FLOSS Project Planets

So this blog is now celebrating its 21st birthday (or 20 if you count from zero, or 18 if you want to be pedantic), and I figured I would do this yearly thing of reviewing how that went.

Number of posts

2022 was the official 20th anniversary in any case, and that was one of my best years on record, with 46 posts, surpassed only by the noisy 2005 (62) and matching 2006 (46). 2023, in comparison, was underwhelming: a feeble 11 posts! What happened!

Well, I was busy with other things, mostly away from keyboard, that I will not bore you with here...

The other thing that happened is that the one-liner I used to collect stats was broken (it counted folders and other unrelated files) and wildly overestimated 2022! Turns out I didn't write that much then:

anarc.at$ ls blog | grep '^[0-9][0-9][0-9][0-9].*.md' | se d s/-.*// | sort | uniq -c | sort -n -k2 57 2005 43 2006 20 2007 20 2008 7 2009 13 2010 16 2011 11 2012 13 2013 5 2014 13 2015 18 2016 29 2017 27 2018 17 2019 18 2020 14 2021 28 2022 10 2023 1 2024

But even that is inaccurate because, in ikiwiki, I can tag any page as being featured on the blog. So we actually need to process the HTML itself because we don't have much better on hand without going through ikiwiki's internals:

anarcat@angela:anarc.at$ curl -sSL https://anarc.at/blog/ | grep 'href="\./' | grep -o 20[0-9][0-9] | sort | uniq -c 56 2005 42 2006 19 2007 18 2008 6 2009 12 2010 15 2011 10 2012 11 2013 3 2014 15 2015 32 2016 50 2017 37 2018 19 2019 19 2020 15 2021 28 2022 13 2023

Which puts the top 10 years at:

$ curl -sSL https://anarc.at/blog/ | grep 'href="\./' | grep -o 20[0-9][0-9] | sort | uniq -c | sort -nr | head -10 56 2005 50 2017 42 2006 37 2018 32 2016 28 2022 19 2020 19 2019 19 2007 18 2008

Anyway. 2023 is certainly not a glorious year in that regard, in any case.

Visitors

In terms of visits, however, we had quite a few hits. According to Goatcounter, I had 122 300 visits in 2023! 2022, in comparison, had 89 363, so that's quite a rise.

What you read

I seem to have hit the Hacker News front page at least twice. I say "seem" because it's actually pretty hard to tell what the HN frontpage actually is on any given day. I had 22k visits on 2023-03-13, in any case, and you can't see me on the front that day. We do see a post of mine on 2023-09-02, all the way down there, which seem to have generated another 10k visits.

In any case, here were the most popular stories for you fine visitors:

• Framework 12th gen laptop review: 24k visits, which is surprising for a 13k words article "without images", as some critics have complained. 15k referred by Hacker News. Good reference and time-consuming benchmarks, slowly bit-rotting.

  That is, by far, my most popular article ever. A popular article in 2021 or 2022 was around 6k to 9k, so that's a big one. I suspect it will keep getting traffic for a long while.

• Calibre replacement considerations: 15k visits, most of which without a referrer. Was actually an old article, but I suspect HN brought it back to light. I keep updating that wiki page regularly when I find new things, but I'm still using Calibre to import ebooks.

• Hacking my Kobo Clara HD: is not new but always gathering more and more hits, it had 1800 hits in the first year, 4600 hits last year and now brought 6400 visitors to the blog! Not directly related, but this iFixit battery replacement guide I wrote also seem to be quite popular

Everything else was published before 2023. Replacing Smokeping with Prometheus is still around and Looking at Wayland terminal emulators makes an entry in the top five.

Where you've been

People send less and less private information when they browse the web. The number of visitors without referrers was 41% in 2021, it rose to 44% in 2023. Most of the remaining traffic comes from Google, but Hacker News is now a significant chunk, almost as big as Google.

In 2021, Google represented 23% of my traffic, in 2022, it was down to 15% so 18% is actually a rise from last year, even if it seems much smaller than what I usually think of.

Ratio Referrer Visits 18% Google 22 098 13% Hacker News 16 003 2% duckduckgo.com 2 640 1% community.frame.work 1 090 1% missing.csail.mit.edu 918

Note that Facebook and Twitter do not appear at all in my referrers.

Where you are

Unsurprisingly, most visits still come from the US:

Ratio Country Visits 26% United States 32 010 14% France 17 046 10% Germany 11 650 6% Canada 7 425 5% United Kingdom 6 473 3% Netherlands 3 436

Those ratios are nearly identical to last year, but quite different from 2021, where Germany and France were more or less reversed.

Back in 2021, I mentioned there was a long tail of countries with at least one visit, with 160 countries listed. I expanded that and there's now 182 countries in that list, almost all of the 193 member states in the UN.

What you were

Chrome's dominance continues to expand, even on readers of this blog, gaining two percentage points from Firefox compared to 2021.

Ratio Browser Visits 49% Firefox 60 126 36% Chrome 44 052 14% Safari 17 463 1% Others N/A

It seems like, unfortunately, my Lynx and Haiku users have not visited in the past year. It seems like trying to read those metrics is like figuring out tea leaves...

In terms of operating systems:

Ratio OS Visits 28% Linux 34 010 23% macOS 28 728 21% Windows 26 303 17% Android 20 614 10% iOS 11 741

Again, Linux and Mac are over-represented, and Android and iOS are under-represented.

What is next

I hope to write more next year. I've been thinking about a few posts I could write for work, about how things work behind the scenes at Tor, that could be informative for many people. We run a rather old setup, but things hold up pretty well for what we throw at it, and it's worth sharing that with the world...

So anyway, thanks for coming, faithful reader, and see you in the coming 2024 year...

Part one in a series of posts introducing Symfony Messenger, its ecosystem, and unique Drupal integrations to Drupal developers.

by daniel.phin / 9 January 2024

The SM project brings Symfony Messenger and its ecosystem together with Drupal.

Symfony Messenger is a powerful alternative to Drupal’s @QueueWorker, enabling real-time or precise execution of scheduled tasks. It’s also a viable replacement for hook_cron enabling you to schedule dispatch and processing of messages according to crontab rules, again in real-time, rather than waiting for server-invoked or request-termination cron.

Messenger can be used as a user-friendly alternative to Batch API, as the user's browser is not blocked, while integrations such as Toasty can be programmed to notify when the last of a “batch” of messages completes, communicating to the user via user-interface toasts.

The Drupal integration includes additional niceties, such as intercepting legacy QueueWorkers for processing data through the Symfony Messenger bus, and end-user UI notifying a user when tasks relevant to them have been processed.

During this and the following series of posts, we’ll be exploring the benefits of real-time processing and user-friendly features that improve the overall experience and outputs.

The workerToasty displaying notifications.Messenger

First up, we’ll cover the main features of Symfony Messenger and how it works.

As a developer working with Messenger, the most frequent task is to construct message and associated message handlers. A message holds data, while a message handler processes the associated data.

A message is inserted into the bus. The bus executes a series of middleware in order, each of which can view and modify the message.

If a transport is configured, the message may be captured and stored for processing later.

Typically the bus, middleware, and transports are configured in advance and rarely changed. Message and message handlers are introduced often without needing other configuration.

• Message — an arbitary PHP object, it must be serialisable.
• Message handler — a class that takes action based on the message it is given. Typically a message handler is designed to consume one type of message.
• Middleware — code that takes action on all message types, and has access to the containing envelope and stamps.
• Bus — a series of middleware in a particular order. There is a default bus, and a default set of middleware.
• Envelope — an envelope contains a single message, and it may have many stamps. A message always has an envelope.
• Stamp — a piece of metadata associated with an envelope. The most common use case is to track whether a middleware has already operated on the envelope. Useful when a transport re-runs a message through the bus after unserialisation. Another useful stamp is one to set the date and time for when a message should be processed.
• Transport — a transport comprises a receiver and sender. In the case of the doctrine database transport, its sender will serialise the message and store it in the database. The receiver will listen for messages ready to be sent, and then unserialise them.
• Worker — a command line application responsible for unserialising messages immediately, or at a scheduled time in the future. Messages are inserted into the bus for processing.

The stars of the show are buses. One bus is ready out of the box, which comprises a series of ordered middleware. A message is dispatched into a bus, where each middleware has the opportunity to view and modify the message (and its envelope). It's unlikely you’ll need to think about middleware, as the default set may already be the perfect combination.

When a message is dispatched to a bus, you can choose to wrap it in an envelope and apply stamps like the DelayStamp . A message will always be wrapped in an envelope if you don’t do it explicitly.

Buses have a series of default middleware. The main middleware to note are the transport and message handler middlewares. When a transport is configured for messenger, the transport middleware will capture the message, serialise it, and store it somewhere. For example, a database in the case of the doctrine transport. Any middleware after the transport middleware are not executed, for now.

When running the worker, you are opting to choose which bus and transport to run. The command will listen for messages as they are stored, and if the time is right, messages will be unserialised and inserted into the bus. The message will begin its journey yet again, iterating through all the middlewares from the beginning. When the transport middleware is hit, it will detect the message has already been in the transport to prevent recursion. This is done by checking the ReceivedStamp stamp added to the message envelope.

Transports: synchronous, asynchronous

Out of the box, when a message is dispatched into the bus in a CLI or web request, it will be processed synchronously. All middleware will operate on the message in a set order, including the message handler middleware.

The greatest advantage of using Messenger is the ability to asynchronously handle messages outside of the thread they were originally dispatched. That is: asynchronously. This can be useful for improving the web request response times and reducing the memory usage and limit of web requests (allowing for more FPM threads on a machine). Bulky business operations that would typically, or should be, constrained by the limits of the web thread have more breathing room. A CLI runner/container may be set up with a little more memory and processing capability with the explicit direction to listen for messages and handle them in real-time, either as soon as possible or as scheduled.

Upcoming posts in this series will dive into aspects of Symfony Messenger and SM:

• Symfony Messenger’ message and message handlers, and comparison with @QueueWorker
• Real-time: Symfony Messenger’ Consume command and prioritised messages
• Automatic message scheduling and replacing hook_cron
• Adding real-time processing to QueueWorker plugins
• Making Symfony Mailer asynchronous: integration with Symfony Messenger
• Displaying notifications when Symfony Messenger messages are processed
• Future of Symfony Messenger in Drupal

The next post covers the implementation of a message and message handler, and a comparison with Drupal core’s @QueueWorker plugins.

Tagged Symfony, Symfony Messenger

Join the FSF and friends on Friday, January 12, from 12:00 to 15:00 EST (17:00 to 20:00 UTC) to help improve the Free Software Directory.

Today we are talking about Portals, Community Websites, and Drupal with guest Ron Northcutt. We’ll also cover Private Message as our module of the week.

For show notes visit: www.talkingDrupal.com/432

Topics

• Why are you passionate about community sites
• Different types of portals you’ve worked on
• Common features
• Why is Drupal a great fit
• Why would you choose Drupal over a Saas or PaaS
• What is unique about each community
• How important is UX
• What common content models do you see
• Most important tip

Resources

• Lego sorting
  • https://news.lugnet.com/storage/?n=709
  • https://brickarchitect.com/guide/bricks/
• PHPBB
• discourse
• Open Social
• Monday

Guests

Ron Northcutt - community.appsmith.com rlnorthcutt

Hosts

Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi Martin Anderson-Clutz - mandclu

MOTW Correspondent

Martin Anderson-Clutz - mandclu

• Module name/project name:
  • Private Message
• Brief description:
  • Have you ever wanted to include a full-fledged, ajaxified system for private messages between users on your Drupal site? There’s a module for that
• Brief history
  • How old: created in Apr 2017 by Jaypan, a fellow Canadian, but the most recent release is by Lucas Hedding, who hails from Nicaragua, and is a prolific contrib maintainer in his own right
  • Versions available: 8.x-2.0-beta18 and 3.0.0 versions available, the latter of which works with D9 and 10
• Maintainership
  • Actively maintained, latest release in Oct 2023
  • Number of open issues: 130, 4 of which are bugs on the 3.0.x branch
  • Test coverage
• Documentation: does have a handbook, though the pages seem to date back to 2017, so hopefully the installation and setup hasn’t changed too much since then
• Usage stats:
  • Almost 2,000 sites
  • Maintainer(s):
• Module features and usage
  • With the Private Message module installed, users on your site can have permissions-based access to send private messages to each other
  • Messages and threads are fieldable entities, and in general the module is made to be highly configurable, so you can tailor it to meet your site’s specific needs
  • That includes the frequency for asynchronous operations like loading new messages, which can be done without a full page refresh. There’s also a companion module to use Node.js for the asynchronous operations, to reduce load on both the browser and the server
  • That also allows for browser push notifications, or you can use the integration with the Message module to send notifications via email, SMS, and more, including aggregating the notifications into digests
  • Companies often have a dedicated messaging solution like Slack or Teams that they use internally, but this can be a good solution for an extranet or vendor portal, where the users may represent a variety of organizations
  • It’s also worth mentioning that both Private Message and Message are included in the Open Social distribution, so that could be a way to try out a preconfigured setup

FTP master

This month I accepted 235 and rejected 13 packages. The overall number of packages that got accepted was 249. I also handled lots of RM bugs and almost stopped the increase in packages this month :-). Please be aware, if you don’t want your package to be removed, take care of it and keep it in good shape!

Debian LTS

This was my hundred-fourteenth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

During my allocated time I uploaded:

• [DLA 3686-1] xorg-server security update for two CVEs to fix privilege escalation
• [DLA 3686-2] xorg-server security update for one CVE to really fix privilege escalation. Unfortunately the first patches provided by upstream did not really solve the problem, so here we are in round 2
• [DLA 3699-1] libde265 security update for three CVEs to fix heap buffer or global buffer overflows
• [DLA 3700-1] cjson security update for one CVE to fix a segmentation violation
• [#1056934] Bookworm PU-bug for libde265; I could finally upload the package
• [#1056737] Bookworm PU-bug for minizip; I could finally upload the package
• [libde265]For the next round of CVEs of libde265 I prepared debdiffs for Bullseye and Bookworm and sent them to the maintainer.
• [cjson]I prepared debdiffs for Bullseye and Bookworm and sent them to the maintainer.

This month was rather calm and no unexpected things happened. The web team now automatically creates all webpages from data found in the security tracker. So I could deactivate my web-dla script again which created the webpages from the contents of the announcement mailing list.

Last but not least I also did two weeks of frontdesk duties.

Debian ELTS

This month was the sixty-fifth ELTS month. During my allocated time I uploaded:

• [ELA-1019-1]xorg-server security update for two CVEs to fix privilege escalation
• [ELA-1019-2]xorg-server security update for to really fix privilege escalation. As with the DLAs above, the first patches provided by upstream did not really solve the problem, so here we are in round 2
• [ELA 1027-1] libde265 security update for three CVEs in Stretch to fix heap buffer or global buffer overflows

Last but not least I also did two weeks of frontdesk duties.

Debian Printing

This month I uploaded a package to fix bugs:

• … cups/Bookworm to fix a bug related to color printing
• … hplip to fix a bug related to /usr-merge

This work is generously funded by Freexian!

Debian Astro

This month I uploaded a package to fix bugs:

• … libpktriggercord to fix a /usr-merge bug
• … indi-nightscape to fix a /usr-merge bug
• … indi-ffmv to fix a /usr-merge bug
• … indi-armadillo-platypus to fix a /usr-merge bug
• … indi-orion-ssg3 to fix a /usr-merge bug
• … indi-sx to fix a /usr-merge bug

Other stuff

This month I uploaded new upstream version of packages, did a source upload for the transition or uploaded it to fix one or the other issue:

• … usb-modeswitch-data to fix a /usr-merge bug
• … libcontra it is sometimes a bit amazing what software phones home

Drupal 7 security support will end - now is the time to plan a migration to Drupal 10! Nina Holzapfel Project Manager 08.01.2024

Drupal has been a robust choice for building and maintaining websites for decades. Like all other CMS systems, technological advancements and security requirements continually evolve at rapid speed and older software versions will be taken off the market.

In January 2025 Drupal 7 will finally reach its End of Life after 14 successful years and the necessity to transition to Drupal 10 has never been more critical.
Source: Drupal 7 End of Life | Drupal.org

What does Drupal 7 End of Life mean for your business?

This means the Drupal community and the official development team will stop providing support, including crucial security patches and updates. Without these updates, weaknesses in the system remain unaddressed, leaving websites vulnerable to dangerous cyber threats and data exploitation.

46,5% of all Drupal sites are still running on version 7

Source: Usage Statistics and Market Share of Drupal, January 2024 (w3techs.com)

Your company isn't just facing a hard deadline to relaunch your new site as January 2025 grows closer. You’re also competing with a vast number of organizations just like yours that need to coordinate the same migration process.

It is important to understand that depending on the complexity of the website the migration from Drupal 7 to Drupal 10 is not just a simple update. The data structure and design need to be rebuilt and major technical updates executed. Ramsalt has migrated numerous of clients from Drupal 7 to Drupal 10 and have built a team of migration experts for a successful migration process.

Get an offer for the migration and make sure that your company stays agile and competitive:
Yngve Bergheim, yngve@ramsalt.com

Get a Drupal 10 upgrade offer
Why should you migrate from Drupal 7 to Drupal 10? 

The foremost reason to migrate from Drupal 7 to Drupal 10 lies in security. Yet, Drupal 10 brings automated updates, improved user experience, along with several other feature improvements. See our blog article: A new year, A new shiny Drupal 10 | Drupal | Ledende leverandør | Ramsalt.

Below we want to list some of the Drupal 10 highlights:

Improved content editing

CKEditor 5 update from CKEditor 4 - With a thorough rebuild and an exciting new feature set, CKEditor 5 gives Drupal 10 a modern, collaborative editor experience. Users of programs like Microsoft Word or Google Docs will be used to the new CKEditor's interface. It also offers common tools for collaboration like comments, change suggestions, version histories, and other accepted editing practices. 

CKEditor 5 in Drupal

Try it our yourself here: Feature-rich editor - CKEditor 5 demo

Gutenberg Editor - With the latest Drupal 10 update, we are capable of using the most loved content editor. Here are some key points about the Gutenberg editor in the context of Drupal:

User-Friendly Interface: Gutenberg provides a more intuitive and visual editing experience. It uses blocks to represent various content elements like text, images, and videos, making it easy for users to build and design their content layout.

Enhanced Content Creation: With Gutenberg, content creators can design more complex layouts without needing any extensive technical knowledge. It offers a wide range of customization options within each block, making it easier to design diverse and dynamic web pages, we even have our own Gutenberg landing page builder in-house. the limits are your imagination.

Responsive Design: Blocks in the Gutenberg editor are inherently responsive, ensuring that content created in Drupal looks good on all devices.

Extensibility: Just like Drupal, Gutenberg is highly extensible. Developers can create custom blocks to add new functionalities, tailored to specific needs.

Gutenberg in Drupal

Try it out for yourself: Drupal Gutenberg demo

Improved Admin and Design Themes

Drupal 10 introduces a significantly enhanced theming system, characterized by its streamlined single-directory component structure. This advancement not only boosts overall performance but also accelerates the rollout of new features. Furthermore, it offers comprehensive editing capabilities, enabling a seamless top-to-bottom customization experience. This modernized approach in Drupal 10 ensures a more efficient, user-friendly, and agile development process, catering to the evolving needs of end-users and editorial teams alike.

Improved Website Performance & Security

Drupal 10 improves your site security by including up-to-date protocols and technical dependencies such as PHP 8.2, Symfony 6.2. This means a faster and more modern website out of the box.

With enhanced dynamic caching (BigPipe) reduces page load times by invalidating only the content that has changed and therefore provides a faster and better user experience.

Drupal 10 also marks the end of Drupal 7’s jQuery. A large JavaScript library, jQuery was a powerful tool, but modern browsers perform many of the same functions. The up-to-date JavaScript used by Drupal 10 also decreases page load times and snappier behavior for the end users.

Source: Drupal 10 | Drupal.org & Drupal 10.2 is now available | Drupal.org

KDiagram 3.0.1 is an update to our charting libraries which fixes a bug in the cmake path configuration. It also updates translations and removes some unused Qt 5 code.

URL: https://download.kde.org/stable/kdiagram/3.0.1/

sha256: 4659b0c2cd9db18143f5abd9c806091c3aab6abc1a956bbf82815ab3d3189c6d

Signed by E0A3EB202F8E57528E13E72FD7574483BB57B18D Jonathan Esk-Riddell jr@jriddell.org
https://jriddell.org/esk-riddell.gpg

The Goal

In Drupal Commerce, carts do not have order numbers. Order numbers are not set until checkout completion, when the order is placed. If the order type has been configured with a number pattern, that pattern is used to generate the order number; otherwise the order entity ID is used. As a result, when a credit card payment is added during checkout, the cart/order may not have its final Order Number yet. For some payment gateways, this is fine--only the order entity ID is needed.

The Goal

A Drupal Commerce website may want to offer the same payment terms provided to customers purchasing products offline. If up-front payment is not required, then we need to create an option for customers to complete checkout without providing payment. Additional information may need to be collected during checkout for the "payment on account" option in lieu of a traditional payment method. For our business needs, this additional information takes the form of a Purchase Order number entered by the customer.

The Goal

When a customer completes checkout on a Drupal Commerce website, the cart order is "placed." No additional changes can be made to the order by the customer. Administrative users, with access permissions, can typically edit these "placed" orders. However, significant changes like the addition/removal or an order item or an order item quantity/pricing change can be problematic. The changes can be made, but... afterwards, things like taxes, discounts, shipping charges, etc. may not be correct.

The Goal

When a store has customers that are businesses or institutional, the standard Address field properties and formatting may not align well with actual billing and shipping addresses. For example, a business address may not include the customer's first and last name as the first line; instead, an organizational name may be used. If a contact name is included, it may be an "Attention" line. Additionally, businesses may require a line with reference or purchase order number.

The Goal

Drupal Commerce order types can be configured to email the customer a receipt when an order is placed, with or without a BCC copy sent to a specified email address. Additionally, administrative users can use a "Resend receipt" button to send a receipt to the contact email address set for the order; no copy is sent to an additional email address.

When re-sending an order receipt, administrative users may want to:

The Goal

Administrative users creating and updating orders in the backend may want to:

• Preview the order receipt before emailing customers.
• Send a copy of the order receipt to an email address other than the contact email address for the order.

Developers may want to:

• Preview the order receipt for testing purposes when working on environments with outgoing emails disabled

A Solution

We can add a button to the right of the existing, "Resend receipt" button that appears on Order View pages, like this:

The Goal

Core Drupal Commerce provides Order Receipt functionality. An Order Receipt is an email notification sent to a customer when an order is placed. It lets the customer know that the order has been received and includes a summary of the order. For each Order Type, you can turn order receipts on/off and, if enabled, specify that a copy be sent to a specific recipient.

The Drop Times is now the official media partner for Drupal Mountain Camp 2024. Expect the latest camp updates and insights exclusively from us. Stay connected for all things Drupal Mountain Camp!

Recently, Randy Fay of the DDEV project blogged about two new Docker providers available (and supported by DDEV) for MacOS: Rancher Desktop and OrbStack. Both of these join Colima and Docker Desktop as supported Docker providers for DDEV on MacOS. 

What is a Docker provider?

I know that I certainly have asked this question - more times than I care to admit. As Randy explains in the blog post:

All of the Docker Providers on every platform (except Linux) are actually wrappers on the open-source Docker/Moby project, which is supported by Docker, Inc.

In other words, in order for DDEV to talk to Docker, it needs a provider. But, not all Docker providers are created equal. Neither Docker Desktop nor OrbStack are open-source - both have free versions (with restrictions); for most commercial use cases, there is a cost involved. Colima and Rancher Desktop are both open-source.

Features vary between Docker providers as well, so it only makes sense that performance differences also exist. Fortunately, Randy has written another blog post summarizing the performance differences between the various Docker providers on MacOS.

tl;dr if you have Mutagen enabled with DDEV, then they're all pretty fast, with OrbStack having the edge.

Why switch Docker providers?

While Colima is (IMHO) heads-and-tails better than Docker Desktop for Mac, upgrading Colima itself has been a bit of a rocky road. I have learned to never assume that my databases will remain intact during a Colima upgrade. This usually isn't a deal-breaker, but for me, it is squarely in the inconvenience category.

I'm hoping that the situation is smoother with Rancher Desktop.

Getting started with Rancher Desktop

As I (currently) use DDEV on MacOS with Colima (and Mutagen enabled,) I decided to give Rancher Desktop a try, as it is an open-source option. 

Using the instructions provided by the DDEV project, I downloaded Rancher Desktop from the official site. A bit surprisingly, the recommended installation method was not Homebrew, but rather a bit of an old-school MacOS .dmg file.

After downloading Rancher Desktop (but before installing it,) the steps I took to install and change over from Colima began with:

$ ddev poweroff $ colima stop

Next, I double-clicked to install Rancher Desktop - making sure to uncheck the "Kubernetes" checkbox as the DDEV instructions suggested. I didn't touch any other settings during the Rancher Desktop install.

Once that was installed, I restarted my Terminal app, then navigated to one of my DDEV projects.

$ cd ~/sites/d10 $ docker context use rancher-desktop $ ddev start

If you haven't used it before, the docker context use rancher-desktop bit basically tells Docker which provider to use. In other words, you can have multiple providers installed (like I do with Colima and Rancher Desktop) and switch between them using the docker context use command.

With that, installation was complete. 

My experience with Rancher Desktop

In short: uneventful (in a good way)

I didn't have any issues at all - it all went very smoothly. From a performance standpoint, Drupal 10 sites feel a little bit snappier than with Colima, but this is purely qualitative, not quantitative. 

The (minor) downside

When switching Docker providers, while project code isn't touched, unfortunately, project databases don't automatically come along. In his blog post, Randy suggests using ddev snapshot --all as an initial step in the process to back up all databases. I tend to take a more piecemeal approach - individually exporting databases while using Colima, then importing them while using Rancher Desktop. For example, here's my process for moving a database from Colima to Rancher Desktop (assuming my system is currently using Rancher Desktop):

$ cd ~/sites/d10 $ ddev poweroff $ colima start $ docker context use colima $ ddev start $ ddev export-db > db-backup.sql.gz $ ddev poweroff $ docker context use rancher-desktop $ ddev start $ ddev import-db –file=db-backup.sql.gz $ ddev drush cr

Granted, it's a bit wordy, but it works for me.

So, Orbstack?

At the present time, I have no plans to test-drive Orbstack. While Randy's blog post does indicate I would experience a minor performance boost, at this time, I'd rather just stick with an open-source solution.

One of our Professional Module Development course graduates, Jay Volk, recounted his recent experience with Orbstack:

My experience is that OrbStack is really fast and while not open source (it's $8/mo.) it seems well worth the cost and I'm happy to support this project.  Orbstack will take your existing Docker settings and move them to Orbstack when starting up (it asks your permission.) This proved to be no problem for DDEV but occasionally causes problems with the other solution I sometimes need, Lando.  Easy enough, Docker can reclaim settings back from OrbStack and with a Docker restart you're good to go again with that (albeit slower) solution.

Conclusion

I wrote the first draft of this blog post about 2 weeks ago - since then I've stuck with Rancher Desktop and have no plans to go back to Colima. I'm pretty sure the performance is a bit better than Colima and I've had absolutely zero issues. The real test (for me at least) will be when it comes time to update Rancher Desktop - assuming it is a smooth experience, I doubt I'll be returning to Colima. 

Header image generated by ChatGPT-4 using the prompt: "Create a cartoon image of a cowboy lassoing a giant laptop computer using 2:1 aspect ratio". If someone could identify the two flying objects to the right of the laptop, I'd be most appreciative.

Python is always getting better, and 2023 brought a number of exciting developments. As part of the Faster CPython project, Python 3.12 is speedier than previous versions. The new release brings improved error messages and more powerful f-strings. You can also enjoy support for the Linux perf profiler, static typing improvements, and changes to subinterpreters.

The Python Software Foundation (PSF) focused on enhancing security in 2023, with the help of inaugural Security Developer-in-Residence Seth Michael Larson. As part of this comprehensive effort, PyPI completed its first security audit. Plus, the year brought new major versions of pandas, Django, and Pydantic. Another exciting development was Mojo, a superset of Python that’s specifically designed for use in machine-learning contexts.

Here at Real Python, we’ve published over a hundred written tutorials and video courses this year, plus weekly podcast episodes. Keep reading to revisit an old favorite or embark on a new learning journey. You can also check out the wrap-up podcast episode.

Join Now: Click here to join the Real Python Newsletter and you'll never miss another Python tutorial, course update, or post.

Practice Your Skills

Practice makes perfect, especially when it comes to programming. This year, the Real Python team expanded the Python Basics learning path with exercises designed to strengthen your Python skills and help you apply your knowledge in real-world scenarios.

In these courses, you can test your knowledge by completing review exercises and challenges before comparing your work to the instructors’ solutions:

• Python Basics Exercises: Numbers and Math
• Python Basics Exercises: Object-Oriented Programming
• Python Basics Exercises: Modules and Packages

By actively engaging with these exercises, you’ll solidify your understanding of Python concepts and build confidence in your programming abilities. Another way to test your knowledge is by taking quizzes, and we added several in 2023. For help along the way, be sure to join Real Python’s community chat and weekly office hours.

Customize Your Coding Environment

Your coding environment plays a crucial role in your productivity as a programmer, so it’s definitely worthwhile to explore your options and make yourself at home. That means picking the perfect editor or IDE for your use case and then tweaking how it works for you.

In these tutorials, you’ll learn how to customize your coding environment to suit your needs:

• Boost Your Coding Productivity With Ptpython
• Choosing the Best Coding Font for Programming
• JupyterLab for an Enhanced Notebook Experience

By exploring these resources, you’ll discover tools and techniques that can enhance your coding experience, making you more efficient and comfortable as you write Python code.

Read the full article at https://realpython.com/popular-python-tutorials-2023/ »

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

The Visual Layout Suite module is a great improvement of the core editorial experience leveraging Layout Builder and many contrib modules. Basicailly, it enables Layout Builder, depends on several contrib modules that improves Layout Builder and ads its custom magic.

One of the most important features is the use of utility classes allowing the configuration of the look and feel easily from the frontend with an instant preview. Additionally, it allows to restrict the utility classes a user can use, so the user is not overwhelmed by the extra options and also the look and feel of the page can be limited to be compliant with the style guide of the site. New utility classes can be easily added and components can be configured to only use a reduced set of utility classes to un clutter the UI.

VLSuite integrates with any Drupal component that integrates with Layout Builder and more: entity fields, paragraphs, Views, SDC, medias, etc. And there's no dependency on any theme, external service or certain entities. The only soft dependency is a Bootstrap 5 theme to enjoy all the VLSuite features out of the box. However, you can use any theme as long as it provides the utility classes you require. T

All the previous information means you could add VLSuite to an existing site with minimal…

I find most descriptions of WebAssembly to be uninspiring: if you start with a phrase like “assembly-like language” or a “virtual machine”, we have already lost the plot. That’s not to say that these descriptions are incorrect, but it’s like explaining what a dog is by starting with its circulatory system. You’re not wrong, but you should probably lead with the bark.

I have a different preferred starting point which is less descriptive but more operational: WebAssembly is a new fundamental abstraction boundary. WebAssembly is a new way of dividing computing systems into pieces and of composing systems from parts.

This all may sound high-falutin´, but it’s for real: this is the actually interesting thing about Wasm.

fundamental & abstract

It’s probably easiest to explain what I mean by example. Consider the Linux ABI: Linux doesn’t care what code it’s running; Linux just handles system calls and schedules process time. Programs that run against the x86-64 Linux ABI don’t care whether they are in a container or a virtual machine or “bare metal” or whether the processor is AMD or Intel or even a Mac M3 with Docker and Rosetta 2. The Linux ABI interface is fundamental in the sense that either side can implement any logic, subject to the restrictions of the interface, and abstract in the sense that the universe of possible behaviors has been simplified to a limited language, in this case that of system calls.

Or take HTTP: when you visit wingolog.org, you don’t have to know (but surely would be delighted to learn) that it’s Scheme code that handles the request. I don’t have to care if the other side of the line is curl or Firefox or Wolvic. HTTP is such a successful fundamental abstraction boundary that at this point it is the default for network endpoints; whether you are a database or a golang microservice, if you don’t know that you need a custom protocol, you use HTTP.

Or, to rotate our metaphorical compound microscope to high-power magnification, consider the SYS-V amd64 C ABI: almost every programming language supports some form of extern C {} to access external libraries, and the best language implementations can produce artifacts that implement the C ABI as well. The standard C ABI splits programs into parts, and allows works from separate teams to be composed into a whole. Indeed, one litmus test of a fundamental abstraction boundary is, could I reasonably define an interface and have an implementation of it be in Scheme or OCaml or what-not: if the answer is yes, we are in business.

It is in this sense that WebAssembly is a new fundamental abstraction boundary.

WebAssembly shares many of the concrete characteristics of other abstractions. Like the Linux syscall interface, WebAssembly defines an interface language in which programs rely on host capabilities to access system features. Like the C ABI, calling into WebAssembly code has a predictable low cost. Like HTTP, you can arrange for WebAssembly code to have no shared state with its host, by construction.

But WebAssembly is a new point in this space. Unlike the Linux ABI, there is no fixed set of syscalls: WebAssembly imports are named, typed, and without pre-defined meaning, more like the C ABI. Unlike the C ABI, WebAssembly modules have only the shared state that they are given; neither side has a license to access all of the memory in the “process”. And unlike HTTP, WebAssembly modules are “in the room” with their hosts: close enough that hosts can allow themselves the luxury of synchronous function calls, and to allow WebAssembly modules to synchronously call back into their hosts.

applied teleology

At this point, you are probably nodding along, but also asking yourself, what is it for? If you arrive at this question from the “WebAssembly is a virtual machine” perspective, I don’t think you’re well-equipped to answer. But starting as we did by the interface, I think we are better positioned to appreciate how WebAssembly fits into the computing landscape: the narrative is generative, in that you can explore potential niches by identifying existing abstraction boundaries.

Again, let’s take a few examples. Say you ship some “smart cities” IoT device, consisting of a microcontroller that runs some non-Linux operating system. The system doesn’t have an MMU, so you don’t have hardware memory protections, but you would like to be able to enforce some invariants on the software that this device runs; and you would also like to be able to update that software over the air. WebAssembly is getting used in these environments; I wish I had a list of deployments at hand, but perhaps we can at least take this article last year from a WebAssembly IoT vendor as proof of commercial interest.

Or, say you run a function-as-a-service cloud, meaning that you run customer code in response to individual API requests. You need to limit the allowable set of behaviors from the guest code, so you choose some abstraction boundary. You could use virtual machines, but that would be quite expensive in terms of memory. You could use containers, but you would like more control over the guest code. You could have these functions written in JavaScript, but that means that your abstraction is no longer fundamental; you limit your applicability. WebAssembly fills an interesting niche here, and there are a number of products in this space, for example Fastly Compute or Fermyon Spin.

Or to go smaller, consider extensible software, like the GIMP image editor or VS Code: in the past you would use loadable plug-in modules via the C ABI, which can be quite gnarly, or you lean into a particular scripting language, which can be slow, inexpressive, and limit the set of developers that can write extensions. It’s not a silver bullet, but WebAssembly can have a role here. For example, the Harfbuzz text shaping library supports fonts with an embedded (em-behdad?) WebAssembly extension to control how strings of characters are mapped to positioned glyphs.

aside: what boundaries do

They say that good fences make good neighbors, and though I am not quite sure it is true—since my neighbor put up a fence a few months ago, our kids don’t play together any more—boundaries certainly facilitate separation of functionality. Conway’s law is sometimes applied as a descriptive observation—ha-ha, isn’t that funny, they just shipped their org chart—but this again misses the point, in that boundaries facilitate separation, but also composition: if I know that I can fearlessly allow a font to run code because I have an appropriate abstraction boundary between host application and extension, I have gained in power. I no longer need to be responsible for every part of the product, and my software can scale up to solve harder problems by composing work from multiple teams.

There is little point in using WebAssembly if you control both sides of a boundary, just as (unless you have chickens) there is little point in putting up a fence that runs through the middle of your garden. But where you want to compose work from separate teams, the boundaries imposed by WebAssembly can be a useful tool.

narrative generation

WebAssembly is enjoying a tail-wind of hype, so I think it’s fair to say that wherever you find a fundamental abstraction boundary, someone is going to try to implement it with WebAssembly.

Again, some examples: back in 2022 I speculated that someone would “compile” Docker containers to WebAssembly modules, and now that is a thing.

I think at some point someone will attempt to replace eBPF with Wasm in the Linux kernel; eBPF is just not as good a language as Wasm, and the toolchains that produce it are worse. eBPF has clunky calling-conventions about what registers are saved and spilled at call sites, a decision that can be made more efficiently for the program and architecture at hand when register-allocating WebAssembly locals. (Sometimes people lean on the provably-terminating aspect of eBPF as its virtue, but that could apply just as well to Wasm if you prohibit the loop opcode (and the tail-call instructions) at verification-time.) And why don’t people write whole device drivers in eBPF? Or rather, targetting eBPF from C or what-have-you. It’s because eBPF is just not good enough. WebAssembly is, though! Anyway I think Linux people are too chauvinistic to pick this idea up but I bet Microsoft could do it.

I was thinking today, you know, it actually makes sense to run a WebAssembly operating system, one which runs WebAssembly binaries. If the operating system includes the Wasm run-time, it can interpose itself at syscall boundaries, sometimes allowing it to avoid context switches. You could start with something like the Linux ABI, perhaps via WALI, but for a subset of guest processes that conform to particular conventions, you could build purpose-built composition that can allocate multiple WebAssembly modules to a single process, eliding inter-process context switches and data copies for streaming computations. Or, focussing on more restricted use-cases, you could make a microkernel; googling around I found this article from a couple days ago where someone is giving this a go.

wwwhat about the wwweb

But let’s go back to the web, where you are reading this. In one sense, WebAssembly is a massive web success, being deployed to literally billions of user agents. In another, it is marginal: people do not write web front-ends in WebAssembly. Partly this is because the kind of abstraction supported by linear-memory WebAssembly 1.0 isn’t a good match for the garbage-collected DOM API exposed by web browsers. As a corrolary, languages that are most happy targetting this linear-memory model (C, Rust, and so on) aren’t good for writing DOM applications either. WebAssembly is used in auxiliary modules where you want to run legacy C++ code on user devices, or to speed up a hot leaf function, but isn’t a huge success.

This will change with the recent addition of managed data types to WebAssembly, but not necessarily in the way that you might think. Like, now that it will be cheaper and more natural to pass data back and forth with JavaScript, are we likely to see Wasm/GC progressively occupying more space in web applications? For me, I doubt that progressive is the word. In the same way that you wouldn’t run a fence through the middle of your front lawn, you wouldn’t want to divide your front-end team into JavaScript and WebAssembly sub-teams. Instead I think that we will see more phase transitions, in which whole web applications switch from JavaScript to Wasm/GC, compiled from Dart or Elm or what have you. The natural fundamental abstraction boundary in a web browser is between the user agent and the site’s code, not within the site’s code itself.

conclusion

So, friends, if you are talking to a compiler engineer, by all means: keep describing WebAssembly as an virtual machine. It will keep them interested. But for everyone else, the value of WebAssembly is what it does, which is to be a different way of breaking a system into pieces. Armed with this observation, we can look at current WebAssembly uses to understand the nature of those boundaries, and to look at new boundaries to see if WebAssembly can have a niche there. Happy hacking, and may your components always compose!

‘Chingam’/ചിങ്ങം (named after the first month of Malayalam calendar) is the newest libre/open source font released by Rachana Institute of Typography in the year 2024.

It comes with a regular variant, embellished with stylistic alternates for a number of characters. The default shape of characters D, O, ഠ, ാ etc. are wider in stark contrast with the shape of other characters designed as narrow width. The font contains alternate shapes for these characters more in line with the general narrow width characteristic.

Users can enable the stylistic alternates in typesetting systems, should they wish.

• XeTeX: stylistic variant can be enabled with the StylisticSet={1} option when defining the font via fontspec package. For e.g.

% in the preamble
\newfontfamily\chingam[Ligatures=TeX,Script=Malayalam,StylisticSet={1}]{Chingam}
…
\begin{document}
\chingam{മനുഷ്യരെല്ലാവരും തുല്യാവകാശങ്ങളോടും അന്തസ്സോടും സ്വാതന്ത്ര്യത്തോടുംകൂടി ജനിച്ചിട്ടുള്ളവരാണ്‌…}
\end{document}

• Scribus: extra font features are accessible since version 1.6

• LibreOffice: extra font features are accessible since version 7.4. Enable it using Format→Character→Language→Features.

• InDesign: very similar to Scribus; there should be an option in the text/font properties to choose the stylistic set.

Development

Chingam is designed and drawn by Narayana Bhattathiri. Based on the initial drawings on paper, the glyph shapes are created in vector format (svg) following the glyph naming convention used in RIT projects. A new build script is developed by Rajeesh that makes it easier for designers to iterate & adjust the font metadata & metrics. Review & scrutiny done by CVR, Hussain KH and Ashok Kumar improved the font substantially.

Download

Chingam is licensed under Open Font License. The font can be downloaded from Rachana website, sources are available in GitLab page.