FLOSS Project Planets

Community Over Code: A SOFTWARE FREEDOM Trademark Timeline

Planet Apache - Tue, 2017-11-14 09:16

There’s a trademark battle over the SOFTWARE FREEDOM name going on right now – and it’s not actually about the FSF.  Here’s a brief timeline of interesting facts of the case and how the two organizations are related, along with some community reactions. Reminder: this is about the Software Freedom Law Center (SFLC, petitioner to cancel) and the Software Freedom Conservancy (Conservancy, the registrant of the SOFTWARE FREEDOM CONSERVANCY mark in question).

UPDATE: Includes recent community blogs; see my legal-ish analysis of the case, and my community take (which quite frankly is far more important here), and now including some TTAB dates.

Timeline of Organizational & Conflict Dates
  • Early 2005 – Software Freedom Law Center was incorporated as a non-profit, with Eben Moglen (a director), Bradley M. Kuhn, and Karen Sandler all involved (among others as well).
  • 9-February-2005 – US Trademark First Use Date: SOFTWARE FREEDOM LAW CENTER (Source)
  • 17-September-2005 – US Trademark First Use Date: SOFTWARE FREEDOM CONSERVANCY (Source)
  • 3-April-2006 – SFLC Announces incorporation of Software Freedom Conservancy as an independent non-profit, with Eben Moglen, Karen Sandler, and Daniel Ravicher as Directors (Source, Source)
  • 7-April-2006 – Conservancy Incorporated in NY (Source)
  • 11-July-2007 – Conservancy’s NY Charitable Annual Filing (Source)
  • 15-October-2009 – Conservancy’s IRS 990 FY 2007 (Source)
  • 17-June-2010 – US Registration Application made: SOFTWARE FREEDOM LAW CENTER (Source)
  • 4-October-2010 – Bradley M. Kuhn appointed Executive Director of Conservancy (paid full time) (Source)
  • 1-February-2011 – US Registration Issued: SOFTWARE FREEDOM LAW CENTER (Disclaimed: SOFTWARE and LAW CENTER) (Source) (Class 45)
  • July-2011 – SFLC ceases to serve as legal counsel for Conservancy (Source)
  • 29-November-2011 – US Registration Application Filed: SOFTWARE FREEDOM CONSERVANCY (Source)
  • 25-September-2012 – US Registration Issued: SOFTWARE FREEDOM CONSERVANCY (Disclaimed: SOFTWARE) (Source) (Classes 35, 9)
  • Fiscal Year 2015 – Conservancy’s IRS 990 tax filing for FY 2015; Total Revenue USD1.9m; 73.3% public support (Source)
  • Fiscal Year 2015 – SFLC’s IRS 990 tax filing for FY 2015; Total Revenue USD1.4m; 21.9% public support (Source)
  • 30-September-2015 – The Principles of Community-Oriented GPL Enforcement jointly published by Conservancy and FSF (Source)
  • 11-June-2017 – EU Registration Issued: SOFTWARE FREEDOM CONSERVANCY (Source)
  • 21-September-2017 – A New Era for Free Software Non-Profits published, announcing corporate services for FOSS projects, by SFLC (Source)
  • 22-September-2017 – Petition For Cancellation of SOFTWARE FREEDOM CONSERVANCY mark filed by SFLC (Source)
  • 2-November-2017 – Response to Petition to Cancel filed by Conservancy (Source)
    Timeline of Responses And Community Blogs
  • 3-November-2017 – SFLC Files Bizarre Legal Action Against Its Former Client, Software Freedom Conservancy published by Conservancy (Source)
  • 6-November-2017 – Concerning a Statement by the Conservancy published by SFLC (Source)
  • 8-November-2017 – Karl Fogel blogs What You Need to Know About the Conservancy / SFLC Dustup (Source)
  • 8-November-2017 – Neil McGovern blogs Software Freedom Law Center And Conservancy (Source)
  • 13-November–2017 – Matthew Garrett blogs Eben Moglen is no longer a friend of the free software community (Source)
  • 13-November-2017 – Brian Lunduke video blogs Software Freedom Law Center vs. Software Freedom Conservancy (Source)

What does this all mean?  We don’t know yet.  But it’s obvious that the principals at both organizations have worked together for years in various capacities (the SFLC used to provide legal services to Conservancy!), so it’s astonishing that there weren’t any private discussions about the matter before the USPTO Petition For Cancellation was filed.

The Petition for Cancellation and the Response are both worth a read, if only for the bizarreness of details in the claims.

Timeline of Legal Filing TTAB Dates

Reading into the USPTO documents about the case, we can see some of the potential deadlines the TTAB has set for actions in the trial – obviously, if the parties negotiate or both agree to change the dates, they might move. S

  • 7-December-2017 – Deadline for Discovery Conference; Discovery period opens.
  • 6-January-2018 – Initial Disclosures Due
  • 6-May-2018 – Expert Disclosures Due
  • 5-June-2018 – Discovery period ends

There are a bunch more dates in the TTAB records (ending in April 2019 – they take a long time!) but I’m really hoping this case doesn’t get that far.


The post A SOFTWARE FREEDOM Trademark Timeline appeared first on Community Over Code.

Categories: FLOSS Project Planets

Announcing KTechLab 0.40.0

Planet KDE - Tue, 2017-11-14 05:00

KTechLab, the IDE for microcontrollers and electronics, has reached a new milestone: its latest release, 0.40.0, does not depend on KDE3 and Qt3, but on KDE4 and Qt4. This means that KTechLab can be compiled and run on current operating systems.

Categories: FLOSS Project Planets

Codementor: 30-minute Python Web Scraper

Planet Python - Tue, 2017-11-14 04:31
I’ve been meaning to create a web scraper using Python and Selenium (http://www.seleniumhq.org/) for a while now, but never gotten around to it. A few nights ago, I decided to give it a spin....
Categories: FLOSS Project Planets

Promet Source: WordPress vs. Drupal for Web Accessibility, SEO & Performance

Planet Drupal - Tue, 2017-11-14 04:08
Wordpress vs. Drupal - How do I choose a CMS for my web development project? The age old question - or at least decades old question of Wordpress vs. Drupal is one we encounter on an almost daily basis. When deciding between the two content management systems, it may not be a question of which is better, but rather which is the best fit for your specific project. In this article I'll walk through some of the key factors to considering when deciding between Wordpress and Drupal for your web development projects.
Categories: FLOSS Project Planets

OpenStack Summit Sydney - Slides and Videos

Planet KDE - Tue, 2017-11-14 03:59

Back from the OpenStack Summit in Sydney. It seems all my sessions were recorded this time. Here you can find the slides and videos:

  • Multicloud requirements and implementations: from users, developer, service providers (Panel Discussion) [video]
  • Email Storage with Ceph (Lightning Talk) [slides | video]
  • Vanilla vs OpenStack Distributions - Update on Distinctions, Status, and Statistics (Talk) [slides | video]
Categories: FLOSS Project Planets

Appnovation Technologies: Guaranteed Delivery using Dead Letter Queue

Planet Drupal - Tue, 2017-11-14 03:00
Guaranteed Delivery using Dead Letter Queue When an enterprise implements messaging, Guaranteed Delivery (Messages are persistent and are not lost even when the system crashes) becomes an imminent requirement. When implementing messaging, ensuring Guaranteed Delivery means answers to the following: Where does the message get sent when a condition is not met? Can each individual ...
Categories: FLOSS Project Planets

Montreal Python User Group: Montréal-Python 68: Wysiwyg Xylophone

Planet Python - Tue, 2017-11-14 00:00

Please RSVP on our meetup event


November 20th at 6:00PM


Google Montréal 1253 McGill College #150 Montréal, QC

We thank Google Montreal for sponsoring MP68

  • 6:00PM - Doors open
  • 6:30PM - Talks
  • 7:30PM - Break
  • 7:45PM - Talk
  • 8:30-9:00PM - End of event
Presentations Va debugger ton Python! - Stéphane Wirtel

Cette présentation vous explique les bases de Pdb ainsi que GDB, afin de debugger plus facilement vos scripts Python.

Writing a Python interpreter in Python from scratch - Zhentao Li

I will show a prototype of a Python interpreter written in entirely in Python itself (that isn't Pypy).

The goal is to have simpler internals to allow experimenting with changes to the language more easily. This interpreter has a small core with much of the library modifiable at run time for quickly testing changes. This differs from Pypy that aimed for full Python compatibility and speed (from JIT compilation). I will show some of the interesting things that you can do with this interpreter.

This interpreter has two parts: a parser to transform source to Abstract Syntax Tree and a runner for traversing this tree. I will give an overview of how both part work and discuss some challenges encountered and their solution.

This interpreter makes use of very few libraries, and only those included with CPython.

This project is looking for members to discuss ways of simplifying parts of the interpreter (among other things).

The talk would be about Rasa, an open-source chatbots platform - Nathan Zylbersztejn

Most chatbots rely on external APIs for the cool stuff such as natural language understanding (NLU) and disappoint because if and else conditionals fail at delivering good representations of our non linear human way to converse. Wouldn’t it be great if we could 1) take control of NLU and tweak it to better fit our needs and 2) really apply machine learning, extract patterns from real conversations, and handle dialogue in a decent manner? Well, we can, thanks to Rasa.ai. It’s open-source, it’s in Python, and it works

About Nathan Zylbersztejn:

Nathan is the founder of Mr. Bot, a dialogue consulting agency in Montreal with clients in the media, banking and aerospace industries. He holds a master in economics, a graduate diploma in computer science, and a machine learning nanodegree.

Categories: FLOSS Project Planets


Planet KDE - Mon, 2017-11-13 22:38

Hi there,

It's been a while since my last post over here. After being drained with a lot of work on the very first edition of QtCon Brasil, we all had to take some rest to recharge our batteries and get ready for some new crazinesses.

This post is a short summary of the talk I presented at Akademy 2017, in the quite sunny Almería in Spain. Akademy is always a fascinating experience and it's actually like being at home, meeting old friends and getting recurrently astonished by all awesomeness coming out of KDE community :).

My talk was about architecting Qt mobile applications (slides here | video here). The talk started with a brief report on our Qt mobile development experiences at IFBa in the last two years and then I explained how we've been using lean QML-based architectures and code generators to leverage the productivity and provide flexible and reusable solutions for Qt mobile applications.

Our approach ‒ named Meg ‒ is defined by two major components: a lean dynamic QML-based architecture for Qt mobile applications and a code generator for enabling the creation of modular RESTful servers and Qt mobile applications. Meg provide a Ruby-based CLI, built on top of Thor CLI framework, with templates specified in ERB (Embedded RuBy). We also designed a nice architecture for the generator itself, so that new templates can be defined as new Thor modules. The framework that implements the lean architecture we designed for Qt mobile applications already provides a JSONListModel QML object, making it easier to implement RESTful Qt clients.

The following templates are currently available:

  • Sinatra RESTful server with modular architecture (sinatra-server)
  • Ruby Sinatra RESTful service plug-in (sinatra-service-plugin)
  • Simple Qt mobile app with plugin-based architecture (simple-app)
  • Qt mobile RESTful app with plugin-based architecture (restful-app)
  • Qt mobile RESTful client plug-in (restful-client-plugin)

You're welcome to try it :) Here is what you need to do:

* git clone https://github.com/sandroandrade/meg.git * install ruby * run ‘gem install bundler’ * Run ‘bundle install’ * Meg CLI is available in ‘./bin/meg’ Creating a simple plugin-based QML application

So, these are the steps to create a simple plugin-based QML application using Meg:

1. Create a new project using simple-app as project type (template): ./bin/meg new SimpleApp -t simple-app 2. Create a new plugin, for example, to display students information: ./bin/meg generate plugin students -t basic-plugin -a simpleapp/ 3. Create another plugin, for example, to display teachers information: ./bin/meg generate plugin teachers -t basic-plugin -a simpleapp/

In step 1, we create a new project in the simpleapp directory, using the basic-plugin template (-t option). In steps 2 and 3, we create two plugins (students and teachers), using the basic-plugin template and install them at simpleapp directory. After that, your application is available at simpleapp directory and can be built by a normal qmake/make run.

Here is what you get out of those steps:

Creating a Sinatra-based RESTful server

Besides automating the creation of Qt-based mobile clients, Meg also provides some templates for generating RESTful servers based on Sinatra Ruby microframework. As in the client-side, we also designed a plugin-based architecture for the RESTful server, where new services are provided by separate modules. Here are the steps to create a new RESTful server:

1. Create the server project: ./bin/meg new myserver -t sinatra-server 2. Create a plugin for handling CRUD operations for an application for visualizing a conference program: ./bin/meg generate plugin Conference -t sinatra-service-plugin -a myserver/ acronym:string name:string city:string country:string venue:string start_date:datetime end_date:datetime 3. Create a similar plugin for handling CRUD operations for handling speakers: ./bin/meg generate plugin Speaker -t sinatra-service-plugin -a myserver/ name:string affiliation:string shortbio:string

To run the server you first need to setup the database:

$ cd myserver $ rake db:migrate

And populate some data:

$ sqlite3 db/development.sqlite3 insert into conferences values (1, 'QtCon-BR', 'QtCon Brasil', 'São Paulo', 'Brasil', 'Espaco Fit', '2017-08-18 09:00:00', '2017-08-20 18:00:00'); insert into conferences values (2, 'Akademy', 'Akademy', 'Berlin', 'Germany', 'BCC', '2017-03-01 09:00:00', '2017-03-03 18:00:00'); insert into conferences values (3, 'Conf.KDE.in', 'Conf.KDE.in', 'Guwahati', 'India', 'IIT', '2017-03-10 09:00:00', '2017-03-12 18:00:00'); insert into speakers values (1, 'Our beloved Konqi', 'KDE', 'Konqi is awesome'); insert into speakers values (2, 'Dirk Gently', 'Adams', 'He is a holistic detective');

Now, you can start the server:

$ ruby myserver.rb Creating a Qt-based RESTful client

Creating a Qt-based RESTful client for our server is also quite simple:

$ ./bin/meg new MyApp -t restful-app $ ./bin/meg generate plugin conferences -t restful-client-plugin -a myapp -i name -c university acronym:string name:string city:string venue:string start_date:datetime end_date:datetime $ ./bin/meg generate plugin speakers -t restful-client-plugin -a myapp -i name -c microphone name:string affiliation:string shortbio:string

Such commands create a new Qt mobile project, using the restul-app template. Then, two RESTful client plugins for the aforementioned services are created and installed in the project directory. You can now build your Qt mobile client and, once started the server, this is what you get out from it:

So, that's all folks! We hope this can improve somehow the development workflow and of RESTful-based Qt mobile applications. This is a one-year project being carried out at IFBa by myself and Eliakin Costa. Hopefully, we'll get back with some news soon.

See you!

Categories: FLOSS Project Planets

Aaron Morton: Reaper 1.0 Has Been Released!

Planet Apache - Mon, 2017-11-13 19:00

In celebration of National Pickle Day, we’re proud to announce the 1.0 version of Reaper for Apache Cassandra. This release is a huge milestone for us. We’d like to start by thanking everyone who’s reported bugs and helped us test. We’d especially love to give a huge thank you to the teams which have sponsored development of the project along the way.

To help everyone get started using reaper, we’ve made a short video to help you get up and running in under 10 minutes.

First, the big items. To start, we’ve massively improved multi-dc support when using the Cassandra backend. It’s possible to run a reaper instance in each data center, and Reaper will use Cassandra’s multi-dc replication to coordinate. We’ve updated the documentation with the details on how to set this up.

Based on some feedback, we’ve simplified UI by hiding less used elements under a advanced panel that’s hidden by default. Setting up basic repairs should be easier with less options to consider initially.

Under the new advanced tab we added the ability for Reaper to repair specific nodes, instead of always needing to repair the entire cluster. This is useful when a node has been down for longer than the hint window. We’ve also moved the options for blacklisting, parallelism, repair intensity, and incremental repair.

One of the questions asked the most often was how many segments to configure for a given repair. The answer was not easy, because it depended on cluster size and vnode count. We’ve simplified this by making the optional field be segments per node instead of total segments.

Table blacklisting is new as well. This is useful for clusters with lots of tables, and a handful that don’t need to be repaired. This is common with tables using TTLs and TWCS.

On the performance side, the Cassandra backend has been improved to avoid excessive tombstone creation, which will help with read performance and decrease the overhead of compaction.

As usual, we strive to do more than just crank out features. We’ve made a considerable effort to reduce technical debt, improve organization, write better documentation, conform to consistent code style. We’ve made these investments to ensure a smooth path for future development.

The full list of issues can be found on GitHub.

As always, you can grab the latest version from the downloads section of cassandra-reaper.io.

Categories: FLOSS Project Planets

Justin Mason: Links for 2017-11-13

Planet Apache - Mon, 2017-11-13 18:58
Categories: FLOSS Project Planets

CiviCRM Blog: CiviCRM Entity 2.0-beta-11 Released - New Admin config page

Planet Drupal - Mon, 2017-11-13 17:52

Today, Skvare has released a new version of CiviCRM Entity, 2.0-beta11.  This release contains a new feature, an admin configuration page which allows site administrators to disable exposure of entity types to Drupal.

CiviCRM Entity is a Drupal module which exposed CiviCRM API entity types as native Drupal entity types, providing Views, Rules, Entity Reference field integration, and Drupal native pages and forms for each. It supports both CiviCRM 4.6 LTS and CiviCRM 4.7.

Previous versions of CiviCRM Entity allowed developers to control access to Drupal based pages and forms for entity types, but there was no way for administrators to control what entity types were available in Views, Rules, or Entity Reference fields. As CiviCRM Entity has evolved over the past 2 years, over 45 entity types have been supported, including all the major financial record types. There are cases where many of these entity types are not used in Views, Rules, etc.., and admins may not want to make data of these entity types available to be used in Views by lower-ranking administrative users.  Disabling an entity type in CiviCRM Entity does not affect the Core Views integration. However it will not make any of the additions that CiviCRM Entity provides, and for types not supported by CiviCRM Core, integration can now easily be toggled on/off.

Having all entity types enabled can affect performance in some aspects. Generally, this does not affect cached page load for normal users, but anytime you clear the cache, or the Views cache, having 45 entity types can cause cache rebuild to be intensive, not to mention all the additional menu paths that are generated for the Admin menu. Disabling entity types that you do not use will streamline admin user performance, and make the site in total that much faster by reducing memory footprint.

For existing users of CiviCRM Entity, the module can be upgraded as per Drupal standard, and there are no necessary config changes to make.  There are updates that need to be run by going to "/update.php" or running "drush updatedb" from the command line. These updates simply set up a configuration variable, and do not affect the CiviCRM database.  All available entity types are enabled by default for new or upgraded installations.

All submodules that are packaged with the CiviCRM Entity will automatically enable entity types that are required by the submodule and will enforce that these entity types remain enabled as long as the submodule is enabled.


You will find an admin configuration page at "admin/structure/civicrm-entity/settings". A user with a role with 'administer CiviCRM Entity' permission is required to access and manage the settings on this page.

It is important to remember to enable all entity types used by your site's configuration and 3rd party modules. This page does not check if an entity type is required by an existing View, Rule, Entity Reference field. Disabling an entity type will break functionality in any rule, view, or field that requires it, so proceed with caution.  However, re-enabling will restore functionality for those entities.

For developers of 3rd party modules or custom modules making use of CiviCRM Entity, you are responsible for ensuring an entity type is always available. This requires only a hook_form_alter() implementation to disable the necessary configuration page checkbox, or adding a validation or submit handler to the form.


We consider CiviCRM Entity for Drupal 7 to be feature complete, and it has been quite some time since there was a major bug found. We plan to release a non-beta stable 2.0 version at the end of this year. This upcoming stable release will be regarded as a Long Term Support release, and any major changes or updates will move to a 3.x branch. The primary focus of new development will now shift to the Drupal 8 version development. We will continue to support the 7.x-2.x branch throughout the life of Drupal 7 for bug fixes and minor feature updates.  We will support for CiviCRM 4.6 LTS for its lifetime, and most likely beyond.

Categories: FLOSS Project Planets

Steve Kemp: Paternity-leave is half-over

Planet Debian - Mon, 2017-11-13 17:00

I'm taking the month of November off work, so that I can exclusively take care of our child. Despite it being a difficult time, with him teething, it has been a great half-month so far.

During the course of the month I've found my interest in a lot of technological things waning, so I've killed my account(s) on a few platforms, and scaled back others - if I could exclusively do child-care for the next 20 years I'd be very happy, but sadly I don't think that is terribly realistic.

My interest in things hasn't entirely vanished though, to the extent that I found the time to replace my use of etcd with consul yesterday, and I'm trying to work out how to simplify my hosting setup. Right now I have a bunch of servers doing two kinds of web-hosting:

Hosting static-sites is trivial, whether with a virtual machine, via Amazons' S3-service, or some other static-host such as netlify.

Hosting for "dynamic stuff" is harder. These days a trend for "serverless" deployments allows you to react to events and be dynamic, but not everything can be a short-lived piece of ruby/javascript/lambda. It feels like I could setup a generic platform for launching containers, or otherwise modernising FastCGI, etc, but I'm not sure what the point would be. (I'd still be the person maintaining it, and it'd still be a hassle. I've zero interest in selling things to people, as that only means more support.)

In short I have a bunch of servers, they mostly tick over unattended, but I'm not really sure I want to keep them running for the next 10+ years. Over time our child will deserve, demand, and require more attention which means time for personal stuff is only going to diminish.

Simplify things now wouldn't be a bad thing to do, before it is too late.

Categories: FLOSS Project Planets

Joachim's blog: Drupal Code Builder unit testing: bringing in the heavy stuff

Planet Drupal - Mon, 2017-11-13 16:49

I started adding unit tests to Drupal Code Builder about 3 years ago, and I’ve been gradually expanding on them ever since. It’s made refactoring the code a pleasant rather than stressful experience.

However, while all generator types are covered, the level of detail the tests go into isn’t that deep. Back when I wrote the tests, they mostly needed to check for hook implementations that were generated, and so quick and dirty regexes on the generated code did the job: match 'mymodule_form_alter' in the generated code, basically. I gradually extended those to cover things like class declarations and methods, but that approach is very much cracking at the seams.

So it’s time to switch to something more powerful, and more suited to the task.

I’ve already removed my frankly hideous attempt at verifying that generated code is correctly-formed PHP, replacing it with a call to PHP’s own code linter. My own code was running the generated PHP code files through eval() (yes, I know!) to check nothing crashed, which was quick and worked but only up to a point: tests couldn’t create the same function twice, as eval()ing code that contains a function declaration brings it into the global namespace, and it didn’t work at all for classes where while tests were being run, as the parent classes in Drupal core or contrib aren't present.

It's already proved worthwhile, as once I'd converted the tests, I found an error in the generated code: a stray quote mark in base field definitions for a content entity, which my approach wasn't picking up, and never would have.

The second phase is going to be to use PHPCS and Drupal Coder to check that generated code follows Drupal Coding Standards. I'm currently getting that to work in my testing base class, although it might be a while before I push it, as I suspect it's going to complain about quite a few nipicks in the generated code that I'll then have to spend some time fixing.

The third phase (this is a 3-phrase programme, all the best ones are) is going to be to look into using PHP-Parser to check for the presence of functions and methods in the code, rather than my regex-based approach. This is going to allow for much more thorough checking of the generated code, with things such as method order in the code, service injection, and more.

After that, it'll be back to some more refactoring and code clean-up, and then some more code generators! I have a few ideas of what else Drupal Code Builder could generate, but more ideas are welcome in the issue queue on github.

Tags: drupal code builder
Categories: FLOSS Project Planets

Markus Koschany: My Free Software Activities in October 2017

Planet Debian - Mon, 2017-11-13 14:38

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in  Java, Games and LTS topics, this might be interesting for you.

Debian Games
  • I packaged a new upstream version of springlobby. There is even a more recent one now but I discovered that it would fail to build from source. I reported the issue and now I am waiting for another release.
  • These packages were also updated: bullet, tuxfootball (#876481), berusky (#877979), spring, hitori and trackballs.
  • I released a new version of cube2-data, a DFSG-free version of the Sauerbraten game. This release was largely made possible thanks to the work of Nyav.
  • I prepared two stable point releases of berusky and simutrans to fix #877979 and # 869029 for users of Debian’s stable distributions too. The bug in Berusky is already resolved but I’m still waiting for the confirmation to upload simutrans (#878668).
  • I updated wing and biniax2. Here I discovered that biniax2 would segfault immediately at startup after recompilation. I tracked down the issue to some C code that caused undefined behavior, prepared a patch and released a fixed revision.
  • I sponsored a new upstream version of mupen64plus-qt.
Debian Java
  • This month I started to work on fixing Java9 bugs since Java 9 shall become the new default JDK/JRE for Buster. The bug reports were filed by Chris West who did the important work of identifying build failures and broken packages. I started with some low hanging fruits first and the following packages are now Java 9 ready: libgetopt-java, libjide-oss-java, activemq-protobuf, antelope, yecht, slashtime, colorpicker, f2j, libreadline-java, libjaxp1.3-java, jlapack, isorelax, libisrt-java, rxtx, uima-addons.
  • New upstream releases this month: apktool, jboss-xnio, okio, pdfsam, libsejda-java, bcel, autocomplete, mediathekview, sweethome3d.
  • MediathekView introduced yet another build-dependency. Let’s welcome libokhttp-java in Debian.
  • I upgraded jackson-databind to fix CVE-2017-7525. While I was at it, I continued this work with jackson-core, jackson-annotations, jackson-dataformat-xml, jackson-jr, jackson-datatype-joda, jackson-module-jaxb-annotations, jackson-dataformat-cbor, jackson-dataformat-smile, jackson-dataformat-yaml and jackson-jaxrs-providers. I also requested the removal of jackson-datatype-guava.
  • More resolved RC issues: commons-io (#873118), tycho (#879250)
  • Package updates: mockobjects (converted from CDBS to DH) and jblas (RC #877225, #873212, #698176)
  • The Maven 2 to Maven 3 transition caused (and still causes) a lot of fallout: I investigated the following packages with RC bugs. In most cases the issue was in another package, so the bugs could be closed but there were also packages like conversant-disruptor (#869002) which caused build failures unrelated to the transition. In total 15 packages were triaged or fixed: jasypt (#871195), mustache-java (#869009), libslf4j-java, apache-log4j2, conversant-disruptor, powermock(#869017), jetty9(#869021), maven-site-plugin(#869001),  javamail(#871102), assertj-core(#871131), java-allocation-instrumenter(#869251), json-smart(#868603), sisu-guice(#868611), maven-archiver(#871069), doxia-sitetools(#875948)
  • I have started to work on a new upstream version of triplea, multiple strategy games written in Java. The update would fix a couple of bugs and make the package ready for Java 9.
  • It was also requested to upgrade Gradle to version 3.4.1 at least. I have made good progress but there is more work to do.
Debian LTS

This was my twentieth month as a paid contributor and I have been paid to work 19 hours on Debian LTS, a project started by Raphaël Hertzog. I will catch up with the remaining 1,75 hours in November. In that time I did the following:

  • From 30. October to 05. November I was in charge of our LTS frontdesk. I triaged bugs in jasperreports, jbossas4, libstruts1.2-java, httpcomponents-client, vim, emacs23, trafficserver, async-http-client, liblouis, wordpress, apr, apr-utils, redis, nautilus, libpam4j and spip.
  • I decided to mark jbossas4 as end-of-life because the Java application server was never fully packaged and the version in Wheezy is already nine years old. I investigated the open security issues in jasperreports and contacted upstream but they have not published any details yet.
  • I pinged bug #878088. The reportbug maintainer still has to respond to the idea of informing the security teams when users report bugs in security uploads. I will discuss the possibility with the rest of the team, whether it is helpful to patch reportbug in Wheezy/Jessie/Stretch now.
  • DLA-1151-1 and DLA-1160-1. Issued two security updates for WordPress  addressing 10 CVE. It was later discovered that the patch for CVE-2017-14990 was incomplete and caused a regression when using WordPress’ multi-site feature. Single-site installations were not affected. The complete fix would either include a  database upgrade or a different approach without using the new database field “signup_id”. I reverted the patch for now and issued a regression update in DLA-1151-2.
  • DLA-1158-1. Issued a security update for bchunk fixing 3 CVE.
  • DLA-1159-1. Issued a security update for graphicsmagick fixing 2 CVE.
  • DLA-1164-1. Issued a security update for mupdf fixing 2 CVE.
  • DLA-1165-1. Issued a security update for libpam4j fixing 1 CVE.
  • DLA-1167-1. Issued a security update for ruby-yajl fixing 1 CVE.
  • DLA-1157-1. I uploaded a security update for openssl. The update was prepared by Kurt Roeckx, the maintainer of openssl.
  • I prepared the security updates for libpam4j (DSA-4025-1) and bchunk (DSA-4026-1) and fixed the same issues in Sid and Buster.


Thanks for reading and see you next time.

Categories: FLOSS Project Planets

Friday Free Software Directory IRC meetup: November 17th starting at 12:00 p.m. EST/17:00 UTC

FSF Blogs - Mon, 2017-11-13 14:33

Participate in supporting the Directory by adding new entries and updating existing ones. We will be on IRC in the #fsf channel on irc.freenode.org.

Tens of thousands of people visit directory.fsf.org each month to discover free software. Each entry in the Directory contains a wealth of useful information, from basic category and descriptions, to providing detailed info about version control, IRC channels, documentation, and licensing info that has been carefully checked by FSF staff and trained volunteers.

While the Directory has been and continues to be a great resource to the world for over a decade now, it has the potential to be a resource of even greater value. But it needs your help!

It was 47 years ago on November 17th that Douglas Engelbart received the first patent on the computer mouse. This advent in the realm of human interface devices (HID) would open the world of computers to many new people. To this day though, a battle rages in terms of the mouse's general use: the classic battle of window managers between the mouse-less Awesome and mouse-centric Mutter. This week, the Directory theme for entries is mice as input devices, and we will be discussing HIDs in general.

If you are eager to help, and you can't wait or are simply unable to make it onto IRC on Friday, our participation guide will provide you with all the information you need to get started on helping the Directory today! There are also weekly Directory Meeting pages that everyone is welcome to contribute to before, during, and after each meeting.

Categories: FLOSS Project Planets

Latte Dock v0.7.2 arrives in KDE and Kubuntu backports PPA

Planet KDE - Mon, 2017-11-13 12:44

Latte Dock, the very popular doc/panel app for Plasma Desktop, has released its new bugfix version 0.7.2. This is also the first stable release since Latte Dock became an official KDE project at the end of August.



Version 0.7.1 was added to our backports PPA in a previous round of backports for Kubuntu 17.10 Artful Aardvark.

Today that has been updated to 0.7.2, and a build added for Kubuntu 17.04 Zesty Zapus users.

The PPA can be enabled by adding the following repository to your software sources list:


or if it is already added, the updates should become available via your preferred update method.

The PPA can be added manually in the Konsole terminal with the command:

sudo add-apt-repository ppa:kubuntu-ppa/backports

and packages then updated with

sudo apt update
sudo apt full-upgrade

Upgrade notes:

~ The Kubuntu backports PPA includes various other backported applications and Plasma releases, so please be aware that enabling the backports PPA for the first time and doing a full upgrade would result in a substantial amount of upgraded packages in addition to Latte Dock.

~ The PPA will also continue to receive further bugfix updates when they become available, and further updated releases of Plasma and applications where practical.

~ While we believe that these packages represent a beneficial and stable update, please bear in mind that they have not been tested as comprehensively as those in the main Ubuntu archive, and are supported only on a limited and informal basis. Should any issues occur, please provide feedback on our mailing list [1], IRC [2], and/or file a bug against our PPA packages [3].

1. Kubuntu-devel mailing list: https://lists.ubuntu.com/mailman/listinfo/kubuntu-devel
2. Kubuntu IRC channels: #kubuntu & #kubuntu-devel on irc.freenode.net
3. Kubuntu PPA bugs: https://bugs.launchpad.net/kubuntu-ppa

Categories: FLOSS Project Planets

You can now register as a DMCA agent without using nonfree JavaScript

FSF Blogs - Mon, 2017-11-13 12:42

Users shouldn't be forced to use nonfree software when interacting with their own government. Every user has the right to control their own computing, and the government shouldn't be forcing you to download and install proprietary software just to take advantage of its services. But when it comes to registering as an agent under the Digital Millenium Copyright Act (DMCA) in the United States, that's exactly what the government expects you to do.

Users are likely familiar with the DMCA's more draconian aspects, namely the creation of legal penalties for circumventing Digital Restrictions Management. The Free Software Foundation's Defective by Design campaign is fighting to end that nightmare and repeal that part of the law. But like many laws, it's crammed full of a wide variety of provisions, the anti-circumvention rules being only one of them.

Another piece of the law creates what are known as the safe harbor provisions. These rules set out some steps that maintainers of Web sites can take to avoid liability when a user of their site uploads potentially infringing copyrighted materials. The main provision here is that if a copyright holder finds their work on your site without their permission, they can submit a take down notice to an agent registered for your site. This agent can then remove the work, thus avoiding liability for the potentially infringing distribution. Without this safe harbor, the site maintainer could potentially be sued.

While this safe harbor rule can lead to abuse, with improper take downs, it also allows maintainers of Web sites to permit their users to share works. If the rule wasn't in place, it would be too dangerous to accept such uploads without reviewing each work -- something most Web sites can't afford to do. The Free Software Foundation takes advantage of the safe harbor provisions to ensure that we can continue to share software created and uploaded by free software developers, or to share information like that found in the Free Software Directory, or to help people organize locally via LibrePlanet.org.

As mentioned before, though, taking advantage of the safe harbor provisions requires having an agent to accept the notices. This is where the problem arises. The U.S. Copyright Office is now requiring Web site maintainers to re-register using https://www.copyright.gov/dmca-directory/ by December 31st of 2017. This site, like many others that the Copyright Office requires use of, is lousy with nonfree JavaScript. Unlike the server software you may interact with when visiting any Web site, JavaScript is actually downloaded and run on your machine. Like any proprietary software, it does not serve the user, and cannot be trusted. Users must avoid nonfree JavaScript just as they would avoid any piece of proprietary software. But if they want to continue to enjoy safe harbor provisions, they must allow this intrusion onto their computer.

The Free Software Foundation reached out to the Copyright Office with these issues, and we still hope to work out a solution with them for the long term. But with the deadline coming up, we had to fix it ourselves. We collaborated with a volunteer to develop a workaround that allows you to register using only free software. The fix requires installing two freely licensed add-ons, Register DMCA claim contacts w/o bad Javascript and Automatically reveal hidden HTML elements. These add-ons, when used with GNU LibreJS, allow anyone who needs to register as a DMCA agent to do so without loading the harmful nonfree JavaScript.

There are still a few quirks that are being hammered out. Currently you have to add alternate names by uploading a document rather than filling in a text field. The only document type that they will accept is Excel, a proprietary format, but users can create documents in that format using LibreOffice. It's not a perfect solution, but it does enable users to actually complete the entire registration process using only free software. We will also be talking with the Copyright Office about supporting better formats. That is one of the beautiful things about free software: when people see a problem and have control over their own tools, they have the power to come together and make things right.

Users have a right to control their own computing. Governments everywhere should ensure that participating in any program they provide does not require the use of nonfree software. But where governments are slow to react, we all have to work together to route around the threat of proprietary software. Here's what you can do to help:

  • Spread the word to any Web site maintainers you know that they can register using free software.
  • Use the add-ons to register for your own sites, and let us know you did by emailing us at licensing@fsf.org.
  • Help improve GNU LibreJS.
  • Support the work of the Free Software Foundation by donating or becoming a member.
Categories: FLOSS Project Planets

Drupal Association blog: Intellect, fire, water, and medieval castles at Lutsk Drupal Camp 2017

Planet Drupal - Mon, 2017-11-13 11:43

This story is reposted from Drudesk.com thanks to Drupal Ukraine Community.

Hello everyone! Drupal Ukraine Community is thriving. Last year’s Lviv Drupal Camp 2016 seems like only yesterday, but now it’s time to share our latest camp with you. This is the story of Lutsk Drupal Camp 2017, the annual camp for all Ukrainian Drupalers. We promise you a really interesting story. After all, who’s able to tell you more about the event than the organizers — the teams from Drudesk and InternetDevels, powered by Drupal Ukraine Community? Let’s go!

Lutsk Drupal Camp 2017 and its blue ocean

The official logo for Lutsk Drupal Camp 2017 was the Druplicon’s “infinity” eyes with scenes of Lutsk city reflected in them. It also resembled a fish to many. At Lutsk Drupal Camp, the blue color of the eyes was everywhere — on T-shirts, badges, backpacks, notebooks, and so on. Wherever you stepped, the blue wave carried you. And the main hero in this story was our favorite “drop” — Drupal!

+1 step to DrupalCon Ukraine

It’s no secret that the Ukranian Drupal community dreams about hosting DrupalCon in Ukraine some day. Holding Drupal Camp in the ancient and cosy city of Lutsk is one more step to holding DrupalCon in Ukraine!

Lutsk Drupal Camp 2017,  the main event

Starting with the morning’s registration, it was clear that the day would turn out incredibly positive. The organizers (in dark blue T-shirts) worked like busy bees taking care of every small detail and were ready to solve any possible problem.

Luckily, there were no problems to solve! Well, okay there was just one. The speakers at Lutsk Drupal Camp 2017 were so awesome that it was hard to choose which sessions to attend! They touched upon the most interesting and modern aspects of Drupal development, asked about the audience’s experiences and shared their own.

The concentration of famous speakers per square meter of space was sometimes so high it made you dizzy. They were also glad to receive the certificates of appreciation from us!

During Lutsk Drupal Camp 2017, there was also a time to catch up for old and new friends.

And even for some sports.

Of course, Drupalers are driven by inspiration, but some additional snacks never go amiss.

But this was just a rehearsal before the main lunch we all had together at Lutsk Drupal Camp 2017.

Of course, it isn’t Camp without Drudesk and InternetDevels team taking photos together.

And with all the guests as well.

Lutsk Drupal Camp 2017 and the flames of our love for Drupal

After all the speeches finished, the sponsors named the winners of their prize drawings, and the closing ceremony summed up this big day, there was more  to look forward to. The big party in the XIV century medieval Lubart’s castle was a chance for all the guests to see Lutsk' main attraction and, of course, to enjoy each other’s company.

The friendly atmosphere, hot snacks, and the energy of vibrant music played by the rock band warmed up the cool evening.

But we had something even hotter, too, as our love for Drupal kindled into real fire. The fire show within the medieval walls was truly impressive. The final touch was “Lutsk Drupal Camp 2017” “written” with fire. 

Thanks to everyone involved in the awesome Lutsk Drupal Camp 2017. Hope to see you again soon! Follow us on Facebook and other social media. Find Drupal Ukraine community at drupal.org/drupal-ukraine-community.

Categories: FLOSS Project Planets

Latte bug fix release v0.7.2

Planet KDE - Mon, 2017-11-13 11:31

Latte Dock v0.7.2   has been released containing many important fixes and improvements!

KDE Project
Latte managed to pass the kde review process and become an official kde project! It can be found in extragears (this is where projects with independent release schedule are landed). By becoming a kde project Latte has already benefited in many areas, many more translations through kde localization teams, plasma devs sharing their knowledge in qt, qml etc. etc.

Please everyone using 0.7.1 update to 0.7.2 as this should fix any crashes relevant to qt>=5.9.2 and at the same time it should provide you with a more concrete exprerience.

Go get   0.7.2  from, download.kde.org*

  • fix crashes introduced with qt 5.9.2 when the user hovers the dock, after deleting some applets etc.
  • highly improve the attention bouncing animation
  • fix coloring for shortcut badges
  • various fixes for animations and glitches
  • hide internal tasks separator at the edges
  • improvements for window manager disabled compositing window state
  • fix small issues with title tooltips
  • pass kde review process
  • move source to kde infrastructure
  • more translations from kde localization teams

---------* archive has been signed with gpg key: 325E 97C3 2E60 1F5D 4EAD CF3A 5599 9050 A2D9 110E
Categories: FLOSS Project Planets

Ben Hutchings: Debian LTS work, October 2017

Planet Debian - Mon, 2017-11-13 11:10

I was assigned 15 hours of work by Freexian's Debian LTS initiative and carried over 9 hours from September. I worked 20 hours and will carry over 4 hours to the next month.

I prepared and uploaded an update to dnsmasq to fix some urgent security issues. I issued DLA-1124-1 for this update.

I prepared and released another update on the Linux 3.2 longterm stable branch (3.2.94) and I began preparing the next update, but I didn't upload an update to Debian.

Categories: FLOSS Project Planets
Syndicate content