Google credentials: 1. Install and Enable the OAuth2 Authentication Module Download and install the OAuth2 Authentication respective module from the Drupal.org website or using Composer. Enable the module in the Drupal administration interface. 2. Configure OAuth2 Providers Navigate to the Configuration page and select OAuth2 Authentication settings. Add a new OAuth2 provider configuration by providing details such as client ID, client secret, authorization endpoint, token endpoint, and scope and save configuration. For detailed information please refer to module’s README.md file. 3. Test Authentication Integration Once the OAuth2 provider is configured, Drupal will handle the authentication flow automatically. Test the integration by logging out of Drupal and attempting to log in using the OAuth2 provider credentials. Verify that the authentication process is successful and that user accounts are created or linked appropriately. 4. Secure Access and Manage Permissions Ensure that access tokens are securely stored and transmitted to prevent unauthorized access. Manage permissions and access control settings within Drupal to restrict access to sensitive resources based on user roles and permissions. Key differences between SAML and OAuth2 Feature SAML OAuth2 Purpose Identify and Single Sign-On (SSO) Authorization and Access Control Use Case Authentication or Cross-domain authentication Authorization or Third-party application authorization Protocol Type Authentication protocol Authorization framework Authentication Flow Browser Redirect (POST or Artifact Binding) Redirect or Direct Communication Token Type Assertions (SAML Tokens, typically XML) Access Tokens like: JWT, Bearer Tokens, etc (typically JSON) Token Validations Signature verifications Token validation against Authorization Server Scenarios Often used for enterprise SSO Commonly used in API access and third-party integrations Use with APIs Less common for APIs authrorization Widely used for securing APIs’ and accessing resources Supported by Drupal Yes, via modules such as SimpleSAMLphp Yes, via modules like Social OAuth authentications Integration Complexity More complex due to SSO and identity mapping Generally simpler for basic use cases Use in Mobile Apps Possible, but less common Commonly used for mobile app authentication User Experience Seamless SSO experience for users Transparent authorization for users Examples in Drupal Modules SimpleSAMLphp, Shibboleth OAuth2 Authentication, OAuth2 Server Final Thoughts It's important to note that SAML and OAuth2 serve different purposes, and in some scenarios, they can be used together. For instance, SAML could handle authentication, and OAuth2 could handle authorization in a federated identity scenario. The choice between SAML and OAuth2 often depends on the specific requirements of the application and the use case. Drupal 10 provides modules for both SAML and OAuth2 to accommodate various authentication and authorization needs. Talk to our Drupal experts to find out how we, as a leading Drupal development company, can help build secure, robust, and user-friendly digital solutions with Drupal.