FLOSS Project Planets

Acquia offers a purpose-built Drupal hosting solution that lets you focus on the most important part – your users.

My latest Python book campaign is ending in less than a week. This book is about Python’s logging module. I also include two chapters that discuss structlog and loguru.

Support on Kickstarter 

Why Back A Kickstarter?

The reason to back the Kickstarter is that I have exclusive perks there that you cannot get outside of it. Here are some examples:

• Signed paperback copy of the book
• Early access to the video course lessons
• T-shirt with the cover art
• Exclusive price for Teach Me Python, which includes ALL my self-published books and courses
• Exclusive price for all my self-published books

Support on Kickstarter

What You’ll Learn

In this book, you will learn how about the following:

• Logger objects
• Log levels
• Log handlers
• Formatting your logs
• Log configuration
• Logging decorators
• Rotating logs
• Logging and concurrency
• and more!

Book formats

The finished book will be made available in the following formats:

• paperback (at the appropriate reward level)
• PDF
• epub

The paperback is a 6″ x 9″ book and is approximately 150 pages long.

Support on Kickstarter 

The post One Week Left for Python Logging Book / Course Kickstarter appeared first on Mouse Vs Python.

Would you like to get more practice working with APIs in Python? How about exploring the globe using the data from OpenStreetMap? Christopher Trudeau is back on the show this week, bringing another batch of PyCoder's Weekly articles and projects.

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

In a previous post I talked about using the QML Language Server for KDE development. Since writing that post a few things happened, so it’s time for an update.

I mentioned that when using Kate qmlls should work out of the box when opening a QML file. That’s mostly true, there is one problem though. Depending on your distribution the binary for qmlls has a different name. Sometimes it’s qmlls, sometimes qmlls6 or qmlls-qt6. You may need to adjust the LSP Server settings in Kate to match the name on your system.

In order for qmlls to find types that are defined in your application’s C++ code those must not only be declaratively registered, qmlls also needs to be told where to find the type information. Fortunately Qt 6.7 comes with a handy way to do that. By passing -DQT_QML_GENERATE_QMLLS_INI=ON to CMake you get an appropriate config file generated. This will be placed into the project’s source directory but is specific to your setup, so add that to your gitignore file (PS: You can set up a global gitignore file for your system, so you don’t need to add this to all your projects). Unfortunately the initial implementation produced wrong configurations for some modules, but this is fixed in Qt 6.7.2.

A problem I mentioned is that qmlls doesn’t find modules that are not installed into the same path as Qt. With Qt 6.8 there will be two new options. The -I parameter allows to add custom import paths to qmlls’ search paths. The -E parameter makes qmlls consider the value of the QML_IMPORT_PATH environment variable for its search paths.

In order for qmlls to work properly modules need to be created using the CMake API and use declarative type registration. Since writing the last post some KDE modules have been converted to those, but there’s still more to do.

Thanks to the QML team for those swift improvements!

Welcome to the April 2024 report from the Reproducible Builds project! In our reports, we attempt to outline what we have been up to over the past month, as well as mentioning some of the important things happening more generally in software supply-chain security. As ever, if you are interested in contributing to the project, please visit our Contribute page on our website.

Table of contents:

1. New backseat-signed tool to validate distributions’ source inputs
2. ‘NixOS is not reproducible’
3. Certificate vulnerabilities in F-Droid’s fdroidserver
4. Website updates
5. ‘Reproducible Builds and Insights from an Independent Verifier for Arch Linux’
6. libntlm now releasing ‘minimal source-only tarballs’
7. Distribution work
8. Mailing list news
9. diffoscope
10. Upstream patches
11. reprotest
12. Reproducibility testing framework

New backseat-signed tool to validate distributions’ source inputs

kpcyrd announced a new tool called backseat-signed, after:

I figured out a somewhat straight-forward way to check if a given git archive output is cryptographically claimed to be the source input of a given binary package in either Arch Linux or Debian (or both).

Elaborating more in their announcement post, kpcyrd writes:

I believe this to be the “reproducible source tarball” thing some people have been asking about. As explained in the README, I believe reproducing autotools-generated tarballs isn’t worth everybody’s time and instead a distribution that claims to build from source should operate on VCS snapshots instead of tarballs with 25k lines of pre-generated shell-script.

Indeed, many distributions’ packages already build from VCS snapshots, and this trend is likely to accelerate in response to the xz incident. The announcement led to a lengthy discussion on our mailing list, as well as shorter followup thread from kpcyrd about bootstrapping Autotools projects.

‘NixOS is not reproducible’

Morten Linderud posted an post on his blog this month, provocatively titled, “NixOS is not reproducible”. Although quickly admitting that his title is indeed “clickbait”, Morten goes on to clarify the precise guarantees and promises that NixOS provides its users.

Later in the most, Morten mentions that he was motivated to write the post because:

I have heavily invested my free-time on this topic since 2017, and met some of the accomplishments we have had with “Doesn’t NixOS solve this?” for just as long… and I thought it would be of peoples interest to clarify[.]

Certificate vulnerabilities in F-Droid’s fdroidserver

In early April, Fay Stegerman announced a certificate pinning bypass vulnerability and Proof of Concept (PoC) in the F-Droid fdroidserver tools for “managing builds, indexes, updates, and deployments for F-Droid repositories” to the oss-security mailing list.

We observed that embedding a v1 (JAR) signature file in an APK with minSdk >= 24 will be ignored by Android/apksigner, which only checks v2/v3 in that case. However, since fdroidserver checks v1 first, regardless of minSdk, and does not verify the signature, it will accept a “fake” certificate and see an incorrect certificate fingerprint. […] We also realised that the above mentioned discrepancy between apksigner and androguard (which fdroidserver uses to extract the v2/v3 certificates) can be abused here as well. […]

Later on in the month, Fay followed up with a second post detailing a third vulnerability and a script that could be used to scan for potentially affected .apk files and mentioned that, whilst upstream had acknowledged the vulnerability, they had not yet applied any ameliorating fixes.

Website updates

There were a number of improvements made to our website this month, including Chris Lamb updating the archive page to recommend -X and unzipping with TZ=UTC […] and adding Maven, Gradle, JDK and Groovy examples to the SOURCE_DATE_EPOCH page […]. In addition Jan Zerebecki added a new /contribute/opensuse/ page […] and Sertonix fixed the automatic RSS feed detection […][…].

Reproducible Builds and Insights from an Independent Verifier for Arch Linux

Joshua Drexel, Esther Hänggi and Iyán Méndez Veiga of the School of Computer Science and Information Technology, Hochschule Luzern (HSLU) in Switzerland published a paper this month entitled Reproducible Builds and Insights from an Independent Verifier for Arch Linux. The paper establishes the context as follows:

Supply chain attacks have emerged as a prominent cybersecurity threat in recent years. Reproducible and bootstrappable builds have the potential to reduce such attacks significantly. In combination with independent, exhaustive and periodic source code audits, these measures can effectively eradicate compromises in the building process. In this paper we introduce both concepts, we analyze the achievements over the last ten years and explain the remaining challenges.

What is more, the paper aims to:

… contribute to the reproducible builds effort by setting up a rebuilder and verifier instance to test the reproducibility of Arch Linux packages. Using the results from this instance, we uncover an unnoticed and security-relevant packaging issue affecting 16 packages related to Certbot […].

A PDF of the paper is available.

libntlm now releasing ‘minimal source-only tarballs’

Simon Josefsson wrote on his blog this month that, going forward, the libntlm project will now be releasing what they call “minimal source-only tarballs”:

The XZUtils incident illustrate that tarballs with files that are not included in the git archive offer an opportunity to disguise malicious backdoors. [The] risk of hiding malware is not the only motivation to publish signed minimal source-only tarballs. With pre-generated content in tarballs, there is a risk that GNU/Linux distributions [ship] generated files coming from the tarball into the binary *.deb or *.rpm package file. Typically the person packaging the upstream project never realized that some installed artifacts was not re-built[.]

Simon’s post goes into further details how this was achieved, and describes some potential caveats and counters some expected responses as well. A shorter version can be found in the announcement for the 1.8 release of libntlm.

Distribution work

In Debian this month, Helmut Grohne filed a bug suggesting the removal of dh-buildinfo, a tool to generate and distribute .buildinfo-like files within binary packages. Note that this is distinct from the .buildinfo generation performed by dpkg-genbuildinfo. By contrast, the entirely optional dh-buildinfo generated a debian/buildinfo file that would be shipped within binary packages as /usr/share/doc/package/buildinfo_$arch.gz.

Adrian Bunk recently asked about including source hashes in Debian’s .buildinfo files, which prompted Guillem Jover to refresh some old patches to dpkg to make this possible, which revealed some quirks Vagrant Cascadian discovered when testing.

In addition, 21 reviews of Debian packages were added, 22 were updated and 16 were removed this month adding to our knowledge about identified issues. A number issue types have been added, such as new random_temporary_filenames_embedded_by_mesonpy and timestamps_added_by_librime toolchain issues.

In openSUSE, it was announced that their Factory distribution enabled bit-by-bit reproducible builds for almost all parts of the package. Previously, more parts needed to be ignored when comparing package files, but now only the signature needs to be deleted.

In addition, Bernhard M. Wiedemann published theunreproduciblepackage as a proper .rpm package which it allows to better test tools intended to debug reproducibility. Furthermore, it was announced that Bernhard’s work on a 100% reproducible openSUSE-based distribution will be funded by NLnet. He also posted another monthly report for his reproducibility work in openSUSE.

In GNU Guix, Janneke Nieuwenhuizen submitted a patch set for creating a reproducible source tarball for Guix. That is to say, ensuring that make dist is reproducible when run from Git. […]

Lastly, in Fedora, a new wiki page was created to propose a change to the distribution. Titled “Changes/ReproduciblePackageBuilds”, the page summarises itself as a proposal whereby “A post-build cleanup is integrated into the RPM build process so that common causes of build irreproducibility in packages are removed, making most of Fedora packages reproducible.”

Mailing list news

On our mailing list this month:

• Continuing a thread started in March 2024 about the Arch Linux minimal container now being 100% reproducible, John Gilmore followed up with a post about the practical and philosophical distinctions of local vs. remote storage of the various artifacts needed to build packages.

• Chris Lamb asked the list which conferences readers are attending these days: “After peak Covid and other industry-wide changes, conferences are no longer the ‘must attend’ events they previously were… especially in the area of software supply-chain security. In rough, practical terms, it seems harder to justify conference travel today than it did in mid-2019.” The thread generated a number of responses which would be of interest to anyone planning travel in Q3 and Q4 of 2024.

• James Addison wrote to the list about a “quirk” in Git related to its core.autocrlf functionality, thus helpfully passing on a “slightly off-topic and perhaps not of direct relevance to anyone on the list today” note that might still be “the kind of issue that is useful to be aware of if-and-when puzzling over unexpected git content / checksum issues (situations that I do expect people on this list encounter from time-to-time)”.

diffoscope

diffoscope is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues. This month, Chris Lamb made a number of changes such as uploading versions 263, 264 and 265 to Debian and made the following additional changes:

• Don’t crash on invalid .zip files, even if we encounter their ‘badness’ halfway through the file and not at the time of their initial opening. […]
• Prevent odt2txt tests from always being skipped due to an (impossibly) new version requirement. […]
• Avoid parens-in-parens in test ‘skipping’ messages. […]
• Ensure that tests with >=-style version constraints actually print the tool name. […]

In addition, Fay Stegerman fixed a crash when there are (invalid) duplicate entries in .zip which was originally reported in Debian bug #1068705). […] Fay also added a user-visible ‘note’ to a diff when there are duplicate entries in ZIP files […]. Lastly, Vagrant Cascadian added an external tool pointer for the zipdetails tool under GNU Guix […] and proposed updates to diffoscope in Guix as well […] which were merged as [264] [265], fixed a regression in test coverage and increased verbosity of the test suite[…].

Upstream patches

The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of such patches, including:

• Chris Lamb:

  • #1068173 filed against pg-gvm.
  • #1068176 filed against goldendict-ng.
  • #1068372 filed against grokevt.
  • #1068374 filed against ttconv.
  • #1068375 filed against ludevit.
  • #1068795 filed against pympress.
  • #1069168 filed against sagemath-database-conway-polynomials.
  • #1069169 filed against gap-polymaking.
  • #1069663 filed against dub.
  • #1069709 filed against dpb.
  • #1069784 filed against python-itemloaders.
  • #1069822 filed against python-gvm.

• Bernhard M. Wiedemann:

  • metis (fix build with –nocheck)
  • musique (fix a date-related issue)
  • orthanc-volview (fix an issue with mtimes and sorting)
  • go1.13[go1.14], (https://build.opensuse.org/request/show/1167936), go1.15 (fix a parallelism-related issue)
  • postfish (disable compile-time benchmarking)
  • geany/glfw (toolchain, random)
  • edk2/ovmf/tianocore (with Joey Li: fix a date-related issue)
  • dlib (report an issue with compile-time-CPU-detection)
  • lua-lmod (fix a date-related issue)
  • gitui (fix a date-related issue)
  • openssl-3 (report an issue with random output)
  • gcc14 (FTBFS-2038)
  • nebula (FTBFS-2027-11-11)

• Jan Zerebecki:

  • rpm (Support reproducible automatic rebuilds, etc.)
  • openSUSE-release-tools (Create changelog for generated package sources for SOURCE_DATE_EPOCH)
  • pesign-obs-integration (Create changelog for generated package sources for SOURCE_DATE_EPOCH)
  • openSUSE post-build-checks (Set SOURCE_DATE_EPOCH)
  • obs-build (Fix changelog timezone handling)
  • obs-service-tar_scm (When generating changelog from Git, create the file if it does not exist.)

• Thomas Goirand:

  • oslo.messaging (fix a hostname-related issue)

reprotest

reprotest is our tool for building the same source code twice in different environments and then checking the binaries produced by each build for any differences. This month, reprotest version 0.7.27 was uploaded to Debian unstable) by Vagrant Cascadian who made the following additional changes:

• Enable specific number of CPUs using --vary=num_cpus.cpus=X. […]
• Consistently use 398 days for time variation, rather than choosing randomly each time. […]
• Disable builds of arch:any packages. […]
• Update the description for the build_path.path option in README.rst. […]
• Update escape sequences for compatibility with Python 3.12. (#1068853). […]
• Remove the generic ‘upstream’ signing-key […] and update the packages’ signing key with the currently active team members […].
• Update the packaging Standards-Version to 4.7.0. […]

In addition, Holger Levsen fixed some spelling errors detected by the spellintian tool […] and Vagrant Cascadian updated reprotest in GNU Guix to 0.7.27.

Reproducibility testing framework

The Reproducible Builds project operates a comprehensive testing framework running primarily at tests.reproducible-builds.org in order to check packages and other artifacts for reproducibility.

In April, an enormous number of changes were made by Holger Levsen:

• Debian-related changes:

  • Adjust for changed internal IP addresses at Codethink. […]
  • Automatically cleanup failed diffoscope user services if there are too many failures. […][…]
  • Configure two new nodes at infomanik.cloud. […][…]
  • Schedule Debian experimemental even less. […][…]

• Breakage detection:

  • Exclude currently building packages from breakage detection. […]
  • Be more noisy if diffoscope crashes. […]
  • Health check: provide clickable URLs in jenkins job log for failed pkg builds due to diffoscope crashes. […]
  • Limit graph to about the last 100 days of breakages only. […]
  • Fix all found files with bad permissions. […]
  • Prepare dealing with diffoscope timeouts. […]
  • Detect more cases of failure to debootstrap base system. […]
  • Include timestamps of failed job runs. […]

• Documentation updates:

  • Document how to access arm64 nodes at Codethink. […]
  • Document how to use infomaniak.cloud. […]
  • Drop notes about long stalled LeMaker HiKey960 boards sponsored by HPE and hosted at ETH. […]
  • Mention osuosl4 and osuosl5 and explain their usage. […]
  • Mention that some packages are built differently. […][…]
  • Improve language in a comment. […]
  • Add more notes how to query resource usage from infomaniak.cloud. […]

• Node maintenance:

  • Add ionos4 and ionos14 to THANKS. […][…][…][…][…]
  • Deprecate Squid on ionos1 and ionos10. […]
  • Drop obsolete script to powercycle arm64 architecture nodes. […]
  • Update system_health_check for new proxy nodes. […]

• Misc changes:

  • Make the update_jdn.sh script more robust. […][…]
  • Update my SSH public key. […]

In addition, Mattia Rizzolo added some new host details. […]

If you are interested in contributing to the Reproducible Builds project, please visit our Contribute page on our website. However, you can get in touch with us via:

• IRC: #reproducible-builds on irc.oftc.net.

• Twitter: @ReproBuilds

• Mastodon: @reproducible_builds@fosstodon.org

• Mailing list: rb-general@lists.reproducible-builds.org

Let’s go for my web review for the week 2024-19.

Heat Death of the Internet - takahē

Tags: tech, internet, web, satire, criticism

Obviously a satire, some of it feels eerily real though.

https://www.takahe.org.nz/heat-death-of-the-internet/

“AI now beats humans at basic tasks”: Really?

Tags: tech, ai, machine-learning, gpt, research, benchmarking, criticism

Nice article. It’s a good reminder that the benchmarks used to evaluate generative AI systems have many caveats.

https://aiguide.substack.com/p/ai-now-beats-humans-at-basic-tasks

Did GitHub Copilot really increase my productivity?

Tags: tech, ai, copilot, productivity

Interesting data point. This is a very specialized experience but the fact that those systems are kind of random and slow clearly play a good part in limiting the productivity you could get from them.

https://trace.yshui.dev/2024-05-copilot.html

AI Copilots Are Changing How Coding Is Taught - IEEE Spectrum

Tags: tech, ai, copilot, ethics, programming, teaching, learning

Well, maybe our profession will make a leap forward. If instead of drinking the generative AI cool aid, if we really get a whole cohort of programmers better at critical skills (ethical issues, being skeptical of their tools, testing, software design and debugging) it’ll clearly be some progress. Let’s hope we don’t fall in the obvious pitfalls.

https://spectrum.ieee.org/ai-coding

Machine Unlearning in 2024 - Ken Ziyu Liu - Stanford Computer Science

Tags: tech, ai, machine-learning, gpt, copyright, gdpr

Interesting questions and state of the art around model “unlearning”. This became important due to the opacity of data sets used to train some models. It’ll also be important in any case for managing models over time.

https://ai.stanford.edu/~kzliu/blog/unlearning

Systemd heads for a big round-number release [LWN.net]

Tags: tech, linux, systemd

Indeed the next systemd release feels feature packed. Definitely to keep an eye on.

https://lwn.net/SubscriberLink/971866/f244aee59d4d6a66/

UEFI, BIOS, and other confusing x86 PC (firmware) terms

Tags: tech, bios, uefi, hardware

Confused? Well, not surprising we mostly use those terms with very lax definitions.

https://utcc.utoronto.ca/~cks/space/blog/tech/UEFIAndBIOSAndOtherPCTerms

It’s always TCP_NODELAY. Every damn time. - Marc’s Blog

Tags: tech, tcp, networking

Getting network protocols right is definitely difficult.

https://brooker.co.za/blog/2024/05/09/nagle.html

Why Full Text Search is Hard

Tags: tech, language, search

If you wonder why information retrieval from natural language texts is a tough domain, here is a short article listing the important things to keep in mind.

https://transactional.blog/blog/2023-why-full-text-search-is-hard

All error messages are necessarily bad to some degree

Tags: tech, failure, ux

Not a reason to make no effort into having as proper error messages as possible. Still there’s some truth there that trying to have a really useful error message is a fool’s errand.

https://www.haskellforall.com/2024/05/all-error-messages-are-necessarily-bad.html?m=1

pyspread

Tags: tech, python, qt, spreadsheets, tools

Looks like a fun spreadsheet tool where you can use Python in any cell.

https://pyspread.gitlab.io/

The UX of UUIDs | Unkey

Tags: tech, uuid, encodings

Interesting set of tricks around UUIDs to make them easier to manipulate.

https://www.unkey.com/blog/uuid-ux

Build your own HTMX

Tags: tech, web, frontend, htmx

Excellent exercise in understanding how HTMX works under the hood.

https://joshi.monster/posts/build-your-own-htmx/

No, I don’t want to fill out your contact form - Adam Jones’s Blog

Tags: tech, web, email

Good exploration of the many ways contact forms fail us regularly. Also shows a few cases where you might still want to us them… in most cases you shouldn’t.

https://adamjones.me/blog/dont-use-contact-forms/

What You Need to Know about Modern CSS (Spring 2024 Edition) – Frontend Masters Boost

Tags: tech, web, frontend, css

Looks like a good reference about everything which can be done with the latest CSS evolutions.

https://frontendmasters.com/blog/what-you-need-to-know-about-modern-css-spring-2024-edition/

Google Testing Blog: Test Failures Should Be Actionable

Tags: tech, tests

Good advice indeed. Having asserts using appropriate matchers can go a long way understanding what went wrong.

https://testing.googleblog.com/2024/05/test-failures-should-be-actionable.html?m=1

Simplicity is An Advantage but Sadly Complexity Sells Better

Tags: tech, complexity

Definitely this. We tend to like complexity too much as a profession and field. It’s also a good reminder that the complexity of the problem and the complexity of the solution shouldn’t be conflated.

https://eugeneyan.com/writing/simplicity/

Programming mantras are proverbs - lukeplant.me.uk

Tags: tech, programming, culture, craftsmanship

Interesting take about the mantras often used in our profession. They shouldn’t be treated as laws, but as proverbs carrying a piece of contextual wisdom. It’s thus unsurprising that they tend to contradict each other. This contradiction should make us pause and think.

https://lukeplant.me.uk/blog/posts/programming-mantras-are-proverbs/

Refactor: Inline-Adjust-Extract - XP123

Tags: tech, programming, refactoring

Since there’s a clear tendency in the developers I meet to “extract at all costs”, this is a good reminder that sometimes you need to inline the code first. This very often brings better clarity in the context of use. In turns this leads to a better final extraction.

https://xp123.com/refactor-inline-adjust-extract/

Bye for now!

In October-November 2023, the Django Software Foundation, in partnership with PyCharm, carried out a survey to capture the preferences and contributions of Django developers worldwide. Today, we’re excited to share the results through detailed infographics highlighting how our community influences the future of web development.

View the Django Developers Survey 2023 report

Why should you check out the infographics?

1. Discover the latest trends in Django development.
2. Learn about the tools and technologies preferred by leading developers.
3. Understand the challenges and opportunities within the Django ecosystem.

Visit the landing page to explore the full report and gain insights that can help shape your projects and strategies in the Django landscape.

Bringing supply chain security to PyCon US 2024 About • Blog • Newsletter • Links Bringing supply chain security to PyCon US 2024

Published 2024-05-10 by Seth Larson
Reading time: minutes

This critical role would not be possible without funding from the Alpha-Omega project. Massive thank-you to Alpha-Omega for investing in the security of the Python ecosystem!

Next week is PyCon US 2024, one of my favorite times of year. If you'll also be in Pittsburgh, reach out to me on Signal (sethmlarson.99) and we'll meet up sometime during the conference.

Here's where you'll find me during the week:

Secure snek 🐍🛡️

• Talk on "State of Supply Chain Security" with Michael Winser of Alpha-Omega.
• Open space on Vulnerability Disclosure and Management with Madison Oliver of GitHub Security.
• Blogger for the Python Language Summit.
• Spreading security knowledge along with Mike Fiedler, the PyPI Safety and Security Engineer.
• Working in-person with Python core developers during sprints.

I'll also be bringing along some exclusive "secure snek" stickers, so if you see me at the conference ask about those while supplies last!

If you're interested in security, I recommend considering these other tutorials and talks:

• Tutorial: PyO3 101: Writing Python modules in Rust by Cheuk Ting Ho
• Tutorial: Fundamentals of API security in Python by Jose Haro Peralta
• Talk: Making Python safer than ever by Cheuk Ting Ho
• Talk: Building a Rusty path validation library for PyCA Cryptography by William Woodruff
• Talk: How Python harnesses Rust through PyO3 by David Hewitt

That's all for this week! 👋 If you're interested in more you can read last week's report.

Thanks for reading! ♡ Did you find this article helpful and want more content like it? Get notified of new posts by subscribing to the RSS feed or the email newsletter.

This work is licensed under CC BY-SA 4.0

Friday, 10 May 2024

KDE today announces the release of KDE Frameworks 6.2.0.

KDE Frameworks are 72 addon libraries to Qt which provide a wide variety of commonly needed functionality in mature, peer reviewed and well tested libraries with friendly licensing terms. For an introduction see the KDE Frameworks release announcement.

This release is part of a series of planned monthly releases making improvements available to developers in a quick and predictable manner.

New in this version Attica

• Modernize: don't else after return. Commit.
• Provider: document default ctor. Commit.
• Providermanager: remove unused function with typo. Commit.
• Postfiledata: simplify private. Commit.
• Modernize: use unique_ptr for privates. Commit.
• Basejob: don't leave dangly pointers. Commit.
• Platformdependent: v3. Commit.

Baloo

• Don't kill the lock file, can lead to random corruption. Commit. Fixes bug #389848

Bluez Qt

• Fixed min_bitpool and max_bitpool from capabilities where ignored. Commit.
• Port QML module to declarative type registration. Commit.

Breeze Icons

• Add support for media-playlist-no-shuffle icon name. Commit.
• Add audio/ogg and audio/x-vorbis+ogg icons. Commit.
• Add audio/vnd.wave MIME type. Commit.
• Remove generic non-symbolic audio and video icons. Commit.
• Add 16 and 22px symbolic versions of some Places icons that were missing. Commit. Fixes bug #486316
• Add zoom-in-map and zoom-out-map icons along with -symbolic versions. Commit.
• Longer description for the ICONS_LIBRARY option. Commit.
• Add symbolic versions for more USB device style icons. Commit.
• Fix some scale errors. Commit. Fixes bug #485479
• Fixed input-combo-on.svg colour issue. Commit.
• Add -symbolic symlinks for notification-* icons. Commit.
• Use new dev.suyu_emu.suyu id, add symlink for old id. Commit.
• Add accessories-screenshot-tool icon/symlink. Commit.
• [webfont] enable ligatures. Commit.
• Gitignore: add VS Code dir. Commit.
• Add input-keyboard-color 22px, 32 px. Commit.

Extra CMake Modules

• API dox: KDEInstallDirs6: refer to qtpaths now as source of Qt paths. Commit.
• API dox: KDEInstallDirs6: drop outdated note about being in ALPHA state. Commit.
• Test: Increase minimum cmake version so that it works with Qt 6.7. Commit.
• ECMQmlModule6: group qml and resource file calls. Commit.
• Modules/ECMAddTests.cmake - handle unset or empty QT_PLUGIN_PATH. Commit.

KArchive

• Gitignore: add VS Code dir. Commit.

KCMUtils

• KQuickConfigModule: Don't crash on null object. Commit.
• SimpleKCM: Remove remnants of footerParent. Commit.
• Use ellipsis character instead of three dots. Commit.
• GridDelegate: Port to ComponentBehavior: Bound. Commit.
• GridDelegate: Consolidate code paths for opening a menu. Commit.
• GridDelegate: Don't use qualified property access as appropriate. Commit.
• GridDelegate: Use concrete type for the popup menu. Commit.
• GridDelegate: Use somewhat more consistent ToolTip bindings, remove timeout. Commit.
• Components: Drop QML import versions, unify import aliases. Commit.
• Components: Guard nullable property access. Commit.
• Components: Explicitly specify signal handler arguments. Commit.
• KCModuleQml: Provide a fallback in case a pushed page is not one of magical KCMUtils types. Commit.
• Add API to make header and footer paddings optional. Commit.
• Round all the things consistently. Commit.
• Pluginselector: cache delegates. Commit.

KCodecs

• Gitignore: add VS Code dir. Commit.

KColorScheme

• Gitignore: add VS Code dir. Commit.

KConfig

• Avoid allocations while parsing int/float lists. Commit.
• Adapt kdesktopfiletest to QTemporaryFile behavior change. Commit.
• Guard header with an ifndef and include moc generates sources in the cpp file. Commit.
• Autotests: Don't use a timeout in testLocalDeletion. Commit.
• Adjust kconfig_compiler autotests to include a version without kcfgc. Commit.
• Add a CMake function to add a kcfg file without kcfgc. Commit.
• Gitignore: add VS Code dir. Commit.

KConfigWidgets

• KRecentFilesAction: Load mimeType and action lazily. Commit.
• Remove forward declaration of KToggleAction. Commit.
• Test that an invalid language gives the empty string. Commit.
• Gitignore: add VS Code dir. Commit.

KContacts

• Restore country detection tests on FreeBSD. Commit.
• Disable FreeBSD tests that recently started to fail in the CI. Commit.

KCoreAddons

• Gitignore: add VS Code dir. Commit.

KCrash

• Gitignore: add VS Code dir. Commit.

KFileMetaData

• API dox: use "MIME type" and "URL" spellings consistently. Commit.
• API dox: add some minimal info to undocumented classes. Commit.
• API dox: add empty line between @brief (ends by first period) and rest. Commit.
• API dox: add some dummy info to namespaces for doxygen to cover them also. Commit.
• API dox: escape space after e.g. to work-around doxygen sentence end magic. Commit.
• UserMetadata: return errors when xattr ops fails. Commit.
• Value is already default timeout value in QT6 framework. Commit.
• [XmlExtractor] Add support for compressed SVGs. Commit.
• [XmlExtractorTest] Move Test class declaration to source file. Commit.
• [Office2007Extractor] Reuse DublinCoreExtractor, fix namespace handling. Commit.
• [DublinCoreExtractor] Add CreationDate (dc::created) support. Commit.
• [DublinCoreExtractor] Skip properties from empty elements, cleanup. Commit.
• Move date parser helper out of ExtractorPlugin, clean it up. Commit.
• [TaglibExtractor] Include vnd.audible.aaxc audio books in supported types. Commit.
• [Test] Include vnd.audible.aax audio books in coverage tests. Commit.
• [TaglibWriterTest] Move test class declaration to source file, cleanup. Commit.
• [TaglibExtractor|Writer] Fix mimetypes. Commit.

KGlobalAccel

• Port q->connect to QObject::connect. Commit.
• Fix connection lifetime issue. Commit. See bug #454854. See bug #485386

KGuiAddons

• Recorder/kkeysequencerecorder: conform to KKeyServer changes. Commit.
• Gitignore: add VS Code dir. Commit.

KHolidays

• Update holiday_bd_en. Commit.

KI18n

• Gitignore: add VS Code dir. Commit.

KIconThemes

• Allow to configure if we register our icon plugin for SVGs. Commit.
• Port QML module to declarative type registration. Commit.
• Fix typo in BreezeIcons::initIcons loading. Commit.
• Gitignore: add VS Code dir. Commit.

KImageformats

• Fix build with Qt 6.7 on 32 bits. Commit.

KIO

• [kfilefilter] Consider mime globs valid. Commit.
• Kfileitemtest: add basic tests for dir. Commit.
• File_unix: don't call QMimeDatabase::mimeTypeForFile for directories. Commit.
• Widgetsaskuseractionhandler prevent crash when job had no parent widget. Commit.
• PreviewJob: Add file extension to thumbnail temp files. Commit. Fixes bug #463989
• KFileItem: handle the case parent url path is empty. Commit.
• KFileItemActions: Add logic to order actions between separators. Commit. Fixes bug #466115
• KFileItem: fix getStatusBarInfo() displaying symlink target as "http:". Commit. Fixes bug #475422
• ScopedProcessRunner: support waitForStarted. Commit.
• ScopedProcessRunner: fix use of undeclared identifier 'close'. Commit.
• [ftp] Always use default timeout values. Commit.
• [http] Set error string for ERR_DOES_NOT_EXIST. Commit.
• Force test language to en. Commit.
• Knewfilemenu: Add @since 6.2 to the new signals and methods. Commit.
• Kfilefilter.h: update API docs. Commit.
• Kencodingfiledialog dox: rewrite API dox that refer to removed functions. Commit.
• Kfilewidget dox: replace references to setFilter() with setFilters(). Commit.
• Fix a few warnings. Commit.
• Add EnableRemoteFolderThumbnail option checking. Commit.
• PreviewJob: Display preview for locally mounted remote directories. Commit.
• Knewfilemenu: add isNewDirNameJobRunning. Commit.
• KFilePlacesItem: Show teardown busy indicator during optical media eject. Commit.
• KDirModelTest.testDeleteFiles: lower debug output. Commit.
• KUrlNavigator: allow adding a badge widget after the breadcrumb. Commit.
• Set ideal case for TwoVectors. Commit.
• Udsentry_api_comparison_benchmark: update. Commit.
• Kurlnavigatorbutton: prevent. Commit.
• Add more explicit moc includes to sources for moc-covered headers. Commit.
• Connection: don't queue tasks until OOM. Commit.
• Http: Fix parsing DAV:getlastmodified. Commit. Fixes bug #484671
• Kfileitem: Linux, use statx to refresh files. Commit. Fixes bug #446858

Kirigami

• Fixed wrong navigation and dialog header button colors. Commit. Fixes bug #486163
• Card: Remove the unnecessary "reality check" binding on footer, add test. Commit.
• Card: Restrict actions type from arbitrary QObject to T.Action. Commit.
• Card: Shuffle things around a bit to make them look nicer. Commit.
• Remove linkActivated/linkHovered from Delegate types. Commit.
• InlineMessage: Improve examples in documentation, clean up QML. Commit.
• OverlayDrawer: Rework separator's code, animate transitions. Commit.
• OverlayDrawer: Hide segmented separator when the drawer is collapsed. Commit.
• OverlayDrawer: Rewrite visibility condition for segmented separator. Commit.
• OverlayDrawer: Rewrite segmented separator positioning expression. Commit.
• OverlayDrawer: Bind segmented separator's width to the real separator's width. Commit.
• GlobalDrawer: Set spacing on the default header. Commit.
• Fix null deref in OverlaySheet. Commit.
• OverlaySheet: Port layout hacks to a simple Padding with its contentItem. Commit.
• Tst_pagepool: Port testing code from verify(==) to compare. Commit.
• Tst_pagepool: Fix test properly. Commit.
• Revert "tst_pagepool: Fix test". Commit.
• CardsGridView and CheckableListItem are not a thing anymore. Commit.
• Actions.main is not a thing anymore. Commit.
• Tst_pagepool: Fix test. Commit.
• Revert "PageRow: Fix parent of Component-based pages". Commit.
• PageRow: Fix parent of Component-based pages. Commit. Fixes bug #482753
• MnemonicAttached: Fix logic when pressing Alt. Commit.
• Dialog: Always use an overlay as visual parent. Commit.
• Link Activation TitleSubtitle. Commit.
• ContextualHelpButton: remove excess space from tooltip. Commit. Fixes bug #481817
• Fix crash on teardown when QML engine is already unset. Commit.
• ListSectionHeader: Deprecate label property. Commit.
• PageRow: Remove superfluous trailing semicolon from a property alias. Commit.
• PromptDialog: Create default contentItem dynamically on demand. Commit.
• Padding: Remove old overridden contentItem from the visual hierarchy. Commit.
• Gitignore: add VS Code dir. Commit.
• Add a explicit page type check in AbstractApplictionHeader. Commit.
• Add radius unit for rounded rectangles. Commit.

KItemModels

• Add dependency to QML module. Commit.
• Port to declarative type registration. Commit.

KItemViews

• Add more explicit moc includes to sources for moc-covered headers. Commit.

KNewStuff

• Show header warning message framelessly. Commit. Fixes bug #485464
• DownloadItemsSheet: use alternating background colors for legibility. Commit. Fixes bug #483724
• Document ContentWarning. Commit.
• Page: conditionalize warning message based on riskiness. Commit.

KNotifications

• Enforce passing tests on Windows. Commit.

KParts

• Enforce passing tests on Windows. Commit.

KRunner

• Action: Make bool operator explicit. Commit.
• Fix matchInternalFinished not being emitted in case of dbus errors. Commit.

KSVG

• Don't call update on missing marginObject. Commit.
• Make property type fully qualified. Commit.

KTextEditor

• Fix caret painting for inline notes at the end of line. Commit.
• KateCompletionWidget: Mark function static. Commit.
• KateCompletionModel: remove useless std::as_const. Commit.
• Run more tests offscreen. Commit.
• Fix performance with many cursors in a large line. Commit.
• Fix test expectations. Commit.
• Fix crashs and OOM on load with encoding failures. Commit. Fixes bug #486195. Fixes bug #486134
• A11y: Improve tab order for "Appeareance" -> "Borders". Commit.
• A11y: Set "Line Height Multiplier" buddy. Commit.
• Fix broken navigation in completion widget with multiple views. Commit.
• Fix clicking in completion. Commit.
• Fix textInsertedRange signal for insertText behind last line. Commit. Fixes bug #483363

KTextTemplate

• Enforce passing tests on all platforms. Commit.

KUserFeedback

• Fix logging category. Commit.

KWallet

• Fix reply type in portal implementation. Commit.
• Kwalletportalsecrets.h: Add missing include. Commit.
• Implement XDG Secrets Portal. Commit. Fixes bug #466197

KWidgetsAddons

• Introduce KContextualHelpButton. Commit.
• KMessageWidget: Fix handling of palette changes. Commit.
• KMessageWidget: Make sure icon label is always vertically centered. Commit.
• Gitignore: add VS Code dir. Commit.

KWindowSystem

• Port to QNativeInterface::Private::QWaylandWindow. Commit.
• Remove an unused explicit moc include. Commit.
• Add more explicit moc includes to sources for moc-covered headers. Commit.
• Introduce KXcbEvent to initialize the memory of sent XCB events. Commit.

KXMLGUI

• Improve dbus disabling. Commit.

Purpose

• Add pre share hooks. Commit.
• Enforce passing tests on Windows. Commit.

QQC2 Desktop Style

• TreeViewDelegate: Fix non-observable modelIndex property getting stuck. Commit.
• [CheckIndicator] Use control as AbstractButton. Commit.
• Add missing dependency to private module. Commit.
• Add QTBUG to comment. Commit.
• Make SwitchIndicator more compiler-friendly. Commit.
• ItemBranchIndicators: Fix uninitialized member variable m_selected. Commit.
• StyleSingleton: Check whether object is qGuiApp. Commit.
• [RadioButton] Use id instead of parent lookup. Commit.
• [TabButton] Fix property type. Commit.
• Apply Kirigami.Units.cornerRadius to default list item background too. Commit.
• Gitignore: add VS Code dir. Commit.
• Use consistent radius value from Kirigami.Units.radius. Commit.

Solid

• Remove too aggressive assert. Commit. Fixes bug #464149
• [StorageAccess] Fix storageAccessFromPath returning unmounted filesystems. Commit.
• [SolidHwTest] Extend FakeHW description with encrypted volume, add tests. Commit.
• [SolidHwTest] Test Device::storageAccessFromPath. Commit.
• [DeviceManager] Remove exists() check from storageAccessFromPath. Commit.
• Udisks: Return empty string for "root" clearTextPath. Commit. Fixes bug #485507
• [SolidHwTest] Remove unnecessary slotPropertyChanged helper, fix bug. Commit.
• [SolidHwTest] Remove setenv wrapper, unnecessary qt_windows.h include. Commit.
• [SolidHwTest] Move test class declaration to source file. Commit.
• Udisks2: Add support CanCheck/Check/CanRepair/Repair. Commit.

Sonnet

• Add dependency to QML module. Commit.
• Gitignore: add VS Code dir. Commit.

Syntax Highlighting

• Support single-quoted strings in MapCSS. Commit.
• Add Syntax Highlighting for Vue Template Files. Commit.
• Add syntax highlighting support for CashScript. Commit.

The diffoscope maintainers are pleased to announce the release of diffoscope version 266. This version includes the following changes:

[ Chris Lamb ] * Use "xz --list" to supplement the output when comparing .xz archives; essential when some underlying metadata differs. (Closes: #1069329) * Actually append the xz --list after the container differences, as it simplifies tests and the output. * Add 7zip to <!nocheck> Build-Depends in debian/control. * Update copyright years. [ James Addison ] * Maintain an in-header boolean state to determine whether to drop from-file/to-file lines. This fixes an issue where HTML differences were being inadvertendly neglected. (Closes: reproducible-builds/diffoscope#372)

You find out more by visiting the project homepage.

I like the sentiment of Helen Hunt Jackson in that quote and it generally applies double for computer system names. However I like to think when I named the first NetSurf VM host server phoenix fourteen years ago I captured the nature of its continuous cycle of replacement.

We have been very fortunate to receive a donated server to replace the previous every few years and the very generous folks at Collabora continue to provide hosting for it.

Recently I replaced the server for the third time. We once again were given a replacement by Huw Jones in the form of a SuperServer 6017R-TDAF system with dual Intel Xeon Ivy Bridge E5-2680v2 processors. There were even rack rails!
The project bought some NVMe drives and an adaptor cards and I attempted to arrange to swap out the server in January.
Here we come to the slight disadvantage of an informal arrangement where access to the system depends upon a busy third party. Unfortunately it took until May to arrange access (I must thank Vivek again for coming in on a Saturday to do this)
In the intervening time, once I realised access was going to become increasingly difficult, I decided to obtain as good a system as I could manage to reduce requirements for future access. 
I turned to eBay and acquired a slightly more modern SuperServer with dual Intel Xeon Haswell E5-2680v3 processors which required purchase of 64G of new memory (Haswell is a DDR4 platform). 
I had wanted to use Broadwell processors but this exceeded my budget and would only be a 10% performance uplift (The chassis, motherboard and memory cost £180 and another £50 for processors was just too much, maybe next time)
While making the decision on the processor selection I made a quick chart of previous processing capabilities (based on a passmark comparison) of phoenix servers and was startled to discover I needed a logarithmic vertical axis. Multi core performance of processors has improved at a startling rate in the last decade.
When the original replacement was donated I checked where the performance was limited and noticed it was mainly in disc access which is what prompted the upgrade to NVMe (2 gigabytes a second peek read throughput) which moved the bottleneck to the processors where, even with the upgrades, it remains.
I do not really know if there is a conclusion here beyond noting NetSurf is very fortunate as a project to have some generous benefactors both for donating hardware and hosting for which I know all the developers are grateful.
Now I just need to go and migrate a huge bunch of virtual machines and associated sysadmin to make use of these generous donations.

Kirigami Addons 1.2 is out with some accessibility fixes and one new component: FloatingToolBar.

Accessibility

During the accessibility sprint, there was an effort to ensure the date and time pickers were actually accessible. Aside from improving the screen reader support, this also allow to write Selenium integration tests which uses these components in Itinerary. Thanks Volker, David Redundo and others for working on this!

FloatingToolBar

Mathis and I worked on a new addition to Kirigami Addons adding to the existing FloatingButton and DoubleFloatingButton components. This component is perfect to add tool to editing and drawing areas and can either contain a simple RowLayout/ColumnLayout containing ToolButtons or a Kirigami.ActionToolBar.

import org.kde.kirigamiaddons.components import org.kde.kirigami as Kirigami FloatingToolBar { contentItem: Kirigami.ActionToolBar { actions: [ Kirigami.Action { ... } ] } }

Dialogs

With the style used by FormCardDialog and MessageDialog merged in Kirigami and soon in qqc2-desktop-style too, I did some changes to the FormCardDialog and MessageDialog to use the same padding as Kirigami.Dialog.

MessageDialog now works better on mobile with the layout adapting itself to the dialog size.

messagedialog with a mobile layout

Aditionally similar to KMessageBox, MessageDialog has an optional “don’t show again” option which can be enabled by setting the dontShowAgainName property similar to the KMessageBox api.

I also prepared these two components to work as standalone windows which is likely to come with this Qt 6.8 change request.

Dialog in Qt 6.8

CategorizedSettings

Jonah fixed a bug where it would be impossible to escape the settings on mobile.

Documentation

I added more screenshot to the API documentation and updated the TableView example app to use a ‘frameless’ style.

Qt 6.7 support

This release also brings support for Qt 6.7 on Android as this release introduced an API and ABI change to the Android code. Thanks Joshua for tackling this issue.

This is a really fun talk with Shauna.  

We talk about: 

• Going from academia to tech
• Django
• Open source project governance and Governing Open
• Womens Soccer and the NWSL

Shauna's technical consulting business is Galaxy Rise Consulting

The Complete pytest Course

• Level up your testing skills and save time during coding and maintenance.
• Check out courses.pythontest.com

★ Support this podcast on Patreon ★ <p>This is a really fun talk with Shauna.  </p><p>We talk about: </p><ul><li>Going from academia to tech</li><li>Django</li><li>Open source project governance and <a href="https://governingopen.com">Governing Open</a></li><li><a href="https://www.nwslsoccer.com/">Womens Soccer</a> and the NWSL</li></ul><p>Shauna's technical consulting business is <a href="http://www.galaxyriseconsulting.com/">Galaxy Rise Consulting</a></p><p><br></p> <br><p><strong>The Complete pytest Course</strong></p><ul><li>Level up your testing skills and save time during coding and maintenance.</li><li>Check out <a href="https://courses.pythontest.com/p/complete-pytest-course">courses.pythontest.com</a></li></ul> <strong> <a href="https://www.patreon.com/PythonPeople" rel="payment" title="★ Support this podcast on Patreon ★">★ Support this podcast on Patreon ★</a> </strong>

In this episode, we discuss working on several different open-source Python packages. Antonio Cuni is our guest, and he chats about his work on PyScript, pdb++, pypy, HPy, and SPy.

Listen in as we chat about Python, packages, open source, and so much more!

Show Links

Here are some of the projects we talked about in the show:

• The Invent Framework
• PyScript
• pdb++ – A drop-in replacement for pdb
• pypy – The fast, compliant, alternative Python implementation
• HPy – A better C API for Python
• SPy – Static Python

The post Episode 40 – Open Source Development with Antonio Cuni appeared first on Mouse Vs Python.

The new Ubuntu LTS was released in April, congratulations to all involved with that. I know Scarlett worked hard to get Kubuntu back into shape so do if that a try if you want a stable Plasma 5 desktop.

In the KDE neon project we don’t like to sit still for long so we are now building all our KDE packages on Ubuntu Noble, versioned 24.04. This always takes longer than it feels like it should, mostly because it’s a moving target to keep everything compiled as more KDE software gets released, so no promises on when it’ll be ready but we’ll try to be fast because the old Ubuntu base of jammy (22.04) is showing its age with projects like Krita no longer able to compile there.

So far the main issues are all the changes needed for 64-bit time_t to fix the y2k38 problem, we know you wouldn’t want your clocks to zero out in 2038.

FTP master

This month I accepted 386 and rejected 39 packages. The overall number of packages that got accepted was 386.

I also added lots of +moreinfo tags to some RM bugs. Is it that hard to check the reverse dependencies on your own?

Debian LTS

This was my hundred-eighteenth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

During my allocated time I uploaded:

• [DLA 3781-1] libgd2 security update for three CVEs to fix out-of-bounds reads or NULL pointer derefence
• [DLA 3784-1] libcaca security update for two CVEs to fix heap buffer overflows
• [DLA 3805-1] qtbase-opensource-src security update for seven CVEs to fix buffer overflows, infinite loops or application crashs due to processing of crafted input files. When trying to compile the fixed version, I got an error that there is no .compare() for QByteArray available. Yes, indeed, QByteArray::compare, which was used in a patch, was introduced only in Qt 6.0. So I had to backport that to Buster as well. It is astonishing that such a basic function was not needed before.
• [#1070153] bookworm-pu: qtbase-opensource-src/5.15.8+dfsg-11+deb12u2 to fix two CVEs
• [#1070154] bullseye-pu: qtbase-opensource-src/5.15.2+dfsg-9+deb11u1 to fix ten CVEs
• [#1064550] uploaded libjwt
• [#1067544] uploaded libmicrohttpd

I also continued to work on tiff and last but not least did a week of FD and attended the monthly LTS/ELTS meeting.

Debian ELTS

This month was the sixty-ninth ELTS month. During my allocated time I uploaded:

• [ELA-1069-1]libgd2 security update for three CVEs to fix out-of-bounds reads or NULL pointer derefence in Jessie and Stretch
• [ELA-1070-1]libcaca security update for two CVEs to fix heap buffer overflows in Jessie and Stretch
• [ELA-1083-1]qtbase-opensource-src security update for five CVEs to fix buffer overflows, infinite loops or application crashs due to processing of crafted input files in Stretch

I also continued to work on an update for tiff in Jessie and Stretch, did a week of FD and attended the LTS/ELTS meeting.

Debian Printing

This month I uploaded new upstream or bugfix versions of:

• … cups-filters
• … cpd-backend-cups
• … hplip
• … gutenprint
• … foo2zjs

In preparation for cups3 I introduced a new package:

• … libcupsfilters

This work is generously funded by Freexian!

Debian Astro

This month I uploaded a new upstream or bugfix version of:

• … indi-apogee
Debian IoT

This month I uploaded new upstream or bugfix versions of:

• … libmatthew-java
• … libjwt
Debian Mobcom

This month I uploaded new upstream or bugfix versions of:

• … osmo-hlr
• … osmo-iuh
• … osmo-pcu
• … osmo-bts
• … libosmo-netif
• … libosmo-sccp

I have done these uploads in preparation for my GSoC student, who will be officially announced in May.

misc

I am sorry for people still using 32bit computers, but from my point of view these are dying architectures. So if there are any problems with builds on those architectures, I no longer try to fix them but file RM bugs. Patches are welcome, but I am no longer willing to spend any time for this.

This month I uploaded new upstream or bugfix versions of:

• … gnupg-pcs11-scd
• … golang-github-dchest-uniuri
• … mpb
• … uucp

This month I even found some time to introduce new packages:

• … mailio a cross platform C++ library for email support
• … pksc11-proxy a proxy for the PKCS11-library

Just a quick post here to say that I’ve added a new Projects page to my freelance website. I realised I didn’t have anywhere online that I could point people to that had links to all of the ‘non-work’ (maybe that should be ‘non-paid’) projects I’ve made.

These projects include my Free GIS Data site, the British Placename Mapper, Py6S and more. I’ve also put together a separate page (linked from the projects page) with all my university theses (PhD, MSc and undergraduate) and other university work – which still get a remarkably high number of downloads.

Have a look here, or see a screenshot of the first few entries below:

Do you use Python in an academic setting? Maybe you run a research lab or teach courses using Python. Maybe you're even a student using Python. Whichever it is, you'll find a ton of great advice in this episode. I talk with Keiland Cooper about how he is using Python at his neuroscience lab at the University of California, Irvine.<br/> <br/> <strong>Episode sponsors</strong><br/> <br/> <a href='https://talkpython.fm/neo4j-notes'>Neo4j</a><br> <a href='https://talkpython.fm/posit'>Posit</a><br> <a href='https://talkpython.fm/training'>Talk Python Courses</a><br/> <br/> <strong>Links from the show</strong><br/> <br/> <div><b>Keiland's website</b>: <a href="https://www.kwcooper.xyz" target="_blank" rel="noopener">kwcooper.xyz</a><br/> <b>Keiland on Twitter</b>: <a href="https://twitter.com/kw_cooper" target="_blank" rel="noopener">@kw_cooper</a><br/> <b>Keiland on Mastodon</b>: <a href="https://fediscience.org/@kwcooper" target="_blank" rel="noopener">@kwcooper@fediscience.org</a><br/> <br/> <b>Journal of Open Source Software</b>: <a href="https://joss.readthedocs.io/en/latest/" target="_blank" rel="noopener">joss.readthedocs.io</a><br/> <b>Avalanche project</b>: <a href="https://avalanche.continualai.org" target="_blank" rel="noopener">avalanche.continualai.org</a><br/> <b>ContinualAI</b>: <a href="https://continualai.org" target="_blank" rel="noopener">continualai.org</a><br/> <b>Executable Books Project</b>: <a href="https://executablebooks.org/en/latest/" target="_blank" rel="noopener">executablebooks.org</a><br/> <b>eLife Journal</b>: <a href="https://elifesciences.org/about/" target="_blank" rel="noopener">elifesciences.org</a><br/> <b>Watch this episode on YouTube</b>: <a href="https://www.youtube.com/watch?v=rad6Kd6J0ns" target="_blank" rel="noopener">youtube.com</a><br/> <b>Episode transcripts</b>: <a href="https://talkpython.fm/episodes/transcript/461/python-in-neuroscience-and-academic-labs" target="_blank" rel="noopener">talkpython.fm</a><br/> <br/> <b>--- Stay in touch with us ---</b><br/> <b>Subscribe to us on YouTube</b>: <a href="https://talkpython.fm/youtube" target="_blank" rel="noopener">youtube.com</a><br/> <b>Follow Talk Python on Mastodon</b>: <a href="https://fosstodon.org/web/@talkpython" target="_blank" rel="noopener"><i class="fa-brands fa-mastodon"></i>talkpython</a><br/> <b>Follow Michael on Mastodon</b>: <a href="https://fosstodon.org/web/@mkennedy" target="_blank" rel="noopener"><i class="fa-brands fa-mastodon"></i>mkennedy</a><br/></div>

This post is a review for Computing Reviews for Constructed truths — truth and knowledge in a post-truth world , a book published in No Starch Press

Imagine you’ve come across a trove of files documenting a serious deed and you feel the need to “blow the whistle.” Or maybe you are an investigative journalist and this whistleblower trusts you and wants to give you said data. Or maybe you are a technical person, trusted by said journalist to help them do things right–not only to help them avoid being exposed while leaking the information, but also to assist them in analyzing the contents of the dataset. This book will be a great aid for all of the above tasks.

The author, Micah Lee, is both a journalist and a computer security engineer. The book is written entirely from his experience handling important datasets, and is organized in a very logical and sound way. Lee organized the 14 chapters in five parts. The first part–the most vital to transmitting the book’s message, in my opinion–begins by talking about the care that must be taken when handling a sensitive dataset: how to store it, how to communicate it to others, sometimes even what to redact (exclude) so the information retains its strength but does not endanger others (or yourself). The first two chapters introduce several tools for encrypting information and keeping communication anonymous, not getting too deep into details and keeping it aimed at a mostly nontechnical audience.

Something that really sets this book apart from others like it is that Lee’s aim is not only to tell stories about the “hacks and leaks” he has worked with, or to present the technical details on how he analyzed them, but to teach readers how to do the work. From Part 2 onward the book adopts a tutorial style, teaching the reader numerous tools for obtaining and digging information out of huge and very timely datasets. Lee guides the reader through various data breaches, all of them leaked within the last five years: BlueLeaks, Oath Keepers email dumps, Heritage Foundation, Parler, Epik, and Cadence Health. He guides us through a tutorial on using the command line (mostly targeted at Linux, but considering MacOS and Windows as well), running Docker containers, learning the basics of Python, parsing and filtering structured data, writing small web applications for getting at the right bits of data, and working with structured query language (SQL) databases.

The book does an excellent job of fulfilling its very ambitious aims, and this is even more impressive given the wide range of professional profiles it is written for; that being said, I do have a couple critiques. First, the book is ideologically loaded: the datasets all exhibit the alt-right movement that has gained strength in the last decade. Lee takes the reader through many instances of COVID deniers, rioters for Donald Trump during the January 2021 attempted coup, attacks against Black Lives Matter activists, and other extremism research; thus this book could alienate right-wing researchers, who might also be involved in handling important whistleblowing cases.

Second, given the breadth of the topic and my 30-plus years of programming experience, I was very interested in the first part of each chapter but less so in the tutorial part. I suppose a journalist reading through the same text might find the sections about the importance of data handling and source protection to be similarly introductory. This is unavoidable, of course, given the nature of this work. However, while Micah Lee is an excellent example of a journalist with the appropriate technical know-how to process the types of material he presents as examples, expecting any one person to become a professional in both fields is asking too much.

All in all, this book is excellent. The writing style is informal and easy to read, the examples are engaging, and the analysis is very good. It will certainly teach you something, no matter your background, and it might very well complement your professional skills.

Armadillo is a powerful and expressive C++ template library for linear algebra and scientific computing. It aims towards a good balance between speed and ease of use, has a syntax deliberately close to Matlab, and is useful for algorithm development directly in C++, or quick conversion of research code into production environments. RcppArmadillo integrates this library with the R environment and language–and is widely used by (currently) 1144 other packages on CRAN, downloaded 34.2 million times (per the partial logs from the cloud mirrors of CRAN), and the CSDA paper (preprint / vignette) by Conrad and myself has been cited 583 times according to Google Scholar.

Conrad released a new upstream bugfix yesterday (for a corner case with fftw3). We uploaded it yesterday too but it took a day for the hard-working CRAN maintainers to concur that the one (!) NOTE from reverse-dependency checking over 1100 packages was in a fact a false positve. And so it appeared on CRAN (very) early this morning. We also made a change removing a long-redundant setter for C++11 mode via the plugin. No other changes were made.

The set of changes since the last CRAN release follows.

Changes in RcppArmadillo version 0.12.8.3.0 (2024-05-07)

• Upgraded to Armadillo release 12.8.3 (Cortisol Injector)

  • Fix issue in fft() and fft2() in multi-threaded contexts with FFTW3 enabled

• No longer set C++11 for the Rcpp plugin as this standard has been the default by R for very long time now.

Courtesy of my CRANberries, there is a diffstat report relative to previous release. More detailed information is on the RcppArmadillo page. Questions, comments etc should go to the rcpp-devel mailing list off the Rcpp R-Forge page.

If you like this or other open-source work I do, you can sponsor me at GitHub.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.