Feeds
Ned Batchelder: GitHub action security: zizmor
Zizmor is a new tool to check your GitHub action workflows for security concerns. I found it really helpful to lock down actions.
Action workflows can be esoteric, and continuous integration is not everyone’s top concern, so it’s easy for them to have subtle flaws. A tool like zizmor is great for drawing attention to them.
When I ran it, I had a few issues to fix:
- Some data available to actions is manipulable by unknown people, so you have
to avoid interpolating it directly into shell commands. For example, you might
want to add the branch name to the action summary:
- name: "Summarize"
run: |
echo "### From branch ${{ github.ref }}" >> $GITHUB_STEP_SUMMARY
But github.ref is a branch name chosen by the author of the pull request. It could have a shell injection which could let an attacker exfiltrate secrets. Instead, put the value into an environment variable, then use it to interpolate: - name: "Summarize"
env:
REF: ${{ github.ref }}
run: |
echo "### From branch ${REF}" >> $GITHUB_STEP_SUMMARY
- The actions/checkout step should avoid persisting credentials:
- name: "Check out the repo"
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- In steps where I was pushing to GitHub, this meant I needed to explicitly
set a remote URL with credentials:
- name: "Push digests to pages"
env:
GITHUB_TOKEN: ${{ secrets.token }}
run: |
git config user.name nedbat
git config user.email ned@nedbatchelder.com
git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git
There were some other things that were easy to fix, and of course, you might have other issues. One improvement to zizmor: it could link to explanations of how to fix the problems it finds, but it wasn’t hard to find resources, like GitHub’s Security hardening for GitHub Actions.
William Woodruff is zizmor’s author. He was incredibly responsive when I had problems or questions about using zizmor. If you hit a snag, write an issue. It will be a good experience.
If you are like me, you have repos lying around that you don’t think about much. These are a special concern, because their actions could be years old, and not well maintained. These dusty corners could be a good vector for an attack. So I wanted to check all of my repos.
With Claude’s help I wrote a shell script to find all git repos I own and run zizmor on them. It checks the owner of the repo because my drive is littered with git repos I have no control over:
#!/bin/bash# zizmor-repos.sh
echo "Looking for workflows in repos owned by: $*"
# Find all git repositories in current directory and subdirectories
find . \
-type d \( \
-name "Library" \
-o -name "node_modules" \
-o -name "venv" \
-o -name ".venv" \
-o -name "__pycache__" \
\) -prune \
-o -type d -name ".git" -print 2>/dev/null \
| while read gitdir; do
# Get the repository directory (parent of .git)
repo_dir="$(dirname "$gitdir")"
# Check if .github/workflows exists
if [ -d "${repo_dir}/.github/workflows" ]; then
# Get the GitHub remote URL
remote_url=$(git -C "$repo_dir" remote get-url origin)
# Check if it's our repository
# Handle both HTTPS and SSH URL formats
for owner in $*; do
if echo "$remote_url" | grep -q "github.com[/:]$owner/"; then
echo ""
echo "Found workflows in $owner repository: $repo_dir"
~/.cargo/bin/zizmor $repo_dir/.github/workflows
fi
done
fi
done
After fixing issues, it’s very satisfying to see:
% zizmor-repos.sh nedbat BostonPythonLooking for workflows in repos owned by: nedbat BostonPython
Found workflows in nedbat repository: ./web/stellated
🌈 completed ping-nedbat.yml
No findings to report. Good job!
Found workflows in nedbat repository: ./web/nedbat_nedbat
🌈 completed build.yml
No findings to report. Good job!
Found workflows in nedbat repository: ./scriv
🌈 completed tests.yml
No findings to report. Good job!
Found workflows in nedbat repository: ./lab/gh-action-tests
🌈 completed matrix-play.yml
No findings to report. Good job!
Found workflows in nedbat repository: ./aptus/trunk
🌈 completed kit.yml
No findings to report. Good job!
Found workflows in nedbat repository: ./cog
🌈 completed ci.yml
No findings to report. Good job!
Found workflows in nedbat repository: ./dinghy/nedbat
🌈 completed test.yml
🌈 completed daily-digest.yml
🌈 completed docs.yml
No findings to report. Good job!
Found workflows in nedbat repository: ./dinghy/sample
🌈 completed daily-digest.yml
No findings to report. Good job!
Found workflows in nedbat repository: ./coverage/badge-samples
🌈 completed samples.yml
No findings to report. Good job!
Found workflows in nedbat repository: ./coverage/django_coverage_plugin
🌈 completed tests.yml
No findings to report. Good job!
Found workflows in nedbat repository: ./coverage/trunk
🌈 completed dependency-review.yml
🌈 completed publish.yml
🌈 completed codeql-analysis.yml
🌈 completed quality.yml
🌈 completed kit.yml
🌈 completed python-nightly.yml
🌈 completed coverage.yml
🌈 completed testsuite.yml
No findings to report. Good job!
Found workflows in BostonPython repository: ./bospy/about
🌈 completed past-events.yml
No findings to report. Good job!
Nice.
Russell Coker: Links October 2024
Dacid Brin wrote an interesting article about AI ecosystems and how humans might work with machines on creative projects [1]. Also he’s right about “influencers” being like funghi.
Cory Doctorow wrote an interesting post about DRM, coalitions, and cheating [2]. It seems that people like me who want “trusted computing” to secure their own computers don’t fit well in any of the coalitions.
The CHERI capability system for using extra hardware to validate jump addresses is an interesting advance in computer science [3]. The lecture is froim the seL4 Summit, this sort of advance in security goes well with a formally proven microkernel. I hope that this becomes a checkbox when ordering a custom RISC-V design.
Bunnie wrote an insightful blog post about how the Mossad might have gone about implementing the exploding pager attack [4]. I guess we will see a lot more of this in future, it seems easy to do.
Interesting blog post about Control Flow Integrity in the V8 engine of Chrome [5].
Interesting blog post about the new mseal() syscall which can be used by CFI among other things [6].
This is the Linux kernel documentation about the Control-flow Enforcement Technology (CET) Shadow Stack [7]. Unfortunately not enabled in Debian/Unstable yet.
ARM added support for Branch Target Identification in version 8.5 of the architecture [8].
NuShell is an interesting development in shell technology which runs on Linux and Windows [10].
Interesting article about making a computer game without coding using ML [11]. I doubt that it would be a good game, but maybe educational for kids.
Krebs has an insightful article about location tracking by phones which is surprisingly accurate [12]. He has provided information on how to opt out of some of it on Android, but we need legislative action!
Interesting YouTube video about how to make a 20kW microwave oven and what it can do [13]. Don’t do this at home, or anywhere else!
- [1] https://tinyurl.com/26geg4az
- [2] https://tinyurl.com/29n4hyvv
- [3] https://www.youtube.com/watch?v=VcufX8hZ5-o
- [4] https://tinyurl.com/2beb7ala
- [5] https://v8.dev/blog/control-flow-integrity
- [6] https://tinyurl.com/26p8hlcr
- [7] https://docs.kernel.org/next/x86/shstk.html
- [8] https://tinyurl.com/26ffcrho
- [9] https://www.youtube.com/watch?v=v-imW24OXLY
- [10] https://www.youtube.com/watch?v=zoX_S6d-XU4
- [11] https://tinyurl.com/ysqe79q7
- [12] https://tinyurl.com/258r74cl
- [13] https://www.youtube.com/watch?v=mg79n_ndR68
- [14] https://tinyurl.com/2xtu7kvv
Related posts:
- Links August 2024 Bruce Schneier and Kim Córdova wrote an insightful article about...
- Links September 2024 CNA Insider has an insightful documentary series about Chinese illegal...
- Links June 2024 Modos Labs have released the design of an e-ink display...
Promet Source: Secure Our World: Cybersecurity Awareness Month 2024
Dirk Eddelbuettel: gcbd 0.2.7 on CRAN: More Mere Maintenance
Another pure maintenance release 0.2.7 of the gcbd package is now on CRAN. The gcbd proposes a benchmarking framework for LAPACK and BLAS operations (as the library can exchanged in a plug-and-play sense on suitable OSs) and records result in local database. Its original motivation was to also compare to GPU-based operations. However, as it is both challenging to keep CUDA working packages on CRAN providing the basic functionality appear to come and go so testing the GPU feature can be challenging. The main point of gcbd is now to actually demonstrate that ‘yes indeed’ we can just swap BLAS/LAPACK libraries without any change to R, or R packages. The ‘configure / rebuild R for xyz’ often seen with ‘xyz’ being Goto or MKL is simply plain wrong: you really can just swap them (on proper operating systems, and R configs – see the package vignette for more). But nomatter how often we aim to correct this record, it invariably raises its head another time.
This release accommodates a CRAN change request as we were referencing the (now only suggested) package gputools. As hinted in the previous paragraph, it was once on CRAN but is not right now so we adjusted our reference.
CRANberries also provides a diffstat report for the latest release.
If you like this or other open-source work I do, you can sponsor me at GitHub.
This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.
Seth Michael Larson: How to export OPML from Omnivore
Published 2024-10-30 by Seth Larson
Reading time: minutes
Omnivore recently announced they were bought by ElevenLabs, which is an AI company funded by Trump-supporting VC firm Andreessen Horowitz. As a part of this deal, they are shuttering the service on an extremely tight deadline.
This is very disappointing to me, I've previously recommended Omnivore to others and have donated for the past year that I've used the service. It goes without saying that I want nothing to do with Omnivore.
At the recommendation of a few friends I am going to try out Feedbin, which costs $5/month (the same price that I was willing to donate to Omnivore) and has a generous 30-day trial. This service has been around for much longer and appears to not be adding AI garbage to their app (thank you, Feedbin!)
The Omnivore team has unhelpfully given an extremely tight deadline to migrate your content out before they shutter the service: November 15th. Exporting your content (links, tags, rendered HTML pages) worked fine for me but I had to restart the export process once. Please do this ASAP to avoid losing your data.
I will need to write a few scripts to import the content into Feedbin. But your data export doesn't give you your RSS or newsletter subscriptions (again, screw you Omnivore).
So I wrote a short Python script to do that. First install the dependencies (OmnivoreQL and PyOPML):
$ python -m pip install omnivoreql pyopmlYou'll also need to create an Omnivore API token and place the value in the script:
import opml from omnivoreql import OmnivoreQL omnivore_api_token = "<YOUR API TOKEN GOES HERE>" omnivore = OmnivoreQL(api_token=omnivore_api_token) subscriptions = omnivore.get_subscriptions() with open("newsletters.txt", mode="w") as newsletters_fileobj: newsletters_fileobj.truncate() feeds_opml = opml.OpmlDocument( title="Omnivore Feeds Export" ) for subscription in subscriptions["subscriptions"]["subscriptions"]: if subscription["newsletterEmail"] is not None: newsletters_fileobj.write(subscription["name"] + "\n") else: feeds_opml.add_rss( text=subscription["name"], title=subscription["name"], xml_url=subscription["url"], description=subscription["description"], ) with open("feeds.opml", mode="wb") as feeds_fileobj: feeds_fileobj.truncate() feeds_opml.dump(feeds_fileobj, pretty=True)After running the script you'll have two files: feeds.opml and newsletters.txt.
The feeds.opml file can be imported into RSS readers that support the OPML format (Feedbin and many other services do).
The newsletters.txt file is mostly to remind you which newsletters you've subscribed to. Because these readers use custom email addresses to handle newsletters you'll need to manually set these subscriptions up on the new reader service you choose to use.
If there's any issues with the script above, get in contact and I'll try to fix any issues.
Have thoughts or questions? Let's chat over email or social:
sethmichaellarson@gmail.com
@sethmlarson@fosstodon.org
Want more articles like this one? Get notified of new posts by subscribing to the RSS feed or the email newsletter. I won't share your email or send spam, only whatever this is!
Want more content now? This blog's archive has ready-to-read articles. I also curate a list of cool URLs I find on the internet.
Find a typo? This blog is open source, pull requests are appreciated.
Thanks for reading! ♡ This work is licensed under CC BY-SA 4.0
︎Armin Ronacher: Make It Ephemeral: Software Should Decay and Lose Data
Most software that exists today does not forget. Creating software that remembers is easy, but designing software that deliberately “forgets” is a bit more complex. By “forgetting,” I don't mean losing data because it wasn’t saved or losing it randomly due to bugs. I'm referring to making a deliberate design decision to discard data at a later time. This ability to forget can be an incredibly benefitial property for many applications. Most importantly software that forgets enables different user experiences.
I'm willing to bet that your cloud storage or SaaS applications likely serve as dumping grounds for outdated, forgotten files and artifacts. This doesn’t have to be the case.
Older computer software often aimed to replicate physical objects and experiences. This approach (skeuomorphism) was about making digital interfaces feel familiar to older physical objects. They resembled the appearance and behavior even though they didn't need to. Ironically though skeuomorphism despite focusing on look and feel, rarely considers some of the hidden affordances of the physical world. Critically, rarely does digial software feature degradation. Yes, the trash bin was created as an appoximation of this, but the bin seemingly did not make it farther than file or email management software. It also does not go far enough.
In the physical world, much of what we create has a natural tendency to decay and that is really useful information. A sticky note on a monitor gathers dust and fades. A notebook fills with notes and random scribbles, becomes worn, and eventually ends up in a cabinet to finally end its life discarded in a bin. We probably all clear out our desk every couple of months, tossing outdated items to keep the space manageable. When I do that, a key part of this is quickly judging how “old” some paper looks. But even without regular cleaning, things are naturally lost or discarded over time on my desk. Yet software rarely behaves this way. I think that’s a problem.
When data is kept indefinitely by default, it changes our relationship with that software. People sometimes may hesitate to create anything in shared spaces for fear of cluttering them, while others might indiscriminately litter them. In file-based systems, this may be manageable, but in shared SaaS applications, everything created (dashboards, notebooks, diagrams) lingers indefinitely and remains searchable and discoverable. This persistence seems advantageous but can quickly lead to more and more clutter.
Adding new data to software is easy. Scheduling it for automatic deletion is a bit harder. Simulating any kind of “visual decay” to hint at age or relevance is rarely seen in today's software though it wouldn't be all that hard to add. I'm not convinced that the work required to implement any of those things is why it does not exist, I think it's more likely that there is a belief that keeping stuff around forever is a benefit over the limitations of the real world.
The reality is that even though the entities we create are sticking around forever, the information contained within them ages badly. Of the 30 odd "test" dashboards that are in our Datadog installation, most of them don't show data any more. The same is true for hundreds of notebooks. We have a few thousand notebooks and quite a few of them at this point are anchored to data that is past the retention period or are referencing metrics that are gone.
In shared spaces with lots of users, few things are intended to last forever. I hope that it will become more popular for software to take age more intentional into account. For instance one can start fading out old documents that are rarely maintained or refreshed. I want software to hide old documents, dashboards etc. and that includes most critically not showing up in search. I don't want to accidentally navigate to old and unused dashboards in the mids of an incident.
Sorting by frequency of use is insufficient to me. Ideally software embraced an “ephemeral by default” approach. While there’s some risk of data loss, you can make the deletion purely virtual (at least for a while). Imagine dashboard software with built-in “garbage collection”: everything created starts with a short time-to-live (say, 30 days), after which it moves to a “to sort” folder. If it’s not actively sorted and saved within six months, it's moved to a trash and eventually deleted.
This idea extends far beyond dashboards! Wiki and innformation management software like Notion could benefit from decaying notes, as the information they hold often becomes outdated quickly. I routinely encounter more outdated pages than current ones. While outright deletion may not be the solution, irrelevant notes and documents showing up in searches add to the clutter and make finding useful information harder. “But I need my data sometimes years later” I hear you say. What about making it intentional? Archive them in year books. Make me intentionally “dig into the archives” if I really have to. There are many very intentional ways of dealing with this problem.
And even if software does not want to go down that path I would at least wish for scheduled deletion. I will forget to delete, and I'm lazy and given the tools available I rarely clean up. Yet many of the things I create I already know I really only need for a week or to. So give me a button I can press to schedule deletion. Then I don't have to remember to clean up after myself a few months later, but I can make that call already today when I create my thing.
What’s new for Fedora Atomic Desktops in Fedora 41
Fedora 41 has been released! 🎉 So let’s see what comes in this new release for the Fedora Atomic Desktops variants (Silverblue, Kinoite, Sway Atomic and Budgie Atomic).
bootupd enabled by default for UEFI systems (BIOS coming soon)After a long wait and a lot of work and testing, bootloader updates are finally enabled by default for Atomic Desktops.
For now, only UEFI systems will see their bootloader automatically updated on boot as it is the safest option. Automatic updates for classic BIOS systems will be enabled in the upcoming weeks.
If you encounter issues when updating old systems, take a look at the Manual action needed to resolve boot failure for Fedora Atomic Desktops and Fedora IoT Fedora Magazine article which includes instructions to manually update UEFI systems.
Once you are on Fedora 41, there is nothing more to do.
See the Enable bootupd for Fedora Atomic Desktops and Fedora IoT change request and the tracking issue atomic-desktops-sig#1.
First step towards Bootable Containers: dnf5 and bootcThe next major evolution for the Atomic Desktops will be to transition to Bootable Containers.
We have established a roadmap (atomic-desktops-sig#26) and for Fedora 41, we added dnf5 and bootc to the Bootable Container images of Atomic Desktops.
Those images are currently built in the Fedora infrastructure (example) but not pushed to the container registry.
The images currently available on quay.io/fedora (Silverblue, Kinoite, etc.) are mirrored from the ostree repository and thus do not yet include dnf5 and bootc.
Once releng#12142 has been completed, they will be replaced by the Bootable Container images.
In the mean time, you can take a look at the unofficial images (see the Changes in unofficial images section below).
See the DNF and bootc in Image Mode Fedora variants change request and the tracking issue atomic-desktops-sig#48
What’s new in Silverblue GNOME 47Fedora Silverblue comes with the latest GNOME 47 release.
For more details about the changes that alongside GNOME 47, see What’s new in Fedora Workstation 41 on the Fedora Magazine and Fedora Workstation development update – Artificial Intelligence edition from Christian F.K. Schaller.
Ptyxis as default terminal applicationPtyxis is a terminal for GNOME with first-class support for containers, and thus works really well with Toolbx (and Distrobox). This is now the default terminal app and it brings features such as native support for light/dark mode and user-customizable keyboard shortcuts.
See Ptyxis’ website.
Wayland onlyFedora Silverblue is now Wayland only by default. The packages needed for the X11 session will remain available in the repositories maintained by the GNOME SIG and may be overlayed on Silverblue systems that require them.
See the Wayland-only GNOME Workstation Media change request and the tracking issue: atomic-desktops-sig#41.
What’s new in Kinoite KDE Plasma 6.2Fedora Kinoite ships with Plasma 6.2, Frameworks 6.7 and Gear 24.08.
See also What’s New in Fedora KDE 41? on the Fedora Magazine.
Kinoite MobileKinoite Mobile is currently only provided as unofficial container images. See the Changes in unofficial images section below.
See the KDE Plasma Mobile Spin and Fedora Kinoite Mobile change request.
What’s new in Sway AtomicFedora Sway Atomic comes with the latest 1.10 Sway release.
What’s new in Budgie AtomicNothing specific this release. The team is working on Wayland support.
Changes in unofficial imagesUntil we complete the work needed in the Fedora infrastructure to build and push official container images for the Atomic Desktops (see releng#12142), I am providing unofficial builds of those. They are built on GitLab.com CI runners, use the official Fedora packages and the same sources as the official images.
You can find the configuration and list on gitlab.com/fedora/ostree/ci-test and the container images at quay.io/organization/fedora-ostree-desktops.
New unofficial images: Kinoite Mobile & COSMIC AtomicWith Fedora 41, we are now building two new unofficial images: Kinoite Mobile and COSMIC Atomic. They join our other unofficial images: XFCE Atomic and LXQt Atomic.
See How to make a new rpm-ostree desktop variant in Fedora? if you are interested in making those images official Fedora ones.
See the KDE Plasma Mobile Spin and Fedora Kinoite Mobile change request and the Fedora COSMIC Desktop Environment Special Interest Group (SIG) page.
Renaming the Sericea and Onyx unofficial images to Sway Atomic and Budgie AtomicIf you are using the Sericea or Onyx container images, please migrate to the new Atomic names for Sericea & Onyx (sway-atomic and budgie-atomic) as I will remove the images published under the old name soon, likely before Fedora 42.
We will likely rename the official container images as well.
Smaller changes common to all desktops Unprivileged updatesThe polkit policy controlling access to the rpm-ostree daemon has been updated to:
- Enable users to update the system without having elevated privileges or typing a password. Note that this change only applies to system updates and repository meta updates; no other operations.
- Reduce access to the most privileged operations (such as changing the kernel
arguments, or rebasing to another image) of rpm-ostree for administrators
to avoid mistakes. Only the following operations will remain password-less to
match the behavior of package mode Fedora with the dnf command:
- install and uninstall packages
- upgrade the image
- rollback the image
- cancel transactions
- cleanup deployment
See the Unprivileged updates for Fedora Atomic Desktops change request and the tracking issue atomic-desktops-sig#7.
“Alternatives” work againThe alternatives command (alternatives(8)) is now working on Atomic Desktops.
See the tracking issue atomic-desktops-sig#51 for more details and documentation.
Fixes for LUKS unlock via TPMSupport for unlokcing a LUKS partition with the TPM is now included in the initramfs.
See the tracking issue atomic-desktops-sig#33 and the in progress documentation silverblue-docs#176.
Universal Blue, Bluefin, Bazzite and AuroraOur friends in the Universal Blue project have prepared the update to Fedora 41 already. For Bazzite, you can find all the details in Bazzite F41 Update: New Kernel, MSI Claw Improvements, VRR Fixes, Better Changelogs, GNOME 47 & More.
For Bluefin (and similarly for Aurora), see Bluefin GTS is now based on Fedora 40.
I heavily recommend checking them out, especially if you feel like some things are missing from the Fedora Atomic Desktops and you depend on them (NVIDIA proprietary drivers, extra media codec, etc.).
What’s nextWe have made lot of progress since the last time, thus this section is going to be more exciting!
Roadmap to Bootable ContainersAs I mentionned in First step towards Bootable Containers: dnf5 and bootc, the next major evolution for the Atomic Desktops will be to transition to Bootable Containers. See also the Fedora bootc documentation.
We have established a roadmap (atomic-desktops-sig#26) and we need your help to make this a smooth transition for all of our existing users.
composefsMoving to composefs is one of the items on the roadmap to Bootable Containers. composefs is the next step for ostree based systems and will enable us to provide better integrity and security in the future.
For Fedora 41, we moved Fedora CoreOS and Fedora IoT to composefs.
For the Atomic Desktops, this is planned for Fedora 42 as we still have a few issues to resolve. See the Enabling composefs by default for Atomic Desktops change request and the tracking issue atomic-desktops-sig#35.
Custom keyboard layout set on installationThis fix is important for setups where the root disk is encryptd with LUKS and the user is asked a passphrase on boot. Right now, the keyboard layout is not remembered and defaults to the US QWERTY layout. Unfortunately this fix did not land in time for Fedora 41 but this will be part of the Fedora 42 installations ISOs. Help us test this by installing systems from a Rawhide ISO to confirm that this issue is fixed.
If you are impacted by this issue, see the tracking issue atomic-desktops-sig#6 for the manual workarounds.
Unifying the Atomic Desktops documentationWe would like to unify the documentation for the Fedora Atomic Desktops into a single one instead of having per desktop environments docs which are mostly duplicate of one another and need to be constantly synced.
See the tracking issue atomic-desktops-sig#10.
Where to reach usWe are looking for contributors to help us make the Fedora Atomic Desktops the best experience for Fedora users.
- Atomic Desktops SIG: Issue tracker (gitlab.com/fedora/ostree/sig), #atomic-desktops:fedoraproject.org
- Silverblue: Workstation Working Group, #silverblue:fedoraproject.org
- Kinoite: KDE SIG, #kinoite:fedoraproject.org
- Sway Atomic: Sway SIG, #sway:fedoraproject.org
- Budgie Atomic: Budgie SIG, #budgie:fedoraproject.org
Zero to Mastery: Python Monthly Newsletter 💻🐍
FSF Events: Free Software Directory meeting on IRC: Friday, November 1, starting at 12:00 EDT (16:00 UTC)
PyCoder’s Weekly: Issue #653 (Oct. 29, 2024)
#653 – OCTOBER 29, 2024
View in Browser »
Simon writes about a Soduku solver written by Konstin that uses the Python packaging mechanisms to do Soduku puzzles. The results are output using a requirements.txt file, where soduku-0-3==5 represents the (0,3) cell’s answer of 5.
SIMON WILLISON
In this tutorial, you’ll learn about the issues that can occur when your code is run in a multithreaded environment. Then you’ll explore the various synchronization primitives available in Python’s threading module, such as locks, which help you make your code safe.
REAL PYTHON
Open-source OpenAPI generators are great for experimentation and hobby projects but lack the reliability, performance, and intuitive developer experience required for critical applications. Speakeasy creates idiomatic SDKs that meet the bar for enterprise use. Check out this comparison guide →
SPEAKEASY sponsor
PEP 761 proposes removing PGP signatures from CPython artifacts and solely relying on Sigstore. But just what is Sigstore? This post explains how CPython gets signed and why Sigstore is a good choice.
SETH LARSON
Currently, if you want to play around with Wagtail, most people try the Bakery Demo test site, but it is not meant to be a starter site. They’ve created a new starter template that provides you with a high-performance, production-grade Wagtail site. This introduces you to it.
JAKE HOWARD • Shared by Meagen Voss
Python’s Global Interpreter Lock or GIL, in simple words, is a mutex (or a lock) that allows only one thread to hold the control of the Python interpreter at any one time. In this video course you’ll learn how the GIL affects the performance of your Python programs.
REAL PYTHON course
“With Temporal, we…regularly reduced lines of code from 300 to 30.” -DigitalOcean. Ever wish you could eliminate recovery logic, callbacks, and timers? Temporal’s open source programming model allows you to stop plumbing and start focusing on what matters: building awesome features. Check it out now →
TEMPORAL TECHNOLOGIES sponsor
At work, Adriaan deals with code that interfaces with Unix SysV’s shared memory components. For convenience he wanted to get at this from Python, and “because work”, from Python 3.7. This post talks about how he solved the problem.
ADRIAAN DE GROOT
Bite Code summarizes some of the lesser covered changes to Python in the 3.13 release, including how some of the REPL improvements made it into pdb, improvements to shutil, and small additions to the asyncio library.
BITE CODE!
This tutorial explores how the htmx library can bring dynamic functionality, like lazy loading, search-as-you-type, and infinite scroll to your Django project with almost no JavaScript necessary.
PYCHARM CHANNEL video
This post shows the results of a performance comparison between Python 3.12 and 3.13 on two different processors. TL;DR: Python 3.13 is faster, but there are a couple of hairy edge cases.
WŁODZIMIERZ LEWONIEWSKI
This post examines the devaluation of software engineer titles and its impact on the integrity of the tech industry.
TREVOR LASN
This is a listing of the recorded talks from PyData Amsterdam.
YOUTUBE video
GITHUB.COM/NIKDEDOV • Shared by Nikolai
Scrapling: Lightning-Fast, Adaptive Web Scraping for PythonGITHUB.COM/D4VINCI • Shared by Karim Shoair
otterwiki: A Minimalistic Wiki Powered by Python msgspec: Fast Serialization and Validation Library beartype: Bare Metal Type Checker Events Weekly Real Python Office Hours Q&A (Virtual) October 30, 2024
REALPYTHON.COM
October 31 to November 3, 2024
PYCON.FR
October 31 to November 3, 2024
PYCON.ORG
October 31, 2024
MEETUP.COM
November 2, 2024
MEETUP.COM
November 4, 2024
J.MP
Happy Pythoning!
This was PyCoder’s Weekly Issue #653.
View in Browser »
[ Subscribe to 🐍 PyCoder’s Weekly 💌 – Get the best Python news, articles, and tutorials delivered to your inbox once a week >> Click here to learn more ]
PyCharm: Data Exploration With pandas
Maybe you’ve heard complicated-sounding phrases such as ‘“Students t-test”, “regression models”, “support vector machines”, and so on. You might think there’s so much you need to learn before you can explore and understand your data, but I am going to show you two tools to help you go faster. These are summary statistics and graphs.
Summary statistics and graphs/plots are used by new and experienced data scientists alike, making them the perfect building blocks for exploring data.
We will be working with this dataset available from Kaggle if you’d like to follow along. I chose this dataset because it has several interesting properties, such as multiple continuous and categorical variables, missing data, and a variety of distributions and skews. I’ll explain each variable I work with and why I chose each one to show you the tools you can apply to your chosen data set.
In our previous blog posts, we looked at where to get data from and bring that data into PyCharm. You can look at steps 1 and 2 from our blog post entitled 7 ways to use Jupyter notebooks in PyCharm to create a new Jupyter notebook and import your data as a CSV file if you need a reminder. You can use the dataset I linked above or pick your own for this walkthrough.
We’re going to be using the pandas library in this blog post, so to ensure we’re all on the same page, your code should look something like the following block in a Jupyter notebook – you’ll need to change the spreadsheet name and location to yours, though. Make sure you’ve imported matplotlib, too, as we will be using that library to explore our data.
import pandas as pd import matplotlib as plt df = pd.read_csv('../data/AmesHousing.csv') dfWhen you run that cell, PyCharm will show you your DataFrame, and we can get started.
Try PyCharm Professional for free
Summary statisticsWhen we looked at where to get data from, we discussed continuous and categorical variables. We can use Jupyter notebooks inside PyCharm to generate different summary statistics for these, and, as you might have already guessed, the summary statistics differ depending on whether the variables are continuous or categorical.
Continuous variables summary statisticsFirst, let’s see how we can view our summary statistics. Click on the small bar graph icon on the right-hand side of your DataFrame and select Compact:
Let me give you a little tip here if you’re unsure which variables are continuous and which are categorical, PyCharm shows different summary statistics for each one. The ones with the mini graphs (blue in this screenshot) are continuous, and those without are categorical.
This data set has several continuous variables, such as Order, PID, MS SubClass, and more, but we will focus on Lot Frontage first. That is the amount of space at the front of the property.
The summary statistics already give us some clues:
There’s a lot of data here, so let’s break it down and explore it to understand it better. Immediately, we can see that we have missing data for this variable; that’s something we want to note, as it might mean we have some issues with the dataset, although we won’t go into that in this blog post!
First, you can see the little histogram in blue in my screenshot, which tells us that we have a positive skew in our data because the data tails off to the right. We can further confirm this with the data because the mean is slightly larger than the median. That’s not entirely surprising, given we’d expect the majority of lot frontages to be of a similar size, but perhaps there are a small number of luxury properties with much bigger lot frontages that are skewing our data. Given this skew, we would be well advised not to use the standard deviation as a measure of dispersion because that is calculated by using all data points, so it’s affected by outliers, which we know we have on one side of our distribution.
Next, we can calculate our interquartile range as the difference between our 25th percentile of 58.0 and our 75th percentile of 80.0, giving us an interquartile range of 22.0. Alongside the interquartile range, it’s helpful to consider the median, the middle value in our data, and unlike the mean, it is not based on every data point. The median is more appropriate for Lot Frontage than the mean because it’s not affected by the outliers we know we have.
Since we’re talking about the median and interquartile range, it is worth saying that box plots are a great way to represent these values visually. We can ask JetBrains AI Assistant to create one for us with a prompt such as this:
Create code using matplotlib for a box plot for ‘Lot Frontage’. Assume we have all necessary imports and the data exists.
Here’s the code that was generated:
plt.figure(figsize=(10, 6)) plt.boxplot(df['Lot Frontage'].dropna(), vert=False) plt.title('Box Plot of Lot Frontage') plt.xlabel('Lot Frontage') plt.show()When I click Accept and run, we get our box plot:
The median is the line inside the box, which, as you can see, is slightly to the left, confirming the presence of the positive or right-hand skew. The box plot also makes it very easy to see a noticeable number of outliers to the right of the box, known as “the tail”. That’s the small number of likely luxury properties that we suspect we have.
It’s important to note that coupling the mean and standard deviation or the median and IQR gives you two pieces of information for that data: a central tendency and the variance. For determining the central tendency, the mean is more prone to being affected by outliers, so it is best when there is no skew in your data, whereas the median is more robust in that regard. Likewise, for the variation, the standard deviation can be affected by outliers in your data. In contrast, the interquartile range will always tell you the distribution of the middle 50% of your data. Your goals determine which measurements you want to use.
Categorical variables summary statisticsWhen it comes to categorical variables in your data, you can use the summary statistics in PyCharm to find patterns. At this point, we need to be clear that we’re talking about descriptive rather than inferential statistics. That means we can see patterns, but we don’t know if they are significant.
Some examples of categorical data in this data set include MS Zoning, Lot Shape, and House Style. You can gain lots of insights just by looking through your data set. For example, looking at the categorical variable Neighborhood, the majority are stated as Other in the summary statistics with 75.8%. This tells you that there might well be a lot of categories in Neighborhood, which is something to bear in mind when we move on to graphs.
As another example, the categorical variable House Style states that about 50% of the houses are one-story, while 30% are two-story, leaving 20% that fall into some other category that you might want to explore in more detail. You can ask JetBrains AI for help here with a prompt like:
Write pandas code that tells me all the categories for ‘House Style’ in my DataFrame ‘df’, which already exists. Assume we have all the necessary imports and that the data exists.
Here’s the resulting code:
unique_house_styles = df['House Style'].unique() print("Unique categories for 'House Style':") print(unique_house_styles)When we run that we can see that the remaining 20% is split between various codes that we might want to research more to understand what they mean:
Unique categories for ‘House Style’:
['1Story' '2Story' '1.5Fin' 'SFoyer' 'SLvl' '2.5Unf' '1.5Unf' '2.5Fin']
Have a look through the data set at your categorical variables and see what insights you can gain!
Before we move on to graphs, I want to touch on one more piece of functionality inside PyCharm that you can use to access your summary statistics called Explain DataFrame. You can access it by clicking on the purple AI icon on the top-right of the DataFrame and then choosing AI Actions | Explain DataFrame.
JetBrains AI lists out your summary statistics but may also add some code snippets that are helpful for you to get your data journey started, such as how to drop missing values, filter rows based on a condition, select specific columns, as well as group and aggregate data.
GraphsGraphs or plots are a way of quickly getting patterns to pop out at you that might not be obvious when you’re looking at the numbers in the summary statistics. We’re going to look at some of the plots you can get PyCharm to generate to help you explore your data.
First, let’s revisit our continuous variable, Lot Frontage. We already learned that we have a positive or right-hand skew from the mini histogram in the summary statistics, but we want to know more!
In your DataFrame in PyCharm, click the Chart View icon on the left-hand side:
Now click the cog on the right-hand side of the chart that says Show series settings and select the Histogram plot icon on the far right-hand side. Click x to clear the values in the X axis and Y axis and then select Lot Frontage with group and sort for the X axis and Lot Frontage with count for the Y axis:
PyCharm generates the same histogram as you see in the summary settings, but we didn’t have to write a single line of code. We can also explore the histogram and mouse over data points to learn more.
Let’s take it to the next level while we’re here. Perhaps we want to see if the condition of the property, as captured by the Overall Cond variable, predicts the sale price.
Change your X axis SalePrice group and sort and your Y axis to SalePrice count and then add the group Overall Cond:
Looking at this chart, we can hypothesize that the overall condition of the property is indeed a predictor of the sale price, as the distribution and skew are remarkably similar. One small note is that grouping histograms like this works best when you have a smaller number of categories. If you change Groups to Neighborhood, which we know has many more categories, it becomes much harder to view!
Moving on, let’s stick with PyCharm’s plotting capabilities and explore bar graphs. These are a companion to frequency charts such as histograms, but can also be used for categorical data. Perhaps you are interested in Neighbourhood (a categorical variable) in relation to SalesPrice.
Click the Bar [chart] icon on the left-hand side of your series setting, then select Neighbourhood as Categories and SalesPrice with the median as the Values:
This helps us understand the neighborhoods with the most expensive and cheapest housing. I chose the median for the SalesPrice as it’s less susceptible to outliers in the data. For example, I can see that housing in Mitchel is likely to be substantially cheaper than in NoRidge.
Line plots are another useful plot for your toolkit. You can use these to demonstrate trends between continuous variables over a period of time. For example, select the Line [graph] icon and then choose Year Built as the X axis and SalePrice with the mean as the Y axis:
This suggests a small positive correlation between the year the house was built and the price of the house, especially after 1950. If you’re feeling adventurous, remove the mean from SalePrice and see how your graph changes when it has to plot every single price!
The last plot I’d like to draw your attention to is scatter plots. These are a great way to see a relationship between two continuous variables and any correlation between them. A correlation shows the strength of a relationship between two variables. To dig deeper, check out this beginner-friendly overview from Real Python.
For example, if we set our X axis to SalePrice and our Y axis to Gr LivArea, we can see that there is a positive correlation between the two variables, and we can also easily spot some outliers in our data, including a couple of houses with a lower sale price but a huge living area!
SummaryHere’s a reminder of what we’ve covered today. You can access your summary statistics in PyCharm either through Explain DataFrame with JetBrains AI or by clicking on the small graph icon on the right-hand side of a DataFrame called Column statistics and then selecting Compact. You can also use Detailed to get even more information than we’ve covered in this blog post.
You can get PyCharm to create graphs to explore your data and create hypotheses for further investigation. Some more commonly used ones are histograms, bar charts, line graphs, and scatter plots.
Finally, you can use JetBrains AI Assistant to generate code with natural language prompts in the AI tool window. This is a quick way to learn more about your data and start thinking about the insights on offer.
Download PyCharm Professional to try it out for yourself! Get an extended trial today and experience the difference PyCharm Professional can make in your data science endeavors. Use the promotion code “PyCharmNotebooks” at checkout to activate your free 60-day subscription to PyCharm Professional. The free subscription is available for individual users only.
Try PyCharm Professional for free
Using both summary statistics and graphs in PyCharm, we can learn a lot about our data, giving us a solid foundation for our next step – cleaning our data, which we will talk about in the next blog post in this series.
Real Python: Python's Magic Methods in Classes
As a Python developer who wants to harness the power of object-oriented programming, you’ll love to learn how to customize your classes using special methods, also known as magic methods or dunder methods. A special method is a method whose name starts and ends with a double underscore. These methods have special meanings in Python.
Python automatically calls magic methods as a response to certain operations, such as instantiation, sequence indexing, attribute managing, and much more. Magic methods support core object-oriented features in Python, so learning about them is fundamental for you as a Python programmer.
In this video course, you’ll:
- Learn what Python’s special or magic methods are
- Understand the magic behind magic methods in Python
- Customize different behaviors of your custom classes with special methods
[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]
Real Python: Quiz: Using .__repr__() vs .__str__() in Python
In this quiz, you’ll test your understanding of Python’s .__repr__() and .__str__() special methods. These methods allow you to control how a program displays an object, making your classes more readable and easier to debug and maintain.
[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]
I’ve had my Creality CR-6 SE for quite some while now and it’s worked very well. I’ve even moved with it a couple of times. However, it seems that now was the time for it to give up the ghost, as the extruder casing developed a crack. Apparently...
I’ve had my Creality CR-6 SE for quite some while now and it’s worked very well. I’ve even moved with it a couple of times. However, it seems that now was the time for it to give up the ghost, as the extruder casing developed a crack. Apparently something not completely uncommon.
The extruder casing removed. The spring is quite powerful. The crack.So I searched the internet for spare parts before I realized that this is a common failure mode and that there are all-metal replacements. A few clicks later, I had one ordered from Amazon. I took a chance and ordered one for CR-10, as it looked like it would fit from the photos, and it did (phew). Here is a link to the one I got: link.
The replacement extruder installed.The installation went smooth. The only tricky part was getting the threads of the screw being pushed by the spring right. The spring is quite strong, so it is really a three hand operation in the area where my fingers have a hard time fitting. Having done that, it seems like it just work straight out of the box.
First print.The print has been going on for a couple of hours now, and there has been no hickups. Big shout-out to OctoPrint while I’m at it. Being able to keep an eye on things without having to sit next to the printer is just great (and not having to fiddle around with SD-cards is also really nice).
1xINTERNET blog: DrupalCamp Scotland, a small event with huge appeal. Full report on what you missed!
After a break of 5 years DrupalCamp Scotland is back! A small event with huge appeal. By all measures there’s no doubt the community welcomed its return and are already asking about next year. So what did you miss?
Julien Tayon: Is chatgpt good at generating code for tuning a guitar ?
Science he was a patented CS engineer he wanted to prove me that my new guitar tuner was useless since AI could come with a better less convoluted exact example in less lines of code than mine (mine is adapted from a blog on audio processing and fast fourier transform because it was commented and was refreshing me the basics of signal processing).
And I asked him, have you ever heard of the Nyquist frequency ? or the tradeoff an oscilloscope have to do between time locality and accuracy ?
Of course he didn't. And was proud that a wannabee coder would be proven useless thanks to the dumbest AI.
So I actually made this guitar tuner because this time I wanted to have an exact figure around the Hertz.
The problem stated by FFT/Nyquist formula is that if I want an exact number around 1Hz (1 period per second) I should sample at least half a period (hence .5 second), and should not expect a good resolution.
The quoted chatgpt code takes 1024 samples out of 44100/sec, giving it a nice reactivity of 1/44th of a second with an accuracy of 44100/1024/2 => 21Hz.
I know chatgpt does not tune a guitar, but shouldn't the chatgpt user bragging about the superiority of pro as him remember that when we tune we may tune not only at A = 440Hz but maybe A = 432Hz or other ?
A note is defined as a racine 12th of 2 compared to an arbitrary reference (remember an octave is doubling => 12 half tones = 2) ; what makes a temperate scale is not the reference but the relationship between notes and this enable bands of instrument to tune themselves according to the most unreliable but also nice instrument which is the human voice.
Giving the user 3 decimal after the comma is called being precise : it makes you look like a genius in the eye of the crowd. Giving the user 0 decimal but accurate frequency is what makes you look dumb in the eyes of the computer science engineer, but it way more useful in real life.
Here I took the liberty with pysine to generate A on 6 octaves (ref A=440) and use the recommanded chatgpt buffer size acknowledged by a pro CS engineer for tuning your guitar and my default choices. for i in 55.0 110.0 220.0 440.0 880.0 1760.0 ; do python -m pysine $i 3; done Here is the result with a chunk size of 1024 : And here is the result with a chunk size corresponding to half a second of sampling :
I may not be a computer engineer, I am dumb, but checking with easy to use tools that your final result is in sync with your goal is for me more important than diplomas and professional formations.
The code is yet another basic animation in matplotlib with a nice arrow pointing the frequency best fitting item. It is not the best algorithm, but it does the job.
Showing the harmonics as well as the tonal has another benefit it answers the questions : why would I tune my string on the note of the upper string ?
Like tuning E on A ?
Well because -at least for my half broken guitar- it ensures to me that I will tune on the tonal note.
Here is a sample of tuning E on the empty string : And this is how tuning the E string on the A note looks like : And don't pay attention to the 56Hz residual noise triggered by my fans/appliance turning and making a constant noise :D Here is the code import pyaudio import matplotlib.pyplot as plt import matplotlib.animation as animation import numpy as np import time from sys import argv A = 440.0 try: A=float(argv[1]) except IndexError: pass form_1 = pyaudio.paInt16 # 16-bit resolution chans = 1 # 1 channel samp_rate = 44100 # 44.1kHz sampling rate chunk = 44100//2# .5 seconds of sampling for 1Hz accuracy audio = pyaudio.PyAudio() # create pyaudio instantiation # create pyaudio stream stream = audio.open( format = form_1,rate = samp_rate,channels = chans, input = True , frames_per_buffer=chunk ) fig = plt.figure(figsize=(13,8)) ax = fig.add_subplot(111) plt.grid(True) def compute_freq(ref, half_tones): return [ 1.0*ref*(2**((half_tones+12*i )/12)) for i in range(-4,4) ] print(compute_freq(A,0)) note_2_freq = dict( E = compute_freq(A,-5), A = compute_freq(A, 0), D = compute_freq(A, 5), G = compute_freq(A,-2), B = compute_freq(A, 2), ) resolution = samp_rate/(2*chunk) def closest_to(freq): res = dict() for note, freqs in note_2_freq.items(): res[note]=max(freqs) for f in freqs: res[note]= min(res[note], abs(freq -f)) note,diff_freq = sorted(res.items(), key = lambda item : item[1])[0] for f in note_2_freq[note]: if abs(freq-f) == diff_freq: return "%s %s %2.1f %d" % ( note, abs(freq - f ) < resolution and "=" or ( freq > f and "+" or "-"), abs(freq-f), freq ) def init_func(): plt.rcParams['font.size']=18 plt.xlabel('Frequency [Hz]') plt.ylabel('Amplitude [Arbitry Unit]') plt.grid(True) ax.set_xscale('log') ax.set_yscale('log') ax.set_xticks( note_2_freq["E"] + note_2_freq["A"]+ note_2_freq["D"]+ note_2_freq["G"]+ note_2_freq["B"] , labels = ( [ "E" ] * len(note_2_freq["E"]) + [ "A" ] * len(note_2_freq["A"]) + [ "D" ] * len(note_2_freq["D"]) + [ "G" ] * len(note_2_freq["G"]) + [ "B" ] * len(note_2_freq["B"]) ) ) ax.set_xlim(40, 4000) return ax def data_gen(): stream.start_stream() data = np.frombuffer(stream.read(chunk),dtype=np.int16) stream.stop_stream() yield data i=0 def animate(data): global i i+=1 ax.cla() init_func() # compute FFT parameters f_vec = samp_rate*np.arange(chunk/2)/chunk # frequency vector based on window # size and sample rate mic_low_freq = 50 # low frequency response of the mic low_freq_loc = np.argmin(np.abs(f_vec-mic_low_freq)) fft_data = (np.abs(np.fft.fft(data))[0:int(np.floor(chunk/2))])/chunk fft_data[1:] = 2*fft_data[1:] plt.plot(f_vec,fft_data) max_loc = np.argmax(fft_data[low_freq_loc:])+low_freq_loc # max frequency resolution plt.annotate(r'$\Delta f_{max}$: %2.1f Hz, A = %2.1f Hz' % ( resolution, A), xy=(0.7,0.92), xycoords='figure fraction' ) ax.set_ylim([0,2*np.max(fft_data)]) # annotate peak frequency annot = ax.annotate( 'Freq: %s'%(closest_to(f_vec[max_loc])), xy=(f_vec[max_loc], fft_data[max_loc]),\ xycoords='data', xytext=(0,30), textcoords='offset points', arrowprops=dict(arrowstyle="->"), ha='center',va='bottom') #fig.savefig('full_figure-%04d.png' % i) return ax, ani = animation.FuncAnimation( fig, animate, data_gen, init_func, interval=.15, cache_frame_data=False, repeat=True, blit=False ) plt.show()
Specbee: Getting started with Mintlify: The smart Documentation tool your team needs
Talk Python to Me: #483: Reflex Framework: Frontend, Backend, Pure Python
Django Weblog: 2025 DSF Board Candidates
Thank you to the 21 individuals who have chosen to stand for election. This page contains their candidate statements submitted as part of the 2025 DSF Board Nominations.
Our deepest gratitude goes to our departing board members, Çağıl Uluşahin Sonmez, Chaim Kirby, Katie McLaughlin; for your contributions and commitment to the Django community ❤️
Those eligible to vote in this election will receive information on how to vote shortly. Please check for an email with the subject line “2025 DSF Board Voting”. Voting will be open until 23:59 on November 15, 2024 Anywhere on Earth.
Any questions? Reach out via email to foundation@djangoproject.com.
All candidate statements ¶To make it simpler to review all statements, here they are as a list of links. Voters: please take a moment to read all statements before voting! It will take some effort to rank all candidates on the ballot. We believe in you.
- Abigail Gbadago — Accra, Ghana
- Alex Gómez — Barcelona, Spain
- Amir Tarighat — New York
- Ariane Djeupang Jocelyne — Yaounde, Cameroon
- Bhuvnesh Sharma — India
- Chris Achinga — Mombasa, kenya
- Cory Zue — Cape Town, South Africa
- David Vaz — Porto, Portugal
- Gabriel Arias Romero — Mexico
- Jeff Triplett — Lawrence, KS USA
- Julius Nana Acheampong Boakye — Accra Ghana
- Keanya Phelps — Chicago IL US
- Kevin Renskers — The Netherlands
- Kátia Yoshime Nakamura — Berlin, Germany
- Lilian — United States
- Marcelo Elizeche Landó — Paraguay
- Paolo Melchiorre — Italy
- Patryk Bratkowski — Patryk Bratkowski
- Priya Pahwa — India, Asia
- Tom Carrick — Amsterdam, Netherlands
- Vitaly Semotiuck — Rzeszow, Poland
Hi,
I am Abigail(Afi), a DSF member who has contributed to the Django Ecosystem for about four years. I have held the following positions in the community:
- Leadership council member for Black Python Devs (current)
- Open Source Program Manager for Black Python Devs - I am managing 39 of our community members make their first steps in open source (current)
- Programs Team member for DjangoCon US 2024
- Contributed in organizing Django Girls Zanzibar (2023) ahead of the first DjangoCon Africa, co-organiser of Django Girls in Kwahu-Ghana (2019), and coach at Django Girls Ho-Ghana; 2018, 2024 and Zanzibar (2023)
- DjangoCon US Speaker 2023, you can watch my talk here: Strategies for Handling Conflicts and Rollbacks with Django
I have extensive experiences with the community, which have contributed to my growth, and I believe serving on the board is a good way to give back. As such, I am positive that I would bring a refreshing perspective to the board and be a good match for community integration with Django.
As a board member, I plan to increase interactions between the DSF and its user base by providing an official mailing list highlighting non-technical and technical updates that will keep Django users up-to-date with current developments and build a relationship with our user base. Through this, I aim to gather djangonauts from everywhere to support creating the next leaders of the Django community.
In addition, I would like to use my experience in fostering Strategic Partnerships and Fundraising in the nonprofit space to help the DSF Fundraising WG find more sponsors for the DSF. While working with a community, I fostered vital partnerships with about 10 organisations, which contributed to reaching our Fundraising and Partnerships goal despite most organisations slashing nonprofit donations.
As such, I believe those skills, coupled with my community experience, will contribute to the growth of the Django Community, especially when we attract sponsors and increase their efforts and visibility on our social media.
Alex Gómez Barcelona, Spain ¶View personal statementI began developing with Django at version 1.11 and have been an avid user since. I am a member of Djangonaut Space and was previously a Djangonaut in the program. I’m also an active member of Python Spain and Python Barcelona and have coached at multiple DjangoGirls workshops.
I believe the next few years will be crucial for Django's future. It’s important for us to remain relevant and ensure that Django continues to be a choice for new projects, not just for maintaining existing ones.
The DSF needs an executive director, we’ve reached the limit of what a volunteer board can do or be asked to do. This is my first and main priority for 2025 and I believe without such a change we will struggle to meaningfully advance.
An obstacle to enacting an executive director is the need to expand the foundation's funding and pool of sponsors, and I propose that one of our most effective ways to achieve this is by expanding our communications. Too little of the Django user base is reached by the DSF and other non-official Django communications, leaving a wide userbase who may be very willing to support the project but do not know they can.
In support of these goals, I will also make the website a priority. We’re years into attempting to revamp it, the last successful attempt being a decade ago. The website working group is not yet finalized, an executive director will help us push this forward.
The DSF needs fresh perspectives, and with your support I believe I will bring positive changes to the Django community.
Amir Tarighat New York ¶View personal statementHi DSF board members! My name is Amir Tarighat and I’m a software engineer and long time user of Django. I think since version ~1.8. I live in NYC.
I’m 3x VC backed founder and an active investor, currently I am the CEO of Agency which is a Y Combinator backed company.
I’m an expert in cybersecurity and compliance, and have served on several boards including one non-profit and an elected neighborhood council position.
I would love to serve the Django community and help grow its use by helping with fundraising, community events and sponsorships, and with anything security or compliance related. I’d also love to help with anything startup related.
Ariane Djeupang Jocelyne Yaounde, Cameroon ¶View personal statementI am Ariane Djeupang, a junior project manager, Community builder and freelance Machine Learning Engineer from Cameroon.
As a young Black African woman in STEM from the francophone region of Africa and an active DSF member, I’ve dedicated my career to fostering inclusivity and representation in the tech community and I am confident that I bring a unique perspective to the table. My extensive experience organizing major events like:
- DjangoCon US 2024,
- DjangoCon Africa 2023, and
- PyCon Africa 2020 (as a volunteer) | 2024 (as an IOC member ) has equipped me with the skills and insights needed to drive inclusivity and community engagement.
My journey has been fueled by a passion for diversity and representation. I have seen firsthand the incredible impact that inclusive environments can have on underrepresented communities, especially in Africa, and I am dedicated to amplifying these voices within the Django ecosystem. As a mentor in the both the Python and the Django Community, as well as a mentor and community manager at BEL'S AI Initiative in Cameroon, I have empowered many young technologists, fostering a supportive and inclusive community.
I aim to bridge the gap between the DSF Board and our vibrant African community, ensuring that our unique perspectives and needs are heard and addressed. I am committed to being the voice of Africa within the board and representing the board within my community. By voting for me, you are supporting a vision of inclusivity, innovation, and growth for the Django community.
To achieve this, I plan to:
- Launch official DSF multilingual mentoring programs, targeted at underrepresented groups from Africa, with plans to expand globally.
- Introduce the Django Diversity Incubator, offering resources, workshops, scholarships, and global hackathons to underrepresented groups around the world.
- Create a Django Open Source Fellows interns role, to welcome new people into code and non-code contributions.
Thank you for your consideration.
Bhuvnesh Sharma India ¶View personal statementHi everyone! I'm excited to throw my hat in the ring for the DSF Board of Directors.
To me, there appears to be a critical component that could benefit from increased attention: social media and marketing. And I believe It's time we start giving Django the social media attention it deserves.
Let's be real: If we master this social media game, Django's reach will explode, and the entire ecosystem will thrive.
The more we boost Django’s presence online, the more up-and-coming developers will flock to it. And with that surge in usage comes the rise of Django-focused communities—stronger, more engaged, and constantly growing.
Now, here’s where it gets exciting: more visibility leads to a snowball effect.
- Visibility drives growth: More eyes on Django → more users → more contributors
- Quality fuels adoption: More contributors → better Django → increased commercial usage
- Success attracts support: Increased usage → more sponsors → resources for further expansion
Then guess what? We loop back to the start: Django gets bigger, stronger, and better.
Here are few-of-many pointers that I am aiming to start with during my tenure as a board member:
- Boost Django's presence in Asia through targeted outreach and events.
- Launch Django Ambassadors program to recognize influential community members.
- Facilitate non-coding contributions to Django (design, content, event organizing).
- Create a volunteer layer between the DSF and interested individuals who are eager to contribute to specific working groups (WGs).
- Produce engaging social media content similar to Feature Fridays.
I am highly motivated to lead Django’s social media and marketing as a Board member. I have more high-level plans and ideas in mind, and I’m focused on finding the right time and people for their execution. Additionally, I would represent the Asia region and bring valuable diversity in the DSF board. You can read more about my plans in the blog here: Making Django Unstoppable: My Plan to Boost Visibility and Drive Growth
Now talking about myself, I am a django core contributor and have been involved with DSF for around past 1.5 years as a DSF member. I also did Google Summer of Code with Django in 2023 and mentored in Google Summer of Code 2024 with Django. Apart from code contributions I have contributed to Django in various others ways:
- I am Co-Chair at the social media WG at DSF. (all the Feature Fridays posts are created by me :) )
- I was a navigator at Djangonaut Space’s first session.
- I recently started a community called Django India with an aim to popularize Django in India.
Excited for what lies ahead!
Chris Achinga Mombasa, kenya ¶View personal statementMy journey as a software developer has been profoundly shaped by the power of community. From the outset, participating in developer meetups and events, particularly DjangoCon Africa, has not only strengthened my technical skills but also reshaped my understanding of growth—both personal and professional.
Driven by a desire to make a meaningful difference, I am pursuing a position on the Django Software Foundation Board. I bring a commitment to promoting diversity, inclusivity, and accessibility within the Django ecosystem. As a vocal advocate for African and minority communities, I believe my presence on the Board would add a valuable perspective to the DSF’s mission, ensuring that emerging developers from underrepresented backgrounds find opportunities, resources, and community support in Django.
My experience with the Swahilipot Hub Foundation, a Kenyan NGO supporting youth along the coast, has equipped me with essential skills in community engagement and in applying technology for social good. Through this role, I have developed Django-based solutions that empower community self-management—an experience that has reinforced my belief in Django’s potential to uplift communities around the globe. On the DSF Board, I aim to serve not only as a representative for these communities but also as a mentor and technical guide.
Cory Zue Cape Town, South Africa ¶View personal statementI’m running for the board because I love Django, I’ve built my career on it, I want to see it succeed for another 20 years, and I think I can help.
My background is as a Django user and educator. I’ve built several successful products on Django, spoken at multiple DjangoCons and PyCons and have published many popular articles and videos about using Django. I currently run a Django boilerplate product that helps people build apps and start businesses on top of Django. I’m also a member of the DSF and the social media working group.
My platform is relatively simple. I don’t want Django to get left behind. I’ve seen old frameworks like Rails and Laravel continually reinvent themselves, bringing new cohorts of web developers into the fold, while Django has largely stayed the same.
Part of the issue is Django’s reluctance to adopt modern technologies— with better front end being at the top of my list. But I don’t have unrealistic aspirations of adding HTMX, Tailwind, or React to Django, so much as starting the conversation about how the Django ecosystem can have a better story for people who want to use those things.
The other part—and the part I hope to help with more—is cultural. Specifically, getting Django to do a better job at selling itself. This means working harder to pitch and position Django as a great, modern framework for building apps. As well as creating more opportunities and incentives for funding Django.
If elected, I’ll try to be a voice on the board that pushes Django forwards, while understanding that I will often get pushed back. Let’s keep Django great for another 20 years!
David Vaz Porto, Portugal ¶View personal statementI am a software developer with over 20 years of experience and have been passionate about Django since 2007, starting with version 0.96. Over the years, I have not only built my career around Django and Python, but I have also actively contributed to expanding the Django community. My journey has led me to found a consultancy firm focused on these technologies, and I’ve dedicated my efforts to bringing new developers into the community and fostering its growth.
In 2019, during DjangoCon Europe in Copenhagen, I strongly desired to take my community involvement to the next level. I proposed to organize DjangoCon Europe 2020 in Portugal. Though the pandemic reshaped those plans, I co-organized the first virtual-only DjangoCon Europe in 2020, another virtual edition in 2021, and the first hybrid event in 2022. Our 2022 edition set a new record, with over 500 in-person attendees and 200+ online participants. The experience has been gratifying, and I continue to be actively involved in the community by co-organizing DjangoCon Europe 2024 in Vigo, Spain, and preparing for DjangoCon Europe 2025 in Dublin, Ireland.
In addition to my work with Django, I am deeply committed to the growth of the Python community in Portugal. In 2022, I co-founded PyCon Portugal, intending to host the conference in a different city each year to maximize its reach and impact. The first edition in Porto succeeded, followed by Coimbra in 2023, which attracted participants from over 25 countries. By the time of this election, PyCon Portugal 2024 in Braga will have concluded, furthering our goal of uniting and strengthening the Portuguese Python community.
I am enthusiastic, committed, and pragmatic. In every initiative I’ve taken, I strive to make a positive and meaningful impact, influencing and empowering those around me. My experience organizing large-scale events, building communities, and fostering collaboration can be valuable to the Django Software Foundation.
I look forward to contributing my skills and dedication to help guide the DSF’s efforts in the years ahead.
Gabriel Arias Romero Mexico ¶View personal statementsolo soy un fan y me encanta el framework
Jeff Triplett Lawrence, KS USA ¶View personal statementI'm running for the Django Software Foundation board of directors to help serve the community and reshape the board and foundation.
The key to making the DSF more sustainable is the stability that hiring an Executive Director brings. From day-to-day communications to supporting the Django Fellows to improving our ability to fundraise, everything revolves around having someone whose job is to run and support the foundation. I believe an ED will help Django get a seat to more conversations involving open source and web standards that we get passed over today.
I bring over two decades of non-profit experience, including co-founding DEFNA (the other Django non-profit) and serving on the Python Software Foundation, including leadership roles (Treasurer and Vice Chair). I have also helped organize DjangoCon US for over a decade, and we have seen many community members and leaders grow through that community-building experience. I'm an advisor for Black Python Devs and have been a mentor through the Djangonaut Space project.
I want to revise and revisit our sponsorship plans and fundraising goals. They have not changed much over the years despite companies' needs changing significantly. We did this with the PSF, and it increased the number of developers in resident roles (the PSF's version of Fellows) we could fund. It's time for the DSF to revise our plans.
I want to revise our approach to DjangoCons and other "why aren't they called DjangoCon" community events. Why aren't more of these promoted or listed through the Django website?
I firmly believe in the Campsite Rule: "Always leave the campground cleaner than you found it." I feel good about the mark I have left on the Django and Python communities over this past decade, and I am happy to serve the Django community in a more significant role if given the opportunity.
Julius Nana Acheampong Boakye Accra Ghana ¶View personal statementI'm excited to nominate myself for the Django Software Foundation's Board of Directors. With 4 years of experience in the tech industry, I've seen the impact Django can have on a project's success. I've contributed to the community through speaking at conferences, organizers global DjangoCon conference , teaching Django on campuses and am committed to using my skills to help the board make informed decisions.
My goals are to increase diversity and inclusion within the community and improve the overall health and stability of the Django project. If elected, I promise to be an active and engaged member, always putting the needs of the community first.
Thank you for considering my nomination. I'm excited to serve the Django community and contribute to its continued success.
Keanya Phelps Chicago IL US ¶View personal statementI am excited to submit my candidacy for the Django Software Foundation (DSF) board. Having transitioned into software development after a career change, I feel like I bring a unique perspective to the challenges and opportunities within the Django ecosystem. I am deeply passionate about diversity, inclusion, and mentorship,
My journey into tech by way of Django, has been shaped by collaboration, continuous learning, and the support of mentors, which is why I am eager to give back to the Django community. I am particularly enthusiastic about contributing to initiatives that promote diverse voices and create inclusive environments where everyone feels empowered too contribute and to leave things better than how they found them.
In addition to my commitment to diversity, I am driven by a love of running projects, research, and collaboration.
As a member of the DSF board, I would bring fresh ideas, a collaborative spirit, and a dedication to making Django an even more inclusive, forward-thinking community.
Kevin Renskers The Netherlands ¶View personal statementI’ve been using Django since 2009, and apart from blogging about Django for 15 years, I’ve always been mostly on the sidelines. It’s about time to get more involved with the community, share my experience and expertise, offer my time. I’m mainly interested in the enforcement of the Django trademark and code of conduct, ensuring a healthy community.
Kátia Yoshime Nakamura Berlin, Germany ¶View personal statementI am a Software Engineer with over 10 years of experience, working with Django both personally and professionally since 2015. My journey with Django started in 2015 when I attended my first Django Girls event in Brazil. Since then, I’ve built my career around Django, contributing to the community while actively attending, participating in and helping organize Python and Django conferences/events.
In 2018 and 2019, I helped organize PyCon Balkan in Belgrade (Serbia). Since 2016, I've coached and organized Django Girls workshops around the world, including in Rio de Janeiro (Brazil), Budapest (Hungary), Brno (Czechia), Belgrade (Serbia), Porto (Portugal), and Vigo (Spain).
Over the past few years, I've been deeply involved in DjangoCon events, particularly in Europe, where I’ve volunteered and organized Django Girls workshops.
Since 2020, I’ve had the privilege of serving as a board member of the Django Software Foundation (DSF). The pandemic brought us significant challenges, but we've built a resilient team, eager to push Django forward with fresh perspectives and new solutions. I’ve also been involved in the early efforts to shape a long-term plan for future conferences across Europe, focusing on engaging more organizers and selecting host teams earlier - up to two years in advance - for better flexibility and planning. However, there's still more we aim to achieve.
I’d love to keep supporting our Django community as a board member, promoting more diversity and inclusiveness while encouraging collaboration and exciting initiatives.
Lilian United States ¶View personal statementI’m Lilian 👋, a DSF Member, Django ORM contributor, and Djangonaut Space Coordinator.
Lots of talent is locked up in the industry simply due to gatekeeping. Let’s improve processes and tap into this pool of talent, so we can move Django forward in the right direction.
The DSF should do more to facilitate the connection between newcomers and maintainers. Let’s create a space where we provide the support system they need to collaborate productively, for technical teams and working groups alike.
We also need to facilitate bolder decision making. For the framework: sponsored features and fundamentals like async support, JIT, type annotations. For the Foundation: more transparency, an Executive Director, a newsletter.
How can we achieve this?- Coordination with the Steering Council for tech decisions, via a Board Liaison role.
- Gather feedback from program organizers to determine gaps that need support.
- Facilitate collaboration among newcomers and maintainers.
- Better marketing: such as promoting community initiatives.
- Documented playbooks! To scale the Working Groups concept.
Frustrated by the status quo in the industry, and yet inspired by changes happening to Django, I’m motivated to help more people get involved with Django as code contributors and leaders.
Marcelo Elizeche Landó Paraguay ¶View personal statementWhy I’m RunningBefore assisting to DjangoCon US, I saw Django as just part of the larger Python community. But seeing how this community goes above and beyond to support both longtime members and newcomers changed that for me. When others suggested I run for the board, it felt like a way I could give back and share what makes Django special on a global scale.
A Bit About MeI co-founded and organized the Python Paraguay community, starting with our first PyDay in 2015, which was a huge success and sparked a lasting momentum. Since then, I’ve organized meetups, events, workshops, and grown our community to almost two thousand members—the most active tech group in Paraguay! I also used Django for projects that make a difference: AyudaPy.org, a mutual aid platform during COVID-19 (which I presented at DjangoCon US 2022), and Lista Hũ, a tool to protect against scammers, both of which highlight Django’s potential for social good.
Ideas for Django- Learning Curve: Improving the Django tutorial and expanding learning resources can make Django more accessible and less intimidating for newcomers. Creating more comprehensive, step-by-step guides will empower new developers and ease their journey into Django.
- Supporting Global Accessibility: Expanding Django’s reach by focusing on language accessibility and gathering regional feedback is key. Adding questions to the Django Developers Survey on preferred languages and translation quality could help the community prioritize localization efforts, ensuring developers worldwide feel supported in their native languages.
I believe this community is on the right path, and it would be an honor to contribute as a board member
Paolo Melchiorre Italy ¶View personal statementThe Django community is the best one I could be a part of, and since I started using Django, I have seen wonderful initiatives born and thrive within it (e.g., Django Girls+, Djangonaut Space, Django Fellow). We should bring this momentum to other areas as well: fundraising, the website, development sprints, content translations, self-promotion (e.g., release videos), multimedia content (e.g., videos, books, podcasts, photos, …), feedback from Django users, Django's environmental impact.
I think that the Django Software Foundation has the potential to facilitate and promote these initiatives. It also has the authority to relate to other Open Source communities, to seek synergies, and with big corporations, to grow from an economic point of view, being able to pay more people (e.g., Django Fellows, Directors, UI/UX experts, …)
I believe I can give a boost to these initiatives, with my experience in the Django community, and with an original point of view in the Board, as a member of the Italian Python community, and founder of a local community.
Patryk Bratkowski Patryk Bratkowski ¶View personal statementHello, Djangonauts!
If you are one of the regulars on the official Django Discord server, my passion and dedication to both the Django community and framework should be no secret. As a helper, I have helped countless other developers use Django successfully. As a moderator, I do my best to ensure that we have a community that we can all be proud to consider our own, regardless of our background. An environment that is inclusive, diverse, and welcoming. To me, it feels like home, and I hope you all feel the same way.
For those I haven't yet had the pleasure to meet on Discord or elsewhere, I hope we do soon.
About me:
- I have been building on the web since the Geocities days, and have over 17 years of professional experience, meaning I know how to get things done.
- I have experience building and managing communities, including forums and subreddits, meaning I can readily help with the technical and human aspects.
- I am proactive, and lucky enough to have a lot of flexibility in how I spend my time, meaning I can help turn decisions into action.
- I am open-minded, and eager to learn, meaning I am looking forward to working for the community, with the board, rather than wanting to impose my own ideas.
- I am a polyglot speaking more than four languages fluently, meaning I feel connections to others, regardless of geographical borders.
If elected, my goals will be:
- Collaborating with the other board members. Django's popularity and stability is a testament to the fantastic work current and past board members and developers have done, and while I may have my own ideas, I would first want to know more about any backlog, plans, or other issues that need to be resolved rather than bring about drastic changes.
- Efficiently implementing board decisions. While plans may sometimes forcibly change, they at least need someone to take charge of them. I am happy to lend my technical expertise when required, and deal with other roadblocks.
- Community representation. As a fairly visible member of the Django community, I am looking forward to ensuring the community feels represented and heard, and seeing what more we can do to help the community grow.
- Increase representation of non-English speakers. While English is the de facto business language, there are other large markets that would benefit from better support.
As Django nears twenty years of existence, becoming a board member certainly gives us some big shoes to fill, but between my passion, this amazing community's support, and the time I can dedicate to the position, I am confident that I can help the community continue to thrive, make a tangible difference, and better serve the community we all know and love.
Best regards, and best of luck to all the other applicants,
Pat
Priya Pahwa India, Asia ¶View personal statementBalancing code, community, and collaboration, I am actively holding the following position of responsibilities:
- Co-Chair of the Fundraising Working Group at the Django Software Foundation
- Session Organizer of Djangonaut Space
- Software Development Engineer (Django backend and Infra) at a wealth tech startup.
- 2023 SWE intern (Django techstack) under the GitHub Octernships program.
Having had the experience of building inclusive student tech communities and organizing numerous meetups and global hackathons as a GitHub Campus Expert, I can bring fresh perspectives to the DSF Board and bridge the currently huge gap between the student community and the potential Django leadership positions. As a DSF Board of Directors, I will push for initiatives to:
- Build a Django Evangelist Program or a Django Developer Advocacy Working Group
- Introduce a dedicated Django track at student hackathons to increase the framework’s visibility amongst budding developers.
- Establish a robust DEIB (Diversity, Equity, Inclusion, and Belonging) framework in both theory and practice for DSF
- Include subtle subconscious yet impactful details, such as designing the assets of custom merchandise—like stickers—that represent diverse races and backgrounds to ensure everyone feels valued.
- Continue driving fundraising efforts to engage potential corporate sponsors with a structured funding roadmap and prospectus that aligns with our community needs.
- Develop a one-stop-solution DSF community handbook - an easily accessible guide for newcomers
I’m dedicated to bringing the voice of the Asian Indian community to the DSF Board. The lack of DjangoCons and a strong local Django network in this region limits talented individuals from essential growth opportunities. I aim to foster a sense of belonging at the table, expand rewards in exchange for volunteering, and ensure the Django community thrives everywhere, especially in underserved areas with psychological safety and welcoming ways for one and all.
Tom Carrick Amsterdam, Netherlands ¶View personal statementHello! For those that don't know me, I've also been actively contributing features for most of the last decade. I help run the Discord, the accessibility team, and I'm on the fundraising working group. If that sounds like a lot of time commitment already, you're right. If you vote for me I might have to become dormant in some other roles.
But I don't really want to talk about my perspective as a contributor, I want to talk about my experience as a user. I've been using Django since around 2008. We have great batteries for 2008. For 2024? I am not so sure. I feel like we are missing things like:
- Built in 2FA with WebAuthn / passkeys.
- Better serialization to make APIs without needing a second framework.
- A better frontend story, whether that's tutorials on integrating frameworks or how to use simpler solutions like HTMX, template components (or all of the above).
- A more modern, accessible admin interface with better UX.
- Simpler project setup for small projects, including deployment and static files (integrating white noise?).
- (type hints maybe?)
- I could increase the size of this Wishlist by several factors and still not be done.
The reason I believe we're missing these things is simple (and possibly wrong). Django is getting bigger, more mature, and prioritises stability. These are all great things, but they do slow down development when almost all new features are contributed by people volunteering their time.
To fix this, Django needs money, which is why I joined the fundraising group, and then there is the question of spending that money. And for the me the priorities are clear:
- Spend money to make more money.
- Hire more fellows and widen their remit to contributing new features.
And that's my "manifesto", if you like.
Vitaly Semotiuck Rzeszow, Poland ¶View personal statementhttps://www.linkedin.com/in/vitaly-sem/
Your move nowThat’s it, you’ve read it all 🌈! Be sure to vote if you’re eligible, by using the link shared over email. To support the future of Django, donate to the Django Software Foundation on our website or via GitHub Sponsors.
PreviousNext: Becoming a Drupal Certified Partner: How commitment to open source drives value and success at PreviousNext
For PreviousNext, the decisions to make contribution part of how we work and to become a Drupal Certified Partner (DCP) have paid off many times over, both in terms of business growth and team development. I would encourage any agency considering it to take the leap. The Drupal ecosystem is a community that gives back as much as you put in, and becoming a DCP is one of the best ways to contribute to its continued success.
by Owen Lansbury / 29 October 2024DCP: a certification that mattersAs one of the co-founders of PreviousNext, I’ve seen firsthand how our commitment to open source and our partnership with the Drupal community has shaped who we are as a company and driven our success. Being a Drupal Certified Partner isn’t just a credential; it’s a core element of our business model and a commitment to our clients, our team, and the open source community we rely on.
Here’s why being a Drupal Certified Partner matters to us, and why I think other Drupal agencies should consider joining the program too...
The early days: how PreviousNext found its path with DrupalWhen we founded PreviousNext back in 2009, my co-founder, Kim Pepper, and I had both been working with web technologies since the early days of the web itself. As we looked at the technologies available, Kim’s background in Java and his interest in “serious tech” like Ruby and Python made those tools a natural focus. Then, a project opportunity arose with a leading public broadcaster and I suggested we pitch Drupal.
At the time, people didn’t necessarily recognise Drupal as a serious player in the enterprise tech stack yet, so I had to convince Kim to take a closer look. We ended up winning that project, and before we knew it, Drupal was opening doors to big, new clients. Our decision to specialise in Drupal was cemented in 2010 during our first DrupalCon in San Francisco.
Image attribution: DrupalCon SF
Walking into the same keynote room as Steve Jobs would announce the latest Apple products, seeing thousands of people and realising the scale of the Drupal community made it clear that this was something much bigger on a global scale than we had ever imagined. A vibrant community of thousands of people was pushing the platform forward and were enthusiastic to help us become a part of it. That moment changed everything for us.
Fostering a culture of contributionOne of our early initiatives was integrating contribution into new team members’ onboarding and professional development process at PreviousNext. Whether they had prior Drupal experience or not, we introduced new hires to the world of Drupal contribution as part of their journey with our team. This helped build their skills, broaden their professional profiles and connect them to the global Drupal community. Our developers quickly became module maintainers and many grew to play key roles in critical areas of the Drupal project.
Our culture of contribution also extended to encouraging team members to speak at DrupalCon and other conferences. We supported those who wanted to share their expertise, recognising that building their personal and our company profile in the community was a valuable form of marketing and growth.
Contribution as …A competitive advantageFrom early on, we understood the importance of actively contributing to the Drupal community. Contribution became a core part of our company’s culture and a competitive advantage for us. We adopted a policy inspired by Google at the time, allowing our developers to dedicate 20% of their billable hours to contribution and professional development. This policy attracted the best developers and ensured that our team remained engaged, motivated and on the cutting edge of Drupal development outside of their regular client work.
For PreviousNext, contributing isn’t about checking boxes or chasing credits - it’s a key part of our process and commitment to the Drupal community. As contributors, our team members develop and deepen their skills and have opportunities to collaborate with and be mentored by some of the most brilliant Drupal developers globally. This investment in people is the foundation of our reputation as Australia’s most experienced Drupal agency and gives us a competitive advantage both in our region and internationally.
A hiring and retention advantageFinding and training new talent is costly for everyone in our industry, so supporting contribution and personal and professional development for our team members is a massive win in this regard. Our employee retention across the entire team is up to triple the industry average, with studies I've read indicating tech industry employee tenure is typically 2–3 years in one company.
A sales advantageContribution helps us sell, too. We quickly realised that contribution gave us a significant edge when pitching to clients. By showing our contributions and involvement in the community, we could demonstrate that we weren’t just Drupal users but actively shaping its future. This deep involvement gave us insights and access to networks beyond what other agencies could offer and it helped us win clients by emphasising our commitment to open source and best practices.
A business advantageOur profit margin is consistently three times higher than the Ibis World benchmark for Web Design Services in Australia, which we get from our annual independent valuation as an employee-owned company. While we might occasionally lose a pitch on price alone, high-end customers are generally happy to pay a bit more for a stable team with a proven track record of deep experience and high quality outcomes.
As you can see, contribution is not something we view as a business cost at PreviousNext, it's a well-proven business accelerator!
Contribution benefits clients and strengthens projectsWe’ve seen that contributing to Drupal isn’t just about the altruism of 'giving back'; it’s a deeply practical business advantage. When our developers fix a bug or add a feature in Drupal core or modules, they improve the tools that our clients rely on. By committing these improvements back to the community, we ensure that future projects can leverage them without reinventing the wheel. That is, without wasting time and effort to recreate work over and over.
Our commitment to contribution is a big reason why our code adheres to the highest coding standards. Sure, we follow best practices, ensuring that every line we write can be picked up by any other Drupal expert and understood. But also, when you know you’re submitting code publicly for review by Drupal’s Core and Security Teams, it's a strong motivator to deliver high quality work. This transparency and adherence to standards offer clients security: they know that if they choose to work with another agency down the road, the work is maintainable and up to the highest standards. It’s a win for our clients, the broader community, and us.
The long-term value of supporting open sourceWhile many agencies might measure ROI in terms of leads generated or short-term gains, we take a very different approach. Our outlook is simple: if Drupal succeeds in the long term, so does PreviousNext. Whether a client picks us or another DCP, the pie grows for everyone if they stay with Drupal. That’s why we invest in the platform and focus on contributing where we can make the most impact.
Our contributions aren’t centrally directed or micromanaged - each developer follows their passions. This approach fosters engagement and allows developers to shape their contributions around both client work and personal development goals. Recently, our team chose to focus on the Experience Builder initiative - which will be incorporated into the new Drupal CMS - a community-driven project dedicated to making Drupal a best-in-class low/no-code CMS for content creators and ambitious marketers. This decision came from the team, driven by their excitement to make a difference in an area they care about and have the expertise to assist.
Why being a Drupal Certified Partner mattersBecoming a Drupal Certified Partner (DCP) when the program first launched was a natural step in our company's journey. The DCP designation is more than a badge; it recognises our commitment to quality, collaboration and the future of Drupal. Clients look to us for our technical abilities, deep understanding of the ecosystem, and active involvement within it.
This partnership with Drupal also gives us a unique advantage when talking with potential clients. At the end of every pitch, we emphasise that we’re not just users of Drupal - we’re contributors. We understand the ins and outs of the platform, influence the roadmap and can leverage our relationships with an entire network of other Drupal developers around the world. This level of involvement is something we would never achieve as a small Australian company if we were simply downloading and using the software. We bring that value to every project we take on and it has been a significant factor in winning business and building client trust.
You should consider becoming a DCPFor any agency working with Drupal, becoming a DCP isn’t just another badge for your website - it’s a way to amplify your connection to the Drupal community, clients, and the future of the platform. The program provides visibility and demonstrates commitment, giving clients confidence in your skills and dedication to Drupal’s success. DCP status has brought us even closer to the Drupal community, helping us build relationships and leverage a wealth of knowledge and expertise. While it might seem counterintuitive for a company to encourage its competitors to boost their expertise and credentials, Drupal itself benefits tremendously when clients know there's an entire ecosystem of highly qualified vendors who can deliver their projects. Find out more about the Drupal Certified Partner program.